letsencrypt_webfaction 2.0.0 → 2.0.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- checksums.yaml.gz.sig +0 -0
- data.tar.gz.sig +0 -0
- data/.rubocop.yml +8 -0
- data/CHANGELOG.md +4 -0
- data/Gemfile +2 -2
- data/README.md +10 -30
- data/certs/will_in_wi.pem +7 -7
- data/letsencrypt_webfaction.gemspec +6 -2
- data/lib/letsencrypt_webfaction.rb +1 -1
- data/lib/letsencrypt_webfaction/application.rb +11 -4
- data/lib/letsencrypt_webfaction/certificate_installer.rb +2 -15
- data/lib/letsencrypt_webfaction/webfaction_api_credentials.rb +28 -0
- metadata +13 -13
- metadata.gz.sig +0 -0
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: af7ee3bd54d72597507203c29fde8eff7d728e5f
|
4
|
+
data.tar.gz: daa72bd1e20af802d19d287327aeda6173d318ba
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 7ff9869a8653f549d7a5ff1f4aa019b63f64bdad67f997a03ec82314fd4024167a5755fdb8224eff38111914ec3bab26d7cf395eff467ac48f12d47226163edf
|
7
|
+
data.tar.gz: ac8afb96fce634f3fa7f41a50862ba50783610b3a6a898bce7fe16b22a68d5338e71d65de6645d31d125ade6c4240a9e5dd697fb84fb0b23160a5de2a50e0cd4
|
checksums.yaml.gz.sig
CHANGED
Binary file
|
data.tar.gz.sig
CHANGED
Binary file
|
data/.rubocop.yml
CHANGED
@@ -12,6 +12,14 @@ Metrics/LineLength:
|
|
12
12
|
Style/Documentation:
|
13
13
|
Enabled: false
|
14
14
|
|
15
|
+
Metrics/BlockLength:
|
16
|
+
Exclude:
|
17
|
+
# Tests involve long blocks.
|
18
|
+
- 'spec/**/*'
|
19
|
+
|
20
|
+
# I'm not pulling in a library, or forcing Ruby 2.3+
|
21
|
+
Style/IndentHeredoc:
|
22
|
+
Enabled: false
|
15
23
|
|
16
24
|
# Extra cops:
|
17
25
|
|
data/CHANGELOG.md
CHANGED
data/Gemfile
CHANGED
@@ -5,11 +5,11 @@ gemspec
|
|
5
5
|
|
6
6
|
group :development, :test do
|
7
7
|
gem 'bundler', '~> 1.11'
|
8
|
+
gem 'pry', '~> 0.10'
|
9
|
+
gem 'pry-byebug', '~> 3.3'
|
8
10
|
gem 'rake', '~> 10.0'
|
9
11
|
gem 'rspec', '~> 3.4'
|
10
12
|
gem 'rubocop', '~> 0.37'
|
11
13
|
gem 'simplecov', '~> 0.11'
|
12
|
-
gem 'pry', '~> 0.10'
|
13
|
-
gem 'pry-byebug', '~> 3.3'
|
14
14
|
gem 'webmock', '~> 2.1'
|
15
15
|
end
|
data/README.md
CHANGED
@@ -75,7 +75,7 @@ This method is useful if you are already using RBEnv to manage Ruby, or if you a
|
|
75
75
|
|
76
76
|
Follow the instructions to [set up RBEnv](https://github.com/rbenv/rbenv) and [Ruby Build](https://github.com/rbenv/ruby-build#readme) on your WebFaction server.
|
77
77
|
|
78
|
-
Once you have done so, install Ruby 2.1
|
78
|
+
Once you have done so, install Ruby 2.1+, but <2.4 (probably 2.3.1 at time of writing). Then set the local Ruby and install the Gem. Finally unset the local Ruby so that you don't run into problems.
