acme-client 2.0.0 → 2.0.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +8 -0
- data/README.md +15 -5
- data/lib/acme/client.rb +1 -0
- data/lib/acme/client/version.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 64374fceebb44c96455db6bda3486fdff6afcb54548fb073177d972ddfe5ea58
|
4
|
+
data.tar.gz: fcfe92ab66fe177c4ead06cf605f9207187250cafae6b6135e3b941fb20b9ed2
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 81a260cebd6797af5f1bfd2fc9249fb8969aa69eaf806c9849fc37ffe327a03a5eec8287606297d4d2bf62cdcfcde4a182d96fac5de0d58b4771b81d2b0aa45d
|
7
|
+
data.tar.gz: 2231b13253d255bc83004fd67d17bfcbf69ab94d593c4bc41f9509ef11a1f49a947bf01921334fed4e024184ad96d5fd595e11f2d8e9790b2d27a3ecb963c761
|
data/CHANGELOG.md
CHANGED
data/README.md
CHANGED
@@ -41,7 +41,7 @@ The client is initialized with a private key and the directory of your ACME prov
|
|
41
41
|
|
42
42
|
LetsEncrypt's `directory` is `https://acme-v02.api.letsencrypt.org/directory`.
|
43
43
|
|
44
|
-
They also have a staging
|
44
|
+
They also have a staging endpoint at `https://acme-staging-v02.api.letsencrypt.org/directory`.
|
45
45
|
|
46
46
|
`acme-ruby` expects `OpenSSL::PKey::RSA` or `OpenSSL::PKey::EC`
|
47
47
|
|
@@ -89,6 +89,16 @@ account = client.new_account(contact: 'mailto:info@example.com', terms_of_servic
|
|
89
89
|
account.kid # => <kid string>
|
90
90
|
```
|
91
91
|
|
92
|
+
If you already have an existing account (for example one created in ACME v1) please note that unless the `kid` is provided at initialization, the client will lazy load the `kid` by doing a `POST` to `newAccount` whenever the `kid` is required. Therefore, you can easily get your `kid` for an existing account and (if needed) store it for reuse:
|
93
|
+
|
94
|
+
```
|
95
|
+
client = Acme::Client.new(private_key: private_key, directory: 'https://acme-staging-v02.api.letsencrypt.org/directory')
|
96
|
+
|
97
|
+
# kid is not set, therefore a call to newAccount is made to lazy-initialize the kid
|
98
|
+
client.kid
|
99
|
+
=> "https://acme-staging-v02.api.letsencrypt.org/acme/acct/000000"
|
100
|
+
```
|
101
|
+
|
92
102
|
## Obtaining a certificate
|
93
103
|
### Ordering a certificate
|
94
104
|
|
@@ -96,7 +106,7 @@ To order a new certificate, the client must provide a list of identifiers.
|
|
96
106
|
|
97
107
|
The returned order will contain a list of `Authorization` that need to be completed in other to finalize the order, generally one per identifier.
|
98
108
|
|
99
|
-
Each authorization contains multiple challenges, typically a `dns-01` and a `http-01` challenge. The applicant is only required to complete one the challenges.
|
109
|
+
Each authorization contains multiple challenges, typically a `dns-01` and a `http-01` challenge. The applicant is only required to complete one of the challenges.
|
100
110
|
|
101
111
|
You can access the challenge you wish to complete using the `#dns` or `#http` method.
|
102
112
|
|
@@ -151,7 +161,7 @@ challenge.request_validation
|
|
151
161
|
|
152
162
|
The validation is performed asynchronously and can take some time to be performed by the server.
|
153
163
|
|
154
|
-
You can poll until its status
|
164
|
+
You can poll until its status changes.
|
155
165
|
|
156
166
|
```ruby
|
157
167
|
while challenge.status == 'pending'
|
@@ -165,12 +175,12 @@ challenge.status # => 'valid'
|
|
165
175
|
|
166
176
|
Once all required authorizations have been validated through challenges, the order can be finalized using a CSR ([Certificate Signing Request](https://en.wikipedia.org/wiki/Certificate_signing_request)).
|
167
177
|
|
168
|
-
A CSR can be slightly tricky to generate using OpenSSL from Ruby standard library. `acme-client` provide a utility class `CertificateRequest` to help with that.
|
178
|
+
A CSR can be slightly tricky to generate using OpenSSL from Ruby standard library. `acme-client` provide a utility class `CertificateRequest` to help with that. You'll need to use a different private key for the certificate request than the one you use for your `Acme::Client` account.
|
169
179
|
|
170
180
|
Certificate generation happens asynchronously. You may need to poll.
|
171
181
|
|
172
182
|
```ruby
|
173
|
-
csr = Acme::Client::CertificateRequest.new(private_key:
|
183
|
+
csr = Acme::Client::CertificateRequest.new(private_key: a_different_private_key, subject: { common_name: 'example.com' })
|
174
184
|
order.finalize(csr: csr)
|
175
185
|
sleep(1) while order.status == 'processing'
|
176
186
|
order.certificate # => PEM-formatted certificate
|
data/lib/acme/client.rb
CHANGED
data/lib/acme/client/version.rb
CHANGED
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: acme-client
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 2.0.
|
4
|
+
version: 2.0.1
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Charles Barbier
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2018-
|
11
|
+
date: 2018-08-27 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: bundler
|