letsencrypt_webfaction 2.2.3 → 3.0.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +5 -5
- checksums.yaml.gz.sig +0 -0
- data.tar.gz.sig +0 -0
- data/.rubocop.yml +9 -0
- data/CHANGELOG.md +9 -0
- data/Gemfile +1 -0
- data/README.md +18 -107
- data/certs/will_in_wi.pem +8 -8
- data/docs/rbenv.md +31 -0
- data/docs/upgrading.md +49 -0
- data/exe/letsencrypt_webfaction +7 -2
- data/letsencrypt_webfaction.gemspec +1 -0
- data/lib/letsencrypt_webfaction.rb +1 -1
- data/lib/letsencrypt_webfaction/application.rb +32 -84
- data/lib/letsencrypt_webfaction/application/init.rb +55 -0
- data/lib/letsencrypt_webfaction/application/run.rb +133 -0
- data/lib/letsencrypt_webfaction/certificate_installer.rb +0 -2
- data/lib/letsencrypt_webfaction/certificate_issuer.rb +52 -0
- data/lib/letsencrypt_webfaction/domain_validator.rb +1 -1
- data/lib/letsencrypt_webfaction/errors.rb +5 -0
- data/lib/letsencrypt_webfaction/logger_output.rb +14 -0
- data/lib/letsencrypt_webfaction/options.rb +72 -0
- data/lib/letsencrypt_webfaction/options/certificate.rb +50 -0
- data/templates/letsencrypt_webfaction.toml +58 -0
- metadata +35 -18
- metadata.gz.sig +0 -0
- data/config.defaults.yml +0 -12
- data/config.example.yml +0 -8
- data/lib/letsencrypt_webfaction/args_parser.rb +0 -143
- data/lib/letsencrypt_webfaction/args_parser/array_validator.rb +0 -9
- data/lib/letsencrypt_webfaction/args_parser/defined_values_validator.rb +0 -13
- data/lib/letsencrypt_webfaction/args_parser/field.rb +0 -48
- data/lib/letsencrypt_webfaction/args_parser/string_validator.rb +0 -9
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
|
-
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
2
|
+
SHA256:
|
3
|
+
metadata.gz: fa98a88605708bc64a6842f8e635c0ea29a322c5eec5bb1f6b8d5f3e85b56c41
|
4
|
+
data.tar.gz: c85262377c899db7f910b704bed118cc2196baba6bb73e70634b43384084f238
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: f6a3167252ad9df84a9bdca843a75fae8a6b11092ec460c8a974cfe100c3701ba6511d65c05ce17178d2be9a6b1e8ea341af2d602dff7eb4523bbc7cc5a097bb
|
7
|
+
data.tar.gz: ae9e5ef5bacd3a65ec1d55071df2ea79a1bb3e68cd4088157903c0e7667ca057e7c8bf330acab45ab3e146eb67a7cfb6e4aa332995d62a5966eab95a7e31e5be
|
checksums.yaml.gz.sig
CHANGED
Binary file
|
data.tar.gz.sig
CHANGED
Binary file
|
data/.rubocop.yml
CHANGED
@@ -19,6 +19,10 @@ Metrics/BlockLength:
|
|
19
19
|
Exclude:
|
20
20
|
# Tests involve long blocks.
|
21
21
|
- 'spec/**/*'
|
22
|
+
Metrics/ModuleLength:
|
23
|
+
Exclude:
|
24
|
+
# Tests involve piles of code.
|
25
|
+
- 'spec/**/*'
|
22
26
|
|
23
27
|
# I'm not pulling in a library, or forcing Ruby 2.3+
|
24
28
|
Layout/IndentHeredoc:
|
@@ -59,3 +63,8 @@ Style/TrailingCommaInHashLiteral:
|
|
59
63
|
EnforcedStyleForMultiline: consistent_comma
|
60
64
|
Style/TrailingCommaInArguments:
|
61
65
|
EnforcedStyleForMultiline: consistent_comma
|
66
|
+
|
67
|
+
|
68
|
+
# Seems buggy for now.
|
69
|
+
Layout/ClosingHeredocIndentation:
|
70
|
+
Enabled: false
|
data/CHANGELOG.md
CHANGED
@@ -1,3 +1,12 @@
|
|
1
|
+
v3.0.0
|
2
|
+
|
3
|
+
*NOTE: Backwards incompatible, and requires changes to upgrade*
|
4
|
+
|
5
|
+
* One command to update all certs
|
6
|
+
* Checks cert validity and only renews if needed (Run daily instead of every other month)
|
7
|
+
* Uses config file instead of command line arguments
|
8
|
+
* Creates a single private key to serve as the registration cert, and reuses. (fixes #122)
|
9
|
+
|
1
10
|
v2.2.3
|
2
11
|
|
3
12
|
* Fix issue where Acme::Client v0.5.0 changed API. Require newer version and use differently. Fixes #120
|
data/Gemfile
CHANGED
data/README.md
CHANGED
@@ -2,6 +2,8 @@
|
|
2
2
|
|
3
3
|
LetsEncrypt utility client for WebFaction hosts.