|
79
79
|
|
80
80
|
$ rbenv install 2.3.1 # Installs Ruby 2.3.1
|
81
81
|
$ rbenv local 2.3.1 # Sets Ruby 2.3.1 as the default version in the current folder.
|
@@ -83,6 +83,8 @@ Once you have done so, install Ruby 2.1+ (probably 2.3.1 at time of writing). Th
|
|
83
83
|
$ rbenv rehash # Makes RBenv aware of the letsencrypt_webfaction utility.
|
84
84
|
$ rm .ruby-version # Unsets Ruby 2.3.1 as the default version in the current folder.
|
85
85
|
|
86
|
+
*Ruby 2.4.0+ is not supported since they removed the XMLRPC library from core and moved it to a gem. This Gem doesn't work in Ruby <2.3, leaving us with an issue as the majority of system Rubies used with this project are <2.4. So don't use 2.4 for now. If you absolutely want to, make sure you install the xmlrpc gem manually.*
|
87
|
+
|
86
88
|
## Usage
|
87
89
|
|
88
90
|
### Syntax
|
@@ -102,7 +104,7 @@ The basic parameters are as follows:
|
|
102
104
|
|
103
105
|
* `--domains`
|
104
106
|
|
105
|
-
The domains for which you want to create certificates, separated by commas (with no spaces). The domains must be served from the same folder. There is one certificate per
|
107
|
+
The domains for which you want to create certificates, separated by commas (with no spaces). The domains must be served from the same folder. There is one certificate per WebFaction Website, regardless of how many domains are served from it.
|
106
108
|
|
107
109
|
* `--public`
|
108
110
|
|
@@ -110,13 +112,13 @@ The basic parameters are as follows:
|
|
110
112
|
|
111
113
|
In the case of a PHP site, such as Drupal or Wordpress, look for the folder with `index.php` in it. This is usually in `/home/[myuser]/webapps/[yourapp/]`.
|
112
114
|
|
113
|
-
In the case of a Rails app, look for a folder called `public/`. If you are deploying your app with Capistrano, this could show up in `/home/myuser/webapps/[yourapp]/current/public/`.
|
115
|
+
In the case of a Rails app, look for a folder called `public/`. If you are deploying your app with Capistrano, this could show up in `/home/myuser/webapps/[yourapp]/current/public/`.
|
114
116
|
|
115
117
|
In some cases (such as with some Node.js or Python applications), you may need to create this folder. See [here](https://github.com/will-in-wi/letsencrypt-webfaction/issues/24) for an example of this workaround.
|
116
118
|
|
117
119
|
* `--username`
|
118
120
|
|
119
|
-
The username you use to log into the Webfaction control panel.
|
121
|
+
The username you use to log into the Webfaction control panel. Needed along with the password to upload your cert to their API.
|
120
122
|
|
121
123
|
* `--password`
|
122
124
|
|
@@ -131,7 +133,9 @@ Other parameters (which are generally best left to their default values, unless
|
|
131
133
|
### Example
|
132
134
|
Here is a basic example which issues one certificate for both yourdomain.com and www.yourdomain.com, both of which are served by `~/webapps/yourapp/wordpress` and your WebFaction contact email address is you@youremail.com. This assumes that both yourdomain.com and www.yourdomain.com are served from the same folder.
|
133
135
|
|
134
|
-
$ letsencrypt_webfaction --letsencrypt_account_email you@youremail.com --domains yourdomain.com,www.yourdomain.com --public ~/webapps/yourapp/wordpress/
|
136
|
+
$ letsencrypt_webfaction --letsencrypt_account_email you@youremail.com --domains yourdomain.com,www.yourdomain.com --public ~/webapps/yourapp/wordpress/ --username myusername --password mypassword
|
137
|
+
|
138
|
+
*Note: Passing the password via the command line as seen here is insecure. You should use the `--config` mechanism mentioned later.*
|
135
139
|
|
136
140
|
### Testing
|
137
141
|
|
@@ -144,9 +148,7 @@ A test command could thus be something like the following:
|
|
144
148
|
|
145
149
|
### Operation
|
146
150
|
|
147
|
-
When letsencrypt_webfaction runs, it places verification files into the public directory specified, validates the domains with LetsEncrypt, and then
|
148
|
-
|
149
|
-
After this is done, the utility will email the certificate installation request to WebFaction Support, copying you.
