letsencrypt-cli 0.1.1 → 0.1.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/README.md +81 -10
- data/lib/letsencrypt/cli/app.rb +26 -5
- data/lib/letsencrypt/cli/version.rb +1 -1
- metadata +1 -1
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: a5b3813e16fc68f65ed8fa6ce4950f9795347700
|
|
4
|
+
data.tar.gz: 18b2289f486d78fe6271177173acbf2c31851754
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 61d3c309f9f88de49af7c8ada2af58e836603da55eebf4b1dab1a10e21b179d9a941a14711e7de3f794e67d662cb20dc157c57d1415576baabb133775c52ba2e
|
|
7
|
+
data.tar.gz: a32ea34099e4ef5ef1a856bfe1d3dc2a1291d8fa4fcc6cee76152d750a19ede4fcee28716fb601173b5f680587b5975b2275166bb1bc79030323df2080d31184
|
data/README.md
CHANGED
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
# Letsencrypt
|
|
1
|
+
# Letsencrypt-Cli
|
|
2
2
|
|
|
3
3
|
[](https://travis-ci.org/zealot128/ruby-letsencrypt-cli)
|
|
4
4
|
[](https://badge.fury.io/rb/letsencrypt-cli)
|
|
@@ -7,11 +7,44 @@ Yet another Letsencrypt client using Ruby.
|
|
|
7
7
|
|
|
8
8
|
## Installation
|
|
9
9
|
|
|
10
|
-
* This tool needs Ruby
|
|
11
|
-
*
|
|
12
|
-
* no sudo! (
|
|
10
|
+
* This tool needs Ruby >= 2.1 (as the dependency ``acme-client`` needs that because of use of keyword arguments).
|
|
11
|
+
* OpenSSL bindings
|
|
12
|
+
* no sudo! (needs access to webserver-root ``/.well-known/acme-challenges`` alias for all domains - See later section for Nginx example)
|
|
13
13
|
|
|
14
|
-
|
|
14
|
+
```
|
|
15
|
+
# check your ruby version:
|
|
16
|
+
$ ruby --version
|
|
17
|
+
ruby 2.2.3p173 (2015-08-18 revision 51636) [x86_64-linux]
|
|
18
|
+
|
|
19
|
+
$ gem install letsencrypt-cli
|
|
20
|
+
|
|
21
|
+
$ letsencrypt-cli --version
|
|
22
|
+
0.1.2
|
|
23
|
+
```
|
|
24
|
+
|
|
25
|
+
### Troubleshooting Ruby version
|
|
26
|
+
|
|
27
|
+
Unfortunately, most Linux distributions does not ship a current Ruby version (Version 1.9.3 or 2.0).
|
|
28
|
+
|
|
29
|
+
If you are installing this as a non-root user, you might want to try RVM (needs no root:
|
|
30
|
+
|
|
31
|
+
```
|
|
32
|
+
gpg --keyserver hkp://keys.gnupg.net --recv-keys 409B6B1796C275462A1703113804BB82D39DC0E3
|
|
33
|
+
\curl -sSL https://get.rvm.io | bash -s stable --autolibs=disable --auto-dotfiles
|
|
34
|
+
|
|
35
|
+
rvm install 2.2
|
|
36
|
+
source ~/.bashrc # or ~/.profile RVM tells you to reload your shell
|
|
37
|
+
|
|
38
|
+
ruby --version
|
|
39
|
+
```
|
|
40
|
+
|
|
41
|
+
Notice: If you are using RVM, all your cronjobs must be run as a login shell, otherwise RVM does not work:
|
|
42
|
+
|
|
43
|
+
```cron
|
|
44
|
+
* * * * * /bin/bash -l -c "letsencrypt-cli manage ..."
|
|
45
|
+
```
|
|
46
|
+
|
|
47
|
+
Another way, e.g. on Ubuntu 14.04 might be to use the [Brightbox ppa](https://www.brightbox.com/blog/2015/01/05/ruby-2-2-0-packages-for-ubuntu/).
