acmesmith 2.7.0 → 2.8.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: '00710093e0dc9f9ec6ba1d54bf67585d45efa053e8a6bd7250c638abfce17908'
-  data.tar.gz: ecff83969fbf75e8566f1f75638b35937615af3d9fe05a759663d1a82b5d11af
+  metadata.gz: 252b913c94d04e35760101aedc61410f00bc59c806830f86d1348237c213700b
+  data.tar.gz: e494fc15b7bbdbc1b5b59dfcbb654d654c7908defa749106c8e37cd52d3d882e
 SHA512:
-  metadata.gz: 6df65f1bef30badd2f6691bebeeadf2548d878404a31b166a8fb607aae1027c02345162db7068bb3eb276718aae819dd31ec0188a6075d6fd69d28252d4c79d6
-  data.tar.gz: c2689ab6ffcd876a5af2c7c4b25c1b4b2553c20c07472b8698d1b43787ad2ed5bac72354381aa76b4da6fb64fd5a2f60b2ee09006f58caa1b16083e12067e391
+  metadata.gz: 2b075a5fc9d32491774864c8035a6de3b3eb8dd03ccea006330f63cce4beac3c8ca4304b51d6b6d6bf406aacf196424c8dd7aaa7f772226240aa2b0138c40474
+  data.tar.gz: c209c626c45fa16f547ca0bea14271bb8c850592b5ef205a7c19269d5c7f0cb941101caaf75e9cdd510e46f5731723bf7cf73abf9878de95171ecd07aed0f5cc

data/CHANGELOG.md

@@ -1,3 +1,25 @@
+## v2.8.0 (2025-11-11)
+
+### Enhancements
+
+- post_issuing_hooks/shell: Gained `$CERT_NAME` environment variable which is to replace `$COMMON_NAME` for certificates without CN field. [#76](https://github.com/sorah/acmesmith/pull/76)
+- certificate: gained `name` method (Certificate#name) in addition to Certificate#common_name, for certificates without CN field. Plugin authors are encouraged to migrate on this new API. [#76](https://github.com/sorah/acmesmith/pull/76)
+
+### Fixes
+
+- A certificate name is now inherited to a new certificate during autorenew and add-san command for stability, otherwise it could be saved under an another name when CA has issued the new certificate with different subject field or SANs field due to its policy/behaviour change; If you're using 3rd party storage plugins, it has to be updated to use Certificate#name instead of Certificate#common_name to support certificates without CN field. [#77](https://github.com/sorah/acmesmith/pull/77)
+
+### Updates
+
+- Update gemspec to the latest bundler's provided template. This removes certain irrevant files from a released gem package. [#73](https://github.com/sorah/acmesmith/issues/73)
+- Use rubygems.org trusted publishing via GitHub Actions [#73](https://github.com/sorah/acmesmith/issues/73)
+
+## v2.7.1 (2025-08-21)
+
+### Bug fixes
+
+- autorenew: Failed when expired certificates were present. [#72](https://github.com/sorah/acmesmith/issues/72)
+
 ## v2.7.0 (2025-04-28)
 
 ### Enhancements

data/README.md

@@ -1,6 +1,6 @@
 # Acmesmith: A simple, effective ACME v2 client to use with many servers and a cloud
 
-![ci](https://github.com/sorah/acmesmith/workflows/ci/badge.svg?event=push)  <a href='https://ko-fi.com/J3J8CKMUU' target='_blank'><img height='36' style='border:0px;height:36px;' src='https://cdn.ko-fi.com/cdn/kofi3.png?v=3' border='0' alt='Buy Me a Coffee at ko-fi.com' /></a>
+[![ci](https://github.com/sorah/acmesmith/actions/workflows/build.yml/badge.svg?event=push)](https://github.com/sorah/acmesmith/actions/workflows/build.yml) <a href='https://ko-fi.com/J3J8CKMUU' target='_blank'><img height='36' style='border:0px;height:36px;' src='https://cdn.ko-fi.com/cdn/kofi3.png?v=3' border='0' alt='Buy Me a Coffee at ko-fi.com' /></a>
 
 
 Acmesmith is an [ACME (Automatic Certificate Management Environment)](https://github.com/ietf-wg-acme/acme) client that works perfect on environment with multiple servers. This client saves certificate and keys on cloud services (e.g. AWS S3) securely, then allow to deploy issued certificates onto your servers smoothly. This works well on [Let's encrypt](https://letsencrypt.org).

data/docs/post_issuing_hooks/shell.md

@@ -1,17 +1,20 @@
 # Post Issuing Hook: Shell
 
-Execute specified command on a shell. Environment variable `${COMMON_NAME}` is available.
+Execute specified command on a shell. Environment variable `${CERT_NAME}` is available.
 
 ```yaml
 post_issuing_hooks:
   "test.example.com":
     - shell:
-        command: mail -s "New cert for ${COMMON_NAME} has been issued" user@example.com < /dev/null
+        command: mail -s "New cert for ${CERT_NAME} has been issued" user@example.com < /dev/null
     - shell:
-        command: touch /tmp/certs-has-been-issued-${COMMON_NAME}
+        command: touch /tmp/certs-has-been-issued-${CERT_NAME}
   "admin.example.com":
     - shell:
-        command: /usr/bin/dosomethingelse ${COMMON_NAME}
+        command: /usr/bin/dosomethingelse ${CERT_NAME}
 ```
 
+## What happened to `${COMMON_NAME}`?
 
+In modern CA behavior, certificates may be missing CN field, or entire subject field.
+It is still available, but we recommend to use `${CERT_NAME}` instead, which obtains a certificate name from certain sources.

data/lib/acmesmith/certificate.rb

@@ -17,10 +17,11 @@ module Acmesmith
     # Return Acmesmith::Certificate by an issued certificate
     # @param pem_chain [String]
     # @param csr [Acme::Client::CertificateRequest]
+    # @param name [String, nil]
     # @return [Acmesmith::Certificate]
-    def self.by_issuance(pem_chain, csr)
+    def self.by_issuance(pem_chain, csr, name: nil)
       pems = split_pems(pem_chain)
-      new(pems[0], pems[1..-1], csr.private_key, nil, csr)
+      new(pems[0], pems[1..-1], csr.private_key, nil, csr, name: name)
     end
 
