encryptbot 0.1.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 120d3113425408842a8291c2bfd9e6dcc9111835
+  data.tar.gz: 75dd6eac6066e637675f8b4eadf7f30e7efd59ba
+SHA512:
+  metadata.gz: 5b82fa59488ad68ad7debe96cfbc6e705ebeb4df1a930d5fde61c037afe4c77811380ac3a198c734f0cfd6f29dbb40970ca1c01e7218f6481d29720b95b6e37f
+  data.tar.gz: 193d5bd943f3870a520eb46ee0ecace9d79112bc1fcc2c7cce4427e75c9b45caf0771b1f56c04c7a5573623af643b300d5217c0c9864e2de7630ec4a376c4e82

data/.gitignore

@@ -0,0 +1,8 @@
+/.bundle/
+/.yardoc
+/_yardoc/
+/coverage/
+/doc/
+/pkg/
+/spec/reports/
+/tmp/

data/CODE_OF_CONDUCT.md

@@ -0,0 +1,74 @@
+# Contributor Covenant Code of Conduct
+
+## Our Pledge
+
+In the interest of fostering an open and welcoming environment, we as
+contributors and maintainers pledge to making participation in our project and
+our community a harassment-free experience for everyone, regardless of age, body
+size, disability, ethnicity, gender identity and expression, level of experience,
+nationality, personal appearance, race, religion, or sexual identity and
+orientation.
+
+## Our Standards
+
+Examples of behavior that contributes to creating a positive environment
+include:
+
+* Using welcoming and inclusive language
+* Being respectful of differing viewpoints and experiences
+* Gracefully accepting constructive criticism
+* Focusing on what is best for the community
+* Showing empathy towards other community members
+
+Examples of unacceptable behavior by participants include:
+
+* The use of sexualized language or imagery and unwelcome sexual attention or
+advances
+* Trolling, insulting/derogatory comments, and personal or political attacks
+* Public or private harassment
+* Publishing others' private information, such as a physical or electronic
+  address, without explicit permission
+* Other conduct which could reasonably be considered inappropriate in a
+  professional setting
+
+## Our Responsibilities
+
+Project maintainers are responsible for clarifying the standards of acceptable
+behavior and are expected to take appropriate and fair corrective action in
+response to any instances of unacceptable behavior.
+
+Project maintainers have the right and responsibility to remove, edit, or
+reject comments, commits, code, wiki edits, issues, and other contributions
+that are not aligned to this Code of Conduct, or to ban temporarily or
+permanently any contributor for other behaviors that they deem inappropriate,
+threatening, offensive, or harmful.
+
+## Scope
+
+This Code of Conduct applies both within project spaces and in public spaces
+when an individual is representing the project or its community. Examples of
+representing a project or community include using an official project e-mail
+address, posting via an official social media account, or acting as an appointed
+representative at an online or offline event. Representation of a project may be
+further defined and clarified by project maintainers.
+
+## Enforcement
+
+Instances of abusive, harassing, or otherwise unacceptable behavior may be
+reported by contacting the project team at flightofdan@gmail.com. All
+complaints will be reviewed and investigated and will result in a response that
+is deemed necessary and appropriate to the circumstances. The project team is
+obligated to maintain confidentiality with regard to the reporter of an incident.
+Further details of specific enforcement policies may be posted separately.
+
+Project maintainers who do not follow or enforce the Code of Conduct in good
+faith may face temporary or permanent repercussions as determined by other
+members of the project's leadership.
+
+## Attribution
+
+This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.4,
+available at [http://contributor-covenant.org/version/1/4][version]
+
+[homepage]: http://contributor-covenant.org
+[version]: http://contributor-covenant.org/version/1/4/

data/Gemfile

@@ -0,0 +1,6 @@
+source "https://rubygems.org"
+
+git_source(:github) {|repo_name| "https://github.com/#{repo_name}" }
+
+# Specify your gem's dependencies in encryptbot.gemspec
+gemspec