|
|
15
48
|
|
|
16
49
|
## Usage
|
|
17
50
|
|
|
@@ -52,7 +85,45 @@ letsencrypt-cli check --days-valid 30 cert.pem
|
|
|
52
85
|
```
|
|
53
86
|
|
|
54
87
|
|
|
55
|
-
|
|
88
|
+
And last but not least, the meta command ``manage`` that integrated check + authorize + cert (intended to be run as cronjob):
|
|
89
|
+
|
|
90
|
+
```bash
|
|
91
|
+
$ letsencrypt-cli manage --days-valid 30 \
|
|
92
|
+
--account-key /home/letsencrypt/account_key.pem \
|
|
93
|
+
--webroot-path /home/letsencrypt/webroot/.well-known/acme-challenge \
|
|
94
|
+
--key-directory /home/letsencrypt/certs \
|
|
95
|
+
example.com www.example.com
|
|
96
|
+
|
|
97
|
+
2015-12-05 23:40:04 +0100: Certificate /home/letsencrypt/certs/example.com/cert.pem does not exists
|
|
98
|
+
2015-12-05 23:40:04 +0100: Authorizing example.com...
|
|
99
|
+
2015-12-05 23:40:04 +0100: existing account key found
|
|
100
|
+
2015-12-05 23:40:06 +0100: Authorization successful for example.com
|
|
101
|
+
2015-12-05 23:40:06 +0100: Authorizing www.example.com
|
|
102
|
+
2015-12-05 23:40:08 +0100: Authorization successful for www.example.com
|
|
103
|
+
2015-12-05 23:40:08 +0100: creating new private key to /home/letsencrypt/certs/example.com/key.pem...
|
|
104
|
+
2015-12-05 23:40:09 +0100: Certificate successfully created to /home/letsencrypt/certs/example.com/fullchain.pem /home/letsencrypt/certs/example.com/chain.pem
|
|
105
|
+
and /home/letsencrypt/certs/example.com/cert.pem!
|
|
106
|
+
2015-12-05 23:40:09 +0100: Certificate valid until: 2016-03-04 21:40:00 UTC
|
|
107
|
+
|
|
108
|
+
# Run command again exits immediately:
|
|
109
|
+
$ letsencrypt-cli manage --days-valid 30 --account-key /home/letsencrypt/account_key.pem --webroot-path /home/letsencrypt/webroot/.wel
|
|
110
|
+
l-known/acme-challenge --key-directory /home/letsencrypt/certs \
|
|
111
|
+
example.com www.example.com
|
|
112
|
+
2015-12-05 23:40:17 +0100: Certificate '/home/letsencrypt/certs/example.com/cert.pem' valid until 2016-03-04.
|
|
113
|
+
$ echo $?
|
|
114
|
+
1
|
|
115
|
+
```
|
|
116
|
+
|
|
117
|
+
This had:
|
|
118
|
+
|
|
119
|
+
1. check if /home/letsencrypt/certs/example.com/cert.pem exists and expires in less than 30 days (or exit 1 at this point)
|
|
120
|
+
2. authorize all domains + subdomains
|
|
121
|
+
3. issue one certificate with those domains and place it under /home/letsencrypt/certs/example.com/[key.pem,fullchain.pem,chain.pem,cert.pem]
|
|
122
|
+
4. exit 0 -> so can be && with ``service nginx reload`` or mail deliver
|
|
123
|
+
|
|
124
|
+
For running as cron, reducing log level to fatal might be desirable: ``letsencrypt-cli manage --log-level fatal``.
