letsencrypt_heroku 0.2.10 → 0.2.11
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +3 -0
- data/README.md +80 -13
- data/lib/letsencrypt_heroku/tools.rb +1 -1
- data/lib/letsencrypt_heroku/version.rb +1 -1
- metadata +3 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: f05d8a65afdbee07c1e66c70a61b5264680db2fb
|
|
4
|
+
data.tar.gz: 5864bd542312a7f99ae3e4f1665a232c46d629fe
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 66b41d6bd47b0509f8387f48754a9328a62885579bbcf5f520d140526f78ee8dd50f2d3b1c0dde08e2cbf8b99d72178766dcf4f7282c1ee20befa2feba997b0f
|
|
7
|
+
data.tar.gz: 9cadafd5553142377487bb6d1209ba9fd0bcadd7ff97880a0f0ec1c6f3b10242cb1d5ea2a7de0b45ce80167e1eba40dcffa97a2753a01700dce36561d249f9a5
|
data/CHANGELOG.md
ADDED
data/README.md
CHANGED
|
@@ -1,37 +1,104 @@
|
|
|
1
|
-
#
|
|
1
|
+
# letsencrypt_heroku
|
|
2
2
|
|
|
3
|
-
|
|
3
|
+
CLI tool to automate SSL certificate setup and renewal for **letsencrypt** and **rails** (or any other rack based application).
|
|
4
|
+
|
|
5
|
+
## Procedure
|
|
6
|
+
|
|
7
|
+
To grant a SSL certificate for a given domain, letsencrypt requires a challenge
|
|
8
|
+
request to be correctly answered on this domain. To automate this process this gem will perform the following steps for you:
|
|
9
|
+
|
|
10
|
+
1. Register the domain and a contact email with letsencrypt
|
|
11
|
+
1. Letsencrypt provides the expected challenge request answer
|
|
12
|
+
1. Make your application answer correctly
|
|
13
|
+
1. Trigger letsencrypt challenge process
|
|
14
|
+
1. Download issued certificates from letsencrypt
|
|
15
|
+
1. Setup certificates for your heroku application
|
|
4
16
|
|
|
5
17
|
## Installation
|
|
6
18
|
|
|
7
|
-
|
|
19
|
+
_Precondition: make sure the [heroku cli](https://devcenter.heroku.com/articles/heroku-cli) is installed on your development machine._
|
|
20
|
+
|
|
21
|
+
### In a nutshell
|
|
22
|
+
|
|
23
|
+
1. Install [the gems](#the-gems)
|
|
24
|
+
2. Deploy your application
|
|
25
|
+
3. Write [configuration file](#configuration)
|
|
26
|
+
4. Run `letsencrypt_heroku` on your local machine
|
|
27
|
+
5. [Verify SSL is working correctly](#verify-ssl-is-working-correctly)
|
|
28
|
+
|
|
29
|
+
### The gems
|
|
8
30
|
|
|
9
31
|
```ruby
|
|
10
32
|
gem 'letsencrypt_rack'
|
|
11
33
|
gem 'letsencrypt_heroku', require: false
|
|
12
34
|
```
|
|
13
35
|
|
|
14
|
-
|
|
36
|
+
#### Wait, why do I need two gems?
|
|
37
|
+
|
|
38
|
+
To perform SSL certificate setup and renewal a command line tool is used: `letsencrypt_heroku`. This tool will only be needed on your development machine and does not need to be loaded into your production environment.
|
|
15
39
|
|
|
16
|
-
|
|
40
|
+
`letsencrypt_rack` contains a tiny rack middleware, that answers challenge request at the following path: `/.well-known/acme-challenge`. It serves the contents of the `LETSENCRYPT_RESPONSE` environment variable.