data/Gemfile.lock

@@ -0,0 +1,42 @@
+PATH
+  remote: .
+  specs:
+    encryptbot (0.1.0)
+      acme-client
+      faraday
+      platform-api
+      slack-notifier
+
+GEM
+  remote: https://rubygems.org/
+  specs:
+    acme-client (2.0.0)
+      faraday (~> 0.9, >= 0.9.1)
+    erubis (2.7.0)
+    excon (0.62.0)
+    faraday (0.15.2)
+      multipart-post (>= 1.2, < 3)
+    heroics (0.0.24)
+      erubis (~> 2.0)
+      excon
+      moneta
+      multi_json (>= 1.9.2)
+    moneta (0.8.1)
+    multi_json (1.13.1)
+    multipart-post (2.0.0)
+    platform-api (2.1.0)
+      heroics (~> 0.0.23)
+      moneta (~> 0.8.1)
+    rake (10.5.0)
+    slack-notifier (2.3.2)
+
+PLATFORMS
+  ruby
+
+DEPENDENCIES
+  bundler (~> 1.16)
+  encryptbot!
+  rake (~> 10.0)
+
+BUNDLED WITH
+   1.16.1

data/LICENSE.txt

@@ -0,0 +1,21 @@
+The MIT License (MIT)
+
+Copyright (c) 2018 danlewis
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.

data/README.md

@@ -0,0 +1,70 @@
+# Encryptbot
+
+Encryptbot creates and renews your Lets Encrypt SSL certificate on Heroku allowing for multiple wildcards.
+
+The gem will:
+
+- Create Lets Encrypt
+- Add Lets Encrypt DNS Challenge TXT records to your DNS provider (cloudflare and Dyn supported)
+- Add certificate to your Heroku SNI endpoint
+- Send Slack notifications if the process fails.
+
+## Installation
+
+Add this line to your application's Gemfile:
+
+```ruby
+gem 'encryptbot'
+```
+
+And then execute:
+
+    $ bundle
+
+Or install it yourself as:
+
+    $ gem install encryptbot
+
+
+## Usage
+
+Add an initializer file to your rails application and all applicable config settings.
+
+```ruby
+Encryptbot.configure do |config|
+  config.heroku_app = "heroku_app_name"
+  config.heroku_token = "heroku_api_token"
+  config.cloudflare_api_key = "cloudflare_api_key"
+  config.cloudflare_email = "cloudflare_account_email"
+  config.acme_email = "letsencrypt_account_email"
+  config.dyn_customer_name = "dyn_customer_name"
+  config.dyn_username = "dyn_username"
+  config.dyn_password = "dyn_password"
+  config.slack_webhook = "slack_webhook_url"
+  config.slack_bot_username = "name_for_slack_bot"
+  config.domains = [
+    {domain: "*.domain1.com", service: "cloudflare"},
+    {domain: "*.domain2.com", service: "dyn"},
+    {domain: "domain3.com", service: "cloudflare"},
+  ]
+end
+```
+
+Request initial certificate
+```ruby
+heroku run rails encryptbot:add_cert
+```
+
+Once the certificate has been initially setup, you can schedule the rake task to run every 60 days.
+
+## Contributing
+
+Bug reports and pull requests are welcome on GitHub at https://github.com/[USERNAME]/encryptbot. This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to the [Contributor Covenant](http://contributor-covenant.org) code of conduct.
+
+## License
+
+The gem is available as open source under the terms of the [MIT License](https://opensource.org/licenses/MIT).
+
+## Code of Conduct
+
+Everyone interacting in the encryptbot project’s codebases, issue trackers, chat rooms and mailing lists is expected to follow the [code of conduct](https://github.com/[USERNAME]/encryptbot/blob/master/CODE_OF_CONDUCT.md).

