letsencrypt_webfaction 2.0.0 → 2.0.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 8ac49657153360e6bee3e88beb0cf90ba58849eb
-  data.tar.gz: b1da0829bf31d762898e8040643d3c4a86bea8d4
+  metadata.gz: af7ee3bd54d72597507203c29fde8eff7d728e5f
+  data.tar.gz: daa72bd1e20af802d19d287327aeda6173d318ba
 SHA512:
-  metadata.gz: 7b9faffb8512abe29eea9d4ea5268ddf600de29cb5257300e6a47ad157d50e2a7eee0442c0d8d6a61691e554c1f1e817a21a72773179fad0995f633f5aab0c6c
-  data.tar.gz: 044d7d24e039c562ffb4f1c121f54aba50d03144ff9c2b870315577700619a129ddfcecd57bc14969e242693d88242c4cb16c470ff758fd063c84f79875d59fc
+  metadata.gz: 7ff9869a8653f549d7a5ff1f4aa019b63f64bdad67f997a03ec82314fd4024167a5755fdb8224eff38111914ec3bab26d7cf395eff467ac48f12d47226163edf
+  data.tar.gz: ac8afb96fce634f3fa7f41a50862ba50783610b3a6a898bce7fe16b22a68d5338e71d65de6645d31d125ade6c4240a9e5dd697fb84fb0b23160a5de2a50e0cd4

data/.rubocop.yml

@@ -12,6 +12,14 @@ Metrics/LineLength:
 Style/Documentation:
   Enabled: false
 
+Metrics/BlockLength:
+  Exclude:
+    # Tests involve long blocks.
+    - 'spec/**/*'
+
+# I'm not pulling in a library, or forcing Ruby 2.3+
+Style/IndentHeredoc:
+  Enabled: false
 
 # Extra cops:
 

data/CHANGELOG.md

@@ -1,3 +1,7 @@
+v2.0.1
+
+* Check WebFaction credentials before issuing cert.
+
 v2.0.0
 
 * Switch to using the Webfaction API for certificate installation.

data/Gemfile

@@ -5,11 +5,11 @@ gemspec
 
 group :development, :test do
   gem 'bundler', '~> 1.11'
+  gem 'pry', '~> 0.10'
+  gem 'pry-byebug', '~> 3.3'
   gem 'rake', '~> 10.0'
   gem 'rspec', '~> 3.4'
   gem 'rubocop', '~> 0.37'
   gem 'simplecov', '~> 0.11'
-  gem 'pry', '~> 0.10'
-  gem 'pry-byebug', '~> 3.3'
   gem 'webmock', '~> 2.1'
 end

data/README.md

@@ -75,7 +75,7 @@ This method is useful if you are already using RBEnv to manage Ruby, or if you a
 
 Follow the instructions to [set up RBEnv](https://github.com/rbenv/rbenv) and [Ruby Build](https://github.com/rbenv/ruby-build#readme) on your WebFaction server.
 
-Once you have done so, install Ruby 2.1+ (probably 2.3.1 at time of writing). Then set the local Ruby and install the Gem. Finally unset the local Ruby so that you don't run into problems.
+Once you have done so, install Ruby 2.1+, but <2.4 (probably 2.3.1 at time of writing). Then set the local Ruby and install the Gem. Finally unset the local Ruby so that you don't run into problems.
 
     $ rbenv install 2.3.1 # Installs Ruby 2.3.1
     $ rbenv local 2.3.1 # Sets Ruby 2.3.1 as the default version in the current folder.
@@ -83,6 +83,8 @@ Once you have done so, install Ruby 2.1+ (probably 2.3.1 at time of writing). Th
     $ rbenv rehash # Makes RBenv aware of the letsencrypt_webfaction utility.
     $ rm .ruby-version # Unsets Ruby 2.3.1 as the default version in the current folder.
 