|
|
17
41
|
|
|
18
|
-
You'll need a `config/letsencrypt_heroku.yml`
|
|
19
42
|
|
|
20
|
-
|
|
21
|
-
|
|
22
|
-
|
|
43
|
+
### Configuration
|
|
44
|
+
|
|
45
|
+
Put a configuration file under `config/letsencrypt_heroku.yml` that looks like this:
|
|
46
|
+
|
|
47
|
+
```yml
|
|
48
|
+
- contact: email@example.dev
|
|
49
|
+
domains: example.dev www.example.dev
|
|
50
|
+
heroku_app: example-dev-application
|
|
51
|
+
```
|
|
52
|
+
|
|
53
|
+
Each block in this configuration will issue a new certificate, so if you need to retrieve more than one (e.g. for another environment) you can configure more:
|
|
54
|
+
|
|
55
|
+
```yml
|
|
56
|
+
- contact: email@example.dev
|
|
57
|
+
domains: example.dev www.example.dev
|
|
58
|
+
heroku_app: example-dev-application
|
|
59
|
+
|
|
60
|
+
- contact: email@example.dev
|
|
61
|
+
domains: stg.example.dev
|
|
62
|
+
heroku_app: stg-example-dev-application
|
|
63
|
+
```
|
|
23
64
|
|
|
24
|
-
|
|
65
|
+
Please note that your application will be restarted for every single domain in your config. The restart happens automatically when the heroku challenge response gets set as environment variable.
|
|
25
66
|
|
|
26
|
-
$ letsencrypt_heroku
|
|
27
67
|
|
|
28
|
-
|
|
29
|
-
|
|
68
|
+
### Verify SSL is working correctly
|
|
69
|
+
|
|
70
|
+
Run `curl -vI https://www.example.dev` and check that it has a section that looks like this:
|
|
71
|
+
|
|
72
|
+
```
|
|
73
|
+
* TLS 1.2 connection using TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
|
|
74
|
+
* Server certificate: blindlunch.team
|
|
75
|
+
* Server certificate: Let's Encrypt Authority X3
|
|
76
|
+
* Server certificate: DST Root CA X3
|
|
77
|
+
```
|
|
78
|
+
|
|
79
|
+
You may also check the results of [qualys ssltest](https://www.ssllabs.com/ssltest).
|
|
80
|
+
|
|
81
|
+
### Renewal
|
|
82
|
+
|
|
83
|
+
Once the process ran through the renewal is as simple as: run `letsencrypt_heroku` - again.
|
|
84
|
+
|
|
85
|
+
You'll receive emails from letsencrypt from time to time to remind you to renew your certificates.
|
|
86
|
+
|
|
87
|
+
|
|
88
|
+
## Useful links and information
|
|
89
|
+
|
|
90
|
+
* https://www.ssllabs.com/ssltest
|
|
91
|
+
* https://devcenter.heroku.com/articles/ssl
|
|
92
|
+
* https://letsencrypt.org/
|
|
93
|
+
* https://github.com/eliotsykes/rails-security-checklist
|
|
94
|
+
|
|
30
95
|
|
|
31
96
|
## Contributing
|
|
32
97
|
|
|
33
98
|
Bug reports and pull requests are welcome on GitHub at https://github.com/xijo/letsencrypt_heroku.
|
|
34
99
|
|
|
100
|
+
|
|
35
101
|
## TODO
|
|
36
102
|
|
|
103
|
+
- document extraordinary configuration options (multiple domain SSL on single application)
|
|
37
104
|
- configurable config file location
|
|
@@ -27,7 +27,7 @@ module LetsencryptHeroku
|
|
|
27
27
|
|
|
28
28
|
def execute(command)
|
|
29
29
|
log command
|
|
30
|
-
Open3.popen3(command) do |stdin, stdout, stderr, wait_thr|
|
|
30
|
+
Open3.popen3("unset RUBYOPT; #{command}") do |stdin, stdout, stderr, wait_thr|
|
|
31
31
|
out, err = stdout.read, stderr.read
|
|
32
32
|
log out
|
|
33
33
|
log err
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: letsencrypt_heroku
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.2.
|
|
4
|
+
version: 0.2.11
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Johannes Opper
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2017-02-08 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: rainbow
|
|
@@ -120,6 +120,7 @@ files:
|
|
|
120
120
|
- ".rspec"
|
|
121
121
|
- ".ruby-version"
|
|
122
122
|
- ".travis.yml"
|
|
123
|
+
- CHANGELOG.md
|
|
123
124
|
- Gemfile
|
|
124
125
|
- README.md
|
|
125
126
|
- Rakefile
|