data/Rakefile

@@ -0,0 +1,2 @@
+require "bundler/gem_tasks"
+task :default => :spec

data/bin/console

@@ -0,0 +1,14 @@
+#!/usr/bin/env ruby
+
+require "bundler/setup"
+require "encryptbot"
+
+# You can add fixtures and/or initialization code here to make experimenting
+# with your gem easier. You can also use a different console, if you like.
+
+# (If you use this, don't forget to add pry to your Gemfile!)
+# require "pry"
+# Pry.start
+
+require "irb"
+IRB.start(__FILE__)

data/bin/setup

@@ -0,0 +1,8 @@
+#!/usr/bin/env bash
+set -euo pipefail
+IFS=$'\n\t'
+set -vx
+
+bundle install
+
+# Do any other automated setup that you need to do here

data/encryptbot.gemspec

@@ -0,0 +1,30 @@
+
+lib = File.expand_path("../lib", __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require "encryptbot/version"
+
+Gem::Specification.new do |spec|
+  spec.name          = "encryptbot"
+  spec.version       = Encryptbot::VERSION
+  spec.authors       = ["danlewis"]
+  spec.email         = [""]
+
+  spec.summary       = %q{Manage Lets Encrypt Wildcard certs to heroku}
+  spec.description   = %q{Manage Lets Encrypt Wildcard certs to heroku}
+  spec.homepage      = ""
+  spec.license       = "MIT"
+
+  spec.files         = `git ls-files -z`.split("\x0").reject do |f|
+    f.match(%r{^(test|spec|features)/})
+  end
+  spec.bindir        = "exe"
+  spec.executables   = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
+  spec.require_paths = ["lib"]
+
+  spec.add_dependency "acme-client"
+  spec.add_dependency "platform-api"
+  spec.add_dependency "faraday"
+  spec.add_dependency "slack-notifier"
+  spec.add_development_dependency "bundler", "~> 1.16"
+  spec.add_development_dependency "rake", "~> 10.0"
+end

data/lib/encryptbot/cert.rb

@@ -0,0 +1,105 @@
+require "platform-api"
+require "acme-client"
+require "encryptbot/heroku"
+require "encryptbot/exceptions"
+require "encryptbot/slack"
+require "resolv"
+
+module Encryptbot
+  class Cert
+
+    attr_reader :domain_list, :domain_names, :account_email, :test_mode
+
+    def initialize
+      @domain_list = Encryptbot.configuration.domains
+      @domain_names = @domain_list.map{|d| d[:domain] }
+      @account_email = Encryptbot.configuration.acme_email
+      @test_mode = Encryptbot.configuration.test_mode
+    end
+
+    # Add certificate
+    def add
+      unless Encryptbot.configuration.valid?
+        raise Encryptbot::Error::SetupError, "Encryptbot is configured incorrectly. Check all required variables have been set."
+      end
+
+      # setup ACME client
+      private_key = OpenSSL::PKey::RSA.new(4096)
+      client = Acme::Client.new(
+        private_key: private_key,
+        directory: @test_mode ? "https://acme-staging-v02.api.letsencrypt.org/directory" : "https://acme-v02.api.letsencrypt.org/directory"
+      )
+      account = client.new_account(
+        contact: "mailto:#{@account_email}",
+        terms_of_service_agreed: true
+      )
+
+      # create order
+      order = client.new_order(identifiers: @domain_names)
+
+      # authorization of domains
+      order.authorizations.each do |authorization|
+        dns_challenge = authorization.dns
+        domain = authorization.domain
+        dns_entry = {
+          name: dns_challenge.record_name,
+          type: dns_challenge.record_type,
+          content: dns_challenge.record_content
+        }
+        case @domain_list.detect{|t| t[:domain].gsub("*.", "") == domain }[:service]
+        when "cloudflare"
+          Encryptbot::Services::Cloudflare.new(domain, dns_entry).add_challenge
+        when "dyn"
+          Encryptbot::Services::Dyn.new(domain, dns_entry).add_challenge
+        else
+          raise Encryptbot::Error::UnknownServiceError, "#{domain} service unknown"
+        end
+        # check if the DNS service has updated
+        sleep(8)
+
+        attempts = 3
+        while !ready_for_challenge(domain, dns_challenge) && attempts > 0
+          sleep(8)
+          attempts -= 1
+        end
+
+        # request verifification
+        dns_challenge.request_validation
+
+        # check if dns challange was accepted
+        while dns_challenge.status == "pending"
+          sleep(2)
+          dns_challenge.reload
+        end
+
+      end # end auth loop
+
+      if order.status == "invalid"
+        raise Encryptbot::Error::InvalidOrderError, "Certificate order was invalid. DNS Challenge failed."
+      end
+
+      # Generate certificate
+      csr = Acme::Client::CertificateRequest.new(names: @domain_names)
+      order.finalize(csr: csr)
+      sleep(1) while order.status == "processing"
+
+      # add certificate to heroku
+      certificate = order.certificate
+      private_key = csr.private_key.to_pem
+      Encryptbot::Heroku.new.add_certificate(order.certificate, private_key)
+    end
+
+    # Check if TXT value has been set correctly
+    def ready_for_challenge(domain, dns_challenge)
+      record = "#{dns_challenge.record_name}.#{domain}"
+      challenge_value = dns_challenge.record_content
+      txt_value = Resolv::DNS.open do |dns|
+        records = dns.getresources(record, Resolv::DNS::Resource::IN::TXT);
+        records.empty? ? nil : records.map(&:data).join(" ")
+      end
+      txt_value == challenge_value
+    end
+
+  end
+
+end

