lecli 0.2.9 → 0.3.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 86ea7e2f098905bdd1cfcc4602af73f7192929b3
-  data.tar.gz: 0f26ed9f43b3b75e3677b63b501832839ea225cd
+  metadata.gz: ee6293a9f8f0ed564d81bf29c5af122368e106ca
+  data.tar.gz: 6359d68e547a3e2b91d1a01bd7160bb23c055fc1
 SHA512:
-  metadata.gz: 72886355955c95b8e7662b3e1928ebb3e036825fdabf6bd7aa9f0cb167b7fd9f467c0e87ea9445ec968511cd0a03fa54534c87fa772a13441c34e40228a76497
-  data.tar.gz: eb08e0a68424775221c67f748ad4dd1588bafc372764ebcb75f419613089e124dbd39ffa50c3d558e583eb0536998058345d3de8d46cdae8bfdb46adf0d8ef44
+  metadata.gz: 6daf45ea6f511b06ef3e0e24c408cc70d35901b7458767cba0f75b0a0fd7e68d18f10317e5af094bf6e9658618b1477f52170ddbd40f22701200ec186b9a3396
+  data.tar.gz: 1d823be9f3a047d7431f3b944c10d6b2532ed08104bb02be8d52beee6f4e7ad4caf3d3a1e864852392e8f992eb9799a98365b84921b825bf0b607169b221402e

data/.gitignore

@@ -11,3 +11,4 @@
 .rspec_status
 
 .lecli.yml
+lecli.yml

data/Gemfile.lock

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    lecli (0.2.9)
+    lecli (0.3.1)
       acme-client (~> 2.0.0)
       thor (~> 0.20.0)
 

data/README.md

@@ -1,20 +1,24 @@
 # lecli
 
-lecli is a gem that provides a CLI to generate Let's Encrypt certificates. It wraps around the [ACME protocol Client gem](https://github.com/unixcharles/acme-client). It pairs well with cron jobs and the [whenever gem](https://github.com/javan/whenever) for a tighter grip on automation/scripting customization.
+lecli is a gem that provides a CLI to generate Let's Encrypt certificates. The name stands for **L**et's **E**ncrypt **CLI**.
+
+lecli wraps the lower level [ACME protocol Client gem](https://github.com/unixcharles/acme-client) with the intention to create your custom [Certbot](https://certbot.eff.org/). This would make it easier for you to automate/script around it. In order to achieve this, lecli pairs well with cron jobs and the recommended [whenever gem](https://github.com/javan/whenever).
 
 ## Installation
 
-    $ gem install lecli
+```
+$ gem install lecli
+```
 
 ## Getting started
 
-The CLI will use the Let's Encrypt staging endpoint unless explicitly passed with the `--production` flag. All other configuration data is managed by a config file - `.lecli.yml`. To help understand the available options you can run the following in your terminal and a sample YAML file will be generated for you
+The CLI will use the Let's Encrypt staging endpoint unless explicitly passed the `--production` flag. All other configuration data is managed by a config file - `lecli.yml`. To help understand the available options you can run the following in your terminal and a sample YAML file will be generated for you:
 
 ```
 $ lecli yaml
 ```
 
-Now let's see what's inside
+Now let's see what's inside...
 
 ### `lecli.yml`
 
@@ -22,7 +26,9 @@ Now let's see what's inside
 ---
 domains:
 - example.com
-common_name: Let's Encrypt
+- test.net
+- yetanotherwebsite.com
+common_name: example.com
 account_email: test@account.com
 request_key: request.pem
 certificate_key: certificate.pem
@@ -30,13 +36,15 @@ challenges_relative_path: challenges
 success_callback_script: deploy.sh
 ```
 
-Most entries are optional, except those that specify the request domains and "identity fields". Meaning that at least **domains** (list of domains), **common_name** (your company/name) and **account_email** should always appear in order to perform a valid request.
+Only required options in this file are **domains** (list of domains), **common_name** (your company/name) and **account_email**. All others can be deleted if you're OK with the defaults, all of which will be loaded for you *except* **success_callback_script**. If the callback script is not specified nothing will be executed after a successful certificate request.
 
 ### The flow
 
-From the two available types of validation requests only HTTP (and not DNS) is supported [yet](#contributing). This means you'll need to serve a token (lecli will create them) behind each domain in the **list of domain addresses** requested.
+From the two available types of validation requests only HTTP (and not DNS) is supported [yet](#contributing). This means you'll need to serve a token (lecli will create them for you) accessible from each domain in the **list of domain addresses** requested.
+
+The tokens will be written to the **challenges_relative_path** and need to be served behind each domain you are requesting, i.e. `example.com/.well-known/acme-challenge/#{token_filename}` needs to return the token created. If requesting multiple domains at once you will probably need some additional setup to route from each domain requested to where the tokens are persisted.
 
-The tokens are written to **challenges_relative_path** and need to be served behind each domain you are requesting, i.e. `example.com/.well-known/acme-challenge/#{token_filename}` needs to return the token. If requesting multiple domains at once you will need additional setup to route from each domain requested to where the tokens are persisted. When working with a single domain, for example, you can just make this relative path write the tokens on `/usr/share/nginx/html/.well-known/acme-challenge/` if working with an nginx server.
+An example of a simple deployment is when working with a single domain and lecli is executed on the host machine. If working with an nginx server you can just point the challenges path to write the tokens on `/usr/share/nginx/html/.well-known/acme-challenge/`. This way the tokens will be served so that Let's Encrypt is able to reach them.
 
 ![alt text](https://github.com/fdoxyz/lecli/blob/master/lecli_diagram.png)
 
@@ -44,7 +52,7 @@ After Let's Encrypt is able to access both tokens on the list of domain addresse
 
 Optionally you can specify a script with **success_callback_script** to be executed. This script will function as a "callback hook" and it will run after successfully exporting the domains' certificate.
 
-Now you've read about `lecli.yml` options available (keywords in **bold**). If you've made sure to: (1) Customized the options config file to create the desired certificate, and (2) made sure the **challenges_relative_path** path is available for a public internet request, then you're now ready to kick off the validation process by executing the following on your terminal
+Now that you've read about `lecli.yml` options available (keywords in **bold**). If you've made sure to: (1) Customize the options config file to create the desired certificate, and (2) made sure the **challenges_relative_path** path is available for a public internet request, then you're now ready to kick off the validation process by executing the following on your terminal:
 