     # @param certificate [OpenSSL::X509::Certificate, String]
@@ -28,7 +29,9 @@ module Acmesmith
     # @param private_key [String, OpenSSL::PKey::PKey]
     # @param key_passphrase [String, nil]
     # @param csr [String, OpenSSL::X509::Request, nil]
-    def initialize(certificate, chain, private_key, key_passphrase = nil, csr = nil)
+    # @param name [String, nil]
+    def initialize(certificate, chain, private_key, key_passphrase = nil, csr = nil, name: nil)
+      @name = name
       @certificate = case certificate
                      when OpenSSL::X509::Certificate
                        certificate
@@ -94,6 +97,8 @@ module Acmesmith
     # @return [OpenSSL::X509::Request]
     attr_reader :csr
 
+    attr_writer :name
+
     # Try to decrypt private_key if encrypted.
     # @param pw [String] passphrase for encrypted PEM
     # @raise [PrivateKeyDecrypted] if private_key is decrypted
@@ -128,18 +133,38 @@ module Acmesmith
       chain.map(&:to_pem).join("\n")
     end
 
-    # @return [String] common name
+    # Returns a predicted certificate name, taken from common name or first SAN.
+    # Note that this value can contain colons (':') if name is taken from non-DNS subject alternative name.
+    # @return [String] certificate name
+    def name
+      @name || common_name || sans.first || all_sans.first
+    end
+
+    # Returns a certificate common name taken from the certificate subject's CN field.
+    # Under the real CA, CNs can be missing. Use #name instead to retrieve the certificate name for most cases.
+    # ref. https://github.com/letsencrypt/pebble/pull/491#pullrequestreview-2718607820
+    # @return [String, nil] common name
     def common_name
-      certificate.subject.to_a.assoc('CN')[1]
+      certificate.subject.to_a.assoc('CN')&.fetch(1)
     end
 
-    # @return [Array<String>] Subject Alternative Names (dNSname)
-    def sans
+    # Returns a list of subject alternative names included in the certificate.
+    # @return [Array<String>] Subject Alternative Names
+    def all_sans
       certificate.extensions.select { |_| _.oid == 'subjectAltName' }.flat_map do |ext|
-        ext.value.split(/,\s*/).select { |_| _.start_with?('DNS:') }.map { |_| _[4..-1] }
+        ext.value.split(/,\s*/)
       end
     end
 
+    # Returns a list of DNS subject alternative names included in the certificate.
+    # Strips DNS: prefix from returned values.
+    # @return [Array<String>] Subject Alternative Names (dNSname)
+    def sans
+      all_sans.select do |san|
+        san.start_with?('DNS:')
+      end.map { |_| _[4..-1] }
+    end
+
     # @return [String] Version string (consists of NotBefore time & certificate serial)
     def version
       "#{certificate.not_before.utc.strftime('%Y%m%d-%H%M%S')}_#{certificate.serial.to_i.to_s(16)}"
@@ -147,7 +172,7 @@ module Acmesmith
 
     # @return [OpenSSL::PKCS12]
     def pkcs12(passphrase)
-      OpenSSL::PKCS12.create(passphrase, common_name, private_key, certificate, chain)
+      OpenSSL::PKCS12.create(passphrase, name, private_key, certificate, chain)
     end
 
     # @return [CertificateExport]

data/lib/acmesmith/certificate_retrieving_service.rb

@@ -3,13 +3,13 @@ require 'acmesmith/certificate'
 module Acmesmith
   class CertificateRetrievingService
     # @param acme [Acme::Client]
-    # @param common_name [String]
+    # @param name [String]
     # @param url [String] ACME Certificate URL
     # @param chain_preferences [Array<Acmesmith::Config::ChainPreference>]
-    def initialize(acme, common_name, url, chain_preferences: [])
+    def initialize(acme, name, url, chain_preferences: [])
       @acme = acme
       @url = url
-      @chain_preferences = chain_preferences.select { |_| _.filter.match?(common_name) }
+      @chain_preferences = chain_preferences.select { |_| _.filter.match?(name) }
     end
 
     attr_reader :acme

data/lib/acmesmith/client.rb

@@ -30,35 +30,35 @@ module Acmesmith
       raise NotImplementedError, "Domain authorization in advance is still not available in acme-client (v2). Required authorizations will be performed when ordering certificates"
     end
 
-    def post_issue_hooks(common_name)
-      cert = storage.get_certificate(common_name)
+    def post_issue_hooks(name)
+      cert = load_certificate_from_storage(name)
       execute_post_issue_hooks(cert)
     end
 
     def execute_post_issue_hooks(certificate)
-      hooks = config.post_issuing_hooks(certificate.common_name)
+      hooks = config.post_issuing_hooks(certificate.name)
       return if hooks.empty?
-      puts "=> Executing post issuing hooks for CN=#{certificate.common_name}"
+      puts "=> Executing post issuing hooks for CN=#{certificate.name}"
       hooks.each do |hook|
         hook.run(certificate: certificate)
       end
       puts
     end
 
-    def certificate_versions(common_name)
-      storage.list_certificate_versions(common_name).sort
+    def certificate_versions(name)
+      storage.list_certificate_versions(name).sort
     end
 
     def certificates_list
       storage.list_certificates.sort
     end
 
-    def current(common_name)
-      storage.get_current_certificate_version(common_name)
+    def current(name)
+      storage.get_current_certificate_version(name)
     end
 
-    def get_certificate(common_name, version: 'current', type: 'text')
-      cert = storage.get_certificate(common_name, version: version)
+    def get_certificate(name, version: 'current', type: 'text')
+      cert = storage.get_certificate(name, version: version)
 
       certs = []
       case type
@@ -76,8 +76,8 @@ module Acmesmith
       certs
     end
 
-    def save_certificate(common_name, version: 'current', mode: '0600', output:, type: 'fullchain')
-      cert = storage.get_certificate(common_name, version: version)
+    def save_certificate(name, version: 'current', mode: '0600', output:, type: 'fullchain')
+      cert = storage.get_certificate(name, version: version)
       File.open(output, 'w', mode.to_i(8)) do |f|
         case type
         when 'certificate'
@@ -90,23 +90,23 @@ module Acmesmith
       end
     end
 
-    def get_private_key(common_name, version: 'current')
-      cert = storage.get_certificate(common_name, version: version)
+    def get_private_key(name, version: 'current')
+      cert = storage.get_certificate(name, version: version)
       cert.key_passphrase = certificate_key_passphrase if certificate_key_passphrase
 
       cert.private_key.to_pem
     end
 
-    def save_private_key(common_name, version: 'current', mode: '0600', output:)
-      cert = storage.get_certificate(common_name, version: version)
+    def save_private_key(name, version: 'current', mode: '0600', output:)
+      cert = storage.get_certificate(name, version: version)
       cert.key_passphrase = certificate_key_passphrase if certificate_key_passphrase
       File.open(output, 'w', mode.to_i(8)) do |f|
         f.puts(cert.private_key)
       end
     end
 
