encryptbot 0.1.9 → 0.2.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/Gemfile.lock +1 -1
- data/README.md +37 -8
- data/lib/encryptbot/cert.rb +9 -2
- data/lib/encryptbot/exceptions.rb +2 -4
- data/lib/encryptbot/version.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 4d280a6a4a72287178c5b816f7e60ed395f583bce226997f6143f1fd447388d5
|
4
|
+
data.tar.gz: 55187351813cee1b14ea5530276a9ceded41662c945e48ac696699012e589817
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: fd16ff30f1fe113c1f48ee743bf06623739af349d8fb9d78bc1438469e6683a65dccf1211dff258a48a016c4417122b373f86eb57b2a0b273367c354c04b85f3
|
7
|
+
data.tar.gz: 5e7303718f73dd88e11637e4c57cc59707f9ba1032d0d74696c39467d35ed04ab538da45f8ce6c30a11699607286498af0ea92ac4c7f589e6bd9070a6554dd05
|
data/Gemfile.lock
CHANGED
data/README.md
CHANGED
@@ -1,12 +1,41 @@
|
|
1
1
|
# Encryptbot
|
2
2
|
|
3
|
-
Encryptbot
|
3
|
+
Encryptbot create a Let's Encrypt SSL certificate with multiple wildcard domains that is managed in Heroku.
|
4
4
|
|
5
5
|
The gem will:
|
6
6
|
|
7
|
-
- Create Let's Encrypt
|
8
|
-
- Add Let's Encrypt DNS Challenge TXT records
|
9
|
-
- Add certificate to
|
7
|
+
- Create a Let's Encrypt Certificate
|
8
|
+
- Add Let's Encrypt DNS Challenge TXT records for domains managed in AWS Route 53
|
9
|
+
- Add the certificate to a Heroku SNI endpoint
|
10
|
+
|
11
|
+
## Pre-setup
|
12
|
+
|
13
|
+
1. Using AWS Route 53, create a Hosted Zone
|
14
|
+
2. Create an AWS IAM user with the following permissions and get an API access key and secret.
|
15
|
+
|
16
|
+
```
|
17
|
+
{
|
18
|
+
"Version": "2012-10-17",
|
19
|
+
"Statement": [
|
20
|
+
{
|
21
|
+
"Sid": "VisualEditor0",
|
22
|
+
"Effect": "Allow",
|
23
|
+
"Action": "route53:ChangeResourceRecordSets",
|
24
|
+
"Resource": "arn:aws:route53:::hostedzone/YOUR_ZONE_NAME_ID_HERE"
|
25
|
+
},
|
26
|
+
{
|
27
|
+
"Sid": "VisualEditor1",
|
28
|
+
"Effect": "Allow",
|
29
|
+
"Action": "route53:GetChange",
|
30
|
+
"Resource": "arn:aws:route53:::change/*"
|
31
|
+
}
|
32
|
+
]
|
33
|
+
}
|
34
|
+
```
|
35
|
+
|
36
|
+
3. Add a CNAME called "_acme-challenege" pointing to your Route 53 name. If you're using Cloudflare, turn off proxying.
|
37
|
+
4. You're now ready to go.
|
38
|
+
|
10
39
|
|
11
40
|
## Installation
|
12
41
|
|
@@ -33,7 +62,7 @@ Add an initializer file to your rails application and all applicable config sett
|
|
33
62
|
Encryptbot.configure do |config|
|
34
63
|
config.heroku_app = "heroku_app_name"
|
35
64
|
config.heroku_token = "heroku_api_token"
|
36
|
-
config.acme_email = "letsencrypt_account_email"
|
65
|
+
config.acme_email = "letsencrypt_account_email@email.com"
|
37
66
|
config.route53_hosted_zone_id = "Z123456"
|
38
67
|
config.route53_acme_record_name = "_acme-challenge.acme.domain.com"
|
39
68
|
config.route53_access_key_id = "aws_api_key"
|
@@ -47,11 +76,11 @@ Request initial certificate
|
|
47
76
|
heroku run rails encryptbot:add_cert
|
48
77
|
```
|
49
78
|
|
50
|
-
Once the certificate has been initially setup, you can schedule the rake task to run every
|
79
|
+
Once the certificate has been initially setup, you can schedule the rake task to run every 30 days.