+*Ruby 2.4.0+ is not supported since they removed the XMLRPC library from core and moved it to a gem. This Gem doesn't work in Ruby <2.3, leaving us with an issue as the majority of system Rubies used with this project are <2.4. So don't use 2.4 for now. If you absolutely want to, make sure you install the xmlrpc gem manually.*
+
 ## Usage
 
 ### Syntax
@@ -102,7 +104,7 @@ The basic parameters are as follows:
 
 * `--domains`
 
-    The domains for which you want to create certificates, separated by commas (with no spaces). The domains must be served from the same folder. There is one certificate per webapp, regardless of how many domains are served from it.
+    The domains for which you want to create certificates, separated by commas (with no spaces). The domains must be served from the same folder. There is one certificate per WebFaction Website, regardless of how many domains are served from it.
 
 * `--public`
 
@@ -110,13 +112,13 @@ The basic parameters are as follows:
 
     In the case of a PHP site, such as Drupal or Wordpress, look for the folder with `index.php` in it. This is usually in `/home/[myuser]/webapps/[yourapp/]`.
 
-    In the case of a Rails app, look for a folder called `public/`. If you are deploying your app with Capistrano, this could show up in `/home/myuser/webapps/[yourapp]/current/public/`. 
+    In the case of a Rails app, look for a folder called `public/`. If you are deploying your app with Capistrano, this could show up in `/home/myuser/webapps/[yourapp]/current/public/`.
 
     In some cases (such as with some Node.js or Python applications), you may need to create this folder. See [here](https://github.com/will-in-wi/letsencrypt-webfaction/issues/24) for an example of this workaround.
 
 * `--username`
 
-    The username you use to log into the Webfaction control panel.
+    The username you use to log into the Webfaction control panel. Needed along with the password to upload your cert to their API.
 
 * `--password`
 
@@ -131,7 +133,9 @@ Other parameters (which are generally best left to their default values, unless
 ### Example
 Here is a basic example which issues one certificate for both yourdomain.com and www.yourdomain.com, both of which are served by `~/webapps/yourapp/wordpress` and your WebFaction contact email address is you@youremail.com. This assumes that both yourdomain.com and www.yourdomain.com are served from the same folder.
 
-    $ letsencrypt_webfaction --letsencrypt_account_email you@youremail.com --domains yourdomain.com,www.yourdomain.com --public ~/webapps/yourapp/wordpress/
+    $ letsencrypt_webfaction --letsencrypt_account_email you@youremail.com --domains yourdomain.com,www.yourdomain.com --public ~/webapps/yourapp/wordpress/ --username myusername --password mypassword
+
+*Note: Passing the password via the command line as seen here is insecure. You should use the `--config` mechanism mentioned later.*
 
 ### Testing
 
@@ -144,9 +148,7 @@ A test command could thus be something like the following:
 
 ### Operation
 
-When letsencrypt_webfaction runs, it places verification files into the public directory specified, validates the domains with LetsEncrypt, and then dumps the signed certificate and private key into an output folder. By default, the output folder is `~/le_certs/`, inside which it will create `[domain_name]/[timestamp]/`.
-
-After this is done, the utility will email the certificate installation request to WebFaction Support, copying you.
+When letsencrypt_webfaction runs, it places verification files into the public directory specified, validates the domains with LetsEncrypt, and then uploads the certificate to WebFaction's API.
 
 To quickly get a list of parameters and help for each, you can run:
 
@@ -207,28 +209,6 @@ This could be run automatically every two months.
 
 A config file can be placed anywhere in your WebFaction account. A good place might be `~/le_config/siteconfig.yml`.
 
-### Custom email configuration
-
-If you use a WebFaction email address, the process of sending emails to WebFaction Support should work just fine. In some cases, particularly in the case of Gmail, you may need to override the default usage of Sendmail and use SMTP. You can create a custom configuration file as described above (passed using `--config`) and add the below custom configuration in order to accomplish this.
-
-A Gmail example might be:
-
-```yaml
-email_configuration:
-  :via: 'smtp'
-  :via_options:
-    :address: 'smtp.gmail.com'
-    :port: '587'
-    :enable_starttls_auto: true
-    :user_name: '[you@gmail.com]'
-    :password: '[password_see_note]'
-    :authentication: 'plain'
-    :domain: 'localhost.localdomain' # the HELO domain provided by the client to the server
-```
-
-See this [project's GitHub wiki](https://github.com/will-in-wi/letsencrypt-webfaction/wiki) for additional Gmail specific notes.
-
-For all possible options, see [the Pony configuration](https://github.com/benprew/pony).
 
