Generate SSL Certificate for private IP address
A Python client for requesting SSL certificates from the Sanusi Digital Media SSL Generator API (https://sslgen.sanusi.id). This client automatically downloads and stores certificates in /etc/ssl/sdmcert for easy integration with web servers.
- π Secure API Integration - Bearer token authentication
- π Organized Storage - Certificates stored in
/etc/ssl/sdmcert/{ip_address}/ - π§ Multiple Formats - Generates cert.pem, chain.pem, fullchain.pem, and privkey.pem
- π€ Automation Ready - Systemd service for automatic renewal
- π Web Server Integration - Auto-installation scripts for Nginx and Apache
- π Comprehensive Logging - Detailed logs for monitoring and debugging
- π― Interactive Mode - User-friendly command-line interface
# Download and run the installation script
sudo ./install.shVisit https://sslgen.sanusi.id/register to get your API token.
Edit the configuration file:
sudo nano /etc/sdm-ssl/config.jsonAdd your API token:
{
"token": "sdm_your_actual_token_here",
"ip_address": "192.168.1.100",
"base_url": "https://sslgen.sanusi.id"
}# Using configuration file
ssl_client.py --config /etc/sdm-ssl/config.json
# Using command line arguments
ssl_client.py --ip 192.168.1.100 --token sdm_your_token_here
# Interactive mode (recommended)
ssl_client.py --interactive# Automatically configure Nginx or Apache
sudo install_certs.sh 192.168.1.100ssl_client.py --ip 192.168.1.100 --token sdm_abc123xyz789ssl_client.py --interactivessl_client.py --config /path/to/config.jsonssl_client.py --listssl_client.py --ip 192.168.1.100 --token sdm_token --cert-dir /custom/path{
"token": "sdm_your_api_token_here",
"ip_address": "192.168.1.100",
"base_url": "https://sslgen.sanusi.id",
"cert_dir": "/etc/ssl/sdmcert",
"certificates": [
{
"ip_address": "192.168.1.100",
"description": "Web server"
},
{
"ip_address": "192.168.1.200",
"description": "API server"
}
]
}Certificates are stored in /etc/ssl/sdmcert/{ip_address}/:
/etc/ssl/sdmcert/192.168.1.100/
βββ cert.pem # Server certificate
βββ chain.pem # Intermediate certificate
βββ fullchain.pem # cert.pem + chain.pem
βββ privkey.pem # Private key (600 permissions)
βββ metadata.json # Generation metadata
server {
listen 443 ssl;
server_name 192.168.1.100;
ssl_certificate /etc/ssl/sdmcert/192.168.1.100/fullchain.pem;
ssl_certificate_key /etc/ssl/sdmcert/192.168.1.100/privkey.pem;
# Your other configuration...
}<VirtualHost 192.168.1.100:443>
ServerName 192.168.1.100
SSLEngine on
SSLCertificateFile /etc/ssl/sdmcert/192.168.1.100/cert.pem
SSLCertificateKeyFile /etc/ssl/sdmcert/192.168.1.100/privkey.pem
SSLCertificateChainFile /etc/ssl/sdmcert/192.168.1.100/chain.pem
# Your other configuration...
</VirtualHost># Auto-configure Nginx or Apache
sudo install_certs.sh 192.168.1.100sudo systemctl enable sdm-ssl-renewal.timer
sudo systemctl start sdm-ssl-renewal.timer
# Check status
sudo systemctl status sdm-ssl-renewal.timer# Test renewal service
sudo systemctl start sdm-ssl-renewal.service
# Check logs
sudo journalctl -u sdm-ssl-renewal.serviceusage: ssl_client.py [-h] [--ip IP] [--token TOKEN] [--config CONFIG]
[--interactive] [--list] [--base-url BASE_URL]
[--cert-dir CERT_DIR] [--verbose]
SSL Certificate Client for Sanusi Digital Media
optional arguments:
-h, --help show this help message and exit
--ip IP Private IP address for certificate
--token TOKEN API token from sslgen.sanusi.id
--config CONFIG JSON configuration file path
--interactive, -i Interactive mode
--list, -l List stored certificates
--base-url BASE_URL Base URL for the API
--cert-dir CERT_DIR Certificate storage directory
--verbose, -v Verbose logging
- Token Security - Keep your API token secure, store in protected config files
- File Permissions - Private keys are automatically set to 600 (owner read-only)
- Directory Permissions - Certificate directories are created with appropriate permissions
- Network Security - All API communication uses HTTPS
- Log Security - Logs don't contain sensitive information
Make sure you're running as root or with sudo:
sudo ssl_client.py --interactive- Verify your token at https://sslgen.sanusi.id/register
- Check for rate limits (10 requests/hour per token)
- Ensure token starts with
sdm_
- Verify connectivity to sslgen.sanusi.id
- Check firewall settings
- Ensure DNS resolution works
- Only private IP addresses are supported (RFC 1918)
- Certificates are valid for 1 year
- Install the CA certificate on client devices
# View recent logs
sudo tail -f /var/log/sdm-ssl-client.log
# View systemd service logs
sudo journalctl -u sdm-ssl-renewal.service -f- API Limit - 10 requests per hour per token
- Private IPs Only - Only RFC 1918 private IP addresses are supported
- Certificate Validity - 1 year from generation date
ssl_client.py- Main client applicationinstall.sh- System installation scriptinstall_certs.sh- Web server configuration scriptconfig.json.example- Configuration templatesdm-ssl-renewal.service- Systemd service filesdm-ssl-renewal.timer- Systemd timer file
- Python 3.6+
requestslibrary- Root/sudo access for installation
- Valid API token from sslgen.sanusi.id
- API Documentation - Available at sslgen.sanusi.id
- Issues - Contact alice@sanusi.id
- Web Interface - https://sslgen.sanusi.id
- Registration - https://sslgen.sanusi.id/register
This client is provided as-is for use with the Sanusi Digital Media SSL Certificate service.