letsencrypt-cli 0.1.1 → 0.1.2
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +81 -10
- data/lib/letsencrypt/cli/app.rb +26 -5
- data/lib/letsencrypt/cli/version.rb +1 -1
- metadata +1 -1
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: a5b3813e16fc68f65ed8fa6ce4950f9795347700
|
|
4
|
+
data.tar.gz: 18b2289f486d78fe6271177173acbf2c31851754
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 61d3c309f9f88de49af7c8ada2af58e836603da55eebf4b1dab1a10e21b179d9a941a14711e7de3f794e67d662cb20dc157c57d1415576baabb133775c52ba2e
|
|
7
|
+
data.tar.gz: a32ea34099e4ef5ef1a856bfe1d3dc2a1291d8fa4fcc6cee76152d750a19ede4fcee28716fb601173b5f680587b5975b2275166bb1bc79030323df2080d31184
|
data/README.md
CHANGED
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
# Letsencrypt
|
|
1
|
+
# Letsencrypt-Cli
|
|
2
2
|
|
|
3
3
|
[](https://travis-ci.org/zealot128/ruby-letsencrypt-cli)
|
|
4
4
|
[](https://badge.fury.io/rb/letsencrypt-cli)
|
|
@@ -7,11 +7,44 @@ Yet another Letsencrypt client using Ruby.
|
|
|
7
7
|
|
|
8
8
|
## Installation
|
|
9
9
|
|
|
10
|
-
* This tool needs Ruby
|
|
11
|
-
*
|
|
12
|
-
* no sudo! (
|
|
10
|
+
* This tool needs Ruby >= 2.1 (as the dependency ``acme-client`` needs that because of use of keyword arguments).
|
|
11
|
+
* OpenSSL bindings
|
|
12
|
+
* no sudo! (needs access to webserver-root ``/.well-known/acme-challenges`` alias for all domains - See later section for Nginx example)
|
|
13
13
|
|
|
14
|
-
|
|
14
|
+
```
|
|
15
|
+
# check your ruby version:
|
|
16
|
+
$ ruby --version
|
|
17
|
+
ruby 2.2.3p173 (2015-08-18 revision 51636) [x86_64-linux]
|
|
18
|
+
|
|
19
|
+
$ gem install letsencrypt-cli
|
|
20
|
+
|
|
21
|
+
$ letsencrypt-cli --version
|
|
22
|
+
0.1.2
|
|
23
|
+
```
|
|
24
|
+
|
|
25
|
+
### Troubleshooting Ruby version
|
|
26
|
+
|
|
27
|
+
Unfortunately, most Linux distributions does not ship a current Ruby version (Version 1.9.3 or 2.0).
|
|
28
|
+
|
|
29
|
+
If you are installing this as a non-root user, you might want to try RVM (needs no root:
|
|
30
|
+
|
|
31
|
+
```
|
|
32
|
+
gpg --keyserver hkp://keys.gnupg.net --recv-keys 409B6B1796C275462A1703113804BB82D39DC0E3
|
|
33
|
+
\curl -sSL https://get.rvm.io | bash -s stable --autolibs=disable --auto-dotfiles
|
|
34
|
+
|
|
35
|
+
rvm install 2.2
|
|
36
|
+
source ~/.bashrc # or ~/.profile RVM tells you to reload your shell
|
|
37
|
+
|
|
38
|
+
ruby --version
|
|
39
|
+
```
|
|
40
|
+
|
|
41
|
+
Notice: If you are using RVM, all your cronjobs must be run as a login shell, otherwise RVM does not work:
|
|
42
|
+
|
|
43
|
+
```cron
|
|
44
|
+
* * * * * /bin/bash -l -c "letsencrypt-cli manage ..."
|
|
45
|
+
```
|
|
46
|
+
|
|
47
|
+
Another way, e.g. on Ubuntu 14.04 might be to use the [Brightbox ppa](https://www.brightbox.com/blog/2015/01/05/ruby-2-2-0-packages-for-ubuntu/).
