acmesmith 2.7.1 → 2.9.0

data/lib/acmesmith/command.rb

@@ -30,14 +30,14 @@ module Acmesmith
       # client.authorize(*domains)
     end
 
-    desc "order COMMON_NAME [SAN]", "order certificate for CN +COMMON_NAME+ with SANs +SAN+"
+    desc "order NAME [SAN]", "order certificate for CN +NAME+ with SANs +SAN+"
     method_option :show_certificate, type: :boolean, aliases: %w(-s), default: true, desc: 'show an issued certificate in PEM and text when exiting'
     method_option :key_type, type: :string, enum: %w(rsa ec), default: 'rsa', desc: 'key type'
     method_option :rsa_key_size, type: :numeric, default: 2048, desc: 'size of RSA key'
     method_option :elliptic_curve, type: :string, default: 'prime256v1', desc: 'elliptic curve group for EC key'
-    def order(common_name, *sans)
+    def order(name, *sans)
       cert = client.order(
-        common_name, *sans,
+        name, *sans,
         key_type: options[:key_type],
         rsa_key_size: options[:rsa_key_size],
         elliptic_curve: options[:elliptic_curve],
@@ -48,60 +48,73 @@ module Acmesmith
       end
     end
 
-    desc "post-issue-hooks COMMON_NAME", "Run all post-issuing hooks for common name. (for testing purpose)"
-    def post_issue_hooks(common_name)
-      client.post_issue_hooks(common_name)
+    desc "post-issue-hooks NAME", "Run all post-issuing hooks for common name. (for testing purpose)"
+    def post_issue_hooks(name)
+      client.post_issue_hooks(name)
     end
     map 'post-issue-hooks' => :post_issue_hooks
 
-    desc "list [COMMON_NAME]", "list certificates or its versions"
-    def list(common_name = nil)
-      if common_name
-        puts client.certificate_versions(common_name)
+    desc "list-profiles", "List available ACME certificate profiles"
+    def list_profiles
+      profiles = client.list_profiles
+      if profiles.nil? || profiles.empty?
+        puts "No profiles available from this ACME directory"
+        return
+      end
+      profiles.each do |name, description|
+        puts "#{name}: #{description}"
+      end
+    end
+    map 'list-profiles' => :list_profiles
+
+    desc "list [NAME]", "list certificates or its versions"
+    def list(name = nil)
+      if name
+        puts client.certificate_versions(name)
       else
         puts client.certificates_list
       end
     end
 
-    desc "current COMMON_NAME", "show current version for certificate"
-    def current(common_name)
-      puts client.current(common_name)
+    desc "current NAME", "show current version for certificate"
+    def current(name)
+      puts client.current(name)
     end
 
-    desc "show-certificate COMMON_NAME", "show certificate"
+    desc "show-certificate NAME", "show certificate"
     method_option :version, type: :string, default: 'current'
     method_option :type, type: :string, enum: %w(text certificate chain fullchain), default: 'text'
-    def show_certificate(common_name)
-      certs = client.get_certificate(common_name, version: options[:version], type: options[:type])
+    def show_certificate(name)
+      certs = client.get_certificate(name, version: options[:version], type: options[:type])
       puts certs
     end
     map 'show-certiticate' => :show_certificate
 
-    desc 'save-certificate COMMON_NAME', 'Save certificate to a file'
+    desc 'save-certificate NAME', 'Save certificate to a file'
     method_option :version, type: :string, default: 'current'
     method_option :type, type: :string, enum: %w(certificate chain fullchain), default: 'fullchain'
     method_option :output, type: :string, required: true, banner: 'PATH', desc: 'Path to output file'
     method_option :mode, type: :string, default: '0600', desc: 'Mode (permission) of the output file on create'
-    def save_certificate(common_name)
-      client.save_certificate(common_name, version: options[:version], mode: options[:mode], output: options[:output], type: options[:type])
+    def save_certificate(name)
+      client.save_certificate(name, version: options[:version], mode: options[:mode], output: options[:output], type: options[:type])
     end
 