|
4
4
|
|
5
|
+
*NOTE: Version 3 is out and requires some manual changes. See [the upgrade guide for details](docs/upgrading.md).*
|
6
|
+
|
5
7
|
This tool automates the process of using LetsEncrypt on WebFaction hosts. It can be added to the Cron scheduled task runner where it will validate your domains automatically, obtain the certificates, and then install them using the Webfaction API.
|
6
8
|
|
7
9
|
For more documentation, as well as walkthroughs, [see the wiki](https://github.com/will-in-wi/letsencrypt-webfaction/wiki)!
|
@@ -44,11 +46,7 @@ This utility works on [CentOS 6 and 7 boxes](https://docs.webfaction.com/user-gu
|
|
44
46
|
|
45
47
|
All places where you need to substitute a value specific to your setup will be denoted with square brackets, e.g. [yourdomain.com]. There are cases where shell variables are used, such as `$HOME`. These should be typed verbatim.
|
46
48
|
|
47
|
-
You can install
|
48
|
-
|
49
|
-
### System Ruby
|
50
|
-
|
51
|
-
This is the simpler method and is preferred.
|
49
|
+
*NOTE: You can install letsencrypt_webfaction using rbenv if you are an advanced Ruby user. Replace the following section with [these instructions](docs/rbenv.md) if you choose to do so.*
|
52
50
|
|
53
51
|
Run the following command in an SSH session to install the letsencrypt_webfaction package via the [RubyGems package management site](https://rubygems.org/gems/letsencrypt_webfaction):
|
54
52
|
|
@@ -67,23 +65,11 @@ This will simplify the running of the LetsEncrypt WebFaction command, by setting
|
|
67
65
|
|
68
66
|
After saving `~/.bash_profile`, run the command `source $HOME/.bash_profile` to apply the new settings.
|
69
67
|
|
70
|
-
|
71
|
-
|
72
|
-
### RBEnv (advanced)
|
73
|
-
|
74
|
-
This method is useful if you are already using RBEnv to manage Ruby, or if you are already a Ruby developer. If neither of these cases are true, just use the system Ruby method.
|
75
|
-
|
76
|
-
Follow the instructions to [set up RBEnv](https://github.com/rbenv/rbenv) and [Ruby Build](https://github.com/rbenv/ruby-build#readme) on your WebFaction server.
|
68
|
+
Run `letsencrypt_webfaction init` to generate a registration cert and the config file. Open the config file `nano -w ~/letsencrypt_webfaction.toml` and edit to reflect your configuration.
|
77
69
|
|
78
|
-
|
70
|
+
Now, you are ready to run `letsencrypt_webfaction run` from your SSH session to get certificates.
|
79
71
|
|
80
|
-
|
81
|
-
$ rbenv local 2.3.1 # Sets Ruby 2.3.1 as the default version in the current folder.
|
82
|
-
$ gem install letsencrypt_webfaction # Installs this utility from RubyGems.
|
83
|
-
$ rbenv rehash # Makes RBenv aware of the letsencrypt_webfaction utility.
|
84
|
-
$ rm .ruby-version # Unsets Ruby 2.3.1 as the default version in the current folder.
|
85
|
-
|
86
|
-
*Ruby 2.4.0+ is not supported since they removed the XMLRPC library from core and moved it to a gem. This Gem doesn't work in Ruby <2.3, leaving us with an issue as the majority of system Rubies used with this project are <2.4. So don't use 2.4 for now. If you absolutely want to, make sure you install the xmlrpc gem manually.*
|
72
|
+
After you run this command, you will see new certificates in the webfaction admin panel, with the names you have provided. You need to change your application to point to this certificate after the certificate has been issued. Future runs of this command will update the existing certificate entry and not require a change in the admin.
