lecli 0.2.9 → 0.3.1

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 86ea7e2f098905bdd1cfcc4602af73f7192929b3
4
- data.tar.gz: 0f26ed9f43b3b75e3677b63b501832839ea225cd
3
+ metadata.gz: ee6293a9f8f0ed564d81bf29c5af122368e106ca
4
+ data.tar.gz: 6359d68e547a3e2b91d1a01bd7160bb23c055fc1
5
5
  SHA512:
6
- metadata.gz: 72886355955c95b8e7662b3e1928ebb3e036825fdabf6bd7aa9f0cb167b7fd9f467c0e87ea9445ec968511cd0a03fa54534c87fa772a13441c34e40228a76497
7
- data.tar.gz: eb08e0a68424775221c67f748ad4dd1588bafc372764ebcb75f419613089e124dbd39ffa50c3d558e583eb0536998058345d3de8d46cdae8bfdb46adf0d8ef44
6
+ metadata.gz: 6daf45ea6f511b06ef3e0e24c408cc70d35901b7458767cba0f75b0a0fd7e68d18f10317e5af094bf6e9658618b1477f52170ddbd40f22701200ec186b9a3396
7
+ data.tar.gz: 1d823be9f3a047d7431f3b944c10d6b2532ed08104bb02be8d52beee6f4e7ad4caf3d3a1e864852392e8f992eb9799a98365b84921b825bf0b607169b221402e
data/.gitignore CHANGED
@@ -11,3 +11,4 @@
11
11
  .rspec_status
12
12
 
13
13
  .lecli.yml
14
+ lecli.yml
@@ -1,7 +1,7 @@
1
1
  PATH
2
2
  remote: .
3
3
  specs:
4
- lecli (0.2.9)
4
+ lecli (0.3.1)
5
5
  acme-client (~> 2.0.0)
6
6
  thor (~> 0.20.0)
7
7
 
data/README.md CHANGED
@@ -1,20 +1,24 @@
1
1
  # lecli
2
2
 
3
- lecli is a gem that provides a CLI to generate Let's Encrypt certificates. It wraps around the [ACME protocol Client gem](https://github.com/unixcharles/acme-client). It pairs well with cron jobs and the [whenever gem](https://github.com/javan/whenever) for a tighter grip on automation/scripting customization.
3
+ lecli is a gem that provides a CLI to generate Let's Encrypt certificates. The name stands for **L**et's **E**ncrypt **CLI**.
4
+
5
+ lecli wraps the lower level [ACME protocol Client gem](https://github.com/unixcharles/acme-client) with the intention to create your custom [Certbot](https://certbot.eff.org/). This would make it easier for you to automate/script around it. In order to achieve this, lecli pairs well with cron jobs and the recommended [whenever gem](https://github.com/javan/whenever).
4
6
 
5
7
  ## Installation
6
8
 
7
- $ gem install lecli
9
+ ```
10
+ $ gem install lecli
11
+ ```
8
12
 
9
13
  ## Getting started
10
14
 
11
- The CLI will use the Let's Encrypt staging endpoint unless explicitly passed with the `--production` flag. All other configuration data is managed by a config file - `.lecli.yml`. To help understand the available options you can run the following in your terminal and a sample YAML file will be generated for you
15
+ The CLI will use the Let's Encrypt staging endpoint unless explicitly passed the `--production` flag. All other configuration data is managed by a config file - `lecli.yml`. To help understand the available options you can run the following in your terminal and a sample YAML file will be generated for you:
12
16
 