-    desc "show-private-key COMMON_NAME", "show private key"
+    desc "show-private-key NAME", "show private key"
     method_option :version, type: :string, default: 'current'
-    def show_private_key(common_name)
-      puts client.get_private_key(common_name, version: options[:version])
+    def show_private_key(name)
+      puts client.get_private_key(name, version: options[:version])
     end
     map 'show-private-key' => :show_private_key
 
-    desc 'save-private-key COMMON_NAME', 'Save private key to a file'
+    desc 'save-private-key NAME', 'Save private key to a file'
     method_option :version, type: :string, default: 'current'
     method_option :output, type: :string, required: true, banner: 'PATH', desc: 'Path to output file'
     method_option :mode, type: :string, default: '0600', desc: 'Mode (permission) of the output file on create'
-    def save_private_key(common_name)
-      client.save_private_key(common_name, version: options[:version], mode: options[:mode], output: options[:output])
+    def save_private_key(name)
+      client.save_private_key(name, version: options[:version], mode: options[:mode], output: options[:output])
     end
 
-    desc 'save COMMON_NAME', 'Save (or update) certificate and key files.'
+    desc 'save NAME', 'Save (or update) certificate and key files.'
     method_option :version, type: :string, default: 'current'
     method_option :key_mode, type: :string, default: '0600', desc: 'Mode (permission) of the key file on create'
     method_option :certificate_mode, type: :string, default: '0644', desc: 'Mode (permission) of the certificate files on create'
@@ -111,9 +124,9 @@ module Acmesmith
     method_option :chain_file, type: :string, required: false , banner: 'PATH', desc: 'Path to save a certificate chain (root and intermediate CA)'
     method_option :certificate_file, type: :string, required: false, banner: 'PATH', desc: 'Path to save a certficiate'
     method_option :atomic, type: :boolean, default: true, desc: 'Enable atomic file update with rename(2)'
-    def save(common_name)
+    def save(name)
       client.save(
-        common_name,
+        name,
         version: options[:version],
         key_mode: options[:key_mode],
         certificate_mode: options[:certificate_mode],
@@ -127,11 +140,11 @@ module Acmesmith
       )
     end
 
-    desc 'save-pkcs12 COMMON_NAME', 'Save ceriticate and private key to .p12 file'
+    desc 'save-pkcs12 NAME', 'Save ceriticate and private key to .p12 file'
     method_option :version, type: :string, default: 'current'
     method_option :output, type: :string, required: true, banner: 'PATH', desc: 'Path to output file'
     method_option :mode, type: :string, default: '0600', desc: 'Mode (permission) of the output file on create'
-    def save_pkcs12(common_name)
+    def save_pkcs12(name)
       print 'Passphrase: '
       passphrase = $stdin.noecho { $stdin.gets }.chomp
       print "\nPassphrase (confirm): "
@@ -139,13 +152,13 @@ module Acmesmith
       puts
 
       raise ArgumentError, "Passphrase doesn't match" if passphrase != passphrase2
-      client.save_pkcs12(common_name, version: options[:version], mode: options[:mode], output: options[:output], passphrase: passphrase)
+      client.save_pkcs12(name, version: options[:version], mode: options[:mode], output: options[:output], passphrase: passphrase)
     end
 
-    desc "autorenew [COMMON_NAMES]", "request renewal of certificates which expires soon"
+    desc "autorenew [NAMES]", "request renewal of certificates which expires soon"
     method_option :days, type: :numeric, aliases: %w(-d), default: nil, desc: 'specify threshold in days to select certificates to renew'
     method_option :remaining_life, type: :string, aliases: %w(-r), default: '1/3', desc: "Specify threshold based on remaining life. Accepts a percentage ('20%') or fraction ('1/3')"
-    def autorenew(*common_names)
+    def autorenew(*names)
       remaining_life = case options[:remaining_life]
                        when %r{\A\d+/\d+\z}
                          Rational(options[:remaining_life])
@@ -156,12 +169,12 @@ module Acmesmith
                        else
                          raise ArgumentError, "invalid format for --remaining-life: it must be in '..%' or '../..'"
                        end
-      client.autorenew(days: options[:days], remaining_life: remaining_life, common_names: common_names.empty? ? nil : common_names)
+      client.autorenew(days: options[:days], remaining_life: remaining_life, names: names.empty? ? nil : names)
     end
 