|
87
73
|
|
88
74
|
## Usage
|
89
75
|
|
@@ -91,91 +77,35 @@ Once you have done so, install Ruby 2.1+, but <2.4 (probably 2.3.1 at time of wr
|
|
91
77
|
|
92
78
|
The syntax of the letsencrypt_webfaction command is as follows:
|
93
79
|
|
94
|
-
$ letsencrypt_webfaction
|
95
|
-
|
96
|
-
|
97
|
-
### Options:
|
98
|
-
|
99
|
-
The basic parameters are as follows:
|
100
|
-
|
101
|
-
* `--letsencrypt_account_email`
|
102
|
-
|
103
|
-
The email address you want associated with the issued certificates.
|
104
|
-
|
105
|
-
* `--domains`
|
106
|
-
|
107
|
-
The domains for which you want to create certificates, separated by commas (with no spaces). The domains must be served from the same folder. There is one certificate per WebFaction Website, regardless of how many domains are served from it.
|
108
|
-
|
109
|
-
* `--public`
|
110
|
-
|
111
|
-
A folder which is directly served at `http://[yourdomain.com]/` into which the ACME verification files can be placed.
|
112
|
-
|
113
|
-
In the case of a PHP site, such as Drupal or Wordpress, look for the folder with `index.php` in it. This is usually in `/home/[myuser]/webapps/[yourapp/]`.
|
114
|
-
|
115
|
-
In the case of a Rails app, look for a folder called `public/`. If you are deploying your app with Capistrano, this could show up in `/home/myuser/webapps/[yourapp]/current/public/`.
|
116
|
-
|
117
|
-
In some cases (such as with some Node.js or Python applications), you may need to create this folder. See [here](https://github.com/will-in-wi/letsencrypt-webfaction/issues/24) for an example of this workaround.
|
118
|
-
|
119
|
-
You can specify multiple public directories in this option, separated by commas. This is useful when you want to create a single certificate that serves multiple domains that happen to be backed by multiple different public directories. During Let's Encrypt's http01 challenge-response, letsencrypt-webfaction will copy all the challenge files for all domains into all the public directories. Let's Encrypt supports up to 100 domains per certificate, and they discuss the pros and cons of the multiple-domain technique here: https://letsencrypt.org/docs/integration-guide/
|
120
|
-
|
121
|
-
* `--username`
|
122
|
-
|
123
|
-
The username you use to log into the Webfaction control panel. Needed along with the password to upload your cert to their API.
|
124
|
-
|
125
|
-
* `--password`
|
126
|
-
|
127
|
-
The password you use to log into the Webfaction control panel.
|
80
|
+
$ letsencrypt_webfaction [cmd] [*args]
|
128
81
|
|
129
|
-
|
130
|
-
|
131
|
-
If you have several webapps, then you will need to issue the command several times. The command can be run from any folder.
|
132
|
-
|
133
|
-
Other parameters (which are generally best left to their default values, unless you have a perticular need to change them) can be found in the `config.defaults.yml` configuration file (see below in the "More detailed examples" section).
|
134
|
-
|
135
|
-
### Example
|
136
|
-
Here is a basic example which issues one certificate for both yourdomain.com and www.yourdomain.com, both of which are served by `~/webapps/yourapp/wordpress` and your WebFaction contact email address is you@youremail.com. This assumes that both yourdomain.com and www.yourdomain.com are served from the same folder.
|
137
|
-
|
138
|
-
$ letsencrypt_webfaction --letsencrypt_account_email you@youremail.com --domains yourdomain.com,www.yourdomain.com --public ~/webapps/yourapp/wordpress/ --username myusername --password mypassword
|
139
|
-
|
140
|
-
*Note: Passing the password via the command line as seen here is insecure. You should use the `--config` mechanism mentioned later.*
|
141
|
-
|
142
|
-
After you run this command, you will see a new certificate in the webfaction admin panel, called yourdomain_com (in this case). You need to change your application to point to this certificate after the certificate has been issued. Future runs of this command will update the existing certificate entry and not require a change in the admin. You can change the name in the admin interface using the `--cert_name` parameter.
|
82
|
+
The commands are `init` and `run`. You can add the `--quiet` argument to the `run` command to keep normal output from appearing (useful in cron).
|
143
83
|
|
144
84
|
### Testing
|
145
85
|
|
146
|
-
To test certificate issuance, consider using the [LetsEncrypt staging server](https://community.letsencrypt.org/t/testing-against-the-lets-encrypt-staging-environment/6763). This doesn't have the rate limit of 5 certs per domain every 7 days. You can
|
147
|
-
|
148
|
-
A test command could thus be something like the following:
|
149
|
-
|
150
|
-
$ letsencrypt_webfaction --letsencrypt_account_email you@youremail.com --domains yourdomain.com,www.yourdomain.com --public ~/webapps/yourapp/wordpress/ --username <webfaction-username> --password <webfaction-password> --endpoint https://acme-staging.api.letsencrypt.org/
|
151
|
-
|
86
|
+
To test certificate issuance, consider using the [LetsEncrypt staging server](https://community.letsencrypt.org/t/testing-against-the-lets-encrypt-staging-environment/6763). This doesn't have the rate limit of 5 certs per domain every 7 days. You can change the `endpoint` config line to be `https://acme-staging.api.letsencrypt.org/` in order to test the system.
