letsencrypt-cli 0.2.0 → 0.3.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.travis.yml +3 -1
- data/CHANGELOG.md +64 -0
- data/letsencrypt-cli.gemspec +1 -1
- data/lib/letsencrypt/cli/acme_wrapper.rb +33 -10
- data/lib/letsencrypt/cli/app.rb +7 -0
- data/lib/letsencrypt/cli/version.rb +1 -1
- metadata +6 -5
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: a5daeb88cfefed35938043bd207c5f0da83e5459
|
|
4
|
+
data.tar.gz: c957d6ef5ff7b213b7c20e6d0cd1d29f71da898f
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: ca8f5bdbd2f673933c945bec5a952e327aa20e96c9e51c9e14d27c1eb9ccbe52fad6c0a4df1c721310d545a28c1613830203f7034601a62d64bd60f08e748a1c
|
|
7
|
+
data.tar.gz: 289b3b107fae7f86377a1606debc2dbccbd3eecdeecf128a1efb4c44fbc781acb2b2bc1230d9b152b30e0e12316d2a987175298639a847aa5c9f892ae3150760
|
data/.travis.yml
CHANGED
data/CHANGELOG.md
ADDED
|
@@ -0,0 +1,64 @@
|
|
|
1
|
+
# Change Log
|
|
2
|
+
|
|
3
|
+
## [v0.3.0](https://github.com/zealot128/ruby-letsencrypt-cli/tree/v0.3.0)
|
|
4
|
+
|
|
5
|
+
* Certificate creation checks if existing certificate includes all requested domains. If at least one is missing, a new cert will be requested
|
|
6
|
+
* Added Ruby 2.3.0 and Ruby head to the build matrix
|
|
7
|
+
|
|
8
|
+
[Full Changelog](https://github.com/zealot128/ruby-letsencrypt-cli/compare/v0.2.0...v0.3.0)
|
|
9
|
+
|
|
10
|
+
## [v0.2.0](https://github.com/zealot128/ruby-letsencrypt-cli/tree/v0.2.0)
|
|
11
|
+
|
|
12
|
+
[Full Changelog](https://github.com/zealot128/ruby-letsencrypt-cli/compare/v0.1.4...v0.2.0)
|
|
13
|
+
|
|
14
|
+
**Closed issues:**
|
|
15
|
+
|
|
16
|
+
- cf1e0d9 Exit code 2, if certificate is still valid
|
|
17
|
+
|
|
18
|
+
**Merged pull requests:**
|
|
19
|
+
|
|
20
|
+
- Apply strict permissions on private key [\#4](https://github.com/zealot128/ruby-letsencrypt-cli/pull/4) ([zygiss](https://github.com/zygiss))
|
|
21
|
+
- Fix typo in README [\#2](https://github.com/zealot128/ruby-letsencrypt-cli/pull/2) ([kenrick](https://github.com/kenrick))
|
|
22
|
+
|
|
23
|
+
## [v0.1.4](https://github.com/zealot128/ruby-letsencrypt-cli/tree/v0.1.4) (2015-12-08)
|
|
24
|
+
|
|
25
|
+
* require higher acme-client version, that generated correct fullchain certs.
