acme-client 2.0.0 → 2.0.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +8 -0
- data/README.md +15 -5
- data/lib/acme/client.rb +1 -0
- data/lib/acme/client/version.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 64374fceebb44c96455db6bda3486fdff6afcb54548fb073177d972ddfe5ea58
|
|
4
|
+
data.tar.gz: fcfe92ab66fe177c4ead06cf605f9207187250cafae6b6135e3b941fb20b9ed2
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 81a260cebd6797af5f1bfd2fc9249fb8969aa69eaf806c9849fc37ffe327a03a5eec8287606297d4d2bf62cdcfcde4a182d96fac5de0d58b4771b81d2b0aa45d
|
|
7
|
+
data.tar.gz: 2231b13253d255bc83004fd67d17bfcbf69ab94d593c4bc41f9509ef11a1f49a947bf01921334fed4e024184ad96d5fd595e11f2d8e9790b2d27a3ecb963c761
|
data/CHANGELOG.md
CHANGED
data/README.md
CHANGED
|
@@ -41,7 +41,7 @@ The client is initialized with a private key and the directory of your ACME prov
|
|
|
41
41
|
|
|
42
42
|
LetsEncrypt's `directory` is `https://acme-v02.api.letsencrypt.org/directory`.
|
|
43
43
|
|
|
44
|
-
They also have a staging
|
|
44
|
+
They also have a staging endpoint at `https://acme-staging-v02.api.letsencrypt.org/directory`.
|
|
45
45
|
|
|
46
46
|
`acme-ruby` expects `OpenSSL::PKey::RSA` or `OpenSSL::PKey::EC`
|
|
47
47
|
|
|
@@ -89,6 +89,16 @@ account = client.new_account(contact: 'mailto:info@example.com', terms_of_servic
|
|
|
89
89
|
account.kid # => <kid string>
|
|
90
90
|
```
|
|
91
91
|
|
|
92
|
+
If you already have an existing account (for example one created in ACME v1) please note that unless the `kid` is provided at initialization, the client will lazy load the `kid` by doing a `POST` to `newAccount` whenever the `kid` is required. Therefore, you can easily get your `kid` for an existing account and (if needed) store it for reuse:
|
|
93
|
+
|
|
94
|
+
```
|
|
95
|
+
client = Acme::Client.new(private_key: private_key, directory: 'https://acme-staging-v02.api.letsencrypt.org/directory')
|
|
96
|
+
|
|
97
|
+
# kid is not set, therefore a call to newAccount is made to lazy-initialize the kid
|
|
98
|
+
client.kid
|
|
99
|
+
=> "https://acme-staging-v02.api.letsencrypt.org/acme/acct/000000"
|
|
100
|
+
```
|
|
101
|
+
|
|
92
102
|
## Obtaining a certificate
|
|
93
103
|
### Ordering a certificate
|
|
94
104
|
|
|
@@ -96,7 +106,7 @@ To order a new certificate, the client must provide a list of identifiers.
|
|
|
96
106
|
|
|
97
107
|
The returned order will contain a list of `Authorization` that need to be completed in other to finalize the order, generally one per identifier.
|
|
98
108
|
|
|
99
|
-
Each authorization contains multiple challenges, typically a `dns-01` and a `http-01` challenge. The applicant is only required to complete one the challenges.
|
|
109
|
+
Each authorization contains multiple challenges, typically a `dns-01` and a `http-01` challenge. The applicant is only required to complete one of the challenges.
|
|
100
110
|
|
|
101
111
|
You can access the challenge you wish to complete using the `#dns` or `#http` method.
|
|
102
112
|
|
|
@@ -151,7 +161,7 @@ challenge.request_validation
|
|
|
151
161
|
|
|
152
162
|
The validation is performed asynchronously and can take some time to be performed by the server.
|
|
153
163
|
|
|
154
|
-
You can poll until its status
|
|
164
|
+
You can poll until its status changes.
|
|
155
165
|
|
|
156
166
|
```ruby
|
|
157
167
|
while challenge.status == 'pending'
|
|
@@ -165,12 +175,12 @@ challenge.status # => 'valid'
|
|
|
165
175
|
|
|
166
176
|
Once all required authorizations have been validated through challenges, the order can be finalized using a CSR ([Certificate Signing Request](https://en.wikipedia.org/wiki/Certificate_signing_request)).
|
|
167
177
|
|
|
168
|
-
A CSR can be slightly tricky to generate using OpenSSL from Ruby standard library. `acme-client` provide a utility class `CertificateRequest` to help with that.
|
|
178
|
+
A CSR can be slightly tricky to generate using OpenSSL from Ruby standard library. `acme-client` provide a utility class `CertificateRequest` to help with that. You'll need to use a different private key for the certificate request than the one you use for your `Acme::Client` account.
|
|
169
179
|
|
|
170
180
|
Certificate generation happens asynchronously. You may need to poll.
|
|
171
181
|
|
|
172
182
|
```ruby
|
|
173
|
-
csr = Acme::Client::CertificateRequest.new(private_key:
|
|
183
|
+
csr = Acme::Client::CertificateRequest.new(private_key: a_different_private_key, subject: { common_name: 'example.com' })
|
|
174
184
|
order.finalize(csr: csr)
|
|
175
185
|
sleep(1) while order.status == 'processing'
|
|
176
186
|
order.certificate # => PEM-formatted certificate
|
data/lib/acme/client.rb
CHANGED
data/lib/acme/client/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: acme-client
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 2.0.
|
|
4
|
+
version: 2.0.1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Charles Barbier
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2018-
|
|
11
|
+
date: 2018-08-27 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: bundler
|