letsencrypt-cli 0.2.0 → 0.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 3f7a750f6deb043455b510a86acc9947e8e92bc7
4
- data.tar.gz: bdd835c1eb3bc356806fb8a475d4731b1ea42656
3
+ metadata.gz: a5daeb88cfefed35938043bd207c5f0da83e5459
4
+ data.tar.gz: c957d6ef5ff7b213b7c20e6d0cd1d29f71da898f
5
5
  SHA512:
6
- metadata.gz: 614b040125f605d32eeb0dd2856afe570c05c794d73f8d8d41b52ad82d3e566244ba8b543f3b9e34d1e09a99720d43b9a83e23c701800be48ebe34d78f252f02
7
- data.tar.gz: 4d4edba4bd600d393da8353c9270207006d50fb0bc7e1e45fe139fad4be25ba431a8aa51a5a11e257345417567ca590c3491c9aa7b79f39adf46974c32654b4f
6
+ metadata.gz: ca8f5bdbd2f673933c945bec5a952e327aa20e96c9e51c9e14d27c1eb9ccbe52fad6c0a4df1c721310d545a28c1613830203f7034601a62d64bd60f08e748a1c
7
+ data.tar.gz: 289b3b107fae7f86377a1606debc2dbccbd3eecdeecf128a1efb4c44fbc781acb2b2bc1230d9b152b30e0e12316d2a987175298639a847aa5c9f892ae3150760
data/.travis.yml CHANGED
@@ -3,7 +3,9 @@ sudo: false
3
3
  cache: bundler
4
4
 
5
5
  rvm:
6
- - 2.2
6
+ - ruby-head
7
+ - 2.3.0
8
+ - 2.2.4
7
9
  - 2.1
8
10
  # - 2.0
9
11
 
