letsencrypt-cli 0.1.0 → 0.1.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 13fdaac7e4df11532b0bd073c686011054f5bab1
-  data.tar.gz: 7805d292345e002848567c117a5ad0b9f058c11a
+  metadata.gz: 7251081d8f3dd853b125c43b1fa7db980e7db06e
+  data.tar.gz: 684292ac3a356c97695d54844569c71360ad2031
 SHA512:
-  metadata.gz: 1f71051e7666506734ecd71ba7118dc4438f819c68b8b7ccc41cfb5c3eed3d0e0736c5323598bdb7ffebd67270cd9a8ad4c4ebc1766b8a0e168567484d6ea83f
-  data.tar.gz: 63524b84c31c375fec6ec49494a820d1fefe372cb0e00ec5b14fab3a1ca92180aeb4a01965d84fbf810fd09a2ae1621b5fc26c0ff631d4d71492b3109e570d12
+  metadata.gz: 36698d3993b69182c14159541c3cdac47b2adc81b6bbe1e151c831d1c30f9c5fc7b11d6c7966d3eb20d30c9ae8d08de876d286e14e83e466028acf4fdfcd3ef4
+  data.tar.gz: 7058f1ce08fa09ef1516de2958da9d410c0a73fbff267385349dee97823e116bda8305ce9b99b9175b0df5a9b558506d79a6a1e5447cdf2600a540abe401e84a

data/README.md

@@ -38,14 +38,22 @@ letsencrypt-cli authorize_all -t --webroot-path /var/www/default
 
 # create a certificate for before authorized domains.
 # the first domain will be the cn subject. All other are subjectAlternateName
+# if cert.pem already exists, will only create a new one if the old is expired
+# (30 days before expiration) -> see full help
+letsencrypt-cli help cert
+
 letsencrypt-cli cert -t example.com www.example.com somdir.example.com
 # will create key.pem fullchain.pem chain.pem and cert.pem
+
+
+# checks validation date of given certificate. Exists non-zero if not exists or
+# will expire in 30 days
+letsencrypt-cli check --days-valid 30 cert.pem
 ```
 
 
 ## Example integration nginx:
 
-
 ```nginx
 server {
   listen 80;

data/lib/letsencrypt/cli/acme_wrapper.rb

@@ -1,6 +1,5 @@
 require 'json'
 require 'acme-client'
-require 'pry'
 
 class AcmeWrapper
   def initialize(options)
@@ -90,6 +89,22 @@ class AcmeWrapper
     log "Certificate valid until: #{certificate.x509.not_after}"
   end
 
+  def check_certificate(path)
+    unless File.exists?(path)
+      log "Certificate #{path} does not exists", :warn
+      return false
+    end
+    cert = OpenSSL::X509::Certificate.new(File.read(path))
+    renew_on = cert.not_after.to_date - @options[:days_valid]
+    log "Certificate '#{path}' valid until #{cert.not_after.to_date}.", :info
+    if Date.today >= renew_on
+      log "Certificate '#{path}' should be renewed!", :warn
+      return false
+    else
+      true
+    end
+  end
+
   private
 
   def certificate_exists_and_valid?

data/lib/letsencrypt/cli/app.rb

@@ -62,8 +62,15 @@ module Letsencrypt
         wrapper.cert(domains)
       end
 
-			map %w[--version -v] => :__print_version
+      desc "check PATH_TO_CERTIFICATE", "checks, if a given certificate exists and is valid until DAYS_VALID"
+      method_option :days_valid, desc: "If the --certificate-path already exists, only create new stuff, if that certificate isn't valid for less than the given number of days", default: 30, type: :numeric
+      def check(path)
+        if !wrapper.check_certificate(path)
+          exit 1
+        end
+      end
 
+			map %w[--version -v] => :__print_version
 			desc "--version, -v", "print the version"
 			def __print_version
 				puts Letsencrypt::Cli::VERSION

data/lib/letsencrypt/cli/version.rb

@@ -1,5 +1,5 @@
 module Letsencrypt
   module Cli
-    VERSION = "0.1.0"
+    VERSION = "0.1.1"
   end
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: letsencrypt-cli
 version: !ruby/object:Gem::Version
-  version: 0.1.0
+  version: 0.1.1
 platform: ruby
 authors:
 - Stefan Wienert