letsencrypt_webfaction 3.1.1 → 4.0.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 460dcdc6c596f6caf4586a07bd6a26c9a1a2711efeecfb6f71a90df8b425331a
-  data.tar.gz: e9e95a4a9d6d91a0f84dbe9f13334e9534a10ce338f6ddd5dca3b2bb8f9966f8
+  metadata.gz: ef1b9fb8a70fb210d300ae1d935498127533ada35554769a9def621471f1796e
+  data.tar.gz: 5a43d8bd43ea051733aaadc427406cf73d38c5658ad2cbbaf40bf016cc57d55d
 SHA512:
-  metadata.gz: e3318423279477c29334d843018500245931f57defb23ec066a87105658475f59af3997040cc79986509506801b12ac715483dcdfe82ec5421a846486b997f5f
-  data.tar.gz: 0c51bbae7d41b697fbde485f825eb31709b381fd1314fef2fbbfddbd4c573886f6d5b4d2c2d64baee3b25deca1b6988b9d843740c8ee40c48b14f80525b8c9d9
+  metadata.gz: 7137d662565e1500b2fc184ffba6e1ba4eff4de8537bd06bb221d9a84f4f3f0ec9a84626b044c50a9037cc7ac413c58544c96aa546cf0b9ebf732d31cb563565
+  data.tar.gz: b2f5ad87fccd62fbf07db029918f8d8d49435b3984eec8a27791ff0369740f710d86561240cbfb4f5664024ac81ec081e77ec3ac9f2454a6ba8c6c5b04c941a5

checksums.yaml.gz.sig

@@ -1,2 +1 @@
-ҝ1���U�ѝ����f��I�!��wyQ��*%�}��eUo�ś �-Ͳ���8k����Şƫ����)�����I�x�R0�D��`��Ԭ�	�Ɵ{1��擠����X{�d�:k>�T�69��
����Q(] 1�`
-�7
-�;¶�kg�xk1W��Z�5}�&��Fƚ�Vd�Z=e{��=�3���J���J�0�/��2�f�kw�KM��[�^�
+~T����jʙ���ɴ�6LS��y��ٞ�ܱd��?���`oB�v�FC|�-8�Z�R�s3,En�:m�?��?��Zt�[j,yEk��;
�����[,��i/��IO���	��3[Y�iA�&Tn�f8���@��zX��%8ܗ��|�%m(8�Q�6w��f���~4��
��~T#�8�A�;�.E����]�th�[���-����'ֆ��%:��_�:�[ϝ�>�+Nio�;�C%1W�Ӯ��4;<

data/.gitignore

@@ -16,3 +16,7 @@
 
 # Ignore spec next-failure file.
 /spec/.examples.txt
+
+/.ruby-version
+
+/spec/tmp

data/.rubocop.yml

@@ -1,12 +1,14 @@
+require: rubocop-performance
+
 AllCops:
   Exclude:
     # These are autogenerated binstubs.
     - 'bin/*'
     # Keep rubocop from scanning installed gems.
     - 'vendor/**/*'
-  TargetRubyVersion: 2.2
+  TargetRubyVersion: 2.4
 # Line length is something that isn't dogmatic. 80 chars is a good recommendation.
-Metrics/LineLength:
+Layout/LineLength:
   Enabled: false
 # This requires leading comments which can tend to be redundant.
 Style/Documentation:
@@ -24,10 +26,6 @@ Metrics/ModuleLength:
     # Tests involve piles of code.
     - 'spec/**/*'
 
-# I'm not pulling in a library, or forcing Ruby 2.3+
-Layout/IndentHeredoc:
-  Enabled: false
-
 # When we use $stderr.puts, we don't see that as verbose.
 Style/StderrPuts:
   Enabled: false
@@ -68,3 +66,19 @@ Style/TrailingCommaInArguments:
 # Seems buggy for now.
 Layout/ClosingHeredocIndentation:
   Enabled: false
+
+# Enable new cops
+Layout/SpaceAroundMethodCallOperator:
+  Enabled: true
+Lint/RaiseException:
+  Enabled: true
+Lint/StructNewOverride:
+  Enabled: true
+Style/ExponentialNotation:
+  Enabled: true
+Style/HashEachMethods:
+  Enabled: true
+Style/HashTransformKeys:
+  Enabled: true
+Style/HashTransformValues:
+  Enabled: true

data/.travis.yml

@@ -1,7 +1,7 @@
 language: ruby
 rvm:
-  - 2.3.1
-  - 2.2
-before_install:
-  - gem install bundler
+  - 2.4
+  - 2.5
+  - 2.6
+  - 2.7
 cache: bundler

data/CHANGELOG.md

@@ -2,6 +2,27 @@ Unreleased
 
 * Your change here!
 
