certgen 0.1.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: bdaf8fdacad6518c7a0b679c0acb9bcf0a11329560716f31cc7884df154f0967
+  data.tar.gz: 846e35380bd6de70f8cdac267e07430ee10e0fadc8cef6085d64b4a2c0aac248
+SHA512:
+  metadata.gz: 3eb3caa1797c237bd5e52d900ef19ced3975a2250a7031b9edb26ed2abc04acfb0f723df6a9c491a431fb31c275abc14a667e59bf84e4b284f3d17147738e2e6
+  data.tar.gz: 1611c486db2df826522229c0acdc88f2674ccbda6cb4b1fc574378d0ab95a6eb05f88787d613ff1a3c0c3bd0b054a65b0f273ec2fe17daf396bfd8ab90a93a04

data/.rspec

@@ -0,0 +1,3 @@
+--format documentation
+--color
+--require spec_helper

data/.rubocop.yml

@@ -0,0 +1,8 @@
+AllCops:
+  TargetRubyVersion: 3.1
+
+Style/StringLiterals:
+  EnforcedStyle: double_quotes
+
+Style/StringLiteralsInInterpolation:
+  EnforcedStyle: double_quotes

data/CHANGELOG.md

@@ -0,0 +1,5 @@
+## [Unreleased]
+
+## [0.1.0] - 2025-05-03
+
+- Initial release

data/CODE_OF_CONDUCT.md

@@ -0,0 +1,132 @@
+# Contributor Covenant Code of Conduct
+
+## Our Pledge
+
+We as members, contributors, and leaders pledge to make participation in our
+community a harassment-free experience for everyone, regardless of age, body
+size, visible or invisible disability, ethnicity, sex characteristics, gender
+identity and expression, level of experience, education, socio-economic status,
+nationality, personal appearance, race, caste, color, religion, or sexual
+identity and orientation.
+
+We pledge to act and interact in ways that contribute to an open, welcoming,
+diverse, inclusive, and healthy community.
+
+## Our Standards
+
+Examples of behavior that contributes to a positive environment for our
+community include:
+
+* Demonstrating empathy and kindness toward other people
+* Being respectful of differing opinions, viewpoints, and experiences
+* Giving and gracefully accepting constructive feedback
+* Accepting responsibility and apologizing to those affected by our mistakes,
+  and learning from the experience
+* Focusing on what is best not just for us as individuals, but for the overall
+  community
+
+Examples of unacceptable behavior include:
+
+* The use of sexualized language or imagery, and sexual attention or advances of
+  any kind
+* Trolling, insulting or derogatory comments, and personal or political attacks
+* Public or private harassment
+* Publishing others' private information, such as a physical or email address,
+  without their explicit permission
+* Other conduct which could reasonably be considered inappropriate in a
+  professional setting
+
+## Enforcement Responsibilities
+
+Community leaders are responsible for clarifying and enforcing our standards of
+acceptable behavior and will take appropriate and fair corrective action in
+response to any behavior that they deem inappropriate, threatening, offensive,
+or harmful.
+
+Community leaders have the right and responsibility to remove, edit, or reject
+comments, commits, code, wiki edits, issues, and other contributions that are
+not aligned to this Code of Conduct, and will communicate reasons for moderation
+decisions when appropriate.
+
+## Scope
+
+This Code of Conduct applies within all community spaces, and also applies when
+an individual is officially representing the community in public spaces.
+Examples of representing our community include using an official email address,
+posting via an official social media account, or acting as an appointed
+representative at an online or offline event.
+
+## Enforcement
+
+Instances of abusive, harassing, or otherwise unacceptable behavior may be
+reported to the community leaders responsible for enforcement at
+[INSERT CONTACT METHOD].
+All complaints will be reviewed and investigated promptly and fairly.
+
+All community leaders are obligated to respect the privacy and security of the
+reporter of any incident.
+
+## Enforcement Guidelines
+
+Community leaders will follow these Community Impact Guidelines in determining
+the consequences for any action they deem in violation of this Code of Conduct:
+
+### 1. Correction
+
+**Community Impact**: Use of inappropriate language or other behavior deemed
+unprofessional or unwelcome in the community.
+
+**Consequence**: A private, written warning from community leaders, providing
+clarity around the nature of the violation and an explanation of why the
+behavior was inappropriate. A public apology may be requested.
+
+### 2. Warning
+
+**Community Impact**: A violation through a single incident or series of
+actions.
+
+**Consequence**: A warning with consequences for continued behavior. No
+interaction with the people involved, including unsolicited interaction with
+those enforcing the Code of Conduct, for a specified period of time. This
+includes avoiding interactions in community spaces as well as external channels
+like social media. Violating these terms may lead to a temporary or permanent
+ban.
+
+### 3. Temporary Ban
+
+**Community Impact**: A serious violation of community standards, including
+sustained inappropriate behavior.
+
+**Consequence**: A temporary ban from any sort of interaction or public
+communication with the community for a specified period of time. No public or
+private interaction with the people involved, including unsolicited interaction
+with those enforcing the Code of Conduct, is allowed during this period.
+Violating these terms may lead to a permanent ban.
+
+### 4. Permanent Ban
+
+**Community Impact**: Demonstrating a pattern of violation of community
+standards, including sustained inappropriate behavior, harassment of an
+individual, or aggression toward or disparagement of classes of individuals.
+
+**Consequence**: A permanent ban from any sort of public interaction within the
+community.
+
+## Attribution
+
+This Code of Conduct is adapted from the [Contributor Covenant][homepage],
+version 2.1, available at
+[https://www.contributor-covenant.org/version/2/1/code_of_conduct.html][v2.1].
+
+Community Impact Guidelines were inspired by
+[Mozilla's code of conduct enforcement ladder][Mozilla CoC].
+
+For answers to common questions about this code of conduct, see the FAQ at
+[https://www.contributor-covenant.org/faq][FAQ]. Translations are available at
+[https://www.contributor-covenant.org/translations][translations].
+
+[homepage]: https://www.contributor-covenant.org
+[v2.1]: https://www.contributor-covenant.org/version/2/1/code_of_conduct.html
+[Mozilla CoC]: https://github.com/mozilla/diversity
+[FAQ]: https://www.contributor-covenant.org/faq
+[translations]: https://www.contributor-covenant.org/translations

