letsencrypt_heroku 0.2.10 → 0.2.11

Sign up to get free protection for your applications and to get access to all the features.
Files changed (6) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +3 -0
  3. data/README.md +80 -13
  4. data/lib/letsencrypt_heroku/tools.rb +1 -1
  5. data/lib/letsencrypt_heroku/version.rb +1 -1
  6. metadata +3 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: f4951db168b361f23522c150d52cf5faef481eed
4
- data.tar.gz: 62750d6634306eb54e14df5e787c643f921629b9
3
+ metadata.gz: f05d8a65afdbee07c1e66c70a61b5264680db2fb
4
+ data.tar.gz: 5864bd542312a7f99ae3e4f1665a232c46d629fe
5
5
  SHA512:
6
- metadata.gz: 2eeff405677f34b4537e095379ae1eaeeece4f65178749450dfed3e0a422e782ddbff41e714b2ebe5936b79491f83c8495bbc56a5c7a81f3c6833dfafe65c23a
7
- data.tar.gz: 497305146efd935ad054fe3c24a4a053fe8255de8a6773a4c5791a0d1a731aeee0c97e4bd96df3f1d42fef61be40f837165658198149ce28630b15cc1e5626fe
6
+ metadata.gz: 66b41d6bd47b0509f8387f48754a9328a62885579bbcf5f520d140526f78ee8dd50f2d3b1c0dde08e2cbf8b99d72178766dcf4f7282c1ee20befa2feba997b0f
7
+ data.tar.gz: 9cadafd5553142377487bb6d1209ba9fd0bcadd7ff97880a0f0ec1c6f3b10242cb1d5ea2a7de0b45ce80167e1eba40dcffa97a2753a01700dce36561d249f9a5
data/CHANGELOG.md ADDED
@@ -0,0 +1,3 @@
1
+ v0.2.11 -- 2017-02-08
2
+
3
+ Fix issue concerning ruby version and heroku CLI, see https://github.com/xijo/letsencrypt_heroku/pull/2
data/README.md CHANGED
@@ -1,37 +1,104 @@
1
- # LetsencryptHeroku
1
+ # letsencrypt_heroku
2
2
 
3
- Welcome to your new gem! In this directory, you'll find the files you need to be able to package up your Ruby library into a gem. Put your Ruby code in the file `lib/letsencrypt_heroku`. To experiment with that code, run `bin/console` for an interactive prompt.
3
+ CLI tool to automate SSL certificate setup and renewal for **letsencrypt** and **rails** (or any other rack based application).
4
+
5
+ ## Procedure
6
+
7
+ To grant a SSL certificate for a given domain, letsencrypt requires a challenge
8
+ request to be correctly answered on this domain. To automate this process this gem will perform the following steps for you:
9
+
10
+ 1. Register the domain and a contact email with letsencrypt
11
+ 1. Letsencrypt provides the expected challenge request answer
12
+ 1. Make your application answer correctly
13
+ 1. Trigger letsencrypt challenge process
14
+ 1. Download issued certificates from letsencrypt
15
+ 1. Setup certificates for your heroku application
4
16
 
5
17
  ## Installation
6
18
 
7
- Add these lines to your application's Gemfile:
19
+ _Precondition: make sure the [heroku cli](https://devcenter.heroku.com/articles/heroku-cli) is installed on your development machine._
20
+
21
+ ### In a nutshell
22
+
23
+ 1. Install [the gems](#the-gems)
24
+ 2. Deploy your application
25
+ 3. Write [configuration file](#configuration)
26
+ 4. Run `letsencrypt_heroku` on your local machine
27
+ 5. [Verify SSL is working correctly](#verify-ssl-is-working-correctly)
28
+
29
+ ### The gems
8
30
 
9
31
  ```ruby
10
32
  gem 'letsencrypt_rack'
11
33
  gem 'letsencrypt_heroku', require: false
12
34
  ```
13
35
 
14
- And then execute:
36
+ #### Wait, why do I need two gems?
37
+
38
+ To perform SSL certificate setup and renewal a command line tool is used: `letsencrypt_heroku`. This tool will only be needed on your development machine and does not need to be loaded into your production environment.
15
39
 