+v4.0.2
+
+* Fix issues with the key not being registered correctly. #168
+
+v4.0.1
+
+* Require Ruby >=2.4 (mostly because Faraday, which this depends on, doesn't support 2.2 anymore. Also not support 2.3 because of the xmlrpc library extraction. This just makes things easier, and it seems like WebFaction supports this new version of Ruby everywhere now.)
+
+v4.0.0
+
+* Support ACMEv2
+* No longer adds intermediate certs to bundle, as these don't appear to be provided.
+
+v3.2.0
+
+* New `--force` argument for easier handling of `endpoint` switching. Fixes [#132](https://github.com/will-in-wi/letsencrypt-webfaction/issues/132)
+
+v3.1.2
+
+* [#147](https://github.com/will-in-wi/letsencrypt-webfaction/pull/147) - Changed `RENEWAL_DELTA` to 30 days per LetsEncrypt's recommendation. (@shannonturner)
+
 v3.1.1
 
 * Fixed a missing require when fetching version. Fixes [#146](https://github.com/will-in-wi/letsencrypt-webfaction/issues/146)

data/Gemfile

@@ -1,16 +1,18 @@
+# frozen_string_literal: true
+
 source 'https://rubygems.org'
 
 # Specify your gem's dependencies in test_gem.gemspec
 gemspec
 
 group :development, :test do
-  gem 'bundler', '~> 1.11'
   gem 'pry', '~> 0.10'
   gem 'pry-byebug', '~> 3.3'
   gem 'pry-doc'
   gem 'rake', '~> 12.0'
   gem 'rspec', '~> 3.4'
-  gem 'rubocop', '~> 0.51'
+  gem 'rubocop', '~> 0.82.0'
+  gem 'rubocop-performance'
   gem 'simplecov', '~> 0.11'
   gem 'timecop', '~> 0.9.1'
   gem 'webmock', '~> 3.4'

data/README.md

@@ -2,7 +2,17 @@
 
 LetsEncrypt utility client for WebFaction hosts.
 
-*NOTE: Version 3 is out and requires some manual changes. See [the upgrade guide for details](docs/upgrading.md).*
+## *WebFaction has released first-party support for Let's Encrypt Certs!*
+
+The long-awaited support by [webfaction is here!](https://blog.webfaction.com/2018/09/issue-lets-encrypt-ssl-certificates-with-the-control-panel/) See [the blog post for details about how to use it](https://blog.webfaction.com/2018/09/issue-lets-encrypt-ssl-certificates-with-the-control-panel/), it's really easy! I've switched all of my personal certificates over to their implementation. If you are looking to start adding certificates to your site, start there, not with this tool.
+
+I am not going to abandon this application outright. Too many people have worked too hard on this to suddenly drop it. But I am not planning any further work on it, unless people find actual bugs. If you can't use the WebFaction control panel to issue your Let's Encrypt certs for some reason and so are using this tool, please file a support ticket with WebFaction and also [comment on this ticket](https://github.com/will-in-wi/letsencrypt-webfaction/issues/160).
+
+And finally, THANK YOU to all of you who have filed issues, contributed code and documentation, and helped others solve tickets. You have made this a tremendously fun and rewarding project to work on, and helped out so many fellow WebFaction customers.
+
+## Previous Readme
+
+*NOTE: Version 4 is out and requires some manual changes. See [the upgrade guide for details](docs/upgrading.md).*
 
 This tool automates the process of using LetsEncrypt on WebFaction hosts. It can be added to the Cron scheduled task runner where it will validate your domains automatically, obtain the certificates, and then install them using the Webfaction API.
 