data/CHANGELOG.md ADDED
@@ -0,0 +1,64 @@
1
+ # Change Log
2
+
3
+ ## [v0.3.0](https://github.com/zealot128/ruby-letsencrypt-cli/tree/v0.3.0)
4
+
5
+ * Certificate creation checks if existing certificate includes all requested domains. If at least one is missing, a new cert will be requested
6
+ * Added Ruby 2.3.0 and Ruby head to the build matrix
7
+
8
+ [Full Changelog](https://github.com/zealot128/ruby-letsencrypt-cli/compare/v0.2.0...v0.3.0)
9
+
10
+ ## [v0.2.0](https://github.com/zealot128/ruby-letsencrypt-cli/tree/v0.2.0)
11
+
12
+ [Full Changelog](https://github.com/zealot128/ruby-letsencrypt-cli/compare/v0.1.4...v0.2.0)
13
+
14
+ **Closed issues:**
15
+
16
+ - cf1e0d9 Exit code 2, if certificate is still valid
17
+
18
+ **Merged pull requests:**
19
+
20
+ - Apply strict permissions on private key [\#4](https://github.com/zealot128/ruby-letsencrypt-cli/pull/4) ([zygiss](https://github.com/zygiss))
21
+ - Fix typo in README [\#2](https://github.com/zealot128/ruby-letsencrypt-cli/pull/2) ([kenrick](https://github.com/kenrick))
22
+
23
+ ## [v0.1.4](https://github.com/zealot128/ruby-letsencrypt-cli/tree/v0.1.4) (2015-12-08)
24
+
25
+ * require higher acme-client version, that generated correct fullchain certs.
26
+ fullchain.pem is chain.pem + cert.pem, should be cert.pem + chain.pem [\#1](https://github.com/zealot128/ruby-letsencrypt-cli/issues/1)
27
+
28
+ [Full Changelog](https://github.com/zealot128/ruby-letsencrypt-cli/compare/v0.1.3...v0.1.4)
29
+
30
+ ## [v0.1.3](https://github.com/zealot128/ruby-letsencrypt-cli/tree/v0.1.3) (2015-12-06)
31
+
32
+ * Fixed registration
33
+ * Added various specs
34
+
35
+ [Full Changelog](https://github.com/zealot128/ruby-letsencrypt-cli/compare/v0.1.2...v0.1.3)
36
+
37
+ ## [v0.1.2](https://github.com/zealot128/ruby-letsencrypt-cli/tree/v0.1.2) (2015-12-05)
38
+
39
+ * Added manage command
40
+ * Improved nginx doc + Ruby installation
41
+
42
+ [Full Changelog](https://github.com/zealot128/ruby-letsencrypt-cli/compare/v0.1.1...v0.1.2)
43
+
44
+ ## [v0.1.1](https://github.com/zealot128/ruby-letsencrypt-cli/tree/v0.1.1) (2015-12-05)
45
+
46
+ [Full Changelog](https://github.com/zealot128/ruby-letsencrypt-cli/compare/v0.1.0...v0.1.1)
47
+
48
+ * b654469 new command: check PATH_TO_CERT
49
+
50
+ ## [v0.1.0](https://github.com/zealot128/ruby-letsencrypt-cli/tree/v0.1.0) (2015-12-05)
51
+
52
+ * released first public version
53
+ * added --version flag
54
+ * added explicit production server
55
+
56
+ [Full Changelog](https://github.com/zealot128/ruby-letsencrypt-cli/compare/v0.1.0.beta1...v0.1.0)
57
+
58
+ ## [v0.1.0.beta1](https://github.com/zealot128/ruby-letsencrypt-cli/tree/v0.1.0.beta1) (2015-12-05)
59
+ [Full Changelog](https://github.com/zealot128/ruby-letsencrypt-cli/compare/v0.1.0.pre...v0.1.0.beta1)
60
+
61
+ ## [v0.1.0.pre](https://github.com/zealot128/ruby-letsencrypt-cli/tree/v0.1.0.pre) (2015-12-05)
62
+
63
+
64
+ \* *This Change Log was (partially) automatically generated by [github_changelog_generator](https://github.com/skywinder/Github-Changelog-Generator)*
@@ -19,7 +19,7 @@ Gem::Specification.new do |spec|
19
19
  spec.executables = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
20
20
  spec.require_paths = ["lib"]
21
21
 
22
- spec.add_runtime_dependency 'acme-client', '>= 0.2.1'
22
+ spec.add_runtime_dependency 'acme-client', '>= 0.2.4'
23
23
  spec.add_runtime_dependency 'thor'
24
24
  spec.add_runtime_dependency 'colorize'
25
25
 
@@ -53,7 +53,7 @@ class AcmeWrapper
53
53
  end
54
54
 
55
55
  def cert(domains)
56
- return if certificate_exists_and_valid?
56
+ return if certificate_exists_and_valid_and_all_domains_included?(domains)
57
57
  csr = OpenSSL::X509::Request.new
58
58
  certificate_private_key = find_or_create_pkey(@options[:private_key_path], "private key", @options[:key_length] || 2048)
59
59
 
@@ -105,18 +105,41 @@ class AcmeWrapper
105
105
  end
106
106
  end
107
107
 
108
+ def revoke_certificate(path)
109
+ unless File.exists?(path)
110
+ log "Certificate #{path} does not exists", :warn
111
+ return false
112
+ end
113
+ cert = OpenSSL::X509::Certificate.new(File.read(path))
114
+ if client.revoke_certificate(cert)
115
+ log "Certificate '#{path}' was revoked", :info
116
+ end
117
+ true
118
+ rescue Acme::Client::Error::Malformed => e
119
+ log e.message, :error
120
+ return false
121
+ end
122
+
108
123
  private
109
124
 