data/LICENSE.txt

@@ -0,0 +1,21 @@
+The MIT License (MIT)
+
+Copyright (c) 2025 Rajan Bhattarai
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.

data/README.md

@@ -0,0 +1,96 @@
+# Certgen
+
+![Ruby](https://img.shields.io/badge/Ruby-3.1%2B-red)
+![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)
+![Gem Version](https://img.shields.io/gem/v/certgen)
+
+**Certgen** is a Ruby CLI tool to generate free SSL certificates from [Let's Encrypt](https://letsencrypt.org) using **DNS-01 verification**. Perfect for developers and site owners who use cPanel or manually managed servers and need to upload certificates themselves.
+
+## ✨ Features
+
+- ✅ Generate valid SSL certificates via Let's Encrypt
+- 🌐 Supports both base domains and `www.` subdomains automatically
+- 🔐 Uses DNS-01 challenge (great for wildcard and shared hosting)
+- 📁 Outputs `.crt`, `.pem`, and zipped bundles for easy upload
+- 🔄 Stores reusable Let's Encrypt account key
+- 🖥️ CLI interface for quick and easy usage
+
+## 📦 Installation
+
+```bash
+gem install certgen
+```
+
+## 🚀 Usage
+
+Run the CLI tool from your terminal:
+
+```bash
+certgen --domain example.com --email user@example.com
+```
+
+This will:
+1. Generate or reuse your Let's Encrypt account key
+2. Create DNS-01 challenge instructions
+3. Wait for your confirmation after DNS is set
+4. Generate the certificate files
+5. Zip them for upload to cPanel or any hosting service
+
+### 🔄 Example Output Files
+
+After running, your certs will be saved in:
+
+```
+~/.ssl_output/example.com/
+├── certificate.crt
+├── private_key.pem
+├── ca_bundle.pem
+└── cert_bundle.zip
+```
+
+## ✍️ DNS Setup
+
+You'll be prompted to create a DNS TXT record:
+
+```text
+Record Name: _acme-challenge.example.com
+Record Type: TXT
+Record Value: abc123...
+```
+
+Use [https://dnschecker.org](https://dnschecker.org) to confirm propagation before continuing.
+
+## 🔧 Development
+
+Clone and run locally:
+
+```bash
+git clone https://github.com/cdrrazan/certgen
+cd certgen
+bundle install
+```
+
+Run the CLI locally:
+
+```bash
+bin/certgen --domain example.com --email user@example.com
+```
+
+## ✅ Requirements
+
+- Ruby >= 3
+- DNS management access to create TXT records
+- cPanel or similar manual SSL upload support
+
+## 📄 License
+
+This project is licensed under the MIT License. See the [LICENSE](https://github.com/cdrrazan/certgen/blob/main/LICENSE) file for details.
+
+## 🙌 Author
+
+**Rajan Bhattarai**  
+[GitHub](https://github.com/cdrrazan) • [Email](mailto:cdrrazan@gmail.com)
+
+---
+
+🛠 Contributions and issues are welcome — feel free to open a PR or issue on [GitHub](https://github.com/cdrrazan/certgen)!