|
152
87
|
|
153
88
|
### Operation
|
154
89
|
|
155
90
|
When letsencrypt_webfaction runs, it places verification files into the public directory specified, validates the domains with LetsEncrypt, and then uploads the certificate to WebFaction's API.
|
156
91
|
|
157
|
-
To quickly get a list of parameters and help for each, you can run:
|
158
|
-
|
159
|
-
$ letsencrypt_webfaction --help
|
160
|
-
|
161
92
|
Once you have the certificate installed and working, you will probably want to redirect the HTTP version of your site to the HTTPS version. WebFaction has [documentation describing how to do this](https://docs.webfaction.com/software/static.html#static-redirecting-from-http-to-https).
|
162
93
|
|
163
94
|
### Cron usage
|
164
95
|
|
165
96
|
Normally, you will run the script manually once to get the certificate, and then you will use Cron to automate future certificate renewal.
|
166
97
|
|
167
|
-
|
98
|
+
The Cron task should run daily (or however often you prefer) and will only renew or issue certs which have been added, changed, or are near or past expiration.
|
168
99
|
|
169
|
-
|
170
|
-
0 4 1 */2 * PATH=$PATH:$GEM_HOME/bin:/usr/local/bin GEM_HOME=$HOME/.letsencrypt_webfaction/gems RUBYLIB=$GEM_HOME/lib ruby2.2 $HOME/.letsencrypt_webfaction/gems/bin/letsencrypt_webfaction --letsencrypt_account_email [you@youremail.com] --domains [yourdomain.com,www.yourdomain.com] --public ~/webapps/[yourapp/your_public_html]/ --quiet --username [yourusername] --password [yourpassword]
|
171
|
-
# RBEnv Installation
|
172
|
-
0 4 1 */2 * RBENV_ROOT=~/.rbenv RBENV_VERSION=2.3.1 ~/.rbenv/bin/rbenv exec letsencrypt_webfaction --letsencrypt_account_email [you@youremail.com] --domains [yourdomain.com,www.yourdomain.com] --public ~/webapps/[yourapp/your_public_html]/ --quiet --username [yourusername] --password [yourpassword]
|
100
|
+
Your Cron task should look like:
|
173
101
|
|
174
|
-
|
102
|
+
```cron
|
103
|
+
18 3 * * * PATH=$PATH:$GEM_HOME/bin:/usr/local/bin GEM_HOME=$HOME/.letsencrypt_webfaction/gems RUBYLIB=$GEM_HOME/lib ruby2.2 $HOME/.letsencrypt_webfaction/gems/bin/letsencrypt_webfaction run --quiet
|
104
|
+
```
|
175
105
|
|
176
|
-
|
106
|
+
*Note the usage of `--quiet` to keep the success message from being shown and emailed.*
|
177
107
|
|
178
|
-
|
108
|
+
This [would run](https://crontab.guru/#18_3_*_*_*) at 03:18 a.m. every day. Change the exact time of the Cron task so that the load on Let's Encrypt is spread out.
|
179
109
|
|
180
110
|
If you want to be notified upon failure, you can add `MAILTO=[you@youremail.com]` to the top of the crontab. This will send you an email whenever any cron job outputs standard out or standard error, which is generally good practice. According to the Webfaction [Cron documentaion](https://docs.webfaction.com/software/general.html#scheduling-tasks-with-cron) some webfaction servers also require you to add `MAILFROM=[you@youremail.com]` to the top of the crontab.
|
181
111
|
|
@@ -185,37 +115,18 @@ While WebFaction staff maintain your standard server software, the support team
|
|
185
115
|
|
186
116
|
You can find the current version by running `letsencrypt_webfaction --version`. Sort of. In versions >= 1.1.4, this will work. In older versions, this will just print `letsencrypt_webfaction: version unknown` due to an oversight on my part. So if you get the latter output, just upgrade.
|
187
117
|
|
188
|
-
[The changelog](
|
118
|
+
[The changelog](CHANGELOG.md) describes changes from version to version.