data/lib/encryptbot/configuration.rb

@@ -0,0 +1,30 @@
+module Encryptbot
+  class Configuration
+    attr_accessor :heroku_app, :heroku_token,
+    :cloudflare_api_key, :cloudflare_email,
+    :dyn_customer_name, :dyn_username, :dyn_password,
+    :acme_email, :domains, :test_mode,
+    :slack_webhook, :slack_bot_username
+
+    def initialize
+      @heroku_app = nil
+      @heroku_token = nil
+      @cloudflare_api_key = nil
+      @cloudflare_email = nil
+      @dyn_customer_name = nil
+      @dyn_username = nil
+      @dyn_password = nil
+      @acme_email = nil
+      @slack_webhook = nil
+      @slack_bot_username = "encryptbot"
+      @test_mode = false # use lets encrypt staging
+      @domains = [] #[{domain: "*.domain.com", service: "cloudflare"}, {domain: "*.domain.com", service: "dyn"}]
+    end
+
+    def valid?
+      heroku_app && heroku_token && acme_email && domains.any? &&
+      (cloudflare_api_key || dyn_customer_name)
+    end
+
+  end
+end

data/lib/encryptbot/exceptions.rb

@@ -0,0 +1,27 @@
+require "encryptbot/slack"
+
+module Encryptbot
+  module Error
+
+    class EncryptbotError < StandardError
+
+      def initialize(msg = "")
+        Encryptbot::Slack.post_message("Unable to autorenew SSL certificate. #{self.class.name} #{msg}")
+        super(msg)
+      end
+
+    end
+
+    # Exception raised when error adding certificate to Heroku
+    class HerokuCertificateError < EncryptbotError; end
+    # Exception raised due to configuration not been setup
+    class SetupError < EncryptbotError; end
+    # Exception raised when adding TXT record to Cloudflare
+    class CloudflareDNSError < EncryptbotError; end
+    # Exception raised when adding TXT record to Dyn
+    class DynDNSError < EncryptbotError; end
+    class UnknownServiceError < EncryptbotError; end
+    # Exception raised as order was failed - this happens when the DNS Challenge failed
+    class InvalidOrderError < EncryptbotError; end
+  end
+end