|
151
|
+
When letsencrypt_webfaction runs, it places verification files into the public directory specified, validates the domains with LetsEncrypt, and then uploads the certificate to WebFaction's API.
|
150
152
|
|
151
153
|
To quickly get a list of parameters and help for each, you can run:
|
152
154
|
|
@@ -207,28 +209,6 @@ This could be run automatically every two months.
|
|
207
209
|
|
208
210
|
A config file can be placed anywhere in your WebFaction account. A good place might be `~/le_config/siteconfig.yml`.
|
209
211
|
|
210
|
-
### Custom email configuration
|
211
|
-
|
212
|
-
If you use a WebFaction email address, the process of sending emails to WebFaction Support should work just fine. In some cases, particularly in the case of Gmail, you may need to override the default usage of Sendmail and use SMTP. You can create a custom configuration file as described above (passed using `--config`) and add the below custom configuration in order to accomplish this.
|
213
|
-
|
214
|
-
A Gmail example might be:
|
215
|
-
|
216
|
-
```yaml
|
217
|
-
email_configuration:
|
218
|
-
:via: 'smtp'
|
219
|
-
:via_options:
|
220
|
-
:address: 'smtp.gmail.com'
|
221
|
-
:port: '587'
|
222
|
-
:enable_starttls_auto: true
|
223
|
-
:user_name: '[you@gmail.com]'
|
224
|
-
:password: '[password_see_note]'
|
225
|
-
:authentication: 'plain'
|
226
|
-
:domain: 'localhost.localdomain' # the HELO domain provided by the client to the server
|
227
|
-
```
|
228
|
-
|
229
|
-
See this [project's GitHub wiki](https://github.com/will-in-wi/letsencrypt-webfaction/wiki) for additional Gmail specific notes.
|
230
|
-
|
231
|
-
For all possible options, see [the Pony configuration](https://github.com/benprew/pony).
|
232
212
|
|
233
213
|
## Development
|
234
214
|
|
data/certs/will_in_wi.pem
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
-----BEGIN CERTIFICATE-----
|
2
2
|
MIIDhTCCAm2gAwIBAgIBATANBgkqhkiG9w0BAQUFADBEMRAwDgYDVQQDDAd3aWxs
|
3
3
|
aWFtMRwwGgYKCZImiZPyLGQBGRYMam9obnN0b25oYXVzMRIwEAYKCZImiZPyLGQB
|
4
|
-
|
4
|
+
GRYCdXMwHhcNMTcwNDIyMTMzODM5WhcNMTgwNDIyMTMzODM5WjBEMRAwDgYDVQQD
|
5
5
|
DAd3aWxsaWFtMRwwGgYKCZImiZPyLGQBGRYMam9obnN0b25oYXVzMRIwEAYKCZIm
|
6
6
|
iZPyLGQBGRYCdXMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDl8XJy
|
7
7
|
iFDfTJHbPnQ43vJKAjVPwxRnPhThFeWgYlZ//SU6ZbO4GqewDSMyCrjtWOq+mE59
|