|
|
15
48
|
|
|
16
49
|
## Usage
|
|
17
50
|
|
|
@@ -52,7 +85,45 @@ letsencrypt-cli check --days-valid 30 cert.pem
|
|
|
52
85
|
```
|
|
53
86
|
|
|
54
87
|
|
|
55
|
-
|
|
88
|
+
And last but not least, the meta command ``manage`` that integrated check + authorize + cert (intended to be run as cronjob):
|
|
89
|
+
|
|
90
|
+
```bash
|
|
91
|
+
$ letsencrypt-cli manage --days-valid 30 \
|
|
92
|
+
--account-key /home/letsencrypt/account_key.pem \
|
|
93
|
+
--webroot-path /home/letsencrypt/webroot/.well-known/acme-challenge \
|
|
94
|
+
--key-directory /home/letsencrypt/certs \
|
|
95
|
+
example.com www.example.com
|
|
96
|
+
|
|
97
|
+
2015-12-05 23:40:04 +0100: Certificate /home/letsencrypt/certs/example.com/cert.pem does not exists
|
|
98
|
+
2015-12-05 23:40:04 +0100: Authorizing example.com...
|
|
99
|
+
2015-12-05 23:40:04 +0100: existing account key found
|
|
100
|
+
2015-12-05 23:40:06 +0100: Authorization successful for example.com
|
|
101
|
+
2015-12-05 23:40:06 +0100: Authorizing www.example.com
|
|
102
|
+
2015-12-05 23:40:08 +0100: Authorization successful for www.example.com
|
|
103
|
+
2015-12-05 23:40:08 +0100: creating new private key to /home/letsencrypt/certs/example.com/key.pem...
|
|
104
|
+
2015-12-05 23:40:09 +0100: Certificate successfully created to /home/letsencrypt/certs/example.com/fullchain.pem /home/letsencrypt/certs/example.com/chain.pem
|
|
105
|
+
and /home/letsencrypt/certs/example.com/cert.pem!
|
|
106
|
+
2015-12-05 23:40:09 +0100: Certificate valid until: 2016-03-04 21:40:00 UTC
|
|
107
|
+
|
|
108
|
+
# Run command again exits immediately:
|
|
109
|
+
$ letsencrypt-cli manage --days-valid 30 --account-key /home/letsencrypt/account_key.pem --webroot-path /home/letsencrypt/webroot/.wel
|
|
110
|
+
l-known/acme-challenge --key-directory /home/letsencrypt/certs \
|
|
111
|
+
example.com www.example.com
|
|
112
|
+
2015-12-05 23:40:17 +0100: Certificate '/home/letsencrypt/certs/example.com/cert.pem' valid until 2016-03-04.
|
|
113
|
+
$ echo $?
|
|
114
|
+
1
|
|
115
|
+
```
|
|
116
|
+
|
|
117
|
+
This had:
|
|
118
|
+
|
|
119
|
+
1. check if /home/letsencrypt/certs/example.com/cert.pem exists and expires in less than 30 days (or exit 1 at this point)
|
|
120
|
+
2. authorize all domains + subdomains
|
|
121
|
+
3. issue one certificate with those domains and place it under /home/letsencrypt/certs/example.com/[key.pem,fullchain.pem,chain.pem,cert.pem]
|
|
122
|
+
4. exit 0 -> so can be && with ``service nginx reload`` or mail deliver
|
|
123
|
+
|
|
124
|
+
For running as cron, reducing log level to fatal might be desirable: ``letsencrypt-cli manage --log-level fatal``.