|
51
80
|
|
52
81
|
## Contributing
|
53
82
|
|
54
|
-
Bug reports and pull requests are welcome on GitHub at https://github.com/
|
83
|
+
Bug reports and pull requests are welcome on GitHub at https://github.com/danlewis/encryptbot. This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to the [Contributor Covenant](http://contributor-covenant.org) code of conduct.
|
55
84
|
|
56
85
|
## License
|
57
86
|
|
@@ -59,4 +88,4 @@ The gem is available as open source under the terms of the [MIT License](https:/
|
|
59
88
|
|
60
89
|
## Code of Conduct
|
61
90
|
|
62
|
-
Everyone interacting in the encryptbot project’s codebases, issue trackers, chat rooms and mailing lists is expected to follow the [code of conduct](https://github.com/
|
91
|
+
Everyone interacting in the encryptbot project’s codebases, issue trackers, chat rooms and mailing lists is expected to follow the [code of conduct](https://github.com/danlewis/encryptbot/blob/master/CODE_OF_CONDUCT.md).
|
data/lib/encryptbot/cert.rb
CHANGED
@@ -37,6 +37,7 @@ module Encryptbot
|
|
37
37
|
|
38
38
|
puts "Start Authorization"
|
39
39
|
# authorization of domains
|
40
|
+
failed_domain_authorizations = []
|
40
41
|
order.authorizations.each do |authorization|
|
41
42
|
dns_challenge = authorization.dns
|
42
43
|
domain = authorization.domain
|
@@ -67,16 +68,22 @@ module Encryptbot
|
|
67
68
|
dns_challenge.reload
|
68
69
|
end
|
69
70
|
puts "Completed authorization of #{domain}. Status: #{dns_challenge.status}"
|
70
|
-
|
71
|
+
if dns_challenge.status == 'invalid'
|
72
|
+
failed_domain_authorizations << domain
|
73
|
+
end
|
71
74
|
end # end auth loop
|
72
75
|
|
76
|
+
if failed_domain_authorizations.any?
|
77
|
+
raise Encryptbot::Error::DomainAuthorizationFailedError, "Domains failed to authorize: #{failed_domain_authorizations.join(', ')}."
|
78
|
+
end
|
79
|
+
|
73
80
|
if order.status == "invalid"
|
74
81
|
raise Encryptbot::Error::InvalidOrderError, "Certificate order was invalid. DNS Challenge failed."
|
75
82
|
end
|
76
83
|
|
77
84
|
# Generate certificate
|
78
85
|
puts "Generate Certificate"
|
79
|
-
csr = Acme::Client::CertificateRequest.new(names: @
|
86
|
+
csr = Acme::Client::CertificateRequest.new(names: @domains)
|
80
87
|
order.finalize(csr: csr)
|
81
88
|
sleep(1) while order.status == "processing"
|
82
89
|
|
@@ -13,15 +13,13 @@ module Encryptbot
|
|
13
13
|
class HerokuCertificateError < EncryptbotError; end
|
14
14
|
# Exception raised due to configuration not been setup
|
15
15
|
class SetupError < EncryptbotError; end
|
16
|
-
# Exception raised when adding TXT record to Cloudflare
|
17
|
-
class CloudflareDNSError < EncryptbotError; end
|
18
|
-
# Exception raised when adding TXT record to Dyn
|
19
|
-
class DynDNSError < EncryptbotError; end
|
20
16
|
# Exception raised when route 53 fails to update
|
21
17
|
class Route53DNSError < EncryptbotError; end
|
22
18
|
# Exception raised when unknown error
|
23
19
|
class UnknownServiceError < EncryptbotError; end
|
24
20
|
# Exception raised as order was failed - this happens when the DNS Challenge failed
|
25
21
|
class InvalidOrderError < EncryptbotError; end
|
22
|
+
# Exception raised due to a domain failing authorization
|
23
|
+
class DomainAuthorizationFailedError < EncryptbotError; end
|
26
24
|
end
|
27
25
|
end
|
data/lib/encryptbot/version.rb
CHANGED
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: encryptbot
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.2.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- danlewis
|
8
8
|
autorequire:
|
9
9
|
bindir: exe
|
10
10
|
cert_chain: []
|
11
|
-
date: 2021-03-
|
11
|
+
date: 2021-03-11 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: acme-client
|