data/lib/encryptbot/heroku.rb

@@ -0,0 +1,43 @@
+require 'platform-api'
+
+module Encryptbot
+  class Heroku
+
+    attr_accessor :app, :token
+
+    def initialize
+      @app = Encryptbot.configuration.heroku_app
+      @token = Encryptbot.configuration.heroku_token
+    end
+
+    def add_certificate(certificate, private_key)
+      # list certificate to check if one already exists
+      sni_endpoints = platform.sni_endpoint.list(@app)
+
+      begin
+        if sni_endpoints.any?
+          # update existing ssl certificate
+          platform.sni_endpoint.update(@app, sni_endpoints[0]["name"], {
+            certificate_chain: certificate,
+            private_key: private_key
+          })
+        else
+          # add new ssl certificate
+          platform.sni_endpoint.create(@app, {
+            certificate_chain: certificate,
+            private_key: private_key
+          })
+        end
+      rescue => e
+        raise Encryptbot::Error::HerokuCertificateError, e
+      end
+    end
+
+    private
+
+    def platform
+      @platform ||= PlatformAPI.connect_oauth(@token)
+    end
+
+  end
+end

data/lib/encryptbot/railtie.rb

@@ -0,0 +1,9 @@
+class EncryptbotRailtie < Rails::Railtie
+  config.before_configuration do
+    Encryptbot.configure
+  end
+
+  rake_tasks do
+    load "tasks/encryptbot.rake"
+  end
+end

data/lib/encryptbot/services/cloudflare.rb

@@ -0,0 +1,111 @@
+# a=Encryptbot::Services::Cloudflare.new("*.domain.com", {type: "TXT", name: "_acme-challenge.adventist.place", content: "test-3"});a.add_challenge
+require "faraday"
+require "json"
+
+module Encryptbot
+  module Services
+    class Cloudflare
+
+      attr_accessor :domain, :api_key, :api_email, :zone_id, :dns_entry, :dns_record_id, :dns_record
+
+      def initialize(domain, dns_entry)
+        @domain = domain.to_s.gsub("*.", "") # cleanup wildcard by removing *. infront
+        @api_key = Encryptbot.configuration.cloudflare_api_key
+        @api_email = Encryptbot.configuration.cloudflare_email
+        @dns_entry = dns_entry # {content: "txt-record-content", type: "TXT", name: "_acme-challenge.domain.com"}
+        @dns_record = "#{dns_entry[:name]}.#{@domain}"
+      end
+
+      def add_challenge
+        begin
+          get_zone_id
+          setup_dns_record
+        rescue => e
+          raise Encryptbot::Error::CloudflareDNSError, e
+        end
+      end
+
+      def get_zone_id
+        response = get("/zones?name=#{@domain}")
+        if response["result"].any?
+          @zone_id = response["result"].first["id"]
+        end
+      end
+
+      def setup_dns_record
+        find_dns_record
+        return false if @zone_id.nil?
+
+        if @dns_record_id
+          update_dns_record
+        else
+          add_dns_record
+        end
+      end
+
+      def find_dns_record
+        response = get("/zones/#{@zone_id}/dns_records?name=#{@dns_record}&type=#{@dns_entry[:type]}")
+        if response["result"].any?
+          @dns_record_id = response["result"].first["id"]
+        end
+      end
+
+      def add_dns_record
+        response = post("/zones/#{@zone_id}/dns_records", {
+          type: @dns_entry[:type],
+          name: @dns_record,
+          content: @dns_entry[:content],
+          ttl: 120
+        })
+        response["success"]
+      end
+
+      def update_dns_record
+        response = put("/zones/#{@zone_id}/dns_records/#{@dns_record_id}", {
+          type: @dns_entry[:type],
+          name: @dns_record,
+          content: @dns_entry[:content],
+          ttl: 120
+        })
+        response["success"]
+      end
+
+      private
+
+      def post(endpoint_path, payload)
+        response = connection.post "https://api.cloudflare.com/client/v4#{endpoint_path}", payload.to_json
+        format_response(response)
+      end
+
+      def put(endpoint_path, payload)
+        response = connection.put "https://api.cloudflare.com/client/v4#{endpoint_path}", payload.to_json
+        format_response(response)
+      end
+
+      def get(endpoint_path)
+        response = connection.get "https://api.cloudflare.com/client/v4#{endpoint_path}"
+        format_response(response)
+      end
+
+      def connection
+        @connection ||= begin
+          headers = {
+            "X-Auth-Key" => @api_key,
+            "X-Auth-Email" => @api_email,
+            "Content-Type" => "application/json"
+          }
+          Faraday.new(url: "https://api.cloudflare.com", headers: headers)
+        end
+      end
+
+      def format_response(response)
+        if response.success?
+          JSON.parse(response.body)
+        else
+          nil
+        end
+      end
+
+    end
+  end
+end