@@ -12,10 +12,10 @@ iL3gD6KBGRCdOVRmX+mgz0mIxchknFslbLE1aU9kNGabVw/25qUVxTid7HN5DAeY
|
|
12
12
|
gkKUO+QWHBNH4QL3AgMBAAGjgYEwfzAJBgNVHRMEAjAAMAsGA1UdDwQEAwIEsDAd
|
13
13
|
BgNVHQ4EFgQUFOFAV8TE1Qa285rrUux+StPq5WowIgYDVR0RBBswGYEXd2lsbGlh
|
14
14
|
bUBqb2huc3RvbmhhdXMudXMwIgYDVR0SBBswGYEXd2lsbGlhbUBqb2huc3Rvbmhh
|
15
|
-
|
16
|
-
|
17
|
-
|
18
|
-
|
19
|
-
|
20
|
-
|
15
|
+
dXMudXMwDQYJKoZIhvcNAQEFBQADggEBAKpT/kZxUP3ZmywvtVjwYy2iqKglGPfp
|
16
|
+
VUrMDaz3M96EFMH2FGMQDDumCR4OrBvc5URigGhj0qZYJmgBmkCW/gw2sv9RfuZb
|
17
|
+
btwEZHcHJrWHW6ys0mD0aGZGptsLbxmm+VJhXNWHKu30Wbmm4yt4lk5atOprYGKp
|
18
|
+
M/z07wMPdG5bNazz5iNkuW2HyYJV6BArUfD5fF04m856frBJytLkVe5Q1L83wi7g
|
19
|
+
Bgn1/q+P8H+/qkt6w5h8UzWYyXRlEjWvSJEjkNU0C05GQ0w0GFiqd62CgQty5xpa
|
20
|
+
7M3NhWEjOZHE18Ro4Vy9CQCJxUasYC4JUMMQ9tQBW+vYIgHfBn0+xlw=
|
21
21
|
-----END CERTIFICATE-----
|
@@ -1,4 +1,5 @@
|
|
1
1
|
# coding: utf-8
|
2
|
+
|
2
3
|
lib = File.expand_path('../lib', __FILE__)
|
3
4
|
$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
|
4
5
|
require 'letsencrypt_webfaction'
|
@@ -21,12 +22,15 @@ Gem::Specification.new do |spec|
|
|
21
22
|
spec.files = `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
|
22
23
|
spec.bindir = 'exe'
|
23
24
|
spec.executables = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
|
24
|
-
spec.require_paths = %w
|
25
|
+
spec.require_paths = %w[lib]
|
25
26
|
|
26
27
|
spec.cert_chain = ['certs/will_in_wi.pem']
|
27
28
|
spec.signing_key = File.expand_path('~/.ssh/gem-private_key.pem') if $PROGRAM_NAME.end_with?('gem')
|
28
29
|
|
29
30
|
spec.required_ruby_version = '>= 2.1.0'
|
30
31
|
|
31
|
-
spec.add_runtime_dependency 'acme-client', '
|
32
|
+
spec.add_runtime_dependency 'acme-client', '~> 0.5.5'
|
33
|
+
|
34
|
+
# This will be required for Ruby 2.4. But it is incompatible for Ruby <2.3. Unsupporting Ruby 2.4 for the moment.
|
35
|
+
# spec.add_runtime_dependency 'xmlrpc', '~> 0.3.0'
|
32
36
|
end
|
@@ -16,6 +16,12 @@ module LetsencryptWebfaction
|
|
16
16
|
# Validate that the correct options were passed.
|
17
17
|
validate_options!
|
18
18
|
|
19
|
+
# Check credentials
|
20
|
+
unless api_credentials.valid?
|
21
|
+
$stderr.puts 'WebFaction API username, password, and/or servername are incorrect. Login failed.'
|
22
|
+
exit 1
|
23
|
+
end
|
24
|
+
|
19
25
|
# Register the private key.
|
20
26
|
register_key!
