gunzip/renew.yaml

## renew.yaml
name: Renew Let's Encrypt Certificate (Azure DNS)

on:
  schedule:
    - cron: '0 0 1 * *' # Esegue il primo giorno di ogni mese
  workflow_dispatch:      # Permette l'avvio manuale per test

jobs:
  renew-cert:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout Repository
        uses: actions/checkout@v4

      - name: Azure Login
        uses: azure/login@v2
        with:
          creds: ${{ secrets.AZURE_CREDENTIALS_JSON }} # Opzionale: puoi usare singole variabili o un JSON

      - name: Install Certbot and Azure Plugin
        run: |
          sudo apt-get update
          sudo apt-get install -y certbot python3-certbot-dns-azure

      - name: Create Azure Credentials File
        run: |
          cat <<EOF > azure.ini
          dns_azure_sp_client_id = ${{ secrets.AZURE_CLIENT_ID }}
          dns_azure_sp_client_secret = ${{ secrets.AZURE_CLIENT_SECRET }}
          dns_azure_tenant_id = ${{ secrets.AZURE_TENANT_ID }}
          EOF
          chmod 600 azure.ini

      - name: Run Certbot (DNS Challenge)
        run: |
          certbot certonly \
            --dns-azure \
            --dns-azure-credentials azure.ini \
            -d "tuodominio.it" \
            -d "*.tuodominio.it" \
            --non-interactive \
            --agree-tos \
            --email admin@tuodominio.it \
            --config-dir ./certs/config \
            --work-dir ./certs/work \
            --logs-dir ./certs/logs

      - name: Import Certificate to Azure Key Vault
        uses: azure/CLI@v2
        with:
          inlineScript: |
            # Trasformiamo la coppia chiave/certificato in un file PFX per Key Vault
            openssl pkcs12 -export \
              -out certificate.pfx \
              -inkey ./certs/config/live/tuodominio.it/privkey.pem \
              -in ./certs/config/live/tuodominio.it/fullchain.pem \
              -passout pass:

            az keyvault certificate import \
              --vault-name "MioKeyVault" \
              --name "MioCertificatoSSL" \
              --file certificate.pfx
	name: Renew Let's Encrypt Certificate (Azure DNS)

	on:
	schedule:
	- cron: '0 0 1 * *' # Esegue il primo giorno di ogni mese
	workflow_dispatch: # Permette l'avvio manuale per test

	jobs:
	renew-cert:
	runs-on: ubuntu-latest
	steps:
	- name: Checkout Repository
	uses: actions/checkout@v4

	- name: Azure Login
	uses: azure/login@v2
	with:
	creds: ${{ secrets.AZURE_CREDENTIALS_JSON }} # Opzionale: puoi usare singole variabili o un JSON

	- name: Install Certbot and Azure Plugin
	run: \|
	sudo apt-get update
	sudo apt-get install -y certbot python3-certbot-dns-azure

	- name: Create Azure Credentials File
	run: \|
	cat <<EOF > azure.ini
	dns_azure_sp_client_id = ${{ secrets.AZURE_CLIENT_ID }}
	dns_azure_sp_client_secret = ${{ secrets.AZURE_CLIENT_SECRET }}
	dns_azure_tenant_id = ${{ secrets.AZURE_TENANT_ID }}
	EOF
	chmod 600 azure.ini

	- name: Run Certbot (DNS Challenge)
	run: \|
	certbot certonly \
	--dns-azure \
	--dns-azure-credentials azure.ini \
	-d "tuodominio.it" \
	-d "*.tuodominio.it" \
	--non-interactive \
	--agree-tos \
	--email admin@tuodominio.it \
	--config-dir ./certs/config \
	--work-dir ./certs/work \
	--logs-dir ./certs/logs

	- name: Import Certificate to Azure Key Vault
	uses: azure/CLI@v2
	with:
	inlineScript: \|
	# Trasformiamo la coppia chiave/certificato in un file PFX per Key Vault
	openssl pkcs12 -export \
	-out certificate.pfx \
	-inkey ./certs/config/live/tuodominio.it/privkey.pem \
	-in ./certs/config/live/tuodominio.it/fullchain.pem \
	-passout pass:

	az keyvault certificate import \
	--vault-name "MioKeyVault" \
	--name "MioCertificatoSSL" \
	--file certificate.pfx
No results found