-    desc "add-san COMMON_NAME [ADDITIONAL_SANS]", "request renewal of existing certificate with additional SANs"
-    def add_san(common_name, *add_sans)
-      client.add_san(common_name, *add_sans)
+    desc "add-san NAME [ADDITIONAL_SANS]", "request renewal of existing certificate with additional SANs"
+    def add_san(name, *add_sans)
+      client.add_san(name, *add_sans)
     end
 
     desc "register CONTACT", "(deprecated, use 'acmesmith new-account')"
@@ -175,16 +188,16 @@ module Acmesmith
       new_account(contact)
     end
 
-    desc "request COMMON_NAME [SAN]", "(deprecated, use 'acmesmith order')"
+    desc "request NAME [SAN]", "(deprecated, use 'acmesmith order')"
     method_option :show_certificate, type: :boolean, aliases: %w(-s), default: true, desc: 'show an issued certificate in PEM and text when exiting'
-    def request(common_name, *sans)
+    def request(name, *sans)
       warn "!"
       warn "! DEPRECATION WARNING: Use 'acmesmith order' command"
       warn "! There is no user-facing breaking changes. It takes the same arguments with 'acmesmith request'."
       warn "!"
       warn "! This is due to change in semantics of ACME v2. ACME v2 defines 'order' instead of 'request' in v1."
       warn "!"
-      order(common_name, *sans)
+      order(name, *sans)
     end
 
     private

data/lib/acmesmith/config.rb

@@ -2,6 +2,7 @@ require 'yaml'
 require 'acmesmith/storages'
 require 'acmesmith/challenge_responders'
 require 'acmesmith/challenge_responder_filter'
+require 'acmesmith/subject_name_filter'
 require 'acmesmith/domain_name_filter'
 require 'acmesmith/post_issuing_hooks'
 
@@ -9,6 +10,7 @@ module Acmesmith
   class Config
     ChallengeResponderRule = Struct.new(:challenge_responder, :filter, keyword_init: true)
     ChainPreference = Struct.new(:root_issuer_name, :root_issuer_key_id, :filter, keyword_init: true)
+    ProfileRule = Data.define(:name, :filter)
 
     def self.load_yaml(path)
       new YAML.load_file(path)
@@ -35,6 +37,10 @@ module Acmesmith
       if @config.key?('chain_preferences') && !@config.fetch('chain_preferences').kind_of?(Array)
         raise ArgumentError, "config['chain_preferences'] must be an Array"
       end
+
+      if @config.key?('profiles') && !@config.fetch('profiles').kind_of?(Array)
+        raise ArgumentError, "config['profiles'] must be an Array"
+      end
     end
 
     def [](key)
@@ -124,6 +130,16 @@ module Acmesmith
       end
     end
 
+    def profile_rules
+      @profile_rules ||= begin
+        specs = @config['profiles'] || []
+        specs.map do |spec|
+          filter = spec.fetch('filter', {}).map { |k,v| [k.to_sym, v] }.to_h
+          ProfileRule.new(name: spec['name'], filter: SubjectNameFilter.new(**filter))
+        end
+      end
+    end
+
     # def post_actions
     # end
   end