|
21
27
|
|
@@ -28,11 +34,12 @@ module LetsencryptWebfaction
|
|
28
34
|
|
29
35
|
private
|
30
36
|
|
37
|
+
def api_credentials
|
38
|
+
@_api_credentials ||= LetsencryptWebfaction::WebfactionApiCredentials.new username: @options.username, password: @options.password, servername: @options.servername, api_server: @options.api_url
|
39
|
+
end
|
40
|
+
|
31
41
|
def certificate_installer
|
32
|
-
@certificate_installer ||=
|
33
|
-
credentials = LetsencryptWebfaction::WebfactionApiCredentials.new username: @options.username, password: @options.password, servername: @options.servername, api_server: @options.api_url
|
34
|
-
LetsencryptWebfaction::CertificateInstaller.new(@options.cert_name, certificate, credentials)
|
35
|
-
end
|
42
|
+
@certificate_installer ||= LetsencryptWebfaction::CertificateInstaller.new(@options.cert_name, certificate, api_credentials)
|
36
43
|
end
|
37
44
|
|
38
45
|
def certificate
|
@@ -11,28 +11,15 @@ module LetsencryptWebfaction
|
|
11
11
|
end
|
12
12
|
|
13
13
|
def install!
|
14
|
-
cert_list =
|
14
|
+
cert_list = @credentials.call('list_certificates')
|
15
15
|
action = if cert_list.find { |cert| cert['name'] == @cert_name }
|
16
16
|
'update_certificate'
|
17
17
|
else
|
18
18
|
'create_certificate'
|
19
19
|
end
|
20
|
-
|
20
|
+
@credentials.call(action, @cert_name, @certificate.to_pem, @certificate.request.private_key.to_pem, @certificate.chain_to_pem)
|
21
21
|
|
22
22
|
true
|
23
23
|
end
|
24
|
-
|
25
|
-
private
|
26
|
-
|
27
|
-
def server_client
|
28
|
-
@server_client ||= XMLRPC::Client.new2(@credentials.api_server)
|
29
|
-
end
|
30
|
-
|
31
|
-
def session_id
|
32
|
-
@session_id ||= begin
|
33
|
-
login_resp = server_client.call('login', @credentials.username, @credentials.password, @credentials.servername, WEBFACTION_API_VERSION)
|
34
|
-
login_resp[0]
|
35
|
-
end
|
36
|
-
end
|
37
24
|
end
|
38
25
|
end
|
@@ -1,5 +1,9 @@
|
|
1
|
+
require 'xmlrpc/client'
|
2
|
+
|
1
3
|
module LetsencryptWebfaction
|
2
4
|
class WebfactionApiCredentials
|
5
|
+
WEBFACTION_API_VERSION = 2
|
6
|
+
|
3
7
|
attr_reader :username
|
4
8
|
attr_reader :password
|
5
9
|
attr_reader :servername
|
@@ -11,5 +15,29 @@ module LetsencryptWebfaction
|
|
11
15
|
@servername = servername
|
12
16
|
@api_server = api_server
|
13
17
|
end
|
18
|
+
|
19
|
+
def call(action, *args)
|
20
|
+
server_client.call(action, session_id, *args)
|
21
|
+
end
|
22
|
+
|
23
|
+
def valid?
|
24
|
+
!session_id.nil?
|
25
|
+
rescue XMLRPC::FaultException => e
|
26
|
+
return false if e.message == 'LoginError'
|
27
|
+
raise
|
28
|
+
end
|
29
|
+
|
30
|
+
private
|
31
|
+
|
32
|
+
def server_client
|
33
|
+
@_server_client ||= XMLRPC::Client.new2(api_server)
|
34
|
+
end
|
35
|
+
|
36
|
+
def session_id
|
37
|
+
@_session_id ||= begin
|
38
|
+
login_resp = server_client.call('login', username, password, servername, WEBFACTION_API_VERSION)
|
39
|
+
login_resp[0]
|
40
|
+
end
|
41
|
+
end
|
14
42
|
end
|
15
43
|
end
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: letsencrypt_webfaction
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 2.0.