data/Rakefile

@@ -0,0 +1,12 @@
+# frozen_string_literal: true
+
+require "bundler/gem_tasks"
+require "rspec/core/rake_task"
+
+RSpec::Core::RakeTask.new(:spec)
+
+require "rubocop/rake_task"
+
+RuboCop::RakeTask.new
+
+task default: %i[spec rubocop]

data/exe/certgen

@@ -0,0 +1,6 @@
+#!/usr/bin/env ruby
+# frozen_string_literal: true
+
+require "certgen"
+
+Certgen::CLI.start

data/lib/certgen/cli.rb

@@ -0,0 +1,36 @@
+# frozen_string_literal: true
+
+# lib/certgen/cli.rb
+
+require "optparse"
+
+module Certgen
+  class CLI
+    def self.start
+      options = {}
+
+      OptionParser.new do |opts|
+        opts.banner = "Usage: certgen [options]"
+
+        opts.on("-d", "--domain DOMAIN", "Domain name") { |v| options[:domain] = v }
+        opts.on("-e", "--email EMAIL", "Email address") { |v| options[:email] = v }
+        opts.on("-w", "--wildcard", "Request a wildcard certificate") { options[:wildcard] = true }
+        opts.on("-h", "--help", "Prints this help") do
+          puts opts
+          exit
+        end
+      end.parse!
+
+      unless options[:domain] && options[:email]
+        puts "Error: Domain and email are required."
+        exit 1
+      end
+
+      puts "[INFO] Starting certificate generation for #{options[:domain]}..."
+      Certgen.generate(
+        domain: options[:domain],
+        email: options[:email]
+      )
+    end
+  end
+end

data/lib/certgen/generator.rb

@@ -0,0 +1,146 @@
+# frozen_string_literal: true
+
+require "acme-client"
+require "openssl"
+require "fileutils"
+require "zip"
+
+module Certgen
+  class Generator
+    LETS_ENCRYPT_DIRECTORY = "https://acme-v02.api.letsencrypt.org/directory"
+    ACCOUNT_KEY_PATH = File.expand_path("~/.certgen/acme_account.key")
+
+    def initialize(domain:, email:)
+      @input_domain = domain
+      @email = email
+      @base_domain = domain.sub(/^www\./, "")
+      @domains = [@base_domain, "www.#{@base_domain}"].uniq
+      @output_dir = File.expand_path("~/.ssl_output/#{@base_domain}")
+    end
+
+    def run
+      ensure_account_key!
+      setup_client
+      create_output_directory
+      order_certificate
+      verify_dns_challenges
+      finalize_certificate
+      save_certificate_files
+      notify_user
+    end
+
+    private
+
+    def ensure_account_key!
+      FileUtils.mkdir_p(File.dirname(ACCOUNT_KEY_PATH))
+      if File.exist?(ACCOUNT_KEY_PATH)
+        puts "🔐 Loading existing ACME account key..."
+        @account_key = OpenSSL::PKey::RSA.new(File.read(ACCOUNT_KEY_PATH))
+      else
+        puts "🛠 Generating new ACME account key..."
+        @account_key = OpenSSL::PKey::RSA.new(4096)
+        File.write(ACCOUNT_KEY_PATH, @account_key.to_pem)
+      end
+    end
+
+    def setup_client
+      @client = Acme::Client.new(
+        private_key: @account_key,
+        directory: LETS_ENCRYPT_DIRECTORY
+      )
+
+      begin
+        @client.new_account(contact: "mailto:#{@email}", terms_of_service_agreed: true)
+      rescue Acme::Client::Error::Malformed
+        puts "✅ ACME account already registered."
+      end
+    end
+
+    def create_output_directory
+      FileUtils.mkdir_p(@output_dir)
+    end
+
+    def order_certificate
+      @order = @client.new_order(identifiers: @domains)
+      @authorizations = @order.authorizations
+    end
+
+    def verify_dns_challenges
+      @authorizations.each do |auth|
+        domain = auth.identifier["value"]
+        challenge = auth.dns
+
+        dns_record = "_acme-challenge.#{domain}"
+        puts "\n📌 Please create this DNS TXT record for domain: #{domain}"
+        puts "Record Name: #{dns_record}"
+        puts "Record Type: TXT"
+        puts "Record Value: #{challenge.record_content}"
+        puts "\n⚠️ After adding it, wait for DNS to propagate (~1–5 minutes)."
+        puts "🔎 Use https://dnschecker.org to confirm it’s live."
+        puts "Press ENTER when ready to continue..."
+        $stdin.gets
+
+        challenge.request_validation
+
+        while challenge.status == "pending"
+          puts "⏳ Waiting for DNS validation for #{domain}..."
+          sleep 5
+          challenge.reload
+        end
+
+        unless challenge.status == "valid"
+          puts "❌ DNS validation failed for #{domain}. Status: #{challenge.status}"
+          exit(1)
+        end
+
+        puts "✅ Domain #{domain} successfully verified!"
+      end
+    end
+
+    def finalize_certificate
+      @certificate_key = OpenSSL::PKey::RSA.new(4096)
+      csr = Acme::Client::CertificateRequest.new(private_key: @certificate_key, names: @domains)
+      @order.finalize(csr: csr)
+
+      while @order.status == "processing"
+        sleep 1
+        @order.reload
+      end
+
+      return if @order.status == "valid"
+
+      puts "❌ Failed to finalize order. Status: #{@order.status}"
+      exit(1)
+    end
+
+    def save_certificate_files
+      key_path = File.join(@output_dir, "private_key.pem")
+      crt_path = File.join(@output_dir, "certificate.crt")
+      ca_path = File.join(@output_dir, "ca_bundle.pem")
+
+      File.write(key_path, @certificate_key.to_pem)
+      File.write(crt_path, @order.certificate)
+      File.write(ca_path, @order.certificate) # Optional
+
+      zip_path = File.join(@output_dir, "cert_bundle.zip")
+      create_zip(zip_path, [key_path, crt_path, ca_path])
+    end
+
+    def create_zip(zip_path, files)
+      Zip::File.open(zip_path, Zip::File::CREATE) do |zipfile|
+        files.each do |file|
+          zipfile.add(File.basename(file), file) if File.exist?(file)
+        end
+      end
+    end
+
+    def notify_user
+      puts "\n🎉 SSL certificate generated successfully for #{@domains.join(", ")}"
+      puts "📁 Files saved in: #{@output_dir}"
+      puts "- certificate.crt"
+      puts "- private_key.pem"
+      puts "- ca_bundle.pem"
+      puts "\n🧾 You can now manually upload these files to your cPanel SSL/TLS section."
+    end
+  end
+end

