letsencrypt-cli 0.2.0 → 0.3.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 3f7a750f6deb043455b510a86acc9947e8e92bc7
4
- data.tar.gz: bdd835c1eb3bc356806fb8a475d4731b1ea42656
3
+ metadata.gz: a5daeb88cfefed35938043bd207c5f0da83e5459
4
+ data.tar.gz: c957d6ef5ff7b213b7c20e6d0cd1d29f71da898f
5
5
  SHA512:
6
- metadata.gz: 614b040125f605d32eeb0dd2856afe570c05c794d73f8d8d41b52ad82d3e566244ba8b543f3b9e34d1e09a99720d43b9a83e23c701800be48ebe34d78f252f02
7
- data.tar.gz: 4d4edba4bd600d393da8353c9270207006d50fb0bc7e1e45fe139fad4be25ba431a8aa51a5a11e257345417567ca590c3491c9aa7b79f39adf46974c32654b4f
6
+ metadata.gz: ca8f5bdbd2f673933c945bec5a952e327aa20e96c9e51c9e14d27c1eb9ccbe52fad6c0a4df1c721310d545a28c1613830203f7034601a62d64bd60f08e748a1c
7
+ data.tar.gz: 289b3b107fae7f86377a1606debc2dbccbd3eecdeecf128a1efb4c44fbc781acb2b2bc1230d9b152b30e0e12316d2a987175298639a847aa5c9f892ae3150760
data/.travis.yml CHANGED
@@ -3,7 +3,9 @@ sudo: false
3
3
  cache: bundler
4
4
 
5
5
  rvm:
6
- - 2.2
6
+ - ruby-head
7
+ - 2.3.0
8
+ - 2.2.4
7
9
  - 2.1
8
10
  # - 2.0
9
11
 