data/lib/encryptbot/services/dyn.rb

@@ -0,0 +1,145 @@
+# a=Encryptbot::Services::Dyn.new("*.domain.com", {type: "TXT", name: "_acme-challenge", content: "test-3"});a.add_challenge
+require "faraday"
+require "json"
+
+module Encryptbot
+  module Services
+    class Dyn
+
+      attr_accessor :domain, :dns_entry, :full_domain_name, :api_token, :customer_name, :username, :password
+
+      def initialize(domain, dns_entry)
+        @domain = domain.to_s.gsub("*.", "") # cleanup wildcard by removing *. infront
+        @dns_entry = dns_entry # {content: "txt-record-content", type: "TXT", name: "_acme-challenge.domain.com"}
+        @full_domain_name = "#{dns_entry[:name]}.#{@domain}"
+        @api_token = nil
+        @customer_name = Encryptbot.configuration.dyn_customer_name
+        @username = Encryptbot.configuration.dyn_username
+        @password = Encryptbot.configuration.dyn_password
+      end
+
+      # sign in
+      # check for txt record, update if already exists, otherwise create new one
+      # publish changes
+      # sign out
+      def add_challenge
+        begin
+          sign_in
+          success = setup_dns_record
+          sign_out
+          success
+        rescue => e
+          raise Encryptbot::Error::DynDNSError, e
+        end
+
+      end
+
+      def sign_in
+        response = post("/REST/Session/", {
+          customer_name: customer_name,
+          user_name: username,
+          password: password
+        })
+        if response && response["status"] == "success"
+          @api_token = response["data"]["token"]
+        end
+        if @api_token.nil?
+          raise Encryptbot::Error::DynDNSError, "Unable to get Dyn API Token"
+        end
+      end
+
+      def sign_out
+        response = delete("/REST/Session/")
+      end
+
+      def setup_dns_record
+        txt_endpoint = find_dns_record
+
+        if txt_endpoint
+          update_dns_record(txt_endpoint)
+        else
+          add_dns_record
+        end
+      end
+
+      def find_dns_record
+        response = get("/REST/TXTRecord/#{domain}/#{full_domain_name}/")
+        if response && response["status"] == "success"
+          return response["data"][0]
+        end
+        nil
+      end
+
+      def add_dns_record
+        response = post("/REST/TXTRecord/#{domain}/#{full_domain_name}/", {
+          rdata: {
+            txtdata: dns_entry[:content]
+          },
+          ttl: "30"
+        })
+        if response && response["status"] == "success"
+          return publish_changes
+        end
+        false
+      end
+
+      def update_dns_record(txt_endpoint)
+        response = put(txt_endpoint, {
+          rdata: {
+            txtdata: dns_entry[:content]
+          },
+          ttl: "30"
+        })
+        if response && response["status"] == "success"
+          return publish_changes
+        end
+        false
+      end
+
+      def publish_changes
+        response = put("/REST/Zone/#{domain}/", {publish: true})
+        response && response["status"] == "success"
+      end
+
+      private
+
+      def post(endpoint_path, payload)
+        response = connection.post "https://api2.dynect.net#{endpoint_path}", payload.to_json
+        format_response(response)
+      end
+
+      def put(endpoint_path, payload)
+        response = connection.put "https://api2.dynect.net#{endpoint_path}", payload.to_json
+        format_response(response)
+      end
+
+      def delete(endpoint_path)
+        response = connection.delete "https://api2.dynect.net#{endpoint_path}"
+        format_response(response)
+      end
+
+      def get(endpoint_path)
+        response = connection.get "https://api2.dynect.net#{endpoint_path}"
+        format_response(response)
+      end
+
+      # Api token if set for requests after sign in completed
+      def connection
+        headers = {
+          "Auth-Token" => api_token.to_s,
+          "Content-Type" => "application/json"
+        }
+        Faraday.new(url: "https://api2.dynect.net", headers: headers)
+      end
+
+      def format_response(response)
+        if response.success?
+          JSON.parse(response.body)
+        else
+          nil
+        end
+      end
+
+    end
+  end
+end