data/lib/acmesmith/ordering_service.rb

@@ -7,23 +7,28 @@ module Acmesmith
     class NotCompleted < StandardError; end
 
     # @param acme [Acme::Client] ACME client
-    # @param identifiers [Array<String>] Array of domain names for a ordering certificate. The first item will be a common name.
+    # @param common_name [String] Common Name for a ordering certificate
+    # @param identifiers [Array<String>] Array of domain names for a ordering certificate. common_name has to be explicitly included in this argument.
     # @param private_key [OpenSSL::PKey::PKey] Private key
     # @param challenge_responder_rules [Array<Acmesmith::Config::ChallengeResponderRule>] responders
     # @param chain_preferences [Array<Acmesmith::Config::ChainPreference>] chain_preferences
     # @param not_before [Time]
     # @param not_after [Time]
-    def initialize(acme:, identifiers:, private_key:, challenge_responder_rules:, chain_preferences:, not_before: nil, not_after: nil)
+    def initialize(acme:, common_name:, identifiers:, private_key:, challenge_responder_rules:, chain_preferences:, profile_rules: [], not_before: nil, not_after: nil)
       @acme = acme
+      @common_name = common_name
       @identifiers = identifiers
       @private_key = private_key
       @challenge_responder_rules = challenge_responder_rules
       @chain_preferences = chain_preferences
+      @profile_rules = profile_rules
       @not_before = not_before
       @not_after = not_after
+
+      @order_url = nil # https://github.com/unixcharles/acme-client/pull/263
     end
 
-    attr_reader :acme, :identifiers, :private_key, :challenge_responder_rules, :chain_preferences, :not_before, :not_after
+    attr_reader :acme, :common_name, :identifiers, :private_key, :challenge_responder_rules, :chain_preferences, :profile_rules, :not_before, :not_after
 
     def perform!
       puts "=> Ordering a certificate for the following identifiers:"
@@ -33,9 +38,15 @@ module Acmesmith
         puts " * SAN: #{san}"
       end
 
+      resolved_profile = profile
+      if resolved_profile
+        puts
+        puts " * Profile: #{resolved_profile}"
+      end
+
       puts
       puts "=> Placing an order"
-      @order = acme.new_order(identifiers: identifiers, not_before: not_before, not_after: not_after)
+      @order = acme.new_order(identifiers: identifiers, not_before: not_before, not_after: not_after, profile: resolved_profile)
       puts " * URL: #{order.url}"
 
       ensure_authorization()
@@ -43,7 +54,7 @@ module Acmesmith
       finalize_order()
       wait_order_for_complete()
 
-      @certificate = Certificate.by_issuance(pem_chain, csr)
+      @certificate = Certificate.by_issuance(pem_chain, csr, name: common_name)
 
       puts
       puts "=> Certificate issued"
@@ -70,12 +81,16 @@ module Acmesmith
       puts
 
       print " * Requesting..."
+      @order_url = order.url if defined?(Acme::Client::Error::OrderNotReloadable)
       order.finalize(csr: csr)
       puts" [ ok ]"
     end
 
     def wait_order_for_complete
+      # Workaround for https://github.com/unixcharles/acme-client/pull/263
+
       while %w(ready processing).include?(order.status)
+        order.instance_variable_set(:@url, @order_url) if @order_url
         order.reload()
         puts " * Waiting for complete: status=#{order.status}"
         sleep 2
@@ -97,16 +112,15 @@ module Acmesmith
       @order or raise "BUG: order not yet generated"
     end
 
-    # @return [String]
-    def common_name
-      identifiers.first
-    end
-
     # @return [Array<String>]
     def sans
       identifiers[1..-1]
     end
 
+    def profile
+      profile_rules.find { |rule| rule.filter.match?(common_name) }&.name
+    end
+
     # @return [Acme::Client::CertificateRequest]
     def csr
       @csr ||= Acme::Client::CertificateRequest.new(subject: { common_name: common_name }, names: sans, private_key: private_key)

data/lib/acmesmith/post_issuing_hooks/shell.rb

@@ -10,10 +10,10 @@ module Acmesmith
       end
 
       def execute
-        puts "=> Executing Post Issueing Hook for #{common_name} in #{self.class.name}"
+        puts "=> Executing Post Issuing Hook for #{certificate.name.inspect} in #{self.class.name}"
         puts " $ #{@command}"
 