|
|
26
|
+
fullchain.pem is chain.pem + cert.pem, should be cert.pem + chain.pem [\#1](https://github.com/zealot128/ruby-letsencrypt-cli/issues/1)
|
|
27
|
+
|
|
28
|
+
[Full Changelog](https://github.com/zealot128/ruby-letsencrypt-cli/compare/v0.1.3...v0.1.4)
|
|
29
|
+
|
|
30
|
+
## [v0.1.3](https://github.com/zealot128/ruby-letsencrypt-cli/tree/v0.1.3) (2015-12-06)
|
|
31
|
+
|
|
32
|
+
* Fixed registration
|
|
33
|
+
* Added various specs
|
|
34
|
+
|
|
35
|
+
[Full Changelog](https://github.com/zealot128/ruby-letsencrypt-cli/compare/v0.1.2...v0.1.3)
|
|
36
|
+
|
|
37
|
+
## [v0.1.2](https://github.com/zealot128/ruby-letsencrypt-cli/tree/v0.1.2) (2015-12-05)
|
|
38
|
+
|
|
39
|
+
* Added manage command
|
|
40
|
+
* Improved nginx doc + Ruby installation
|
|
41
|
+
|
|
42
|
+
[Full Changelog](https://github.com/zealot128/ruby-letsencrypt-cli/compare/v0.1.1...v0.1.2)
|
|
43
|
+
|
|
44
|
+
## [v0.1.1](https://github.com/zealot128/ruby-letsencrypt-cli/tree/v0.1.1) (2015-12-05)
|
|
45
|
+
|
|
46
|
+
[Full Changelog](https://github.com/zealot128/ruby-letsencrypt-cli/compare/v0.1.0...v0.1.1)
|
|
47
|
+
|
|
48
|
+
* b654469 new command: check PATH_TO_CERT
|
|
49
|
+
|
|
50
|
+
## [v0.1.0](https://github.com/zealot128/ruby-letsencrypt-cli/tree/v0.1.0) (2015-12-05)
|
|
51
|
+
|
|
52
|
+
* released first public version
|
|
53
|
+
* added --version flag
|
|
54
|
+
* added explicit production server
|
|
55
|
+
|
|
56
|
+
[Full Changelog](https://github.com/zealot128/ruby-letsencrypt-cli/compare/v0.1.0.beta1...v0.1.0)
|
|
57
|
+
|
|
58
|
+
## [v0.1.0.beta1](https://github.com/zealot128/ruby-letsencrypt-cli/tree/v0.1.0.beta1) (2015-12-05)
|
|
59
|
+
[Full Changelog](https://github.com/zealot128/ruby-letsencrypt-cli/compare/v0.1.0.pre...v0.1.0.beta1)
|
|
60
|
+
|
|
61
|
+
## [v0.1.0.pre](https://github.com/zealot128/ruby-letsencrypt-cli/tree/v0.1.0.pre) (2015-12-05)
|
|
62
|
+
|
|
63
|
+
|
|
64
|
+
\* *This Change Log was (partially) automatically generated by [github_changelog_generator](https://github.com/skywinder/Github-Changelog-Generator)*
|
data/letsencrypt-cli.gemspec
CHANGED
|
@@ -19,7 +19,7 @@ Gem::Specification.new do |spec|
|
|
|
19
19
|
spec.executables = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
|
|
20
20
|
spec.require_paths = ["lib"]
|
|
21
21
|
|
|
22
|
-
spec.add_runtime_dependency 'acme-client', '>= 0.2.
|
|
22
|
+
spec.add_runtime_dependency 'acme-client', '>= 0.2.4'
|
|
23
23
|
spec.add_runtime_dependency 'thor'
|
|
24
24
|
spec.add_runtime_dependency 'colorize'
|
|
25
25
|
|
|
@@ -53,7 +53,7 @@ class AcmeWrapper
|
|
|
53
53
|
end
|
|
54
54
|
|
|
55
55
|
def cert(domains)
|
|
56
|
-
return if
|
|
56
|
+
return if certificate_exists_and_valid_and_all_domains_included?(domains)
|
|
57
57
|
csr = OpenSSL::X509::Request.new
|
|
58
58
|
certificate_private_key = find_or_create_pkey(@options[:private_key_path], "private key", @options[:key_length] || 2048)
|
|
59
59
|
|
|
@@ -105,18 +105,41 @@ class AcmeWrapper
|
|
|
105
105
|
end
|
|
106
106
|
end
|
|
107
107
|
|
|
108
|
+
def revoke_certificate(path)
|
|
109
|
+
unless File.exists?(path)
|
|
110
|
+
log "Certificate #{path} does not exists", :warn
|
|
111
|
+
return false
|
|
112
|
+
end
|
|
113
|
+
cert = OpenSSL::X509::Certificate.new(File.read(path))
|
|
114
|
+
if client.revoke_certificate(cert)
|
|
115
|
+
log "Certificate '#{path}' was revoked", :info
|
|
116
|
+
end
|
|
117
|
+
true
|
|
118
|
+
rescue Acme::Client::Error::Malformed => e
|
|
119
|
+
log e.message, :error
|
|
120
|
+
return false
|
|
121
|
+
end
|
|
122
|
+
|
|
108
123
|
private
|
|
109
124
|
|
|
110
|
-
def
|
|
111
|
-
if File.exists?(@options[:certificate_path])
|
|
112
|
-
|
|
113
|
-
|
|
114
|
-
