capistrano-lets-encrypt 0.2.0 → 0.3.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/README.md +25 -9
- data/capistrano-lets-encrypt.gemspec +1 -1
- data/lib/capistrano/tasks/lets-encrypt.rake +50 -29
- metadata +12 -13
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: de66e730ca0dcec1a728877a7f32043b749d5791
|
|
4
|
+
data.tar.gz: be723601fc953f0aa0598b01b323949f1519f59f
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: bb1a2c4e7fb237c2d1bcabff6baa9946ce75f66dbfdae6262567c2bddf862b342e016e9923ccca18944ee72800e939cec0e36f820c16bd3fa480a598419fcf2d
|
|
7
|
+
data.tar.gz: ef87c42ba5ef686a4d86e7fd4eaaf61a3a45d38d41f642ad12eb0feefbc5f70da43d8de1a1730431871cc086c54b1795024b7f84d41ed9f9a0358eb76443333c
|
data/README.md
CHANGED
|
@@ -4,7 +4,7 @@ Let's encrypt support for Capistrano 3.x
|
|
|
4
4
|
|
|
5
5
|
Thanks to @unixcharles and @zealot128 for their libraries,
|
|
6
6
|
[acme-client](https://github.com/unixcharles/acme-client/) and
|
|
7
|
-
[letsencrypt-cli](https://github.com/zealot128/ruby-letsencrypt-cli)
|
|
7
|
+
[letsencrypt-cli](https://github.com/zealot128/ruby-letsencrypt-cli) for managing
|
|
8
8
|
part of the workflow to work with Let's encrypt. This library use both to create
|
|
9
9
|
a series of capistrano tasks that should help you create certs on your projects
|
|
10
10
|
deployed with capistrano
|
|
@@ -13,7 +13,7 @@ deployed with capistrano
|
|
|
13
13
|
|
|
14
14
|
Add this line to your application's Gemfile:
|
|
15
15
|
|
|
16
|
-
gem 'capistrano-lets-encrypt'
|
|
16
|
+
gem 'capistrano-lets-encrypt'
|
|
17
17
|
gem 'capistrano'
|
|
18
18
|
|
|
19
19
|
And then execute:
|
|
@@ -44,32 +44,48 @@ cap lets_encrypt:cert # Create certificates and private keys
|
|
|
44
44
|
Configurable options (copy into deploy.rb), shown here with examples:
|
|
45
45
|
|
|
46
46
|
```ruby
|
|
47
|
+
# Set the roles where the let's encrypt process should be started
|
|
48
|
+
# Be sure at least one server has primary: true
|
|
47
49
|
# default value: :web
|
|
48
50
|
set :lets_encrypt_roles, :lets_encrypt
|
|
49
51
|
|
|
52
|
+
# Optionally set the user to use when installing on the remote system
|
|
53
|
+
# default value: nil
|
|
54
|
+
set :lets_encrypt_user, nil
|
|
55
|
+
|
|
56
|
+
# Set it to true to use let's encrypt staging servers
|
|
50
57
|
# default value: false
|
|
51
58
|
set :lets_encrypt_test, true
|
|
52
59
|
|
|
60
|
+
# Set your let's encrypt account email (required)
|
|
61
|
+
# The account will be created if no private key match
|
|
53
62
|
# default value: nil
|
|
54
63
|
set :lets_encrypt_email, nil
|
|
55
64
|
|
|
65
|
+
# Set the path to your let's encrypt account private key
|
|
66
|
+
# default value: "#{fetch(:lets_encrypt_email)}.account_key.pem"
|
|
67
|
+
set :lets_encrypt_account_key, "#{fetch(:lets_encrypt_email)}.account_key.pem"
|
|
68
|
+
|
|
69
|
+
# Set the domains you want to register (required)
|
|
70
|
+
# This must be a string of one or more domains separated a space - e.g. "example.com example2.com"
|
|
56
71
|
# default value: nil
|
|
57
72
|
set :lets_encrypt_domains, nil
|
|
58
73
|
|
|
74
|
+
# Set the path from where you are serving your static assets
|
|
59
75
|
# default value: "#{release_path}/public"
|
|
60
76
|
set :lets_encrypt_challenge_public_path, "#{release_path}/public"
|
|
61
77
|
|
|
78
|
+
# Set the path where the new certs are going to be saved
|
|
62
79
|
# default value: "#{shared_path}/ssl/certs"
|
|
63
80
|
set :lets_encrypt_output_path, "#{shared_path}/ssl/certs"
|
|
64
81
|
|
|
65
|
-
#
|
|
66
|
-
set :lets_encrypt_account_key, "#{fetch(:lets_encrypt_email)}.account_key.pem"
|
|
67
|
-
|
|
68
|
-
# default value: 30
|
|
69
|
-
set :lets_encrypt_days_valid, 30
|
|
70
|
-
|
|
82
|
+
# Set the local path where the certs will be saved
|
|
71
83
|
# default value: "~/certs"
|
|
72
84
|
set :lets_encrypt_local_output_path, "~/certs"
|
|
85
|
+
|
|
86
|
+
# Set the minimum time that the cert should be valid
|
|
87
|
+
# default value: 30
|
|
88
|
+
set :lets_encrypt_days_valid, 15
|
|
73
89
|
```
|
|
74
90
|
|
|
75
91
|
## Requirements
|
|
@@ -86,7 +102,7 @@ This tool needs Ruby >= 2.1 (as the dependency acme-client needs that because of
|
|
|
86
102
|
|
|
87
103
|
## Credits
|
|
88
104
|
|
|
89
|
-
Thank you [contributors](https://github.com/platanus/
|
|
105
|
+
Thank you [contributors](https://github.com/platanus/capistrano-lets-encrypt/graphs/contributors)!