-        status = system({"COMMON_NAME" => common_name}, @command)
+        status = system({"CERT_NAME" => certificate.name, "COMMON_NAME" => common_name}.compact, @command)
 
         unless status
           if @ignore_failure

data/lib/acmesmith/save_certificate_service.rb

@@ -23,7 +23,7 @@ module Acmesmith
         return
       end
 
-      log "Saving certificate CN=#{cert.common_name} (ver: #{cert.version})"
+      log "Saving certificate #{cert.name.inspect} (ver: #{cert.version})"
 
       write_file(key_file, key_mode, cert.private_key)
       write_file(certificate_file, certificate_mode, cert.certificate.to_pem)

data/lib/acmesmith/storages/base.rb

@@ -25,28 +25,28 @@ module Acmesmith
         raise NotImplementedError
       end
 
-      # @param common_name [String]
+      # @param name [String]
       # @param version [String, nil]
       # @return [Acmesmith::Certificate]
-      def get_certificate(common_name, version: 'current')
+      def get_certificate(name, version: 'current')
         raise NotImplementedError
       end
 
-      # @param common_name [String]
-      # @return [String] array of common_names
+      # @param name [String]
+      # @return [String] array of certificate names
       def list_certificates
         raise NotImplementedError
       end
 
-      # @param common_name [String]
+      # @param name [String]
       # @return [String] array of versions
-      def list_certificate_versions(common_name)
+      def list_certificate_versions(name)
         raise NotImplementedError
       end
 
-      # @param common_name [String]
+      # @param name [String]
       # @return [String] current version
-      def get_current_certificate_version(common_name)
+      def get_current_certificate_version(name)
         raise NotImplementedError
       end
     end

data/lib/acmesmith/storages/filesystem.rb

@@ -25,22 +25,22 @@ module Acmesmith
 
       def put_certificate(cert, passphrase = nil, update_current: true)
         h = cert.export(passphrase)
-        certificate_base_path(cert.common_name, cert.version).mkpath
-        File.write certificate_path(cert.common_name, cert.version), "#{h[:certificate].rstrip}\n"
-        File.write chain_path(cert.common_name, cert.version), "#{h[:chain].rstrip}\n"
-        File.write fullchain_path(cert.common_name, cert.version), "#{h[:fullchain].rstrip}\n"
-        File.write private_key_path(cert.common_name, cert.version), "#{h[:private_key].rstrip}\n", 0, perm: 0600
+        certificate_base_path(cert.name, cert.version).mkpath
+        File.write certificate_path(cert.name, cert.version), "#{h[:certificate].rstrip}\n"
+        File.write chain_path(cert.name, cert.version), "#{h[:chain].rstrip}\n"
+        File.write fullchain_path(cert.name, cert.version), "#{h[:fullchain].rstrip}\n"
+        File.write private_key_path(cert.name, cert.version), "#{h[:private_key].rstrip}\n", 0, perm: 0600
         if update_current
-          File.symlink(cert.version, certificate_base_path(cert.common_name, 'current.new'))
-          File.rename(certificate_base_path(cert.common_name, 'current.new'), certificate_base_path(cert.common_name, 'current'))
+          File.symlink(cert.version, certificate_base_path(cert.name, 'current.new'))
+          File.rename(certificate_base_path(cert.name, 'current.new'), certificate_base_path(cert.name, 'current'))
         end
       end
 
-      def get_certificate(common_name, version: 'current')
-        raise NotExist.new("Certificate for #{common_name.inspect} of #{version} version doesn't exist") unless certificate_base_path(common_name, version).exist?
-        certificate = certificate_path(common_name, version).read
-        chain = chain_path(common_name, version).read
-        private_key = private_key_path(common_name, version).read
+      def get_certificate(name, version: 'current')
+        raise NotExist.new("Certificate for #{name.inspect} of #{version} version doesn't exist") unless certificate_base_path(name, version).exist?
+        certificate = certificate_path(name, version).read
+        chain = chain_path(name, version).read
+        private_key = private_key_path(name, version).read
         Certificate.new(certificate, chain, private_key)
       end
 