|
|
115
|
-
|
|
116
|
-
|
|
117
|
-
|
|
118
|
-
|
|
125
|
+
def certificate_exists_and_valid_and_all_domains_included?(domains)
|
|
126
|
+
return false if !File.exists?(@options[:certificate_path])
|
|
127
|
+
cert = OpenSSL::X509::Certificate.new(File.read(@options[:certificate_path]))
|
|
128
|
+
domains_in_cert = cert.extensions.map(&:to_h).select{|i| i['oid'] == 'subjectAltName' }.map{|i| i['value']}.join(', ').split(/, */).map{|i| i.sub(/^DNS:/, '') } +
|
|
129
|
+
[ cert.subject.to_s.sub(%r{/CN=}, '') ].uniq.sort
|
|
130
|
+
missing_domains = domains.sort.uniq - domains_in_cert
|
|
131
|
+
if missing_domains != []
|
|
132
|
+
log "Certificate '#{@options[:certificate_path]}' missing domains #{missing_domains.join(' ')}. Existing: #{domains_in_cert.join(' ')}", :warn
|
|
133
|
+
return false
|
|
119
134
|
end
|
|
135
|
+
renew_on = cert.not_after.to_date - @options[:days_valid]
|
|
136
|
+
if renew_on > Date.today
|
|
137
|
+
log "Certificate '#{@options[:certificate_path]}' still valid till #{cert.not_after.to_date}.", :warn
|
|
138
|
+
log "Won't renew until #{renew_on} (#{@options[:days_valid]} days before)", :warn
|
|
139
|
+
exit 2
|
|
140
|
+
end
|
|
141
|
+
|
|
142
|
+
true
|
|
120
143
|
end
|
|
121
144
|
|
|
122
145
|
def endpoint
|
data/lib/letsencrypt/cli/app.rb
CHANGED
|
@@ -71,6 +71,13 @@ module Letsencrypt
|
|
|
71
71
|
end
|
|
72
72
|
end
|
|
73
73
|
|
|
74
|
+
desc "revoke PATH_TO_CERTIFICATE", "revokes a given certificate"
|
|
75
|
+
def revoke(path)
|
|
76
|
+
if !wrapper.revoke_certificate(path)
|
|
77
|
+
exit 1
|
|
78
|
+
end
|
|
79
|
+
end
|
|
80
|
+
|
|
74
81
|
desc "manage DOMAINS", "meta command that will: check if cert already exists / still valid (exits zero if nothing todo, exits 2 if certificate is still valid) + authorize given domains + issue certificate for given domains"
|
|
75
82
|
method_option :key_length, desc: "Length of private key", default: 2048, type: :numeric
|
|
76
83
|
method_option :days_valid, desc: "If the --certificate-path already exists, only create new stuff, if that certificate isn't valid for less than the given number of days", default: 30, type: :numeric
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: letsencrypt-cli
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.3.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Stefan Wienert
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: exe
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2016-05-31 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: acme-client
|
|
@@ -16,14 +16,14 @@ dependencies:
|
|
|
16
16
|
requirements:
|
|
17
17
|
- - ">="
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
|
-
version: 0.2.
|
|
19
|
+
version: 0.2.4
|
|
20
20
|
type: :runtime
|
|
21
21
|
prerelease: false
|
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
23
|
requirements:
|
|
24
24
|
- - ">="
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
|
-
version: 0.2.
|
|
26
|
+
version: 0.2.4
|
|
27
27
|
- !ruby/object:Gem::Dependency
|
|
28
28
|
name: thor
|
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -175,6 +175,7 @@ files:
|
|
|
175
175
|
- ".gitignore"
|
|
176
176
|
- ".rspec"
|
|
177
177
|
- ".travis.yml"
|
|
178
|
+
- CHANGELOG.md
|
|
178
179
|
- Gemfile
|
|
179
180
|
- LICENSE.txt
|
|
180
181
|
- README.md
|
|
@@ -208,7 +209,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
208
209
|
version: '0'
|
|
209
210
|
requirements: []
|
|
210
211
|
rubyforge_project:
|
|
211
|
-
rubygems_version: 2.
|
|
212
|
+
rubygems_version: 2.4.8
|
|
212
213
|
signing_key:
|
|
213
214
|
specification_version: 4
|
|
214
215
|
summary: slim letsencrypt client for quickly authorizing (multiple) domains and issuing
|