|
|
125
|
+
|
|
126
|
+
## Example integration Nginx:
|
|
56
127
|
|
|
57
128
|
```nginx
|
|
58
129
|
server {
|
|
@@ -72,10 +143,10 @@ Afterwards, use the fullchain.pem and key.pem:
|
|
|
72
143
|
```nginx
|
|
73
144
|
server {
|
|
74
145
|
listen 443 ssl;
|
|
75
|
-
server_name
|
|
146
|
+
server_name example.com www.example.com;
|
|
76
147
|
ssl on;
|
|
77
|
-
ssl_certificate_key /
|
|
78
|
-
ssl_certificate /
|
|
148
|
+
ssl_certificate_key /home/letsencrypt/certs/example.com/key.pem;
|
|
149
|
+
ssl_certificate /home/letsencrypt/certs/example.com/fullchain.pem;
|
|
79
150
|
|
|
80
151
|
# use the settings from: https://gist.github.com/konklone/6532544
|
|
81
152
|
```
|
|
@@ -88,7 +159,7 @@ To install this gem onto your local machine, run `bundle exec rake install`. To
|
|
|
88
159
|
|
|
89
160
|
## Contributing
|
|
90
161
|
|
|
91
|
-
1. Fork it ( https://github.com/zealot128/letsencrypt-cli/fork )
|
|
162
|
+
1. Fork it ( https://github.com/zealot128/ruby-letsencrypt-cli/fork )
|
|
92
163
|
2. Create your feature branch (`git checkout -b my-new-feature`)
|
|
93
164
|
3. Commit your changes (`git commit -am 'Add some feature'`)
|
|
94
165
|
4. Push to the branch (`git push origin my-new-feature`)
|
data/lib/letsencrypt/cli/app.rb
CHANGED
|
@@ -70,11 +70,32 @@ module Letsencrypt
|
|
|
70
70
|
end
|
|
71
71
|
end
|
|
72
72
|
|
|
73
|
-
|
|
74
|
-
|
|
75
|
-
|
|
76
|
-
|
|
77
|
-
|
|
73
|
+
desc "manage DOMAINS", "meta command that will: check if cert already exists / still valid (exits zero if nothing todo) + authorize given domains + issue certificate for given domains"
|
|
74
|
+
method_option :key_length, desc: "Length of private key", default: 2048, type: :numeric
|
|
75
|
+
method_option :days_valid, desc: "If the --certificate-path already exists, only create new stuff, if that certificate isn't valid for less than the given number of days", default: 30, type: :numeric
|
|
76
|
+
method_option :webroot_path, desc: "Path to mapped .well-known/acme-challenge folder (no subdirs will be created)", aliases: '-w', required: true
|
|
77
|
+
method_option :key_directory, desc: "Base directory of key creation. A subfolder with the first domain will be created where all certs + key are stored", default: "~/certs/"
|
|
78
|
+
def manage(*domains)
|
|
79
|
+
key_dir = File.join(@options[:key_directory], domains.first)
|
|
80
|
+
FileUtils.mkdir_p(key_dir)
|
|
81
|
+
@options = @options.merge(
|
|
82
|
+
:private_key_path => File.join(key_dir, 'key.pem'),
|
|
83
|
+
:fullchain_path => File.join(key_dir, 'fullchain.pem'),
|
|
84
|
+
:certificate_path => File.join(key_dir, 'cert.pem'),
|
|
85
|
+
:chain_path => File.join(key_dir, 'chain.pem'),
|
|
86
|
+
)
|
|
87
|
+
if wrapper.check_certificate(@options[:certificate_path])
|
|
88
|
+
exit 1
|
|
89
|
+
end
|
|
90
|
+
authorize(*domains)
|
|
91
|
+
cert(*domains)
|
|
92
|
+
end
|
|
93
|
+
|
|
94
|
+
map %w[--version -v] => :__print_version
|
|
95
|
+
desc "--version, -v", "print the version"
|
|
96
|
+
def __print_version
|
|
97
|
+
puts Letsencrypt::Cli::VERSION
|
|
98
|
+
end
|
|
78
99
|
|
|
79
100
|
private
|
|
80
101
|
|