16
- $ bundle
40
+ `letsencrypt_rack` contains a tiny rack middleware, that answers challenge request at the following path: `/.well-known/acme-challenge`. It serves the contents of the `LETSENCRYPT_RESPONSE` environment variable.
17
41
 
18
- You'll need a `config/letsencrypt_heroku.yml`
19
42
 
20
- - contact: contact@foobar.dev
21
- domains: foobar.dev www.foobar.dev
22
- heroku_app: foobar
43
+ ### Configuration
44
+
45
+ Put a configuration file under `config/letsencrypt_heroku.yml` that looks like this:
46
+
47
+ ```yml
48
+ - contact: email@example.dev
49
+ domains: example.dev www.example.dev
50
+ heroku_app: example-dev-application
51
+ ```
52
+
53
+ Each block in this configuration will issue a new certificate, so if you need to retrieve more than one (e.g. for another environment) you can configure more:
54
+
55
+ ```yml
56
+ - contact: email@example.dev
57
+ domains: example.dev www.example.dev
58
+ heroku_app: example-dev-application
59
+
60
+ - contact: email@example.dev
61
+ domains: stg.example.dev
62
+ heroku_app: stg-example-dev-application
63
+ ```
23
64
 
24
- And finally execute
65
+ Please note that your application will be restarted for every single domain in your config. The restart happens automatically when the heroku challenge response gets set as environment variable.
25
66
 
26
- $ letsencrypt_heroku
27
67
 
28
- Please note that your application needs to be restarted for every individual domain in your config. The restart happens
29
- automatically when the heroku challenge response gets set as environment variable.
68
+ ### Verify SSL is working correctly
69
+
70
+ Run `curl -vI https://www.example.dev` and check that it has a section that looks like this:
71
+
72
+ ```
73
+ * TLS 1.2 connection using TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
74
+ * Server certificate: blindlunch.team
75
+ * Server certificate: Let's Encrypt Authority X3
76
+ * Server certificate: DST Root CA X3
77
+ ```
78
+
79
+ You may also check the results of [qualys ssltest](https://www.ssllabs.com/ssltest).
80
+
81
+ ### Renewal
82
+
83
+ Once the process ran through the renewal is as simple as: run `letsencrypt_heroku` - again.
84
+
85
+ You'll receive emails from letsencrypt from time to time to remind you to renew your certificates.
86
+
87
+
88
+ ## Useful links and information
89
+
90
+ * https://www.ssllabs.com/ssltest
91
+ * https://devcenter.heroku.com/articles/ssl
92
+ * https://letsencrypt.org/
93
+ * https://github.com/eliotsykes/rails-security-checklist
94
+
30
95
 
31
96
  ## Contributing
32
97
 
33
98
  Bug reports and pull requests are welcome on GitHub at https://github.com/xijo/letsencrypt_heroku.
34
99
 
100
+
35
101
  ## TODO
36
102
 
103
+ - document extraordinary configuration options (multiple domain SSL on single application)
37
104
  - configurable config file location
data/lib/letsencrypt_heroku/tools.rb CHANGED
@@ -27,7 +27,7 @@ module LetsencryptHeroku
27
27
 
28
28
  def execute(command)
29
29
  log command
30
- Open3.popen3(command) do |stdin, stdout, stderr, wait_thr|
30
+ Open3.popen3("unset RUBYOPT; #{command}") do |stdin, stdout, stderr, wait_thr|
31
31
  out, err = stdout.read, stderr.read
32
32
  log out
33
33
  log err
data/lib/letsencrypt_heroku/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module LetsencryptHeroku
2
- VERSION = "0.2.10"
2
+ VERSION = "0.2.11"
3
3
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: letsencrypt_heroku
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.2.10
4
+ version: 0.2.11
5
5
  platform: ruby
6
6
  authors:
7
7
  - Johannes Opper
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2016-10-31 00:00:00.000000000 Z
11
+ date: 2017-02-08 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: rainbow
@@ -120,6 +120,7 @@ files:
120
120
  - ".rspec"
121
121
  - ".ruby-version"
122
122
  - ".travis.yml"
123
+ - CHANGELOG.md
123
124
  - Gemfile
124
125
  - README.md
125
126
  - Rakefile