-    def save_pkcs12(common_name, version: 'current', mode: '0600', output:, passphrase:)
-      cert = storage.get_certificate(common_name, version: version)
+    def save_pkcs12(name, version: 'current', mode: '0600', output:, passphrase:)
+      cert = storage.get_certificate(name, version: version)
       cert.key_passphrase = certificate_key_passphrase if certificate_key_passphrase
       
       p12 = cert.pkcs12(passphrase)
@@ -115,17 +115,18 @@ module Acmesmith
       end
     end
 
-    def save(common_name, version: 'current', **kwargs)
-      cert = storage.get_certificate(common_name, version: version)
+    def save(name, version: 'current', **kwargs)
+      cert = storage.get_certificate(name, version: version)
       cert.key_passphrase = certificate_key_passphrase if certificate_key_passphrase
 
       SaveCertificateService.new(cert, **kwargs).perform!
     end
 
-    def autorenew(days: 30, remaining_life: nil, common_names: nil)
-      (common_names || storage.list_certificates).each do |cn|
+    def autorenew(days: 30, remaining_life: nil, names: nil)
+      (names || storage.list_certificates).each do |cn|
         puts "=> #{cn}"
-        cert = storage.get_certificate(cn)
+        cert = load_certificate_from_storage(cn)
+
         not_after = cert.certificate.not_after.utc
 
         lifetime = cert.certificate.not_after.utc - cert.certificate.not_before.utc
@@ -139,24 +140,30 @@ module Acmesmith
         puts "   Not valid after: #{not_after} (lifetime=#{format_duration(lifetime+1)}, remaining=#{format_duration(remaining)}, #{"%0.2f" % (ratio.to_f*100)}%)"
         next unless has_to_renew
 
-        puts " * Renewing: CN=#{cert.common_name}, SANs=#{cert.sans.join(',')}"
-        order_with_private_key(cert.common_name, *cert.sans, private_key: regenerate_private_key(cert.public_key))
+        puts " * Renewing: #{cert.name.inspect}, SANs=#{cert.sans.join(',')}"
+        order_with_private_key(cert.name, *cert.sans, private_key: regenerate_private_key(cert.public_key))
       end
     end
 
-    def add_san(common_name, *add_sans)
-      puts "=> reissuing CN=#{common_name} with new SANs #{add_sans.join(?,)}"
-      cert = storage.get_certificate(common_name)
+    def add_san(name, *add_sans)
+      puts "=> reissuing #{name.inspect} with new SANs #{add_sans.join(?,)}"
+      cert = load_certificate_from_storage(name)
       sans = cert.sans + add_sans
       puts " * SANs will be: #{sans.join(?,)}"
-      order_with_private_key(cert.common_name, *sans, private_key: regenerate_private_key(cert.public_key))
+      order_with_private_key(cert.name, *sans, private_key: regenerate_private_key(cert.public_key))
     end
 
     private
 
     # @param [Numeric] duration
     def format_duration(duration)
-      raise ArgumentError if !duration.is_a?(Numeric) || duration < 0
+      raise ArgumentError if !duration.is_a?(Numeric)
+      negative = if duration < 0
+        duration *= -1
+        true
+      else
+        false
+      end
 
       # Calculate components using divmod
       days, remainder  = duration.divmod(86400)
@@ -167,6 +174,7 @@ module Acmesmith
       [[days, 'd'], [hours, 'h'], [minutes, 'm'], [seconds, 's']]
         .select { |v,| v > 0 }
         .map { |v, unit| "#{v.to_i}#{unit}" }
+        .then { |a| negative ? ['-', *a] : a }
         .join
     end
 
@@ -205,10 +213,11 @@ module Acmesmith
       end
     end
 
-    def order_with_private_key(*identifiers, private_key:, not_before: nil, not_after: nil)
+    def order_with_private_key(name, *identifiers, private_key:, not_before: nil, not_after: nil)
       order = OrderingService.new(
         acme: acme,
-        identifiers: identifiers,
+        common_name: name,
+        identifiers: [name, *identifiers],
         private_key: private_key,
         challenge_responder_rules: config.challenge_responders,
         chain_preferences: config.chain_preferences,
@@ -251,5 +260,12 @@ module Acmesmith
         raise ArgumentError, "Unknown key type: #{template.class}"
       end
     end
+
+    # Load certificate from storage, inherit name property to loaded certificate to ensure stability of #name during renewal.
+    def load_certificate_from_storage(name)
+      retval = storage.get_certificate(name)
+      retval.name = name
+      retval
+    end
   end
 end

data/lib/acmesmith/command.rb

@@ -30,14 +30,14 @@ module Acmesmith
       # client.authorize(*domains)
     end
 
-    desc "order COMMON_NAME [SAN]", "order certificate for CN +COMMON_NAME+ with SANs +SAN+"
+    desc "order NAME [SAN]", "order certificate for CN +NAME+ with SANs +SAN+"
     method_option :show_certificate, type: :boolean, aliases: %w(-s), default: true, desc: 'show an issued certificate in PEM and text when exiting'
     method_option :key_type, type: :string, enum: %w(rsa ec), default: 'rsa', desc: 'key type'
     method_option :rsa_key_size, type: :numeric, default: 2048, desc: 'size of RSA key'
     method_option :elliptic_curve, type: :string, default: 'prime256v1', desc: 'elliptic curve group for EC key'
-    def order(common_name, *sans)
+    def order(name, *sans)
       cert = client.order(
-        common_name, *sans,
+        name, *sans,
         key_type: options[:key_type],
         rsa_key_size: options[:rsa_key_size],
         elliptic_curve: options[:elliptic_curve],
@@ -48,60 +48,60 @@ module Acmesmith
       end
     end
 
-    desc "post-issue-hooks COMMON_NAME", "Run all post-issuing hooks for common name. (for testing purpose)"
-    def post_issue_hooks(common_name)
-      client.post_issue_hooks(common_name)
+    desc "post-issue-hooks NAME", "Run all post-issuing hooks for common name. (for testing purpose)"
+    def post_issue_hooks(name)
+      client.post_issue_hooks(name)
     end
     map 'post-issue-hooks' => :post_issue_hooks
 