data/lib/certgen/version.rb

@@ -0,0 +1,5 @@
+# frozen_string_literal: true
+
+module Certgen
+  VERSION = "0.1.0"
+end

data/lib/certgen.rb

@@ -0,0 +1,18 @@
+# frozen_string_literal: true
+
+require_relative "certgen/version"
+require "certgen/cli"
+require "certgen/generator"
+
+module Certgen
+  # Custom error class for all Certgen-specific errors
+  class Error < StandardError; end
+
+  # Main entry point for generating certificates
+  def self.generate(domain:, email:)
+    Certgen::Generator.new(
+      domain:,
+      email:
+    ).run
+  end
+end

data/sig/certgen.rbs

@@ -0,0 +1,4 @@
+module Certgen
+  VERSION: String
+  # See the writing guide of rbs: https://github.com/ruby/rbs#guides
+end

metadata

@@ -0,0 +1,62 @@
+--- !ruby/object:Gem::Specification
+name: certgen
+version: !ruby/object:Gem::Version
+  version: 0.1.0
+platform: ruby
+authors:
+- Rajan Bhattarai
+bindir: exe
+cert_chain: []
+date: 2025-05-03 00:00:00.000000000 Z
+dependencies: []
+description: Certgen is a command-line Ruby gem that helps users generate free SSL
+  certificates from Let's Encrypt using DNS-01 verification. Ideal for users with
+  manual or cPanel-based hosting environments. Supports wildcard domains and reusable
+  account keys.
+email:
+- cdrrazan@gmail.com
+executables:
+- certgen
+extensions: []
+extra_rdoc_files: []
+files:
+- ".rspec"
+- ".rubocop.yml"
+- CHANGELOG.md
+- CODE_OF_CONDUCT.md
+- LICENSE.txt
+- README.md
+- Rakefile
+- exe/certgen
+- lib/certgen.rb
+- lib/certgen/cli.rb
+- lib/certgen/generator.rb
+- lib/certgen/version.rb
+- sig/certgen.rbs
+homepage: https://github.com/cdrrazan/certgen
+licenses:
+- MIT
+metadata:
+  allowed_push_host: https://rubygems.org
+  homepage_uri: https://github.com/cdrrazan/certgen
+  source_code_uri: https://github.com/cdrrazan/certgen
+  changelog_uri: https://github.com/cdrrazan/certgen/blob/main/CHANGELOG.md
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: 3.1.0
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubygems_version: 3.6.2
+specification_version: 4
+summary: A Ruby CLI gem to generate free SSL certificates using Let's Encrypt with
+  DNS verification.
+test_files: []