data/CHANGELOG.md ADDED
@@ -0,0 +1,64 @@
1
+ # Change Log
2
+
3
+ ## [v0.3.0](https://github.com/zealot128/ruby-letsencrypt-cli/tree/v0.3.0)
4
+
5
+ * Certificate creation checks if existing certificate includes all requested domains. If at least one is missing, a new cert will be requested
6
+ * Added Ruby 2.3.0 and Ruby head to the build matrix
7
+
8
+ [Full Changelog](https://github.com/zealot128/ruby-letsencrypt-cli/compare/v0.2.0...v0.3.0)
9
+
10
+ ## [v0.2.0](https://github.com/zealot128/ruby-letsencrypt-cli/tree/v0.2.0)
11
+
12
+ [Full Changelog](https://github.com/zealot128/ruby-letsencrypt-cli/compare/v0.1.4...v0.2.0)
13
+
14
+ **Closed issues:**
15
+
16
+ - cf1e0d9 Exit code 2, if certificate is still valid
17
+
18
+ **Merged pull requests:**
19
+
20
+ - Apply strict permissions on private key [\#4](https://github.com/zealot128/ruby-letsencrypt-cli/pull/4) ([zygiss](https://github.com/zygiss))
21
+ - Fix typo in README [\#2](https://github.com/zealot128/ruby-letsencrypt-cli/pull/2) ([kenrick](https://github.com/kenrick))
22
+
23
+ ## [v0.1.4](https://github.com/zealot128/ruby-letsencrypt-cli/tree/v0.1.4) (2015-12-08)
24
+
25
+ * require higher acme-client version, that generated correct fullchain certs.
26
+ fullchain.pem is chain.pem + cert.pem, should be cert.pem + chain.pem [\#1](https://github.com/zealot128/ruby-letsencrypt-cli/issues/1)
27
+
28
+ [Full Changelog](https://github.com/zealot128/ruby-letsencrypt-cli/compare/v0.1.3...v0.1.4)
29
+
30
+ ## [v0.1.3](https://github.com/zealot128/ruby-letsencrypt-cli/tree/v0.1.3) (2015-12-06)
31
+
32
+ * Fixed registration
33
+ * Added various specs
34
+
35
+ [Full Changelog](https://github.com/zealot128/ruby-letsencrypt-cli/compare/v0.1.2...v0.1.3)
36
+
37
+ ## [v0.1.2](https://github.com/zealot128/ruby-letsencrypt-cli/tree/v0.1.2) (2015-12-05)
38
+
39
+ * Added manage command
40
+ * Improved nginx doc + Ruby installation
41
+
42
+ [Full Changelog](https://github.com/zealot128/ruby-letsencrypt-cli/compare/v0.1.1...v0.1.2)
43
+
44
+ ## [v0.1.1](https://github.com/zealot128/ruby-letsencrypt-cli/tree/v0.1.1) (2015-12-05)
45
+
46
+ [Full Changelog](https://github.com/zealot128/ruby-letsencrypt-cli/compare/v0.1.0...v0.1.1)
47
+
48
+ * b654469 new command: check PATH_TO_CERT
49
+
50
+ ## [v0.1.0](https://github.com/zealot128/ruby-letsencrypt-cli/tree/v0.1.0) (2015-12-05)
51
+
52
+ * released first public version
53
+ * added --version flag
54
+ * added explicit production server
55
+
56
+ [Full Changelog](https://github.com/zealot128/ruby-letsencrypt-cli/compare/v0.1.0.beta1...v0.1.0)
57
+
58
+ ## [v0.1.0.beta1](https://github.com/zealot128/ruby-letsencrypt-cli/tree/v0.1.0.beta1) (2015-12-05)
59
+ [Full Changelog](https://github.com/zealot128/ruby-letsencrypt-cli/compare/v0.1.0.pre...v0.1.0.beta1)
60
+
61
+ ## [v0.1.0.pre](https://github.com/zealot128/ruby-letsencrypt-cli/tree/v0.1.0.pre) (2015-12-05)
62
+
63
+
64
+ \* *This Change Log was (partially) automatically generated by [github_changelog_generator](https://github.com/skywinder/Github-Changelog-Generator)*
@@ -19,7 +19,7 @@ Gem::Specification.new do |spec|
19
19
  spec.executables = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
20
20
  spec.require_paths = ["lib"]
21
21
 
22
- spec.add_runtime_dependency 'acme-client', '>= 0.2.1'
22
+ spec.add_runtime_dependency 'acme-client', '>= 0.2.4'
23
23
  spec.add_runtime_dependency 'thor'
24
24
  spec.add_runtime_dependency 'colorize'
25
25
 
@@ -53,7 +53,7 @@ class AcmeWrapper
53
53
  end
54
54
 
55
55
  def cert(domains)
56
- return if certificate_exists_and_valid?
56
+ return if certificate_exists_and_valid_and_all_domains_included?(domains)
57
57
  csr = OpenSSL::X509::Request.new
58
58
  certificate_private_key = find_or_create_pkey(@options[:private_key_path], "private key", @options[:key_length] || 2048)
59
59
 
@@ -105,18 +105,41 @@ class AcmeWrapper
105
105
  end
106
106
  end
107
107
 
108
+ def revoke_certificate(path)
109
+ unless File.exists?(path)
110
+ log "Certificate #{path} does not exists", :warn
111
+ return false
112
+ end
113
+ cert = OpenSSL::X509::Certificate.new(File.read(path))
114
+ if client.revoke_certificate(cert)
115
+ log "Certificate '#{path}' was revoked", :info
116
+ end
117
+ true
118
+ rescue Acme::Client::Error::Malformed => e
119
+ log e.message, :error
120
+ return false
121
+ end
122
+
108
123
  private
109
124
 