-    desc "list [COMMON_NAME]", "list certificates or its versions"
-    def list(common_name = nil)
-      if common_name
-        puts client.certificate_versions(common_name)
+    desc "list [NAME]", "list certificates or its versions"
+    def list(name = nil)
+      if name
+        puts client.certificate_versions(name)
       else
         puts client.certificates_list
       end
     end
 
-    desc "current COMMON_NAME", "show current version for certificate"
-    def current(common_name)
-      puts client.current(common_name)
+    desc "current NAME", "show current version for certificate"
+    def current(name)
+      puts client.current(name)
     end
 
-    desc "show-certificate COMMON_NAME", "show certificate"
+    desc "show-certificate NAME", "show certificate"
     method_option :version, type: :string, default: 'current'
     method_option :type, type: :string, enum: %w(text certificate chain fullchain), default: 'text'
-    def show_certificate(common_name)
-      certs = client.get_certificate(common_name, version: options[:version], type: options[:type])
+    def show_certificate(name)
+      certs = client.get_certificate(name, version: options[:version], type: options[:type])
       puts certs
     end
     map 'show-certiticate' => :show_certificate
 
-    desc 'save-certificate COMMON_NAME', 'Save certificate to a file'
+    desc 'save-certificate NAME', 'Save certificate to a file'
     method_option :version, type: :string, default: 'current'
     method_option :type, type: :string, enum: %w(certificate chain fullchain), default: 'fullchain'
     method_option :output, type: :string, required: true, banner: 'PATH', desc: 'Path to output file'
     method_option :mode, type: :string, default: '0600', desc: 'Mode (permission) of the output file on create'
-    def save_certificate(common_name)
-      client.save_certificate(common_name, version: options[:version], mode: options[:mode], output: options[:output], type: options[:type])
+    def save_certificate(name)
+      client.save_certificate(name, version: options[:version], mode: options[:mode], output: options[:output], type: options[:type])
     end
 
-    desc "show-private-key COMMON_NAME", "show private key"
+    desc "show-private-key NAME", "show private key"
     method_option :version, type: :string, default: 'current'
-    def show_private_key(common_name)
-      puts client.get_private_key(common_name, version: options[:version])
+    def show_private_key(name)
+      puts client.get_private_key(name, version: options[:version])
     end
     map 'show-private-key' => :show_private_key
 
-    desc 'save-private-key COMMON_NAME', 'Save private key to a file'
+    desc 'save-private-key NAME', 'Save private key to a file'
     method_option :version, type: :string, default: 'current'
     method_option :output, type: :string, required: true, banner: 'PATH', desc: 'Path to output file'
     method_option :mode, type: :string, default: '0600', desc: 'Mode (permission) of the output file on create'
-    def save_private_key(common_name)
-      client.save_private_key(common_name, version: options[:version], mode: options[:mode], output: options[:output])
+    def save_private_key(name)
+      client.save_private_key(name, version: options[:version], mode: options[:mode], output: options[:output])
     end
 
-    desc 'save COMMON_NAME', 'Save (or update) certificate and key files.'
+    desc 'save NAME', 'Save (or update) certificate and key files.'
     method_option :version, type: :string, default: 'current'
     method_option :key_mode, type: :string, default: '0600', desc: 'Mode (permission) of the key file on create'
     method_option :certificate_mode, type: :string, default: '0644', desc: 'Mode (permission) of the certificate files on create'
@@ -111,9 +111,9 @@ module Acmesmith
     method_option :chain_file, type: :string, required: false , banner: 'PATH', desc: 'Path to save a certificate chain (root and intermediate CA)'
     method_option :certificate_file, type: :string, required: false, banner: 'PATH', desc: 'Path to save a certficiate'
     method_option :atomic, type: :boolean, default: true, desc: 'Enable atomic file update with rename(2)'
-    def save(common_name)
+    def save(name)
       client.save(
-        common_name,
+        name,
         version: options[:version],
         key_mode: options[:key_mode],
         certificate_mode: options[:certificate_mode],
@@ -127,11 +127,11 @@ module Acmesmith
       )
     end
 
-    desc 'save-pkcs12 COMMON_NAME', 'Save ceriticate and private key to .p12 file'
+    desc 'save-pkcs12 NAME', 'Save ceriticate and private key to .p12 file'
     method_option :version, type: :string, default: 'current'
     method_option :output, type: :string, required: true, banner: 'PATH', desc: 'Path to output file'
     method_option :mode, type: :string, default: '0600', desc: 'Mode (permission) of the output file on create'
-    def save_pkcs12(common_name)
+    def save_pkcs12(name)
       print 'Passphrase: '
       passphrase = $stdin.noecho { $stdin.gets }.chomp
       print "\nPassphrase (confirm): "
@@ -139,13 +139,13 @@ module Acmesmith
       puts
 
       raise ArgumentError, "Passphrase doesn't match" if passphrase != passphrase2
-      client.save_pkcs12(common_name, version: options[:version], mode: options[:mode], output: options[:output], passphrase: passphrase)
+      client.save_pkcs12(name, version: options[:version], mode: options[:mode], output: options[:output], passphrase: passphrase)
     end
 
-    desc "autorenew [COMMON_NAMES]", "request renewal of certificates which expires soon"
+    desc "autorenew [NAMES]", "request renewal of certificates which expires soon"
     method_option :days, type: :numeric, aliases: %w(-d), default: nil, desc: 'specify threshold in days to select certificates to renew'
     method_option :remaining_life, type: :string, aliases: %w(-r), default: '1/3', desc: "Specify threshold based on remaining life. Accepts a percentage ('20%') or fraction ('1/3')"
-    def autorenew(*common_names)
+    def autorenew(*names)
       remaining_life = case options[:remaining_life]
                        when %r{\A\d+/\d+\z}
                          Rational(options[:remaining_life])
@@ -156,12 +156,12 @@ module Acmesmith
                        else
                          raise ArgumentError, "invalid format for --remaining-life: it must be in '..%' or '../..'"
                        end
-      client.autorenew(days: options[:days], remaining_life: remaining_life, common_names: common_names.empty? ? nil : common_names)
+      client.autorenew(days: options[:days], remaining_life: remaining_life, names: names.empty? ? nil : names)
     end
 
-    desc "add-san COMMON_NAME [ADDITIONAL_SANS]", "request renewal of existing certificate with additional SANs"
-    def add_san(common_name, *add_sans)
-      client.add_san(common_name, *add_sans)
+    desc "add-san NAME [ADDITIONAL_SANS]", "request renewal of existing certificate with additional SANs"
+    def add_san(name, *add_sans)
+      client.add_san(name, *add_sans)
     end
 
     desc "register CONTACT", "(deprecated, use 'acmesmith new-account')"
@@ -175,16 +175,16 @@ module Acmesmith
       new_account(contact)
     end
 