@@ -51,14 +61,14 @@ All places where you need to substitute a value specific to your setup will be d
 Run the following command in an SSH session to install the letsencrypt_webfaction package via the [RubyGems package management site](https://rubygems.org/gems/letsencrypt_webfaction):
 
 ```sh
-GEM_HOME=$HOME/.letsencrypt_webfaction/gems RUBYLIB=$GEM_HOME/lib gem2.2 install letsencrypt_webfaction
+GEM_HOME=$HOME/.letsencrypt_webfaction/gems RUBYLIB=$GEM_HOME/lib gem2.4 install letsencrypt_webfaction
 ```
 
 Add the following to `~/.bash_profile` (using, for example, an FTP client or your favorite text editor):
 
 ```sh
 function letsencrypt_webfaction {
-    PATH=$PATH:$GEM_HOME/bin GEM_HOME=$HOME/.letsencrypt_webfaction/gems RUBYLIB=$GEM_HOME/lib ruby2.2 $HOME/.letsencrypt_webfaction/gems/bin/letsencrypt_webfaction $*
+    GEM_HOME=$HOME/.letsencrypt_webfaction/gems PATH=$PATH:$GEM_HOME/bin RUBYLIB=$GEM_HOME/lib ruby2.4 $HOME/.letsencrypt_webfaction/gems/bin/letsencrypt_webfaction $*
 }
 ```
 This will simplify the running of the LetsEncrypt WebFaction command, by setting some variables in advance.
@@ -67,7 +77,7 @@ After saving `~/.bash_profile`, run the command `source $HOME/.bash_profile` to
 
 Run `letsencrypt_webfaction init` to generate a registration cert and the config file. Open the config file `nano -w ~/letsencrypt_webfaction.toml` and edit to reflect your configuration.
 
-Now, you are ready to run `letsencrypt_webfaction run` from your SSH session to get certificates. Note that by default the config file `letsencrypt_webfaction.toml` is pointed at the LetsEncrypt staging endpoint (the line that says: `endpoint = "https://acme-staging.api.letsencrypt.org/"`); meaning you will only get "test" certificates installed while using the stage endpoint. To issue live certificates you will need to comment out default line, and uncomment the production endpoint line (the line that says: `endpoint = "https://acme-v01.api.letsencrypt.org/" # Production`).
+Now, you are ready to run `letsencrypt_webfaction run` from your SSH session to get certificates. Note that by default the config file `letsencrypt_webfaction.toml` is pointed at the LetsEncrypt staging endpoint (the line that says: `directory = "https://acme-staging-v02.api.letsencrypt.org/directory"`); meaning you will only get "test" certificates installed while using the stage endpoint. To issue live certificates you will need to comment out default line, and uncomment the production endpoint line (the line that says: `directory = "https://acme-v02.api.letsencrypt.org/directory" # Production`).
 
 When you have tested with staging, you can remove the certificate from WebFaction control panel (make sure no webapps are using it first) and re-run with the production endpoint.
 
@@ -83,13 +93,28 @@ Finally, if you would like the `http` site to redirect to your `https`, follow t
 
 The syntax of the letsencrypt_webfaction command is as follows:
 
-    $ letsencrypt_webfaction [cmd] [*args]
+    $ letsencrypt_webfaction [init|run] [*options]
+
+The commands are `init` and `run`. You can also use `--version` to get the currently installed version of letsencrypt_webfaction.
 
-The commands are `init` and `run`. You can add the `--quiet` argument to the `run` command to keep normal output from appearing (useful in cron).
+#### `init`
+
+Generate registration cert and config file.
+
+#### `run`
+
+Generate certs and add to them to the control panel. This command has the following options:
+
+* `--config=CONFIG`: Use alternative configuration path
+* `--force`: Re-issue certs regardless of expiration
+* `--help`: Show help for this command
+* `--quiet`: Run with minimal output (useful for cron)
 
 ### Testing
 
-To test certificate issuance, consider using the [LetsEncrypt staging server](https://community.letsencrypt.org/t/testing-against-the-lets-encrypt-staging-environment/6763). This doesn't have the rate limit of 5 certs per domain every 7 days. You can change the `endpoint` config line to be `https://acme-staging.api.letsencrypt.org/` in order to test the system.
+To test certificate issuance, consider using the [LetsEncrypt staging server](https://community.letsencrypt.org/t/testing-against-the-lets-encrypt-staging-environment/6763). This doesn't have the rate limit of 5 certs per domain every 7 days. You can change the `directory` config line to be `https://acme-staging-v02.api.letsencrypt.org/directory` in order to test the system.
+
+After switching endpoints, you will likely want to run the command with `--force` in order to reissue all certificates from the new endpoint.
 