|
|
90
106
|
|
|
91
107
|
<img src="http://platan.us/gravatar_with_text.png" alt="Platanus" width="250"/>
|
|
92
108
|
|
|
@@ -4,7 +4,7 @@ $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
|
|
|
4
4
|
|
|
5
5
|
Gem::Specification.new do |spec|
|
|
6
6
|
spec.name = "capistrano-lets-encrypt"
|
|
7
|
-
spec.version = "0.
|
|
7
|
+
spec.version = "0.3.0"
|
|
8
8
|
spec.authors = ["Juan Ignacio Donoso"]
|
|
9
9
|
spec.email = ["juan.ignacio@platan.us"]
|
|
10
10
|
spec.summary = %q{Adds support for let's encrypt to Capistrano 3.x}
|
|
@@ -1,5 +1,6 @@
|
|
|
1
1
|
require 'openssl'
|
|
2
2
|
require 'letsencrypt/cli/acme_wrapper'
|
|
3
|
+
require 'colorize'
|
|
3
4
|
|
|
4
5
|
namespace :lets_encrypt do
|
|
5
6
|
|
|
@@ -61,34 +62,36 @@ namespace :lets_encrypt do
|
|
|
61
62
|
end
|
|
62
63
|
|
|
63
64
|
def authorize(domain)
|
|
64
|
-
|
|
65
|
-
|
|
65
|
+
as_encrypt_user do
|
|
66
|
+
wrapper.log "Authorizing #{domain.blue}."
|
|
67
|
+
authorization = client.authorize(domain: domain)
|
|
66
68
|
|
|
67
|
-
|
|
68
|
-
|
|
69
|
-
|
|
70
|
-
|
|
71
|
-
|
|
69
|
+
challenge = authorization.http01
|
|
70
|
+
challenge_public_path = fetch(:lets_encrypt_challenge_public_path)
|
|
71
|
+
challenge_path = File.join(challenge_public_path, File.dirname(challenge.filename))
|
|
72
|
+
challenge_file_path = File.join(challenge_public_path, challenge.filename)
|
|
73
|
+
execute :mkdir, '-pv', challenge_path
|
|
72
74
|
|
|
73
|
-
|
|
75
|
+
wrapper.log "Writing challenge to #{challenge_file_path}", :debug
|
|
74
76
|
|
|
75
|
-
|
|
77
|
+
execute :echo, "\"#{challenge.file_content}\" > #{challenge_file_path}"
|
|
76
78
|
|
|
77
|
-
|
|
79
|
+
challenge.request_verification
|
|
78
80
|
|
|
79
|
-
|
|
80
|
-
|
|
81
|
-
|
|
82
|
-
|
|
83
|
-
|
|
84
|
-
|
|
85
|
-
|
|
86
|
-
|
|
87
|
-
|
|
88
|
-
|
|
89
|
-
|
|
90
|
-
|
|
91
|
-
|
|
81
|
+
5.times do
|
|
82
|
+
wrapper.log "Checking verification...", :debug
|
|
83
|
+
sleep 1
|
|
84
|
+
break if challenge.verify_status != 'pending'
|
|
85
|
+
end
|
|
86
|
+
if challenge.verify_status == 'valid'
|
|
87
|
+
wrapper.log "Authorization successful for #{domain.green}"
|
|
88
|
+
execute :rm, '-f', challenge_file_path
|
|
89
|
+
true
|
|
90
|
+
else
|
|
91
|
+
wrapper.log "Authorization error for #{domain.red}", :error
|
|
92
|
+
wrapper.log challenge.error['detail']
|
|
93
|
+
false
|
|
94
|
+
end
|
|
92
95
|
end
|
|
93
96
|
end
|
|
94
97
|
|
|
@@ -100,11 +103,29 @@ namespace :lets_encrypt do
|
|
|
100
103
|
end
|
|
101
104
|
|
|
102
105
|
def upload_certs(domain)
|
|
103
|
-
|
|
104
|
-
|
|
105
|
-
|
|
106
|
-
|
|
107
|
-
|
|
106
|
+
as_encrypt_user do
|
|
107
|
+
execute :mkdir, '-pv', "#{fetch(:lets_encrypt_output_path)}/#{domain}"
|
|
108
|
+
safe_upload! local_private_key_path, private_key_path
|
|
109
|
+
safe_upload! local_fullchain_path, fullchain_path
|
|
110
|
+
safe_upload! local_certificate_path, certificate_path
|
|
111
|
+
safe_upload! local_chain_path, chain_path
|
|
112
|
+
end
|
|
113
|
+
end
|
|
114
|
+
|
|
115
|
+
def as_encrypt_user(&block)
|
|
116
|
+
if fetch(:lets_encrypt_user)
|
|
117
|
+
as fetch(:lets_encrypt_user) do
|
|
118
|
+
yield
|
|
119
|
+
end
|
|
120
|
+
else
|
|
121
|
+
yield
|
|
122
|
+
end
|
|
123
|
+
end
|
|
124
|
+
|
|
125
|
+
def safe_upload!(from, to)
|
|
126
|
+
tempname = "/tmp/#{Time.now.to_f}"
|
|
127
|
+