110
- def certificate_exists_and_valid?
111
- if File.exists?(@options[:certificate_path])
112
- cert = OpenSSL::X509::Certificate.new(File.read(@options[:certificate_path]))
113
- renew_on = cert.not_after.to_date - @options[:days_valid]
114
- if renew_on > Date.today
115
- log "Certificate '#{@options[:certificate_path]}' still valid till #{cert.not_after.to_date}.", :warn
116
- log "Won't renew until #{renew_on} (#{@options[:days_valid]} days before)", :warn
117
- exit 2
118
- end
125
+ def certificate_exists_and_valid_and_all_domains_included?(domains)
126
+ return false if !File.exists?(@options[:certificate_path])
127
+ cert = OpenSSL::X509::Certificate.new(File.read(@options[:certificate_path]))
128
+ domains_in_cert = cert.extensions.map(&:to_h).select{|i| i['oid'] == 'subjectAltName' }.map{|i| i['value']}.join(', ').split(/, */).map{|i| i.sub(/^DNS:/, '') } +
129
+ [ cert.subject.to_s.sub(%r{/CN=}, '') ].uniq.sort
130
+ missing_domains = domains.sort.uniq - domains_in_cert
131
+ if missing_domains != []
132
+ log "Certificate '#{@options[:certificate_path]}' missing domains #{missing_domains.join(' ')}. Existing: #{domains_in_cert.join(' ')}", :warn
133
+ return false
119
134
  end
135
+ renew_on = cert.not_after.to_date - @options[:days_valid]
136
+ if renew_on > Date.today
137
+ log "Certificate '#{@options[:certificate_path]}' still valid till #{cert.not_after.to_date}.", :warn
138
+ log "Won't renew until #{renew_on} (#{@options[:days_valid]} days before)", :warn
139
+ exit 2
140
+ end
141
+
142
+ true
120
143
  end
121
144
 
122
145
  def endpoint
@@ -71,6 +71,13 @@ module Letsencrypt
71
71
  end
72
72
  end
73
73
 
74
+ desc "revoke PATH_TO_CERTIFICATE", "revokes a given certificate"
75
+ def revoke(path)
76
+ if !wrapper.revoke_certificate(path)
77
+ exit 1
78
+ end
79
+ end
80
+
74
81
  desc "manage DOMAINS", "meta command that will: check if cert already exists / still valid (exits zero if nothing todo, exits 2 if certificate is still valid) + authorize given domains + issue certificate for given domains"
75
82
  method_option :key_length, desc: "Length of private key", default: 2048, type: :numeric
76
83
  method_option :days_valid, desc: "If the --certificate-path already exists, only create new stuff, if that certificate isn't valid for less than the given number of days", default: 30, type: :numeric
@@ -1,5 +1,5 @@
1
1
  module Letsencrypt
2
2
  module Cli
3
- VERSION = "0.2.0"
3
+ VERSION = "0.3.0"
4
4
  end
5
5
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: letsencrypt-cli
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.2.0
4
+ version: 0.3.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Stefan Wienert
8
8
  autorequire:
9
9
  bindir: exe
10
10
  cert_chain: []
11
- date: 2015-12-28 00:00:00.000000000 Z
11
+ date: 2016-05-31 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: acme-client
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - ">="
18
18
  - !ruby/object:Gem::Version
19
- version: 0.2.1
19
+ version: 0.2.4
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - ">="
25
25
  - !ruby/object:Gem::Version
26
- version: 0.2.1
26
+ version: 0.2.4
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: thor
29
29
  requirement: !ruby/object:Gem::Requirement
@@ -175,6 +175,7 @@ files:
175
175
  - ".gitignore"
176
176
  - ".rspec"
177
177
  - ".travis.yml"
178
+ - CHANGELOG.md
178
179
  - Gemfile
179
180
  - LICENSE.txt
180
181
  - README.md
@@ -208,7 +209,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
208
209
  version: '0'
209
210
  requirements: []
210
211
  rubyforge_project:
211
- rubygems_version: 2.2.2
212
+ rubygems_version: 2.4.8
212
213
  signing_key:
213
214
  specification_version: 4
214
215
  summary: slim letsencrypt client for quickly authorizing (multiple) domains and issuing