-    desc "request COMMON_NAME [SAN]", "(deprecated, use 'acmesmith order')"
+    desc "request NAME [SAN]", "(deprecated, use 'acmesmith order')"
     method_option :show_certificate, type: :boolean, aliases: %w(-s), default: true, desc: 'show an issued certificate in PEM and text when exiting'
-    def request(common_name, *sans)
+    def request(name, *sans)
       warn "!"
       warn "! DEPRECATION WARNING: Use 'acmesmith order' command"
       warn "! There is no user-facing breaking changes. It takes the same arguments with 'acmesmith request'."
       warn "!"
       warn "! This is due to change in semantics of ACME v2. ACME v2 defines 'order' instead of 'request' in v1."
       warn "!"
-      order(common_name, *sans)
+      order(name, *sans)
     end
 
     private

data/lib/acmesmith/ordering_service.rb

@@ -7,14 +7,16 @@ module Acmesmith
     class NotCompleted < StandardError; end
 
     # @param acme [Acme::Client] ACME client
-    # @param identifiers [Array<String>] Array of domain names for a ordering certificate. The first item will be a common name.
+    # @param common_name [String] Common Name for a ordering certificate
+    # @param identifiers [Array<String>] Array of domain names for a ordering certificate. common_name has to be explicitly included in this argument.
     # @param private_key [OpenSSL::PKey::PKey] Private key
     # @param challenge_responder_rules [Array<Acmesmith::Config::ChallengeResponderRule>] responders
     # @param chain_preferences [Array<Acmesmith::Config::ChainPreference>] chain_preferences
     # @param not_before [Time]
     # @param not_after [Time]
-    def initialize(acme:, identifiers:, private_key:, challenge_responder_rules:, chain_preferences:, not_before: nil, not_after: nil)
+    def initialize(acme:, common_name:, identifiers:, private_key:, challenge_responder_rules:, chain_preferences:, not_before: nil, not_after: nil)
       @acme = acme
+      @common_name = common_name
       @identifiers = identifiers
       @private_key = private_key
       @challenge_responder_rules = challenge_responder_rules
@@ -23,7 +25,7 @@ module Acmesmith
       @not_after = not_after
     end
 
-    attr_reader :acme, :identifiers, :private_key, :challenge_responder_rules, :chain_preferences, :not_before, :not_after
+    attr_reader :acme, :common_name, :identifiers, :private_key, :challenge_responder_rules, :chain_preferences, :not_before, :not_after
 
     def perform!
       puts "=> Ordering a certificate for the following identifiers:"
@@ -43,7 +45,7 @@ module Acmesmith
       finalize_order()
       wait_order_for_complete()
 
-      @certificate = Certificate.by_issuance(pem_chain, csr)
+      @certificate = Certificate.by_issuance(pem_chain, csr, name: common_name)
 
       puts
       puts "=> Certificate issued"
@@ -97,11 +99,6 @@ module Acmesmith
       @order or raise "BUG: order not yet generated"
     end
 
-    # @return [String]
-    def common_name
-      identifiers.first
-    end
-
     # @return [Array<String>]
     def sans
       identifiers[1..-1]

data/lib/acmesmith/post_issuing_hooks/shell.rb

@@ -10,10 +10,10 @@ module Acmesmith
       end
 
       def execute
-        puts "=> Executing Post Issueing Hook for #{common_name} in #{self.class.name}"
+        puts "=> Executing Post Issuing Hook for #{certificate.name.inspect} in #{self.class.name}"
         puts " $ #{@command}"
 
-        status = system({"COMMON_NAME" => common_name}, @command)
+        status = system({"CERT_NAME" => certificate.name, "COMMON_NAME" => common_name}.compact, @command)
 
         unless status
           if @ignore_failure

data/lib/acmesmith/save_certificate_service.rb

@@ -23,7 +23,7 @@ module Acmesmith
         return
       end
 
-      log "Saving certificate CN=#{cert.common_name} (ver: #{cert.version})"
+      log "Saving certificate #{cert.name.inspect} (ver: #{cert.version})"
 
       write_file(key_file, key_mode, cert.private_key)
       write_file(certificate_file, certificate_mode, cert.certificate.to_pem)

data/lib/acmesmith/storages/base.rb

@@ -25,28 +25,28 @@ module Acmesmith
         raise NotImplementedError
       end
 
-      # @param common_name [String]
+      # @param name [String]
       # @param version [String, nil]
       # @return [Acmesmith::Certificate]
-      def get_certificate(common_name, version: 'current')
+      def get_certificate(name, version: 'current')
         raise NotImplementedError
       end
 
-      # @param common_name [String]
-      # @return [String] array of common_names
+      # @param name [String]
+      # @return [String] array of certificate names
       def list_certificates
         raise NotImplementedError
       end
 
-      # @param common_name [String]
+      # @param name [String]
       # @return [String] array of versions
-      def list_certificate_versions(common_name)
+      def list_certificate_versions(name)
         raise NotImplementedError
       end
 
-      # @param common_name [String]
+      # @param name [String]
       # @return [String] current version
-      def get_current_certificate_version(common_name)
+      def get_current_certificate_version(name)
         raise NotImplementedError
       end
     end

data/lib/acmesmith/storages/filesystem.rb

@@ -25,22 +25,22 @@ module Acmesmith
 
       def put_certificate(cert, passphrase = nil, update_current: true)
         h = cert.export(passphrase)
-        certificate_base_path(cert.common_name, cert.version).mkpath
-        File.write certificate_path(cert.common_name, cert.version), "#{h[:certificate].rstrip}\n"
-        File.write chain_path(cert.common_name, cert.version), "#{h[:chain].rstrip}\n"
-        File.write fullchain_path(cert.common_name, cert.version), "#{h[:fullchain].rstrip}\n"
-        File.write private_key_path(cert.common_name, cert.version), "#{h[:private_key].rstrip}\n", 0, perm: 0600
+        certificate_base_path(cert.name, cert.version).mkpath
+        File.write certificate_path(cert.name, cert.version), "#{h[:certificate].rstrip}\n"
+        File.write chain_path(cert.name, cert.version), "#{h[:chain].rstrip}\n"
+        File.write fullchain_path(cert.name, cert.version), "#{h[:fullchain].rstrip}\n"
+        File.write private_key_path(cert.name, cert.version), "#{h[:private_key].rstrip}\n", 0, perm: 0600
         if update_current
-          File.symlink(cert.version, certificate_base_path(cert.common_name, 'current.new'))
-          File.rename(certificate_base_path(cert.common_name, 'current.new'), certificate_base_path(cert.common_name, 'current'))
+          File.symlink(cert.version, certificate_base_path(cert.name, 'current.new'))
+          File.rename(certificate_base_path(cert.name, 'current.new'), certificate_base_path(cert.name, 'current'))
         end
       end
 