upload! from, tempname
|
|
128
|
+
sudo :mv, tempname, to
|
|
108
129
|
end
|
|
109
130
|
|
|
110
131
|
# Helpers
|
|
@@ -158,7 +179,7 @@ namespace :lets_encrypt do
|
|
|
158
179
|
|
|
159
180
|
def options
|
|
160
181
|
@options ||= {
|
|
161
|
-
account_key: fetch(:lets_encrypt_account_key),
|
|
182
|
+
account_key: File.expand_path(fetch(:lets_encrypt_account_key)),
|
|
162
183
|
test: fetch(:lets_encrypt_test),
|
|
163
184
|
log_level: "info",
|
|
164
185
|
color: true,
|
metadata
CHANGED
|
@@ -1,55 +1,55 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: capistrano-lets-encrypt
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.3.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Juan Ignacio Donoso
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2017-03-06 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: capistrano
|
|
15
15
|
requirement: !ruby/object:Gem::Requirement
|
|
16
16
|
requirements:
|
|
17
|
-
- -
|
|
17
|
+
- - ">="
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
19
|
version: 3.0.0
|
|
20
20
|
type: :runtime
|
|
21
21
|
prerelease: false
|
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
23
|
requirements:
|
|
24
|
-
- -
|
|
24
|
+
- - ">="
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
26
|
version: 3.0.0
|
|
27
27
|
- !ruby/object:Gem::Dependency
|
|
28
28
|
name: letsencrypt-cli
|
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
|
30
30
|
requirements:
|
|
31
|
-
- -
|
|
31
|
+
- - ">="
|
|
32
32
|
- !ruby/object:Gem::Version
|
|
33
33
|
version: 0.1.4
|
|
34
34
|
type: :runtime
|
|
35
35
|
prerelease: false
|
|
36
36
|
version_requirements: !ruby/object:Gem::Requirement
|
|
37
37
|
requirements:
|
|
38
|
-
- -
|
|
38
|
+
- - ">="
|
|
39
39
|
- !ruby/object:Gem::Version
|
|
40
40
|
version: 0.1.4
|
|
41
41
|
- !ruby/object:Gem::Dependency
|
|
42
42
|
name: rake
|
|
43
43
|
requirement: !ruby/object:Gem::Requirement
|
|
44
44
|
requirements:
|
|
45
|
-
- - ~>
|
|
45
|
+
- - "~>"
|
|
46
46
|
- !ruby/object:Gem::Version
|
|
47
47
|
version: '10.0'
|
|
48
48
|
type: :development
|
|
49
49
|
prerelease: false
|
|
50
50
|
version_requirements: !ruby/object:Gem::Requirement
|
|
51
51
|
requirements:
|
|
52
|
-
- - ~>
|
|
52
|
+
- - "~>"
|
|
53
53
|
- !ruby/object:Gem::Version
|
|
54
54
|
version: '10.0'
|
|
55
55
|
description: Adds support for let's encrypt to Capistrano 3.x
|
|
@@ -59,7 +59,7 @@ executables: []
|
|
|
59
59
|
extensions: []
|
|
60
60
|
extra_rdoc_files: []
|
|
61
61
|
files:
|
|
62
|
-
- .gitignore
|
|
62
|
+
- ".gitignore"
|
|
63
63
|
- Gemfile
|
|
64
64
|
- LICENSE.txt
|
|
65
65
|
- README.md
|
|
@@ -78,19 +78,18 @@ require_paths:
|
|
|
78
78
|
- lib
|
|
79
79
|
required_ruby_version: !ruby/object:Gem::Requirement
|
|
80
80
|
requirements:
|
|
81
|
-
- -
|
|
81
|
+
- - ">="
|
|
82
82
|
- !ruby/object:Gem::Version
|
|
83
83
|
version: '0'
|
|
84
84
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
|
85
85
|
requirements:
|
|
86
|
-
- -
|
|
86
|
+
- - ">="
|
|
87
87
|
- !ruby/object:Gem::Version
|
|
88
88
|
version: '0'
|
|
89
89
|
requirements: []
|
|
90
90
|
rubyforge_project:
|
|
91
|
-
rubygems_version: 2.
|
|
91
|
+
rubygems_version: 2.5.2
|
|
92
92
|
signing_key:
|
|
93
93
|
specification_version: 4
|
|
94
94
|
summary: Adds support for let's encrypt to Capistrano 3.x
|
|
95
95
|
test_files: []
|
|
96
|
-
has_rdoc:
|