|
189
119
|
|
190
120
|
LetsEncrypt WebFaction follows [Semantic Versioning](http://semver.org/). In a nutshell, a version number such as `1.2.3` is divided as `major.minor.patch`. When the major version is incremented, you will probably have to change something about the configuration to make it work. The changelog will let you know what changes you need to make. When the minor version is incremented, there are new features but existing features haven't changed. If the patch version is incremented, the changes are all under the hood and shouldn't change or add any existing features.
|
191
121
|
|
192
122
|
TL;DR: Be careful with major version upgrades and you should be fine with upgrading to minor or patch releases.
|
193
123
|
|
194
|
-
To upgrade, run
|
124
|
+
To upgrade, run the following command to fetch and install the newest version from RubyGems:
|
195
125
|
|
196
126
|
```sh
|
197
|
-
# For system Ruby:
|
198
127
|
GEM_HOME=$HOME/.letsencrypt_webfaction/gems RUBYLIB=$GEM_HOME/lib gem2.2 install letsencrypt_webfaction
|
199
|
-
|
200
|
-
# For RBenv
|
201
|
-
RBENV_VERSION=2.3.1 gem install letsencrypt_webfaction
|
202
128
|
```
|
203
129
|
|
204
|
-
### More detailed examples
|
205
|
-
|
206
|
-
Default parameters can be found in [config.defaults.yml](./config.defaults.yml). All of the parameters can be overridden by passing another config file, arguments to the executable, or both. If a both a config file and command-line arguments are passed, they will be interleaved, with the command-line arguments having precedence.
|
207
|
-
|
208
|
-
A config file needs to be in [YAML format](http://www.yaml.org/refcard.html) and have a subset of the keys in [config.defaults.yml](./config.defaults.yml). If you use a config file, you add the `--config [./myconfig.yml]` parameter to the letsencrypt_webfaction command.
|
209
|
-
|
210
|
-
This allows you to set up a Cron task for multiple sites with the defaults for all of them (such as your email address) in a config file, and site specific directives in the command. For example:
|
211
|
-
|
212
|
-
$ letsencrypt_webfaction --config [~/le_config.yml] --domains [yourdomain.com,www.yourdomain.com] --public ~/webapps/[yourapp/your_public_html/]
|
213
|
-
|
214
|
-
This could be run automatically every two months.
|
215
|
-
|
216
|
-
A config file can be placed anywhere in your WebFaction account. A good place might be `~/le_config/siteconfig.yml`.
|
217
|
-
|
218
|
-
|
219
130
|
## Development
|
220
131
|
|
221
132
|
If you are interested in contributing to this project with new code or bugfixes, welcome!
|
data/certs/will_in_wi.pem
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
-----BEGIN CERTIFICATE-----
|
2
|
-
|
2
|
+
MIIDhTCCAm2gAwIBAgIBATANBgkqhkiG9w0BAQsFADBEMRAwDgYDVQQDDAd3aWxs
|
3
3
|
aWFtMRwwGgYKCZImiZPyLGQBGRYMam9obnN0b25oYXVzMRIwEAYKCZImiZPyLGQB
|
4
|
-
|
4
|
+
GRYCdXMwHhcNMTgwNjEwMTMxNTEwWhcNMTkwNjEwMTMxNTEwWjBEMRAwDgYDVQQD
|
5
5
|
DAd3aWxsaWFtMRwwGgYKCZImiZPyLGQBGRYMam9obnN0b25oYXVzMRIwEAYKCZIm
|
6
6
|
iZPyLGQBGRYCdXMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDl8XJy
|
7
7
|
iFDfTJHbPnQ43vJKAjVPwxRnPhThFeWgYlZ//SU6ZbO4GqewDSMyCrjtWOq+mE59
|
@@ -12,10 +12,10 @@ iL3gD6KBGRCdOVRmX+mgz0mIxchknFslbLE1aU9kNGabVw/25qUVxTid7HN5DAeY
|
|
12
12
|
gkKUO+QWHBNH4QL3AgMBAAGjgYEwfzAJBgNVHRMEAjAAMAsGA1UdDwQEAwIEsDAd
|
13
13
|
BgNVHQ4EFgQUFOFAV8TE1Qa285rrUux+StPq5WowIgYDVR0RBBswGYEXd2lsbGlh
|
14
14
|
bUBqb2huc3RvbmhhdXMudXMwIgYDVR0SBBswGYEXd2lsbGlhbUBqb2huc3Rvbmhh
|
15
|
-
|
16
|
-
|
17
|
-
|
18
|
-
|
19
|
-
|
20
|
-
|
15
|
+
dXMudXMwDQYJKoZIhvcNAQELBQADggEBAEZ6tJ2dwjke8nJbBATwwqwqqyISybGc
|
16
|
+
/uw0ApMsYfK0pninuCV5jfpm4WbmqokqNOfbYvlHLpBKGz7uxJRKOioe6Ivl7LJu
|
17
|
+
EHiagTaawLYJK0tZ3fH4K7VFx4pXNIbg6LYzOTIflaBQkVSkaVNfrczTJM11aADC
|
18
|
+
qy0EH65AuAgNtypTvnCKGB6pztMIgxK0FTSdZnnxtC1ReQ1U8MpsaYpOap2Yvofo
|
19
|
+
ilYPju4QWNSvpNVhV+T7JUvAHXva3Rayfp8SKRpvX8ZpRCjvpYfgbmNxXO2ST1qb
|
20
|
+
KBba/yJfCMh+B65HfRUXBQRRDtJ2Vu8i0WmRUKenahAnpkkeVmqhWwY=
|
21
21
|
-----END CERTIFICATE-----
|
data/docs/rbenv.md
ADDED
@@ -0,0 +1,31 @@
|
|
1
|
+
# Installing with RBenv
|
2
|
+
|
3
|
+
This method is useful if you are already using RBEnv to manage Ruby, or if you are already a Ruby developer. If neither of these cases are true, just use the system Ruby method as described in the readme.