110
- def certificate_exists_and_valid?
111
- if File.exists?(@options[:certificate_path])
112
- cert = OpenSSL::X509::Certificate.new(File.read(@options[:certificate_path]))
113
- renew_on = cert.not_after.to_date - @options[:days_valid]
114
- if renew_on > Date.today
115
- log "Certificate '#{@options[:certificate_path]}' still valid till #{cert.not_after.to_date}.", :warn
116
- log "Won't renew until #{renew_on} (#{@options[:days_valid]} days before)", :warn
117
- exit 2
118
- end
125
+ def certificate_exists_and_valid_and_all_domains_included?(domains)
126
+ return false if !File.exists?(@options[:certificate_path])
127
+ cert = OpenSSL::X509::Certificate.new(File.read(@options[:certificate_path]))
128
+ domains_in_cert = cert.extensions.map(&:to_h).select{|i| i['oid'] == 'subjectAltName' }.map{|i| i['value']}.join(', ').split(/, */).map{|i| i.sub(/^DNS:/, '') } +
129
+ [ cert.subject.to_s.sub(%r{/CN=}, '') ].uniq.sort
130
+ missing_domains = domains.sort.uniq - domains_in_cert
131
+ if missing_domains != []
132
+ log "Certificate '#{@options[:certificate_path]}' missing domains #{missing_domains.join(' ')}. Existing: #{domains_in_cert.join(' ')}", :warn
133
+ return false
119
134
  end
135
+ renew_on = cert.not_after.to_date - @options[:days_valid]
136
+ if renew_on > Date.today
137
+ log "Certificate '#{@options[:certificate_path]}' still valid till #{cert.not_after.to_date}.", :warn
138
+ log "Won't renew until #{renew_on} (#{@options[:days_valid]} days before)", :warn
139
+ exit 2
140
+ end
141
+
142
+ true
120
143
  end
121
144
 
122
145
  def endpoint
@@ -71,6 +71,13 @@ module Letsencrypt
71
71
  end
72
72
  end
73
73
 
74
+ desc "revoke PATH_TO_CERTIFICATE", "revokes a given certificate"
75
+ def revoke(path)
76
+ if !wrapper.revoke_certificate(path)
77
+ exit 1
78
+ end
79
+ end
80
+
74
81
  desc "manage DOMAINS", "meta command that will: check if cert already exists / still valid (exits zero if nothing todo, exits 2 if certificate is still valid) + authorize given domains + issue certificate for given domains"
75
82
  method_option :key_length, desc: "Length of private key", default: 2048, type: :numeric
76
83
  method_option :days_valid, desc: "If the --certificate-path already exists, only create new stuff, if that certificate isn't valid for less than the given number of days", default: 30, type: :numeric
@@ -1,5 +1,5 @@
1
1
  module Letsencrypt
2
2
  module Cli
3
- VERSION = "0.2.0"
3
+ VERSION = "0.3.0"
4
4
  end
5
5
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: letsencrypt-cli
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.2.0
4
+ version: 0.3.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Stefan Wienert
8
8
  autorequire:
9
9
  bindir: exe
10
10
  cert_chain: []
11
- date: 2015-12-28 00:00:00.000000000 Z
11
+ date: 2016-05-31 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: acme-client
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - ">="
18
18
  - !ruby/object:Gem::Version
19
- version: 0.2.1
19
+ version: 0.2.4
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - ">="
25
25
  - !ruby/object:Gem::Version
26
- version: 0.2.1
26
+ version: 0.2.4
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: thor
29
29
  requirement: !ruby/object:Gem::Requirement
@@ -175,6 +175,7 @@ files:
175
175
  - ".gitignore"
176
176
  - ".rspec"
177
177
  - ".travis.yml"
178
+ - CHANGELOG.md
178
179
  - Gemfile
179
180
  - LICENSE.txt
180
181
  - README.md
@@ -208,7 +209,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
208
209
  version: '0'
209
210
  requirements: []
210
211
  rubyforge_project:
211
- rubygems_version: 2.2.2
212
+ rubygems_version: 2.4.8
212
213
  signing_key:
213
214
  specification_version: 4
214
215
  summary: slim letsencrypt client for quickly authorizing (multiple) domains and issuing