@@ -48,12 +48,12 @@ module Acmesmith
         Dir[path.join('certs', '*').to_s].map { |_| File.basename(_) }
       end
 
-      def list_certificate_versions(common_name)
-        Dir[path.join('certs', common_name, '*').to_s].map { |_| File.basename(_) }.reject { |_| _ == 'current' }
+      def list_certificate_versions(name)
+        Dir[path.join('certs', name, '*').to_s].map { |_| File.basename(_) }.reject { |_| _ == 'current' }
       end
 
-      def get_current_certificate_version(common_name)
-        path.join('certs', common_name, 'current').readlink
+      def get_current_certificate_version(name)
+        path.join('certs', name, 'current').readlink
       end
 
       private

data/lib/acmesmith/storages/s3.rb

@@ -83,34 +83,34 @@ module Acmesmith
           @s3.put_object(params)
         end
 
-        put.call certificate_key(cert.common_name, cert.version), "#{h[:certificate].rstrip}\n", false
-        put.call chain_key(cert.common_name, cert.version), "#{h[:chain].rstrip}\n", false
-        put.call fullchain_key(cert.common_name, cert.version), "#{h[:fullchain].rstrip}\n", false
-        put.call private_key_key(cert.common_name, cert.version), "#{h[:private_key].rstrip}\n", use_kms
+        put.call certificate_key(cert.name, cert.version), "#{h[:certificate].rstrip}\n", false
+        put.call chain_key(cert.name, cert.version), "#{h[:chain].rstrip}\n", false
+        put.call fullchain_key(cert.name, cert.version), "#{h[:fullchain].rstrip}\n", false
+        put.call private_key_key(cert.name, cert.version), "#{h[:private_key].rstrip}\n", use_kms
 
         if generate_pkcs12?(cert)
-          put.call pkcs12_key(cert.common_name, cert.version), "#{cert.pkcs12(@pkcs12_passphrase).to_der}\n", use_kms, 'application/x-pkcs12'
+          put.call pkcs12_key(cert.name, cert.version), "#{cert.pkcs12(@pkcs12_passphrase).to_der}\n", use_kms, 'application/x-pkcs12'
         end
 
         if update_current
           @s3.put_object(
             bucket: bucket,
-            key: certificate_current_key(cert.common_name),
+            key: certificate_current_key(cert.name),
             content_type: 'text/plain',
             body: cert.version,
           )
         end
       end
 
-      def get_certificate(common_name, version: 'current')
-        version = certificate_current(common_name) if version == 'current'
+      def get_certificate(name, version: 'current')
+        version = certificate_current(name) if version == 'current'
 
-        certificate = @s3.get_object(bucket: bucket, key: certificate_key(common_name, version)).body.read
-        chain = @s3.get_object(bucket: bucket, key: chain_key(common_name, version)).body.read
-        private_key = @s3.get_object(bucket: bucket, key: private_key_key(common_name, version)).body.read
+        certificate = @s3.get_object(bucket: bucket, key: certificate_key(name, version)).body.read
+        chain = @s3.get_object(bucket: bucket, key: chain_key(name, version)).body.read
+        private_key = @s3.get_object(bucket: bucket, key: private_key_key(name, version)).body.read
         Certificate.new(certificate, chain, private_key)
       rescue Aws::S3::Errors::NoSuchKey
-        raise NotExist.new("Certificate for #{common_name.inspect} of #{version} version doesn't exist")
+        raise NotExist.new("Certificate for #{name.inspect} of #{version} version doesn't exist")
       end
 
       def list_certificates
@@ -125,8 +125,8 @@ module Acmesmith
         end
       end
 
-      def list_certificate_versions(common_name)
-        cert_ver_prefix = "#{prefix}certs/#{common_name}/"
+      def list_certificate_versions(name)
+        cert_ver_prefix = "#{prefix}certs/#{name}/"
         @s3.list_objects(
           bucket: bucket,
           delimiter: '/',
@@ -137,8 +137,8 @@ module Acmesmith
         end.reject { |_| _ == 'current' }
       end
 