|
4
|
+
|
5
|
+
Follow the instructions to [set up RBEnv](https://github.com/rbenv/rbenv) and [Ruby Build](https://github.com/rbenv/ruby-build#readme) on your WebFaction server.
|
6
|
+
|
7
|
+
Once you have done so, install Ruby 2.1+, but <2.4 (probably 2.3.1 at time of writing). Then set the local Ruby and install the Gem. Finally unset the local Ruby so that you don't run into problems.
|
8
|
+
|
9
|
+
$ rbenv install 2.3.1 # Installs Ruby 2.3.1
|
10
|
+
$ rbenv local 2.3.1 # Sets Ruby 2.3.1 as the default version in the current folder.
|
11
|
+
$ gem install letsencrypt_webfaction # Installs this utility from RubyGems.
|
12
|
+
$ rbenv rehash # Makes RBenv aware of the letsencrypt_webfaction utility.
|
13
|
+
$ rm .ruby-version # Unsets Ruby 2.3.1 as the default version in the current folder.
|
14
|
+
|
15
|
+
*Ruby 2.4.0+ is not supported since they removed the XMLRPC library from core and moved it to a gem. This Gem doesn't work in Ruby <2.3, leaving us with an issue as the majority of system Rubies used with this project are <2.4. So don't use 2.4 for now. If you absolutely want to, make sure you install the xmlrpc gem manually.*
|
16
|
+
|
17
|
+
## Cron usage
|
18
|
+
|
19
|
+
Instead of the cron command in the readme, when using rbenv it would look like the following:
|
20
|
+
|
21
|
+
```cron
|
22
|
+
18 3 * * * RBENV_ROOT=~/.rbenv RBENV_VERSION=2.3.1 ~/.rbenv/bin/rbenv exec letsencrypt_webfaction --letsencrypt_account_email [you@youremail.com] --domains [yourdomain.com,www.yourdomain.com] --public ~/webapps/[yourapp/your_public_html]/ --quiet --username [yourusername] --password [yourpassword]
|
23
|
+
```
|
24
|
+
|
25
|
+
## Upgrading
|
26
|
+
|
27
|
+
To upgrade the installed version, run:
|
28
|
+
|
29
|
+
```sh
|
30
|
+
RBENV_VERSION=2.3.1 gem install letsencrypt_webfaction
|
31
|
+
```
|
data/docs/upgrading.md
ADDED
@@ -0,0 +1,49 @@
|
|
1
|
+
# Upgrading from v2 to v3
|
2
|
+
|
3
|
+
Version 3 has a number of major ease of use improvements that break backwards compatibility:
|
4
|
+
|
5
|
+
- Run one command to update all certs instead of one command per cert.
|
6
|
+
- When the command runs, it only updates certs that need updating.
|
7
|
+
- Uses a single config file instead of a large set of command arguments.
|
8
|
+
|
9
|
+
The basic procedure to upgrade is:
|
10
|
+
|
11
|
+
- Upgrade the program
|
12
|
+
- Initialize the config file
|
13
|
+
- Migrate command lines to the config file
|
14
|
+
- Replace crontab lines with new single line
|
15
|
+
|
16
|
+
## Upgrade the program
|
17
|
+
|
18
|
+
Follow the [instructions in the readme](README.md#Upgrading).