 ## Development
 

data/certs/will_in_wi.pem

@@ -1,7 +1,7 @@
 -----BEGIN CERTIFICATE-----
 MIIDhTCCAm2gAwIBAgIBATANBgkqhkiG9w0BAQUFADBEMRAwDgYDVQQDDAd3aWxs
 aWFtMRwwGgYKCZImiZPyLGQBGRYMam9obnN0b25oYXVzMRIwEAYKCZImiZPyLGQB
-GRYCdXMwHhcNMTYwMzI5MjMyODA2WhcNMTcwMzI5MjMyODA2WjBEMRAwDgYDVQQD
+GRYCdXMwHhcNMTcwNDIyMTMzODM5WhcNMTgwNDIyMTMzODM5WjBEMRAwDgYDVQQD
 DAd3aWxsaWFtMRwwGgYKCZImiZPyLGQBGRYMam9obnN0b25oYXVzMRIwEAYKCZIm
 iZPyLGQBGRYCdXMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDl8XJy
 iFDfTJHbPnQ43vJKAjVPwxRnPhThFeWgYlZ//SU6ZbO4GqewDSMyCrjtWOq+mE59
@@ -12,10 +12,10 @@ iL3gD6KBGRCdOVRmX+mgz0mIxchknFslbLE1aU9kNGabVw/25qUVxTid7HN5DAeY
 gkKUO+QWHBNH4QL3AgMBAAGjgYEwfzAJBgNVHRMEAjAAMAsGA1UdDwQEAwIEsDAd
 BgNVHQ4EFgQUFOFAV8TE1Qa285rrUux+StPq5WowIgYDVR0RBBswGYEXd2lsbGlh
 bUBqb2huc3RvbmhhdXMudXMwIgYDVR0SBBswGYEXd2lsbGlhbUBqb2huc3Rvbmhh
-dXMudXMwDQYJKoZIhvcNAQEFBQADggEBALivmyq7Ky8mL4NDbi/UTq5llJaHoBAn
-9VIzcdfSN4uEK1HTUQnvk0LwsJpPZrT46LT+K6WXAg6djfqzP1RKFsMNwlIjX64S
-E/iLmaP6XPmLz+/JpL+7VDO7evNvvovq7s9bv9O+Xc6wqwSNHy+HOS8Mytr3xew0
-eyLzA/RKj9RiRKauQ5xpMBhx8EFXAgPbpXDbu+t15mtQukLZeoJs6JqOx6VbGUnW
-urnVFSXSvmjoq2UEqNf39Ffw4ZJ2QYuxlOLEInXhf1Rij1+KYHwHoT6qaOmk+fgY
-XWr3WAp8Tv/ogSwGuBGWtsjMTEzbRxAJbRXQDFEMeXJAvzon0o6hUtU=
+dXMudXMwDQYJKoZIhvcNAQEFBQADggEBAKpT/kZxUP3ZmywvtVjwYy2iqKglGPfp
+VUrMDaz3M96EFMH2FGMQDDumCR4OrBvc5URigGhj0qZYJmgBmkCW/gw2sv9RfuZb
+btwEZHcHJrWHW6ys0mD0aGZGptsLbxmm+VJhXNWHKu30Wbmm4yt4lk5atOprYGKp
+M/z07wMPdG5bNazz5iNkuW2HyYJV6BArUfD5fF04m856frBJytLkVe5Q1L83wi7g
+Bgn1/q+P8H+/qkt6w5h8UzWYyXRlEjWvSJEjkNU0C05GQ0w0GFiqd62CgQty5xpa
+7M3NhWEjOZHE18Ro4Vy9CQCJxUasYC4JUMMQ9tQBW+vYIgHfBn0+xlw=
 -----END CERTIFICATE-----

data/letsencrypt_webfaction.gemspec

@@ -1,4 +1,5 @@
 # coding: utf-8
+
 lib = File.expand_path('../lib', __FILE__)
 $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
 require 'letsencrypt_webfaction'
@@ -21,12 +22,15 @@ Gem::Specification.new do |spec|
   spec.files         = `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
   spec.bindir        = 'exe'
   spec.executables   = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
-  spec.require_paths = %w(lib)
+  spec.require_paths = %w[lib]
 
   spec.cert_chain  = ['certs/will_in_wi.pem']
   spec.signing_key = File.expand_path('~/.ssh/gem-private_key.pem') if $PROGRAM_NAME.end_with?('gem')
 
   spec.required_ruby_version = '>= 2.1.0'
 
