encryptbot 0.1.9 → 0.2.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/Gemfile.lock +1 -1
- data/README.md +37 -8
- data/lib/encryptbot/cert.rb +9 -2
- data/lib/encryptbot/exceptions.rb +2 -4
- data/lib/encryptbot/version.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 4d280a6a4a72287178c5b816f7e60ed395f583bce226997f6143f1fd447388d5
|
|
4
|
+
data.tar.gz: 55187351813cee1b14ea5530276a9ceded41662c945e48ac696699012e589817
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: fd16ff30f1fe113c1f48ee743bf06623739af349d8fb9d78bc1438469e6683a65dccf1211dff258a48a016c4417122b373f86eb57b2a0b273367c354c04b85f3
|
|
7
|
+
data.tar.gz: 5e7303718f73dd88e11637e4c57cc59707f9ba1032d0d74696c39467d35ed04ab538da45f8ce6c30a11699607286498af0ea92ac4c7f589e6bd9070a6554dd05
|
data/Gemfile.lock
CHANGED
data/README.md
CHANGED
|
@@ -1,12 +1,41 @@
|
|
|
1
1
|
# Encryptbot
|
|
2
2
|
|
|
3
|
-
Encryptbot
|
|
3
|
+
Encryptbot create a Let's Encrypt SSL certificate with multiple wildcard domains that is managed in Heroku.
|
|
4
4
|
|
|
5
5
|
The gem will:
|
|
6
6
|
|
|
7
|
-
- Create Let's Encrypt
|
|
8
|
-
- Add Let's Encrypt DNS Challenge TXT records
|
|
9
|
-
- Add certificate to
|
|
7
|
+
- Create a Let's Encrypt Certificate
|
|
8
|
+
- Add Let's Encrypt DNS Challenge TXT records for domains managed in AWS Route 53
|
|
9
|
+
- Add the certificate to a Heroku SNI endpoint
|
|
10
|
+
|
|
11
|
+
## Pre-setup
|
|
12
|
+
|
|
13
|
+
1. Using AWS Route 53, create a Hosted Zone
|
|
14
|
+
2. Create an AWS IAM user with the following permissions and get an API access key and secret.
|
|
15
|
+
|
|
16
|
+
```
|
|
17
|
+
{
|
|
18
|
+
"Version": "2012-10-17",
|
|
19
|
+
"Statement": [
|
|
20
|
+
{
|
|
21
|
+
"Sid": "VisualEditor0",
|
|
22
|
+
"Effect": "Allow",
|
|
23
|
+
"Action": "route53:ChangeResourceRecordSets",
|
|
24
|
+
"Resource": "arn:aws:route53:::hostedzone/YOUR_ZONE_NAME_ID_HERE"
|
|
25
|
+
},
|
|
26
|
+
{
|
|
27
|
+
"Sid": "VisualEditor1",
|
|
28
|
+
"Effect": "Allow",
|
|
29
|
+
"Action": "route53:GetChange",
|
|
30
|
+
"Resource": "arn:aws:route53:::change/*"
|
|
31
|
+
}
|
|
32
|
+
]
|
|
33
|
+
}
|
|
34
|
+
```
|
|
35
|
+
|
|
36
|
+
3. Add a CNAME called "_acme-challenege" pointing to your Route 53 name. If you're using Cloudflare, turn off proxying.
|
|
37
|
+
4. You're now ready to go.
|
|
38
|
+
|
|
10
39
|
|
|
11
40
|
## Installation
|
|
12
41
|
|
|
@@ -33,7 +62,7 @@ Add an initializer file to your rails application and all applicable config sett
|
|
|
33
62
|
Encryptbot.configure do |config|
|
|
34
63
|
config.heroku_app = "heroku_app_name"
|
|
35
64
|
config.heroku_token = "heroku_api_token"
|
|
36
|
-
config.acme_email = "letsencrypt_account_email"
|
|
65
|
+
config.acme_email = "letsencrypt_account_email@email.com"
|
|
37
66
|
config.route53_hosted_zone_id = "Z123456"
|
|
38
67
|
config.route53_acme_record_name = "_acme-challenge.acme.domain.com"
|
|
39
68
|
config.route53_access_key_id = "aws_api_key"
|
|
@@ -47,11 +76,11 @@ Request initial certificate
|
|
|
47
76
|
heroku run rails encryptbot:add_cert
|
|
48
77
|
```
|
|
49
78
|
|
|
50
|
-
Once the certificate has been initially setup, you can schedule the rake task to run every
|
|
79
|
+
Once the certificate has been initially setup, you can schedule the rake task to run every 30 days.