13
17
  ```
14
18
  $ lecli yaml
15
19
  ```
16
20
 
17
- Now let's see what's inside
21
+ Now let's see what's inside...
18
22
 
19
23
  ### `lecli.yml`
20
24
 
@@ -22,7 +26,9 @@ Now let's see what's inside
22
26
  ---
23
27
  domains:
24
28
  - example.com
25
- common_name: Let's Encrypt
29
+ - test.net
30
+ - yetanotherwebsite.com
31
+ common_name: example.com
26
32
  account_email: test@account.com
27
33
  request_key: request.pem
28
34
  certificate_key: certificate.pem
@@ -30,13 +36,15 @@ challenges_relative_path: challenges
30
36
  success_callback_script: deploy.sh
31
37
  ```
32
38
 
33
- Most entries are optional, except those that specify the request domains and "identity fields". Meaning that at least **domains** (list of domains), **common_name** (your company/name) and **account_email** should always appear in order to perform a valid request.
39
+ Only required options in this file are **domains** (list of domains), **common_name** (your company/name) and **account_email**. All others can be deleted if you're OK with the defaults, all of which will be loaded for you *except* **success_callback_script**. If the callback script is not specified nothing will be executed after a successful certificate request.
34
40
 
35
41
  ### The flow
36
42
 
37
- From the two available types of validation requests only HTTP (and not DNS) is supported [yet](#contributing). This means you'll need to serve a token (lecli will create them) behind each domain in the **list of domain addresses** requested.
43
+ From the two available types of validation requests only HTTP (and not DNS) is supported [yet](#contributing). This means you'll need to serve a token (lecli will create them for you) accessible from each domain in the **list of domain addresses** requested.
44
+
45
+ The tokens will be written to the **challenges_relative_path** and need to be served behind each domain you are requesting, i.e. `example.com/.well-known/acme-challenge/#{token_filename}` needs to return the token created. If requesting multiple domains at once you will probably need some additional setup to route from each domain requested to where the tokens are persisted.
38
46
 
39
- The tokens are written to **challenges_relative_path** and need to be served behind each domain you are requesting, i.e. `example.com/.well-known/acme-challenge/#{token_filename}` needs to return the token. If requesting multiple domains at once you will need additional setup to route from each domain requested to where the tokens are persisted. When working with a single domain, for example, you can just make this relative path write the tokens on `/usr/share/nginx/html/.well-known/acme-challenge/` if working with an nginx server.
47
+ An example of a simple deployment is when working with a single domain and lecli is executed on the host machine. If working with an nginx server you can just point the challenges path to write the tokens on `/usr/share/nginx/html/.well-known/acme-challenge/`. This way the tokens will be served so that Let's Encrypt is able to reach them.
40
48
 
41
49
  ![alt text](https://github.com/fdoxyz/lecli/blob/master/lecli_diagram.png)
42
50
 
@@ -44,7 +52,7 @@ After Let's Encrypt is able to access both tokens on the list of domain addresse
44
52
 
45
53
  Optionally you can specify a script with **success_callback_script** to be executed. This script will function as a "callback hook" and it will run after successfully exporting the domains' certificate.
46
54
 
47
- Now you've read about `lecli.yml` options available (keywords in **bold**). If you've made sure to: (1) Customized the options config file to create the desired certificate, and (2) made sure the **challenges_relative_path** path is available for a public internet request, then you're now ready to kick off the validation process by executing the following on your terminal
55
+ Now that you've read about `lecli.yml` options available (keywords in **bold**). If you've made sure to: (1) Customize the options config file to create the desired certificate, and (2) made sure the **challenges_relative_path** path is available for a public internet request, then you're now ready to kick off the validation process by executing the following on your terminal:
48
56
 
49
57
  ```
50
58
  lecli generate
@@ -66,14 +74,14 @@ server {
66
74
  }
67
75
  ```