-      def get_certificate(common_name, version: 'current')
-        raise NotExist.new("Certificate for #{common_name.inspect} of #{version} version doesn't exist") unless certificate_base_path(common_name, version).exist?
-        certificate = certificate_path(common_name, version).read
-        chain = chain_path(common_name, version).read
-        private_key = private_key_path(common_name, version).read
+      def get_certificate(name, version: 'current')
+        raise NotExist.new("Certificate for #{name.inspect} of #{version} version doesn't exist") unless certificate_base_path(name, version).exist?
+        certificate = certificate_path(name, version).read
+        chain = chain_path(name, version).read
+        private_key = private_key_path(name, version).read
         Certificate.new(certificate, chain, private_key)
       end
 
@@ -48,12 +48,12 @@ module Acmesmith
         Dir[path.join('certs', '*').to_s].map { |_| File.basename(_) }
       end
 
-      def list_certificate_versions(common_name)
-        Dir[path.join('certs', common_name, '*').to_s].map { |_| File.basename(_) }.reject { |_| _ == 'current' }
+      def list_certificate_versions(name)
+        Dir[path.join('certs', name, '*').to_s].map { |_| File.basename(_) }.reject { |_| _ == 'current' }
       end
 
-      def get_current_certificate_version(common_name)
-        path.join('certs', common_name, 'current').readlink
+      def get_current_certificate_version(name)
+        path.join('certs', name, 'current').readlink
       end
 
       private

data/lib/acmesmith/storages/s3.rb

@@ -83,34 +83,34 @@ module Acmesmith
           @s3.put_object(params)
         end
 
-        put.call certificate_key(cert.common_name, cert.version), "#{h[:certificate].rstrip}\n", false
-        put.call chain_key(cert.common_name, cert.version), "#{h[:chain].rstrip}\n", false
-        put.call fullchain_key(cert.common_name, cert.version), "#{h[:fullchain].rstrip}\n", false
-        put.call private_key_key(cert.common_name, cert.version), "#{h[:private_key].rstrip}\n", use_kms
+        put.call certificate_key(cert.name, cert.version), "#{h[:certificate].rstrip}\n", false
+        put.call chain_key(cert.name, cert.version), "#{h[:chain].rstrip}\n", false
+        put.call fullchain_key(cert.name, cert.version), "#{h[:fullchain].rstrip}\n", false
+        put.call private_key_key(cert.name, cert.version), "#{h[:private_key].rstrip}\n", use_kms
 
         if generate_pkcs12?(cert)
-          put.call pkcs12_key(cert.common_name, cert.version), "#{cert.pkcs12(@pkcs12_passphrase).to_der}\n", use_kms, 'application/x-pkcs12'
+          put.call pkcs12_key(cert.name, cert.version), "#{cert.pkcs12(@pkcs12_passphrase).to_der}\n", use_kms, 'application/x-pkcs12'
         end
 
         if update_current
           @s3.put_object(
             bucket: bucket,
-            key: certificate_current_key(cert.common_name),
+            key: certificate_current_key(cert.name),
             content_type: 'text/plain',
             body: cert.version,
           )
         end
       end
 
-      def get_certificate(common_name, version: 'current')
-        version = certificate_current(common_name) if version == 'current'
+      def get_certificate(name, version: 'current')
+        version = certificate_current(name) if version == 'current'
 
-        certificate = @s3.get_object(bucket: bucket, key: certificate_key(common_name, version)).body.read
-        chain = @s3.get_object(bucket: bucket, key: chain_key(common_name, version)).body.read
-        private_key = @s3.get_object(bucket: bucket, key: private_key_key(common_name, version)).body.read
+        certificate = @s3.get_object(bucket: bucket, key: certificate_key(name, version)).body.read
+        chain = @s3.get_object(bucket: bucket, key: chain_key(name, version)).body.read
+        private_key = @s3.get_object(bucket: bucket, key: private_key_key(name, version)).body.read
         Certificate.new(certificate, chain, private_key)
       rescue Aws::S3::Errors::NoSuchKey
-        raise NotExist.new("Certificate for #{common_name.inspect} of #{version} version doesn't exist")
+        raise NotExist.new("Certificate for #{name.inspect} of #{version} version doesn't exist")
       end
 
       def list_certificates
@@ -125,8 +125,8 @@ module Acmesmith
         end
       end
 
-      def list_certificate_versions(common_name)
-        cert_ver_prefix = "#{prefix}certs/#{common_name}/"
+      def list_certificate_versions(name)
+        cert_ver_prefix = "#{prefix}certs/#{name}/"
         @s3.list_objects(
           bucket: bucket,
           delimiter: '/',
@@ -137,8 +137,8 @@ module Acmesmith
         end.reject { |_| _ == 'current' }
       end
 
-      def get_current_certificate_version(common_name)
-        certificate_current(common_name)
+      def get_current_certificate_version(name)
+        certificate_current(name)
       end
 