|
4
|
+
version: 2.0.1
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- William Johnston
|
@@ -12,7 +12,7 @@ cert_chain:
|
|
12
12
|
-----BEGIN CERTIFICATE-----
|
13
13
|
MIIDhTCCAm2gAwIBAgIBATANBgkqhkiG9w0BAQUFADBEMRAwDgYDVQQDDAd3aWxs
|
14
14
|
aWFtMRwwGgYKCZImiZPyLGQBGRYMam9obnN0b25oYXVzMRIwEAYKCZImiZPyLGQB
|
15
|
-
|
15
|
+
GRYCdXMwHhcNMTcwNDIyMTMzODM5WhcNMTgwNDIyMTMzODM5WjBEMRAwDgYDVQQD
|
16
16
|
DAd3aWxsaWFtMRwwGgYKCZImiZPyLGQBGRYMam9obnN0b25oYXVzMRIwEAYKCZIm
|
17
17
|
iZPyLGQBGRYCdXMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDl8XJy
|
18
18
|
iFDfTJHbPnQ43vJKAjVPwxRnPhThFeWgYlZ//SU6ZbO4GqewDSMyCrjtWOq+mE59
|
@@ -23,29 +23,29 @@ cert_chain:
|
|
23
23
|
gkKUO+QWHBNH4QL3AgMBAAGjgYEwfzAJBgNVHRMEAjAAMAsGA1UdDwQEAwIEsDAd
|
24
24
|
BgNVHQ4EFgQUFOFAV8TE1Qa285rrUux+StPq5WowIgYDVR0RBBswGYEXd2lsbGlh
|
25
25
|
bUBqb2huc3RvbmhhdXMudXMwIgYDVR0SBBswGYEXd2lsbGlhbUBqb2huc3Rvbmhh
|
26
|
-
|
27
|
-
|
28
|
-
|
29
|
-
|
30
|
-
|
31
|
-
|
26
|
+
dXMudXMwDQYJKoZIhvcNAQEFBQADggEBAKpT/kZxUP3ZmywvtVjwYy2iqKglGPfp
|
27
|
+
VUrMDaz3M96EFMH2FGMQDDumCR4OrBvc5URigGhj0qZYJmgBmkCW/gw2sv9RfuZb
|
28
|
+
btwEZHcHJrWHW6ys0mD0aGZGptsLbxmm+VJhXNWHKu30Wbmm4yt4lk5atOprYGKp
|
29
|
+
M/z07wMPdG5bNazz5iNkuW2HyYJV6BArUfD5fF04m856frBJytLkVe5Q1L83wi7g
|
30
|
+
Bgn1/q+P8H+/qkt6w5h8UzWYyXRlEjWvSJEjkNU0C05GQ0w0GFiqd62CgQty5xpa
|
31
|
+
7M3NhWEjOZHE18Ro4Vy9CQCJxUasYC4JUMMQ9tQBW+vYIgHfBn0+xlw=
|
32
32
|
-----END CERTIFICATE-----
|
33
|
-
date:
|
33
|
+
date: 2017-04-22 00:00:00.000000000 Z
|
34
34
|
dependencies:
|
35
35
|
- !ruby/object:Gem::Dependency
|
36
36
|
name: acme-client
|
37
37
|
requirement: !ruby/object:Gem::Requirement
|
38
38
|
requirements:
|
39
|
-
- - "
|
39
|
+
- - "~>"
|
40
40
|
- !ruby/object:Gem::Version
|
41
|
-
version: 0.
|
41
|
+
version: 0.5.5
|
42
42
|
type: :runtime
|
43
43
|
prerelease: false
|
44
44
|
version_requirements: !ruby/object:Gem::Requirement
|
45
45
|
requirements:
|
46
|
-
- - "
|
46
|
+
- - "~>"
|
47
47
|
- !ruby/object:Gem::Version
|
48
|
-
version: 0.
|
48
|
+
version: 0.5.5
|
49
49
|
description: A tool to simplify the manual process of using LetsEncrypt on Webfaction
|
50
50
|
hosts. It can be added to cron where it will validate your domains automatically,
|
51
51
|
place the generated certs in a common folder, and then email the WebFaction support
|
metadata.gz.sig
CHANGED
Binary file
|