|
|
51
80
|
|
|
52
81
|
## Contributing
|
|
53
82
|
|
|
54
|
-
Bug reports and pull requests are welcome on GitHub at https://github.com/
|
|
83
|
+
Bug reports and pull requests are welcome on GitHub at https://github.com/danlewis/encryptbot. This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to the [Contributor Covenant](http://contributor-covenant.org) code of conduct.
|
|
55
84
|
|
|
56
85
|
## License
|
|
57
86
|
|
|
@@ -59,4 +88,4 @@ The gem is available as open source under the terms of the [MIT License](https:/
|
|
|
59
88
|
|
|
60
89
|
## Code of Conduct
|
|
61
90
|
|
|
62
|
-
Everyone interacting in the encryptbot project’s codebases, issue trackers, chat rooms and mailing lists is expected to follow the [code of conduct](https://github.com/
|
|
91
|
+
Everyone interacting in the encryptbot project’s codebases, issue trackers, chat rooms and mailing lists is expected to follow the [code of conduct](https://github.com/danlewis/encryptbot/blob/master/CODE_OF_CONDUCT.md).
|
data/lib/encryptbot/cert.rb
CHANGED
|
@@ -37,6 +37,7 @@ module Encryptbot
|
|
|
37
37
|
|
|
38
38
|
puts "Start Authorization"
|
|
39
39
|
# authorization of domains
|
|
40
|
+
failed_domain_authorizations = []
|
|
40
41
|
order.authorizations.each do |authorization|
|
|
41
42
|
dns_challenge = authorization.dns
|
|
42
43
|
domain = authorization.domain
|
|
@@ -67,16 +68,22 @@ module Encryptbot
|
|
|
67
68
|
dns_challenge.reload
|
|
68
69
|
end
|
|
69
70
|
puts "Completed authorization of #{domain}. Status: #{dns_challenge.status}"
|
|
70
|
-
|
|
71
|
+
if dns_challenge.status == 'invalid'
|
|
72
|
+
failed_domain_authorizations << domain
|
|
73
|
+
end
|
|
71
74
|
end # end auth loop
|
|
72
75
|
|
|
76
|
+
if failed_domain_authorizations.any?
|
|
77
|
+
raise Encryptbot::Error::DomainAuthorizationFailedError, "Domains failed to authorize: #{failed_domain_authorizations.join(', ')}."
|
|
78
|
+
end
|
|
79
|
+
|
|
73
80
|
if order.status == "invalid"
|
|
74
81
|
raise Encryptbot::Error::InvalidOrderError, "Certificate order was invalid. DNS Challenge failed."
|
|
75
82
|
end
|
|
76
83
|
|
|
77
84
|
# Generate certificate
|
|
78
85
|
puts "Generate Certificate"
|
|
79
|
-
csr = Acme::Client::CertificateRequest.new(names: @
|
|
86
|
+
csr = Acme::Client::CertificateRequest.new(names: @domains)
|
|
80
87
|
order.finalize(csr: csr)
|
|
81
88
|
sleep(1) while order.status == "processing"
|
|
82
89
|
|
|
@@ -13,15 +13,13 @@ module Encryptbot
|
|
|
13
13
|
class HerokuCertificateError < EncryptbotError; end
|
|
14
14
|
# Exception raised due to configuration not been setup
|
|
15
15
|
class SetupError < EncryptbotError; end
|
|
16
|
-
# Exception raised when adding TXT record to Cloudflare
|
|
17
|
-
class CloudflareDNSError < EncryptbotError; end
|
|
18
|
-
# Exception raised when adding TXT record to Dyn
|
|
19
|
-
class DynDNSError < EncryptbotError; end
|
|
20
16
|
# Exception raised when route 53 fails to update
|
|
21
17
|
class Route53DNSError < EncryptbotError; end
|
|
22
18
|
# Exception raised when unknown error
|
|
23
19
|
class UnknownServiceError < EncryptbotError; end
|
|
24
20
|
# Exception raised as order was failed - this happens when the DNS Challenge failed
|
|
25
21
|
class InvalidOrderError < EncryptbotError; end
|
|
22
|
+
# Exception raised due to a domain failing authorization
|
|
23
|
+
class DomainAuthorizationFailedError < EncryptbotError; end
|
|
26
24
|
end
|
|
27
25
|
end
|
data/lib/encryptbot/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: encryptbot
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.2.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- danlewis
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: exe
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2021-03-
|
|
11
|
+
date: 2021-03-11 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: acme-client
|