       private

data/lib/acmesmith/version.rb

@@ -1,3 +1,3 @@
 module Acmesmith
-  VERSION = "2.7.0"
+  VERSION = "2.8.0"
 end

metadata

@@ -1,13 +1,13 @@
 --- !ruby/object:Gem::Specification
 name: acmesmith
 version: !ruby/object:Gem::Version
-  version: 2.7.0
+  version: 2.8.0
 platform: ruby
 authors:
 - Sorah Fukumori
 bindir: bin
 cert_chain: []
-date: 2025-04-28 00:00:00.000000000 Z
+date: 1980-01-02 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: acme-client
@@ -141,20 +141,12 @@ extensions: []
 extra_rdoc_files: []
 files:
 - ".dockerignore"
-- ".github/FUNDING.yml"
-- ".github/stale.yml"
-- ".github/workflows/build.yml"
-- ".gitignore"
-- ".rspec"
 - ".travis.yml"
 - CHANGELOG.md
 - Dockerfile
-- Gemfile
-- Gemfile.lock
 - LICENSE.txt
 - README.md
 - Rakefile
-- acmesmith.gemspec
 - bin/acmesmith
 - config.sample.yml
 - docs/challenge_responders/route53.md
@@ -193,12 +185,13 @@ files:
 - lib/acmesmith/storages/s3.rb
 - lib/acmesmith/utils/finder.rb
 - lib/acmesmith/version.rb
-- script/console
-- script/setup
 homepage: https://github.com/sorah/acmesmith
 licenses:
 - MIT
-metadata: {}
+metadata:
+  homepage_uri: https://github.com/sorah/acmesmith
+  source_code_uri: https://github.com/sorah/acmesmith
+  changelog_uri: https://github.com/sorah/acmesmith/blob/master/CHANGELOG.md
 rdoc_options: []
 require_paths:
 - lib
@@ -213,7 +206,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.6.2
+rubygems_version: 3.6.9
 specification_version: 4
 summary: ACME client (Let's encrypt client) to manage certificate in multi server
   environment with cloud services (e.g. AWS)

data/.github/FUNDING.yml

@@ -1,2 +0,0 @@
-ko_fi: sorah
-github: [sorah]

data/.github/stale.yml

@@ -1,17 +0,0 @@
-# Number of days of inactivity before an issue becomes stale
-daysUntilStale: 30
-# Number of days of inactivity before a stale issue is closed
-daysUntilClose: 7
-# Issues with these labels will never be considered stale
-exemptLabels:
-  - pinned
-  - security
-# Label to use when marking an issue as stale
-staleLabel: rotten
-# Comment to post when marking an issue as stale. Set to `false` to disable
-markComment: >
-  This issue has been automatically marked as stale because it has not had
-  recent activity. It will be closed if no further activity occurs. Thank you
-  for your contributions.
-# Comment to post when closing a stale issue. Set to `false` to disable
-closeComment: false

data/.github/workflows/build.yml

@@ -1,113 +0,0 @@
-name: ci
-on: 
-  schedule:
-    - cron: '36 7 2,12,22 * *'
-  create: {}
-  pull_request:
-    branches: [master]
-  push:
-    branches: [master, ci-test]
-
-env:
-  DOCKER_REPO: 'sorah/acmesmith'
-
-jobs:
-  test:
-    name: rspec
-    runs-on: ubuntu-latest
-    strategy:
-      fail-fast: false
-      matrix:
-        ruby-version: ['3.2', '3.3', '3.4']
-    steps:
-      - uses: actions/checkout@master
-      - uses: sorah-rbpkg/actions@v2
-        with:
-          ruby-version: "${{ matrix.ruby-version }}"
-          bundler-cache: true
-      - run: 'bundle exec rspec -fd'
-
-  integration-pebble:
-    name: integration-pebble
-    runs-on: ubuntu-latest
-    strategy:
-      fail-fast: false
-      matrix:
-        ruby-version: ['3.2', '3.3', '3.4']
-
-        # FIXME: once GitHub Actions gains support of adding command line arguments to container
-      #    services:
-      #      # https://github.com/letsencrypt/pebble
-      #      pebble:
-      #        image: letsencrypt/pebble
-      #        ports:
-      #          - 14000:14000  # ACME port
-      #          - 15000:15000  # Management port
-      #        options: "pebble -config /test/config/pebble-config.json -strict -dnsserver 127.0.0.1:8053"
-      #
-      #      challtestsrv:
-      #        image: letsencrypt/pebble-challtestsrv:latest
-      #        ports:
-      #          - 8055:8055  # HTTP Management API
-      #          - 8053:8053/udp # DNS
-      #          - 8053:8053 # DNS
-      #        options: 'pebble-challtestsrv -management :8055 -defaultIPv4 127.0.0.1'
-
-    steps:
-      - uses: actions/checkout@master
-
-      - uses: sorah-rbpkg/actions@v2
-        with:
-          ruby-version: "${{ matrix.ruby-version }}"
-          bundler-cache: true
-
-      - run: 'docker run -d --net=host --rm letsencrypt/pebble pebble -config /test/config/pebble-config.json -strict -dnsserver 127.0.0.1:8053'
-      - run: 'docker run -d --net=host --rm letsencrypt/pebble-challtestsrv pebble-challtestsrv -management :8055 -defaultIPv4 127.0.0.1'
-      - run: 'bundle exec rspec -fd -t integration_pebble'
-
-  docker-build:
-    name: docker-build
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@master
-      - run: 'echo $GITHUB_SHA > REVISION'
-
-      - run: "docker pull ${DOCKER_REPO}:latest || :"
-      - name: "docker tag ${DOCKER_REPO}:${TAG} ${DOCKER_REPO}:latest"
-        run: |
-          TAG=$(basename "${{ github.ref }}")
-          docker pull ${DOCKER_REPO}:${TAG} || :
-          docker tag ${DOCKER_REPO}:${TAG} ${DOCKER_REPO}:latest || :
-        if: "${{ startsWith(github.ref, 'refs/tags/v') }}"
-
-      - run: "docker pull ${DOCKER_REPO}:builder || :"
-
-      - run: "docker build --pull --cache-from ${DOCKER_REPO}:builder --target builder -t ${DOCKER_REPO}:builder -f Dockerfile ."
-      - run: "docker build --pull --cache-from ${DOCKER_REPO}:builder --cache-from ${DOCKER_REPO}:latest -t ${DOCKER_REPO}:${GITHUB_SHA} -f Dockerfile ."
-
-      - run: "echo ${{ secrets.DOCKERHUB_TOKEN }} | docker login -u sorah --password-stdin"
-        if: "${{ github.event_name != 'pull_request' }}"
-
-      - run: "docker push ${DOCKER_REPO}:builder"
-        if: "${{ github.ref == 'refs/heads/master' }}"
-      - run: "docker push ${DOCKER_REPO}:${GITHUB_SHA}"
-        if: "${{ github.event_name != 'pull_request' }}"
-
-  docker-push:
-    name: docker-push
-    needs: [test, integration-pebble, docker-build]
-    if: "${{ github.event_name == 'push' || github.event_name == 'create' }}"
-    runs-on: ubuntu-latest
-    steps:
-      - run: "echo ${{ secrets.DOCKERHUB_TOKEN }} | docker login -u sorah --password-stdin"
-      - run: "docker pull ${DOCKER_REPO}:${GITHUB_SHA}"
-
-      - run: |
-          docker tag ${DOCKER_REPO}:${GITHUB_SHA} ${DOCKER_REPO}:latest
-          docker push ${DOCKER_REPO}:latest
-        if: "${{ github.ref == 'refs/heads/master' }}"
-      - run: |
-          TAG=$(basename "${{ github.ref }}")
-          docker tag ${DOCKER_REPO}:${GITHUB_SHA} ${DOCKER_REPO}:${TAG}
-          docker push ${DOCKER_REPO}:${TAG}
-        if: "${{ startsWith(github.ref, 'refs/tags/v') }}"