-      def get_current_certificate_version(common_name)
-        certificate_current(common_name)
+      def get_current_certificate_version(name)
+        certificate_current(name)
       end
 
       private

data/lib/acmesmith/subject_name_filter.rb

@@ -0,0 +1,17 @@
+require 'acmesmith/domain_name_filter'
+
+module Acmesmith
+  class SubjectNameFilter
+    def initialize(subject_name_exact: nil, subject_name_suffix: nil, subject_name_regexp: nil)
+      @domain_name_filter = DomainNameFilter.new(
+        exact: subject_name_exact,
+        suffix: subject_name_suffix,
+        regexp: subject_name_regexp,
+      )
+    end
+
+    def match?(domain)
+      @domain_name_filter.match?(domain)
+    end
+  end
+end

data/lib/acmesmith/version.rb

@@ -1,3 +1,3 @@
 module Acmesmith
-  VERSION = "2.7.1"
+  VERSION = "2.9.0"
 end

metadata

@@ -1,13 +1,13 @@
 --- !ruby/object:Gem::Specification
 name: acmesmith
 version: !ruby/object:Gem::Version
-  version: 2.7.1
+  version: 2.9.0
 platform: ruby
 authors:
 - Sorah Fukumori
 bindir: bin
 cert_chain: []
-date: 2025-08-20 00:00:00.000000000 Z
+date: 1980-01-02 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: acme-client
@@ -141,20 +141,12 @@ extensions: []
 extra_rdoc_files: []
 files:
 - ".dockerignore"
-- ".github/FUNDING.yml"
-- ".github/stale.yml"
-- ".github/workflows/build.yml"
-- ".gitignore"
-- ".rspec"
 - ".travis.yml"
 - CHANGELOG.md
 - Dockerfile
-- Gemfile
-- Gemfile.lock
 - LICENSE.txt
 - README.md
 - Rakefile
-- acmesmith.gemspec
 - bin/acmesmith
 - config.sample.yml
 - docs/challenge_responders/route53.md
@@ -191,14 +183,16 @@ files:
 - lib/acmesmith/storages/base.rb
 - lib/acmesmith/storages/filesystem.rb
 - lib/acmesmith/storages/s3.rb
+- lib/acmesmith/subject_name_filter.rb
 - lib/acmesmith/utils/finder.rb
 - lib/acmesmith/version.rb
-- script/console
-- script/setup
 homepage: https://github.com/sorah/acmesmith
 licenses:
 - MIT
-metadata: {}
+metadata:
+  homepage_uri: https://github.com/sorah/acmesmith
+  source_code_uri: https://github.com/sorah/acmesmith
+  changelog_uri: https://github.com/sorah/acmesmith/blob/master/CHANGELOG.md
 rdoc_options: []
 require_paths:
 - lib
@@ -213,7 +207,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.6.2
+rubygems_version: 4.0.3
 specification_version: 4
 summary: ACME client (Let's encrypt client) to manage certificate in multi server
   environment with cloud services (e.g. AWS)

data/.github/FUNDING.yml

@@ -1,2 +0,0 @@
-ko_fi: sorah
-github: [sorah]

data/.github/stale.yml

@@ -1,17 +0,0 @@
-# Number of days of inactivity before an issue becomes stale
-daysUntilStale: 30
-# Number of days of inactivity before a stale issue is closed
-daysUntilClose: 7
-# Issues with these labels will never be considered stale
-exemptLabels:
-  - pinned
-  - security
-# Label to use when marking an issue as stale
-staleLabel: rotten
-# Comment to post when marking an issue as stale. Set to `false` to disable
-markComment: >
-  This issue has been automatically marked as stale because it has not had
-  recent activity. It will be closed if no further activity occurs. Thank you
-  for your contributions.
-# Comment to post when closing a stale issue. Set to `false` to disable
-closeComment: false