acmesmith 0.1.0 → 0.1.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.gitignore +1 -0
- data/README.md +19 -1
- data/lib/acmesmith/command.rb +22 -5
- data/lib/acmesmith/storages/s3.rb +2 -2
- data/lib/acmesmith/version.rb +1 -1
- metadata +1 -1
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 8fe41f9fc542993fc39879d1668e82c734adf0d7
|
4
|
+
data.tar.gz: b05f34a474211950271c627480415ed2cbd6c82d
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 190fc90677b2a516dc663cacc5183eca9a616fb9a40e2ca6e66cef3160fa2a08e1908d506df4dccaad0279cb8d457ec05dae43c72da8a4579e862ef6cbb5a700
|
7
|
+
data.tar.gz: 408e608f9791a8cbcbd3eca54e7d6ec60416c21360dbfdebdfb4b3cdec9b5c58e442803b6095ac84d2519c58ebca075b10cee9addaaca7dc3706df88d76c8468
|
data/.gitignore
CHANGED
data/README.md
CHANGED
@@ -4,6 +4,22 @@ Acmesmith is an [ACME (Automatic Certificate Management Environment)](https://gi
|
|
4
4
|
|
5
5
|
This tool is written in Ruby, but this saves certificates in simple scheme, so you can fetch certificate by your own simple scripts.
|
6
6
|
|
7
|
+
## Features
|
8
|
+
|
9
|
+
- ACME client designed to work on multiple servers
|
10
|
+
- ACME registration, domain authorization, certificate requests
|
11
|
+
- Tested against [Let's encrypt](https://letsencrypt.org)
|
12
|
+
- Storing keys in several ways
|
13
|
+
- Currently AWS S3 is supported
|
14
|
+
- Challenge response
|
15
|
+
- Currently `dns-01` with AWS Route 53 is supported
|
16
|
+
|
17
|
+
### Planned
|
18
|
+
|
19
|
+
- Automated renewal of certificates that expiring soon
|
20
|
+
- Automated deployments support (post issurance hook)
|
21
|
+
- Example shellscripts to fetch certificates
|
22
|
+
|
7
23
|
## Installation
|
8
24
|
|
9
25
|
Add this line to your application's Gemfile:
|
@@ -38,9 +54,11 @@ $ acmesmith show-certificate COMMON_NAME # show certificate
|
|
38
54
|
$ acmesmith show-private-key COMMON_NAME # show private key
|
39
55
|
```
|
40
56
|
|
57
|
+
See `acmesmith help [subcommand]` for more help.
|
58
|
+
|
41
59
|
## Configuration
|
42
60
|
|
43
|
-
See [config.sample.yml](./config.sample.yml) to start.
|
61
|
+
See [config.sample.yml](./config.sample.yml) to start. Default configuration file is `./acmesmith.yml`.
|
44
62
|
|
45
63
|
``` yaml
|
46
64
|
endpoint: https://acme-staging.api.letsencrypt.org/
|
data/lib/acmesmith/command.rb
CHANGED
@@ -7,7 +7,8 @@ require 'acme/client'
|
|
7
7
|
|
8
8
|
module Acmesmith
|
9
9
|
class Command < Thor
|
10
|
-
class_option :config, default: './acmesmith.yml'
|
10
|
+
class_option :config, default: './acmesmith.yml', aliases: %w(-c)
|
11
|
+
class_option :passphrase_from_env, type: :boolean, aliases: %w(-E), default: false, desc: 'Read $ACMESMITH_ACCOUNT_KEY_PASSPHRASE and $ACMESMITH_CERT_KEY_PASSPHRASE for passphrases'
|
11
12
|
|
12
13
|
desc "register CONTACT", "Create account key (contact e.g. mailto:xxx@example.org)"
|
13
14
|
def register(contact)
|
@@ -16,7 +17,7 @@ module Acmesmith
|
|
16
17