data/.gitignore

@@ -1,12 +0,0 @@
-/.bundle/
-/.yardoc
-/_yardoc/
-/coverage/
-/doc/
-/pkg/
-/spec/reports/
-/tmp/
-acmesmith.yml
-config.yml
-config.dev.yml
-/storage/

data/.rspec

@@ -1,2 +0,0 @@
---format documentation
---color

data/Gemfile

@@ -1,6 +0,0 @@
-source 'https://rubygems.org'
-
-# Specify your gem's dependencies in acmesmith.gemspec
-gemspec
-
-gem 'rexml'

data/Gemfile.lock

@@ -1,84 +0,0 @@
-PATH
-  remote: .
-  specs:
-    acmesmith (2.7.0)
-      acme-client (>= 2.0.7, < 3)
-      aws-sdk-acm
-      aws-sdk-route53
-      aws-sdk-s3
-      thor
-
-GEM
-  remote: https://rubygems.org/
-  specs:
-    acme-client (2.0.19)
-      base64 (~> 0.2.0)
-      faraday (>= 1.0, < 3.0.0)
-      faraday-retry (>= 1.0, < 3.0.0)
-    aws-eventstream (1.3.0)
-    aws-partitions (1.1018.0)
-    aws-sdk-acm (1.81.0)
-      aws-sdk-core (~> 3, >= 3.210.0)
-      aws-sigv4 (~> 1.5)
-    aws-sdk-core (3.214.0)
-      aws-eventstream (~> 1, >= 1.3.0)
-      aws-partitions (~> 1, >= 1.992.0)
-      aws-sigv4 (~> 1.9)
-      jmespath (~> 1, >= 1.6.1)
-    aws-sdk-kms (1.96.0)
-      aws-sdk-core (~> 3, >= 3.210.0)
-      aws-sigv4 (~> 1.5)
-    aws-sdk-route53 (1.105.0)
-      aws-sdk-core (~> 3, >= 3.210.0)
-      aws-sigv4 (~> 1.5)
-    aws-sdk-s3 (1.176.0)
-      aws-sdk-core (~> 3, >= 3.210.0)
-      aws-sdk-kms (~> 1)
-      aws-sigv4 (~> 1.5)
-    aws-sigv4 (1.10.1)
-      aws-eventstream (~> 1, >= 1.0.2)
-    base64 (0.2.0)
-    diff-lcs (1.5.1)
-    faraday (2.12.1)
-      faraday-net_http (>= 2.0, < 3.5)
-      json
-      logger
-    faraday-net_http (3.4.0)
-      net-http (>= 0.5.0)
-    faraday-retry (2.2.1)
-      faraday (~> 2.0)
-    jmespath (1.6.2)
-    json (2.9.0)
-    logger (1.6.2)
-    net-http (0.6.0)
-      uri
-    rake (13.2.1)
-    rexml (3.4.1)
-    rspec (3.13.0)
-      rspec-core (~> 3.13.0)
-      rspec-expectations (~> 3.13.0)
-      rspec-mocks (~> 3.13.0)
-    rspec-core (3.13.2)
-      rspec-support (~> 3.13.0)
-    rspec-expectations (3.13.3)
-      diff-lcs (>= 1.2.0, < 2.0)
-      rspec-support (~> 3.13.0)
-    rspec-mocks (3.13.2)
-      diff-lcs (>= 1.2.0, < 2.0)
-      rspec-support (~> 3.13.0)
-    rspec-support (3.13.2)
-    thor (1.3.2)
-    uri (1.0.3)
-
-PLATFORMS
-  ruby
-
-DEPENDENCIES
-  acmesmith!
-  bundler
-  rake
-  rexml
-  rspec
-
-BUNDLED WITH
-   2.5.23

data/acmesmith.gemspec

@@ -1,33 +0,0 @@
-# coding: utf-8
-lib = File.expand_path('../lib', __FILE__)
-$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
-require 'acmesmith/version'
-
-Gem::Specification.new do |spec|
-  spec.name          = "acmesmith"
-  spec.version       = Acmesmith::VERSION
-  spec.authors       = ["Sorah Fukumori"]
-  spec.email         = ["her@sorah.jp"]
-
-  spec.summary       = %q{ACME client (Let's encrypt client) to manage certificate in multi server environment with cloud services (e.g. AWS)}
-  spec.description   = <<-EOF
-Acmesmith is an [ACME (Automatic Certificate Management Environment)](https://github.com/ietf-wg-acme/acme) client that works perfect on environment with multiple servers. This client saves certificate and keys on cloud services (e.g. AWS S3) securely, then allow to deploy issued certificates onto your servers smoothly. This works well on [Let's encrypt](https://letsencrypt.org).
-  EOF
-  spec.homepage      = "https://github.com/sorah/acmesmith"
-  spec.license       = "MIT"
-
-  spec.files         = `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
-  spec.bindir        = "bin"
-  spec.executables   = spec.files.grep(%r{^bin/}) { |f| File.basename(f) }
-  spec.require_paths = ["lib"]
-
-  spec.add_dependency "acme-client", '>= 2.0.7', '< 3'
-  spec.add_dependency "aws-sdk-acm"
-  spec.add_dependency "aws-sdk-route53"
-  spec.add_dependency "aws-sdk-s3"
-  spec.add_dependency "thor"
-
-  spec.add_development_dependency "bundler"
-  spec.add_development_dependency "rake"
-  spec.add_development_dependency "rspec"
-end

data/script/console

@@ -1,14 +0,0 @@
-#!/usr/bin/env ruby
-
-require "bundler/setup"
-require "acmesmith"
-
-# You can add fixtures and/or initialization code here to make experimenting
-# with your gem easier. You can also use a different console, if you like.
-
-# (If you use this, don't forget to add pry to your Gemfile!)
-# require "pry"
-# Pry.start
-
-require "irb"
-IRB.start

data/script/setup

@@ -1,7 +0,0 @@
-#!/bin/bash
-set -euo pipefail
-IFS=$'\n\t'
-
-bundle install
-
-# Do any other automated setup that you need to do here