68
76
 
69
- You can script a server restart if needed, or any other setup that you require to make use of the newly created certificates. Just make sure to point the **success_callback_script** path in your config file (and the script is 'executable') so the CLI can automatically execute it if the request result was successful.
77
+ You can script a server restart if needed, or any other setup that you require to make use of the newly created certificates. Just make sure to point the **success_callback_script** path in your config file (and make the script 'executable') so the CLI can automatically execute it if the request result was successful.
70
78
 
71
79
  If you pair the CLI with a cron-job (specially using the [whenever](https://github.com/javan/whenever) gem) you've essentially put together a Let's Encrypt bot and can now leverage scripting for more complex deployments. Your certificates will be renewed periodically. When using **whenever** you'll have lecli CLI in your crontab as easy as:
72
80
 
73
81
  ```
74
82
  every :month, at: '4am' do
75
83
  command "lecli --production -f /path/to/config/file.yml"
76
- end
84
+ end`
77
85
  ```
78
86
 
79
87
  Be sure to run `lecli help` for more details.
data/exe/lecli CHANGED
@@ -28,14 +28,15 @@ class LECLIRunner < Thor
28
28
  aliases: [:p],
29
29
  desc: 'Use Let\'s Encrypt production API endpoint.'
30
30
  option :config_file,
31
- default: '.lecli.yml',
31
+ default: 'lecli.yml',
32
32
  aliases: [:f],
33
33
  desc: 'Specify the path of the configuration file.'
34
34
  def generate
35
35
  config_path = options[:config_file]
36
36
  opts = LECLI::CertificateBuilder.load_options(config_file: config_path)
37
37
  if opts.nil? # Bail if options can't be loaded properly
38
- puts 'Unable to locate .lecli.yml file. Try `lecli help generate`'
38
+ puts 'Unable to locate or wrongly formatted lecli.yml file.'
39
+ puts 'Try `lecli help generate`'
39
40
  return
40
41
  end
41
42
 
Binary file
@@ -8,7 +8,7 @@ module LECLI
8
8
  class CertificateBuilder
9
9
  attr_accessor :production
10
10
 
11
- YAML_FILENAME = '.lecli.yml'.freeze
11
+ YAML_FILENAME = 'lecli.yml'.freeze
12
12
 
13
13
  def initialize
14
14
  @challenges = []
@@ -22,10 +22,14 @@ module LECLI
22
22
  @endpoint = @production ? prod_url : staging_url
23
23
  end
24
24
 
25
- def self.default_options
25
+ def self.required_options
26
+ ['domains', 'common_name', 'account_email']
27
+ end
28
+
29
+ def self.sample_options
26
30
  {
27
- 'domains' => ['example.com'],
28
- 'common_name' => 'Let\'s Encrypt',
31
+ 'domains' => ['example.com', 'test.net'],
32
+ 'common_name' => 'example.com',
29
33
  'account_email' => 'test@account.com',
30
34
  'request_key' => 'request.pem',
31
35
  'certificate_key' => 'certificate.pem',
@@ -34,13 +38,25 @@ module LECLI
34
38
  }
35
39
  end
36
40
 
41
+ def self.runtime_defaults
42
+ {
43
+ 'request_key' => 'request.pem',
44
+ 'certificate_key' => 'certificate.pem',
45
+ 'challenges_relative_path' => 'challenges'
46
+ }
47
+ end
48
+
37
49
  def self.load_options(config_file:)
38
- opts = LECLI::CertificateBuilder.default_options
39
- opts.merge(YAML.load_file(config_file)) if File.file?(config_file)
50
+ opts = LECLI::CertificateBuilder.runtime_defaults
51
+ opts.merge!(YAML.load_file(config_file)) if File.file?(config_file)
52
+ required_options = LECLI::CertificateBuilder.required_options
53
+
54
+ # Should return nil if all required options are not present
55
+ opts if (opts.keys & required_options).count == required_options.count
40
56
  end
41
57
 
42
58
  def self.persist_defaults_file(override:)
43
- opts = LECLI::CertificateBuilder.default_options
59
+ opts = LECLI::CertificateBuilder.sample_options
44
60
  if !File.file?(YAML_FILENAME) || override
45
61
  File.write(YAML_FILENAME, opts.to_yaml)
46
62
  puts YAML_FILENAME
@@ -1,3 +1,3 @@
1
1
  module LECLI
2
- VERSION = '0.2.9'.freeze
2
+ VERSION = '0.3.1'.freeze
3
3
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: lecli
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.2.9
4
+ version: 0.3.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - Fernando Valverde Arredondo
8
8
  autorequire:
9
9
  bindir: exe
10
10
  cert_chain: []
11
- date: 2018-08-03 00:00:00.000000000 Z
11
+ date: 2018-08-09 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: acme-client