-  spec.add_runtime_dependency 'acme-client', '>=0.4.1'
+  spec.add_runtime_dependency 'acme-client', '~> 0.5.5'
+
+  # This will be required for Ruby 2.4. But it is incompatible for Ruby <2.3. Unsupporting Ruby 2.4 for the moment.
+  # spec.add_runtime_dependency 'xmlrpc', '~> 0.3.0'
 end

data/lib/letsencrypt_webfaction.rb

@@ -1,3 +1,3 @@
 module LetsencryptWebfaction
-  VERSION = '2.0.0'.freeze
+  VERSION = '2.0.1'.freeze
 end

data/lib/letsencrypt_webfaction/application.rb

@@ -16,6 +16,12 @@ module LetsencryptWebfaction
       # Validate that the correct options were passed.
       validate_options!
 
+      # Check credentials
+      unless api_credentials.valid?
+        $stderr.puts 'WebFaction API username, password, and/or servername are incorrect. Login failed.'
+        exit 1
+      end
+
       # Register the private key.
       register_key!
 
@@ -28,11 +34,12 @@ module LetsencryptWebfaction
 
     private
 
+    def api_credentials
+      @_api_credentials ||= LetsencryptWebfaction::WebfactionApiCredentials.new username: @options.username, password: @options.password, servername: @options.servername, api_server: @options.api_url
+    end
+
     def certificate_installer
-      @certificate_installer ||= begin
-        credentials = LetsencryptWebfaction::WebfactionApiCredentials.new username: @options.username, password: @options.password, servername: @options.servername, api_server: @options.api_url
-        LetsencryptWebfaction::CertificateInstaller.new(@options.cert_name, certificate, credentials)
-      end
+      @certificate_installer ||= LetsencryptWebfaction::CertificateInstaller.new(@options.cert_name, certificate, api_credentials)
     end
 
     def certificate

data/lib/letsencrypt_webfaction/certificate_installer.rb

@@ -11,28 +11,15 @@ module LetsencryptWebfaction
     end
 
     def install!
-      cert_list = server_client.call('list_certificates', session_id)
+      cert_list = @credentials.call('list_certificates')
       action = if cert_list.find { |cert| cert['name'] == @cert_name }
                  'update_certificate'
                else
                  'create_certificate'
                end
-      server_client.call(action, session_id, @cert_name, @certificate.to_pem, @certificate.request.private_key.to_pem, @certificate.chain_to_pem)
+      @credentials.call(action, @cert_name, @certificate.to_pem, @certificate.request.private_key.to_pem, @certificate.chain_to_pem)
 
       true
     end
-
-    private
-
-    def server_client
-      @server_client ||= XMLRPC::Client.new2(@credentials.api_server)
-    end
-
-    def session_id
-      @session_id ||= begin
-        login_resp = server_client.call('login', @credentials.username, @credentials.password, @credentials.servername, WEBFACTION_API_VERSION)
-        login_resp[0]
-      end
-    end
   end
 end