|
19
|
+
|
20
|
+
## Initialize the config file
|
21
|
+
|
22
|
+
Create the config file by running `letsencrypt_webfaction init` on the server. Edit it to reflect your situation (`nano -w ~/letsencrypt_webfaction.toml`).
|
23
|
+
|
24
|
+
## Migrate command lines to the config file
|
25
|
+
|
26
|
+
You can dump the letsencrypt_webfaction crontab lines by running `crontab -l | grep letsencrypt_webfaction` on the server. For each line, create a `[[certificate]]` section in the config file.
|
27
|
+
|
28
|
+
For example, this:
|
29
|
+
|
30
|
+
```sh
|
31
|
+
0 4 1 */2 * RBENV_ROOT=~/.rbenv RBENV_VERSION=2.3.1 ~/.rbenv/bin/rbenv exec letsencrypt_webfaction --domains example.com,www.example.com,test.example.com --public ~/webapps/myapp/ --cert_name mycertname
|
32
|
+
```
|
33
|
+
|
34
|
+
Would become this:
|
35
|
+
|
36
|
+
```toml
|
37
|
+
[[certificate]]
|
38
|
+
domains = [
|
39
|
+
"example.com",
|
40
|
+
"www.example.com",
|
41
|
+
"test.example.com"
|
42
|
+
]
|
43
|
+
public = "~/webapps/myapp/"
|
44
|
+
name = "mycertname"
|
45
|
+
```
|
46
|
+
|
47
|
+
## Replace crontab lines with new single line
|
48
|
+
|
49
|
+
Once these are all migrated, run `letsencrypt_webfaction run`. You should see output regarding which certs were issued, updated, or ignored. If this looks satisfactory, remove the existing `letsencrypt_webfaction` lines from your crontab (You edit it by running `crontab -e` on the server), and insert the new line from the readme.
|
data/exe/letsencrypt_webfaction
CHANGED
@@ -1,6 +1,11 @@
|
|
1
1
|
#!/usr/bin/env ruby
|
2
2
|
|
3
3
|
require 'letsencrypt_webfaction/application'
|
4
|
+
require 'letsencrypt_webfaction/errors'
|
4
5
|
|
5
|
-
|
6
|
-
|
6
|
+
begin
|
7
|
+
res = LetsencryptWebfaction::Application.new(ARGV).run!
|
8
|
+
exit(res ? 0 : 1)
|
9
|
+
rescue LetsencryptWebfaction::AppExitError
|
10
|
+
exit 1
|
11
|
+
end
|
@@ -28,6 +28,7 @@ Gem::Specification.new do |spec|
|
|
28
28
|
spec.required_ruby_version = '>= 2.1.0'
|
29
29
|
|
30
30
|
spec.add_runtime_dependency 'acme-client', '~> 0.6.0'
|
31
|
+
spec.add_runtime_dependency 'toml-rb', '~> 1.1'
|
31
32
|
|
32
33
|
# This will be required for Ruby 2.4. But it is incompatible for Ruby <2.3. Unsupporting Ruby 2.4 for the moment.
|
33
34
|
# spec.add_runtime_dependency 'xmlrpc', '~> 0.3.0'
|
@@ -1,92 +1,40 @@
|
|
1
|
-
require '
|
2
|
-
require '
|
3
|
-
|
4
|
-
require 'letsencrypt_webfaction/args_parser'
|
5
|
-
require 'letsencrypt_webfaction/domain_validator'
|
6
|
-
require 'letsencrypt_webfaction/certificate_installer'
|
7
|
-
require 'letsencrypt_webfaction/webfaction_api_credentials'
|
1
|
+
require 'letsencrypt_webfaction/application/init'
|
2
|
+
require 'letsencrypt_webfaction/application/run'
|
8
3
|
|
9
4
|
module LetsencryptWebfaction
|
10
|
-
|
11
|
-
|
12
|
-
|
13
|
-
|
14
|
-
|
15
|
-
|
16
|
-
|
17
|
-
|
18
|
-
|
19
|
-
#
|
20
|
-
|
21
|
-
|
22
|
-
|
5
|
+
module Application
|
6
|
+
SUPPORTED_COMMANDS = {
|
7
|
+
'init' => LetsencryptWebfaction::Application::Init,
|
8
|
+
'run' => LetsencryptWebfaction::Application::Run,
|
9
|
+
}.freeze
|
10
|
+
|
11
|
+
V2_COMMANDS = %i[key_size endpoint domains public letsencrypt_account_email api_url username password servername cert_name].freeze
|
12
|
+
|
13
|
+
class << self
|
14
|
+
def new(args) # rubocop:disable Metrics/MethodLength, Metrics/AbcSize
|
15
|
+
if args[0].nil?
