For the past few months I've been spending some spare time on a ssl certificate manager that integrates with nginx
It's finally stable enough to share : https://github.com/aptise/peter_sslers
Peter Sslers is a small pyramid(python) based webserver that functions as an ACME client to LetsEncrypt and a web-based SSL Certificate Manager
The Certificate Manager can work within a LAN to power the `ssl_certificate_by_` blocks in openresty. The tools directory contains a reference implementation.
The general logic is this:
* openresty looks in the shared_dict for a domain
* failover to: openresty looks in redis cache for a domain
* failover to: openresty queries the pyramid app for a domain
the pyramid app contains hooks that allow it to clear-out redis and nginx entries, and can "prime" the redis cache.
it was a bit difficult finding all the right libraries to make this work in openresty. a huge thanks to everyone here for pointing me in the right direction, especially agentzh.
the openresty code is tools directory, mostly in the `ssl_certhandler.lua` file. The entire project is available under the MIT license.
https://github.com/aptise/peter_sslers/blob/master/tools/nginx_lua_library/ssl_certhandler.lua