|
|
125
|
+
|
|
126
|
+
## Example integration Nginx:
|
|
56
127
|
|
|
57
128
|
```nginx
|
|
58
129
|
server {
|
|
@@ -72,10 +143,10 @@ Afterwards, use the fullchain.pem and key.pem:
|
|
|
72
143
|
```nginx
|
|
73
144
|
server {
|
|
74
145
|
listen 443 ssl;
|
|
75
|
-
server_name
|
|
146
|
+
server_name example.com www.example.com;
|
|
76
147
|
ssl on;
|
|
77
|
-
ssl_certificate_key /
|
|
78
|
-
ssl_certificate /
|
|
148
|
+
ssl_certificate_key /home/letsencrypt/certs/example.com/key.pem;
|
|
149
|
+
ssl_certificate /home/letsencrypt/certs/example.com/fullchain.pem;
|
|
79
150
|
|
|
80
151
|
# use the settings from: https://gist.github.com/konklone/6532544
|
|
81
152
|
```
|
|
@@ -88,7 +159,7 @@ To install this gem onto your local machine, run `bundle exec rake install`. To
|
|
|
88
159
|
|
|
89
160
|
## Contributing
|
|
90
161
|
|
|
91
|
-
1. Fork it ( https://github.com/zealot128/letsencrypt-cli/fork )
|
|
162
|
+
1. Fork it ( https://github.com/zealot128/ruby-letsencrypt-cli/fork )
|
|
92
163
|
2. Create your feature branch (`git checkout -b my-new-feature`)
|
|
93
164
|
3. Commit your changes (`git commit -am 'Add some feature'`)
|
|
94
165
|
4. Push to the branch (`git push origin my-new-feature`)
|
data/lib/letsencrypt/cli/app.rb
CHANGED
|
@@ -70,11 +70,32 @@ module Letsencrypt
|
|
|
70
70
|
end
|
|
71
71
|
end
|
|
72
72
|
|
|
73
|
-
|
|
74
|
-
|
|
75
|
-
|
|
76
|
-
|
|
77
|
-
|
|
73
|
+
desc "manage DOMAINS", "meta command that will: check if cert already exists / still valid (exits zero if nothing todo) + authorize given domains + issue certificate for given domains"
|
|
74
|
+
method_option :key_length, desc: "Length of private key", default: 2048, type: :numeric
|
|
75
|
+
method_option :days_valid, desc: "If the --certificate-path already exists, only create new stuff, if that certificate isn't valid for less than the given number of days", default: 30, type: :numeric
|
|
76
|
+
method_option :webroot_path, desc: "Path to mapped .well-known/acme-challenge folder (no subdirs will be created)", aliases: '-w', required: true
|
|
77
|
+
method_option :key_directory, desc: "Base directory of key creation. A subfolder with the first domain will be created where all certs + key are stored", default: "~/certs/"
|
|
78
|
+
def manage(*domains)
|
|
79
|
+
key_dir = File.join(@options[:key_directory], domains.first)
|
|
80
|
+
FileUtils.mkdir_p(key_dir)
|
|
81
|
+
@options = @options.merge(
|
|
82
|
+
:private_key_path => File.join(key_dir, 'key.pem'),
|
|
83
|
+
:fullchain_path => File.join(key_dir, 'fullchain.pem'),
|
|
84
|
+
:certificate_path => File.join(key_dir, 'cert.pem'),
|
|
85
|
+
:chain_path => File.join(key_dir, 'chain.pem'),
|
|
86
|
+
)
|
|
87
|
+
if wrapper.check_certificate(@options[:certificate_path])
|
|
88
|
+
exit 1
|
|
89
|
+
end
|
|
90
|
+
authorize(*domains)
|
|
91
|
+
cert(*domains)
|
|
92
|
+
end
|
|
93
|
+
|
|
94
|
+
map %w[--version -v] => :__print_version
|
|
95
|
+
desc "--version, -v", "print the version"
|
|
96
|
+
def __print_version
|
|
97
|
+
puts Letsencrypt::Cli::VERSION
|
|
98
|
+
end
|
|
78
99
|
|
|
79
100
|
private
|
|
80
101
|
|