data/lib/letsencrypt_webfaction/webfaction_api_credentials.rb

@@ -1,5 +1,9 @@
+require 'xmlrpc/client'
+
 module LetsencryptWebfaction
   class WebfactionApiCredentials
+    WEBFACTION_API_VERSION = 2
+
     attr_reader :username
     attr_reader :password
     attr_reader :servername
@@ -11,5 +15,29 @@ module LetsencryptWebfaction
       @servername = servername
       @api_server = api_server
     end
+
+    def call(action, *args)
+      server_client.call(action, session_id, *args)
+    end
+
+    def valid?
+      !session_id.nil?
+    rescue XMLRPC::FaultException => e
+      return false if e.message == 'LoginError'
+      raise
+    end
+
+    private
+
+    def server_client
+      @_server_client ||= XMLRPC::Client.new2(api_server)
+    end
+
+    def session_id
+      @_session_id ||= begin
+        login_resp = server_client.call('login', username, password, servername, WEBFACTION_API_VERSION)
+        login_resp[0]
+      end
+    end
   end
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: letsencrypt_webfaction
 version: !ruby/object:Gem::Version
-  version: 2.0.0
+  version: 2.0.1
 platform: ruby
 authors:
 - William Johnston
@@ -12,7 +12,7 @@ cert_chain:
   -----BEGIN CERTIFICATE-----
   MIIDhTCCAm2gAwIBAgIBATANBgkqhkiG9w0BAQUFADBEMRAwDgYDVQQDDAd3aWxs
   aWFtMRwwGgYKCZImiZPyLGQBGRYMam9obnN0b25oYXVzMRIwEAYKCZImiZPyLGQB
-  GRYCdXMwHhcNMTYwMzI5MjMyODA2WhcNMTcwMzI5MjMyODA2WjBEMRAwDgYDVQQD
+  GRYCdXMwHhcNMTcwNDIyMTMzODM5WhcNMTgwNDIyMTMzODM5WjBEMRAwDgYDVQQD
   DAd3aWxsaWFtMRwwGgYKCZImiZPyLGQBGRYMam9obnN0b25oYXVzMRIwEAYKCZIm
   iZPyLGQBGRYCdXMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDl8XJy
   iFDfTJHbPnQ43vJKAjVPwxRnPhThFeWgYlZ//SU6ZbO4GqewDSMyCrjtWOq+mE59
@@ -23,29 +23,29 @@ cert_chain:
   gkKUO+QWHBNH4QL3AgMBAAGjgYEwfzAJBgNVHRMEAjAAMAsGA1UdDwQEAwIEsDAd
   BgNVHQ4EFgQUFOFAV8TE1Qa285rrUux+StPq5WowIgYDVR0RBBswGYEXd2lsbGlh
   bUBqb2huc3RvbmhhdXMudXMwIgYDVR0SBBswGYEXd2lsbGlhbUBqb2huc3Rvbmhh
-  dXMudXMwDQYJKoZIhvcNAQEFBQADggEBALivmyq7Ky8mL4NDbi/UTq5llJaHoBAn
-  9VIzcdfSN4uEK1HTUQnvk0LwsJpPZrT46LT+K6WXAg6djfqzP1RKFsMNwlIjX64S
-  E/iLmaP6XPmLz+/JpL+7VDO7evNvvovq7s9bv9O+Xc6wqwSNHy+HOS8Mytr3xew0
-  eyLzA/RKj9RiRKauQ5xpMBhx8EFXAgPbpXDbu+t15mtQukLZeoJs6JqOx6VbGUnW
-  urnVFSXSvmjoq2UEqNf39Ffw4ZJ2QYuxlOLEInXhf1Rij1+KYHwHoT6qaOmk+fgY
-  XWr3WAp8Tv/ogSwGuBGWtsjMTEzbRxAJbRXQDFEMeXJAvzon0o6hUtU=
+  dXMudXMwDQYJKoZIhvcNAQEFBQADggEBAKpT/kZxUP3ZmywvtVjwYy2iqKglGPfp
+  VUrMDaz3M96EFMH2FGMQDDumCR4OrBvc5URigGhj0qZYJmgBmkCW/gw2sv9RfuZb
+  btwEZHcHJrWHW6ys0mD0aGZGptsLbxmm+VJhXNWHKu30Wbmm4yt4lk5atOprYGKp
+  M/z07wMPdG5bNazz5iNkuW2HyYJV6BArUfD5fF04m856frBJytLkVe5Q1L83wi7g
+  Bgn1/q+P8H+/qkt6w5h8UzWYyXRlEjWvSJEjkNU0C05GQ0w0GFiqd62CgQty5xpa
+  7M3NhWEjOZHE18Ro4Vy9CQCJxUasYC4JUMMQ9tQBW+vYIgHfBn0+xlw=
   -----END CERTIFICATE-----
-date: 2016-11-17 00:00:00.000000000 Z
+date: 2017-04-22 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: acme-client
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.4.1
+        version: 0.5.5
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.4.1
+        version: 0.5.5
 description: A tool to simplify the manual process of using LetsEncrypt on Webfaction
   hosts. It can be added to cron where it will validate your domains automatically,
   place the generated certs in a common folder, and then email the WebFaction support