 ```
 lecli generate
@@ -66,14 +74,14 @@ server {
 }
 ```
 
-You can script a server restart if needed, or any other setup that you require to make use of the newly created certificates. Just make sure to point the **success_callback_script** path in your config file (and the script is 'executable') so the CLI can automatically execute it if the request result was successful.
+You can script a server restart if needed, or any other setup that you require to make use of the newly created certificates. Just make sure to point the **success_callback_script** path in your config file (and make the script 'executable') so the CLI can automatically execute it if the request result was successful.
 
 If you pair the CLI with a cron-job (specially using the [whenever](https://github.com/javan/whenever) gem) you've essentially put together a Let's Encrypt bot and can now leverage scripting for more complex deployments. Your certificates will be renewed periodically. When using **whenever** you'll have lecli CLI in your crontab as easy as:
 
 ```
 every :month, at: '4am' do
   command "lecli --production -f /path/to/config/file.yml"
-end
+end`
 ```
 
 Be sure to run `lecli help` for more details.

data/exe/lecli

@@ -28,14 +28,15 @@ class LECLIRunner < Thor
          aliases: [:p],
          desc: 'Use Let\'s Encrypt production API endpoint.'
   option :config_file,
-         default: '.lecli.yml',
+         default: 'lecli.yml',
          aliases: [:f],
          desc: 'Specify the path of the configuration file.'
   def generate
     config_path = options[:config_file]
     opts = LECLI::CertificateBuilder.load_options(config_file: config_path)
     if opts.nil? # Bail if options can't be loaded properly
-      puts 'Unable to locate .lecli.yml file. Try `lecli help generate`'
+      puts 'Unable to locate or wrongly formatted lecli.yml file.'
+      puts 'Try `lecli help generate`'
       return
     end
 

data/lib/lecli/certificate_builder.rb

@@ -8,7 +8,7 @@ module LECLI
   class CertificateBuilder
     attr_accessor :production
 
-    YAML_FILENAME = '.lecli.yml'.freeze
+    YAML_FILENAME = 'lecli.yml'.freeze
 
     def initialize
       @challenges = []
@@ -22,10 +22,14 @@ module LECLI
       @endpoint = @production ? prod_url : staging_url
     end
 
-    def self.default_options
+    def self.required_options
+      ['domains', 'common_name', 'account_email']
+    end
+
+    def self.sample_options
       {
-        'domains' => ['example.com'],
-        'common_name' => 'Let\'s Encrypt',
+        'domains' => ['example.com', 'test.net'],
+        'common_name' => 'example.com',
         'account_email' => 'test@account.com',
         'request_key' => 'request.pem',
         'certificate_key' => 'certificate.pem',
@@ -34,13 +38,25 @@ module LECLI
       }
     end
 
+    def self.runtime_defaults
+      {
+        'request_key' => 'request.pem',
+        'certificate_key' => 'certificate.pem',
+        'challenges_relative_path' => 'challenges'
+      }
+    end
+
     def self.load_options(config_file:)
-      opts = LECLI::CertificateBuilder.default_options
-      opts.merge(YAML.load_file(config_file)) if File.file?(config_file)
+      opts = LECLI::CertificateBuilder.runtime_defaults
+      opts.merge!(YAML.load_file(config_file)) if File.file?(config_file)
+      required_options = LECLI::CertificateBuilder.required_options
+
+      # Should return nil if all required options are not present
+      opts if (opts.keys & required_options).count == required_options.count
     end
 
     def self.persist_defaults_file(override:)
-      opts = LECLI::CertificateBuilder.default_options
+      opts = LECLI::CertificateBuilder.sample_options
       if !File.file?(YAML_FILENAME) || override
         File.write(YAML_FILENAME, opts.to_yaml)
         puts YAML_FILENAME

data/lib/lecli/version.rb

@@ -1,3 +1,3 @@
 module LECLI
-  VERSION = '0.2.9'.freeze
+  VERSION = '0.3.1'.freeze
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: lecli
 version: !ruby/object:Gem::Version
-  version: 0.2.9
+  version: 0.3.1
 platform: ruby
 authors:
 - Fernando Valverde Arredondo
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2018-08-03 00:00:00.000000000 Z
+date: 2018-08-09 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: acme-client