data/lib/encryptbot/slack.rb

@@ -0,0 +1,14 @@
+module Encryptbot
+  class Slack
+
+    def self.post_message(message)
+      unless Encryptbot.configuration.slack_webhook.nil?
+        notifier.ping message
+      end
+    end
+
+    def self.notifier
+      @notifier ||= Slack::Notifier.new Encryptbot.configuration.slack_webhook, username: Encryptbot.configuration.slack_bot_username
+    end
+  end
+end

data/lib/encryptbot/version.rb

@@ -0,0 +1,3 @@
+module Encryptbot
+  VERSION = "0.1.0"
+end

data/lib/encryptbot.rb

@@ -0,0 +1,22 @@
+require "encryptbot/configuration"
+require "encryptbot/cert"
+require "encryptbot/version"
+require "encryptbot/services/cloudflare"
+require "encryptbot/services/dyn"
+
+if defined?(Rails)
+  require "encryptbot/railtie"
+end
+
+module Encryptbot
+
+  class << self
+    attr_accessor :configuration
+  end
+
+  def self.configure
+    self.configuration ||= Configuration.new
+    yield(configuration) if block_given?
+  end
+
+end

data/lib/tasks/encryptbot.rake

@@ -0,0 +1,8 @@
+namespace :encryptbot do
+  
+  desc "Add certificate"
+  task add_cert: :environment do
+    Encryptbot::Cert.new.add
+  end
+
+end

metadata

@@ -0,0 +1,149 @@
+--- !ruby/object:Gem::Specification
+name: encryptbot
+version: !ruby/object:Gem::Version
+  version: 0.1.0
+platform: ruby
+authors:
+- danlewis
+autorequire: 
+bindir: exe
+cert_chain: []
+date: 2018-05-24 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: acme-client
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: platform-api
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: faraday
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: slack-notifier
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.16'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.16'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+description: Manage Lets Encrypt Wildcard certs to heroku
+email:
+- ''
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- ".gitignore"
+- CODE_OF_CONDUCT.md
+- Gemfile
+- Gemfile.lock
+- LICENSE.txt
+- README.md
+- Rakefile
+- bin/console
+- bin/setup
+- encryptbot.gemspec
+- lib/encryptbot.rb
+- lib/encryptbot/cert.rb
+- lib/encryptbot/configuration.rb
+- lib/encryptbot/exceptions.rb
+- lib/encryptbot/heroku.rb
+- lib/encryptbot/railtie.rb
+- lib/encryptbot/services/cloudflare.rb
+- lib/encryptbot/services/dyn.rb
+- lib/encryptbot/slack.rb
+- lib/encryptbot/version.rb
+- lib/tasks/encryptbot.rake
+homepage: ''
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.6.13
+signing_key: 
+specification_version: 4
+summary: Manage Lets Encrypt Wildcard certs to heroku
+test_files: []