|
16
|
+
$stderr.puts "Missing command. Must be one of #{SUPPORTED_COMMANDS.keys.join(', ')}"
|
17
|
+
raise LetsencryptWebfaction::AppExitError, 'Missing command'
|
18
|
+
elsif v2_command?(args)
|
19
|
+
$stderr.puts 'It looks like you are trying to run a version 2 command in version 3'
|
20
|
+
$stderr.puts 'See https://github.com/will-in-wi/letsencrypt-webfaction/blob/master/docs/upgrading.md'
|
21
|
+
raise LetsencryptWebfaction::AppExitError, 'v2 command'
|
22
|
+
else
|
23
|
+
klass = SUPPORTED_COMMANDS[args[0]]
|
24
|
+
if klass.nil?
|
25
|
+
$stderr.puts "Unsupported command `#{args[0]}`. Must be one of #{SUPPORTED_COMMANDS.keys.join(', ')}"
|
26
|
+
raise LetsencryptWebfaction::AppExitError, 'Unsupported command'
|
27
|
+
else
|
28
|
+
klass.new(args[1..-1])
|
29
|
+
end
|
30
|
+
end
|
23
31
|
end
|
24
32
|
|
25
|
-
|
26
|
-
register_key!
|
27
|
-
|
28
|
-
# Validate the domains.
|
29
|
-
return unless validator.validate!
|
30
|
-
|
31
|
-
# Write the obtained certificates.
|
32
|
-
certificate_installer.install!
|
33
|
-
|
34
|
-
output_success_help
|
35
|
-
end
|
36
|
-
|
37
|
-
private
|
38
|
-
|
39
|
-
def api_credentials
|
40
|
-
@_api_credentials ||= LetsencryptWebfaction::WebfactionApiCredentials.new username: @options.username, password: @options.password, servername: @options.servername, api_server: @options.api_url
|
41
|
-
end
|
42
|
-
|
43
|
-
def certificate_installer
|
44
|
-
@certificate_installer ||= LetsencryptWebfaction::CertificateInstaller.new(@options.cert_name, certificate, api_credentials)
|
45
|
-
end
|
46
|
-
|
47
|
-
def certificate
|
48
|
-
# We can now request a certificate, you can pass anything that returns
|
49
|
-
# a valid DER encoded CSR when calling to_der on it, for example a
|
50
|
-
# OpenSSL::X509::Request too.
|
51
|
-
@certificate ||= client.new_certificate(csr)
|
52
|
-
end
|
33
|
+
private
|
53
34
|
|
54
|
-
|
55
|
-
|
56
|
-
|
57
|
-
@csr ||= Acme::Client::CertificateRequest.new(names: @options.domains)
|
58
|
-
end
|
59
|
-
|
60
|
-
def validator
|
61
|
-
@validator ||= LetsencryptWebfaction::DomainValidator.new @options.domains, client, @options.public
|
62
|
-
end
|
63
|
-
|
64
|
-
def client
|
65
|
-
@client ||= Acme::Client.new(private_key: private_key, endpoint: @options.endpoint)
|
66
|
-
end
|
67
|
-
|
68
|
-
def register_key!
|
69
|
-
# If the private key is not known to the server, we need to register it for the first time.
|
70
|
-
registration = client.register(contact: "mailto:#{@options.letsencrypt_account_email}")
|
71
|
-
|
72
|
-
# You'll may need to agree to the term (that's up the to the server to require it or not but boulder does by default)
|
73
|
-
registration.agree_terms
|
74
|
-
end
|
75
|
-
|
76
|
-
def validate_options!
|
77
|
-
return if @options.valid?
|
78
|
-
raise ArgumentError, @options.errors.values.join("\n")
|
79
|
-
end
|
80
|
-
|
81
|
-
def private_key
|
82
|
-
OpenSSL::PKey::RSA.new(@options.key_size)
|
83
|
-
end
|
84
|
-
|
85
|
-
def output_success_help
|
86
|
-
return if @options.quiet?
|
87
|
-
puts 'Your new certificate is now created and installed.'
|
88
|
-
puts "You will need to change your application to use the #{@options.cert_name} certificate."
|
89
|
-
puts 'Add the `--quiet` parameter in your cron task to remove this message.'
|
35
|
+
def v2_command?(args)
|
36
|
+
(args & (V2_COMMANDS.map { |arg| "--#{arg}" })).any?
|
37
|
+
end
|
90
38
|
end
|
91
39
|
end
|
92
40
|
end
|