|
registration = acme.register(contact: contact)
|
17
18
|
registration.agree_terms
|
18
19
|
|
19
|
-
storage.put_account_key(key,
|
20
|
+
storage.put_account_key(key, account_key_passphrase)
|
20
21
|
puts "Generated:\n#{key.private_key.public_key.to_pem}"
|
21
22
|
end
|
22
23
|
|
@@ -52,7 +53,7 @@ module Acmesmith
|
|
52
53
|
acme_cert = acme.new_certificate(csr)
|
53
54
|
|
54
55
|
cert = Certificate.from_acme_client_certificate(acme_cert)
|
55
|
-
storage.put_certificate(cert,
|
56
|
+
storage.put_certificate(cert, certificate_key_passphrase)
|
56
57
|
|
57
58
|
puts cert.certificate.to_text
|
58
59
|
puts cert.certificate.to_pem
|
@@ -96,7 +97,7 @@ module Acmesmith
|
|
96
97
|
method_option :version, type: :string, default: 'current'
|
97
98
|
def show_private_key(common_name)
|
98
99
|
cert = storage.get_certificate(common_name, version: options[:version])
|
99
|
-
cert.key_passphrase =
|
100
|
+
cert.key_passphrase = certificate_key_passphrase if certificate_key_passphrase
|
100
101
|
|
101
102
|
puts cert.private_key.to_pem
|
102
103
|
end
|
@@ -119,12 +120,28 @@ module Acmesmith
|
|
119
120
|
|
120
121
|
def account_key
|
121
122
|
@account_key ||= storage.get_account_key.tap do |x|
|
122
|
-
x.key_passphrase =
|
123
|
+
x.key_passphrase = account_key_passphrase if account_key_passphrase
|
123
124
|
end
|
124
125
|
end
|
125
126
|
|
126
127
|
def acme
|
127
128
|
@acme ||= Acme::Client.new(private_key: account_key.private_key, endpoint: config['endpoint'])
|
128
129
|
end
|
130
|
+
|
131
|
+
def certificate_key_passphrase
|
132
|
+
if options[:passphrase_from_env]
|
133
|
+
ENV['ACMESMITH_CERTIFICATE_KEY_PASSPHRASE'] || config['certificate_key_passphrase']
|
134
|
+
else
|
135
|
+
config['certificate_key_passphrase']
|
136
|
+
end
|
137
|
+
end
|
138
|
+
|
139
|
+
def account_key_passphrase
|
140
|
+
if options[:passphrase_from_env]
|
141
|
+
ENV['ACMESMITH_ACCOUNT_KEY_PASSPHRASE'] || config['account_key_passphrase']
|
142
|
+
else
|
143
|
+
config['account_key_passphrase']
|
144
|
+
end
|
145
|
+
end
|
129
146
|
end
|
130
147
|
end
|
@@ -113,7 +113,7 @@ module Acmesmith
|
|
113
113
|
prefix: certs_prefix,
|
114
114
|
).each.flat_map do |page|
|
115
115
|
regexp = /\A#{Regexp.escape(certs_prefix)}/
|
116
|
-
page.common_prefixes.map { |_| _.sub(regexp, '').sub(/\/.+\z/, '') }.uniq
|
116
|
+
page.common_prefixes.map { |_| _.prefix.sub(regexp, '').sub(/\/.+\z/, '').sub(/\/\z/, '') }.uniq
|
117
117
|
end
|
118
118
|
end
|
119
119
|
|
@@ -125,7 +125,7 @@ module Acmesmith
|
|
125
125
|
prefix: cert_ver_prefix,
|
126
126
|
).each.flat_map do |page|
|
127
127
|
regexp = /\A#{Regexp.escape(cert_ver_prefix)}/
|
128
|
-
page.common_prefixes.map { |_| _.sub(regexp, '').sub(/\/.+\z/, '') }.uniq
|
128
|
+
page.common_prefixes.map { |_| _.prefix.sub(regexp, '').sub(/\/.+\z/, '').sub(/\/\z/, '') }.uniq
|
129
129
|
end.reject { |_| _ == 'current' }
|
130
130
|
end
|
131
131
|
|
data/lib/acmesmith/version.rb
CHANGED