 ### Operation
 
@@ -106,7 +131,7 @@ The Cron task should run daily (or however often you prefer) and will only renew
 Your Cron task should look like:
 
 ```cron
-18 3 * * *     PATH=$PATH:$GEM_HOME/bin:/usr/local/bin GEM_HOME=$HOME/.letsencrypt_webfaction/gems RUBYLIB=$GEM_HOME/lib ruby2.2 $HOME/.letsencrypt_webfaction/gems/bin/letsencrypt_webfaction run --quiet
+18 3 * * *     PATH=$PATH:$GEM_HOME/bin:/usr/local/bin GEM_HOME=$HOME/.letsencrypt_webfaction/gems RUBYLIB=$GEM_HOME/lib ruby2.4 $HOME/.letsencrypt_webfaction/gems/bin/letsencrypt_webfaction run --quiet
 ```
 
 *Note the usage of `--quiet` to keep the success message from being shown and emailed.*
@@ -119,18 +144,18 @@ If you want to be notified upon failure, you can add `MAILTO=[you@youremail.com]
 
 While WebFaction staff maintain your standard server software, the support team will not upgrade your installation of LetsEncrypt WebFaction. You won't usually need to do this unless you have an issue but, as is good practice with most software, it's best kept up to date.
 
-You can find the current version by running `letsencrypt_webfaction --version`. Sort of. In versions >= 1.1.4, this will work. In older versions, this will just print `letsencrypt_webfaction: version unknown` due to an oversight on my part. So if you get the latter output, just upgrade.
+You can find the current version by running `letsencrypt_webfaction --version`. Sort of. In versions >= 1.1.4 (except for versions v3.0.0-v3.0.1), this will work. In older versions, this will just print `letsencrypt_webfaction: version unknown` due to an oversight on my part. So if you get the latter output, just upgrade.
 
 [The changelog](CHANGELOG.md) describes changes from version to version.
 
-LetsEncrypt WebFaction follows [Semantic Versioning](http://semver.org/). In a nutshell, a version number such as `1.2.3` is divided as `major.minor.patch`. When the major version is incremented, you will probably have to change something about the configuration to make it work. The changelog will let you know what changes you need to make. When the minor version is incremented, there are new features but existing features haven't changed. If the patch version is incremented, the changes are all under the hood and shouldn't change or add any existing features.
+LetsEncrypt WebFaction follows [Semantic Versioning](http://semver.org/). In a nutshell, a version number such as `1.2.4` is divided as `major.minor.patch`. When the major version is incremented, you will probably have to change something about the configuration to make it work. The changelog will let you know what changes you need to make. When the minor version is incremented, there are new features but existing features haven't changed. If the patch version is incremented, the changes are all under the hood and shouldn't change or add any existing features.
 
 TL;DR: Be careful with major version upgrades and you should be fine with upgrading to minor or patch releases.
 
 To upgrade, run the following command to fetch and install the newest version from RubyGems:
 
 ```sh
-GEM_HOME=$HOME/.letsencrypt_webfaction/gems RUBYLIB=$GEM_HOME/lib gem2.2 install letsencrypt_webfaction
+GEM_HOME=$HOME/.letsencrypt_webfaction/gems RUBYLIB=$GEM_HOME/lib gem2.4 install letsencrypt_webfaction
 ```
 
 ## Development

data/Rakefile

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 require 'bundler/gem_tasks'
 require 'rspec/core/rake_task'
 require 'rubocop/rake_task'

data/certs/will_in_wi.pem

@@ -1,7 +1,7 @@
 -----BEGIN CERTIFICATE-----
-MIIDhTCCAm2gAwIBAgIBATANBgkqhkiG9w0BAQsFADBEMRAwDgYDVQQDDAd3aWxs
+MIIDhTCCAm2gAwIBAgIBATANBgkqhkiG9w0BAQUFADBEMRAwDgYDVQQDDAd3aWxs
 aWFtMRwwGgYKCZImiZPyLGQBGRYMam9obnN0b25oYXVzMRIwEAYKCZImiZPyLGQB
-GRYCdXMwHhcNMTgwNjEwMTMxNTEwWhcNMTkwNjEwMTMxNTEwWjBEMRAwDgYDVQQD
+GRYCdXMwHhcNMjAwNDE2MDIxNzQ1WhcNMjEwNDE2MDIxNzQ1WjBEMRAwDgYDVQQD
 DAd3aWxsaWFtMRwwGgYKCZImiZPyLGQBGRYMam9obnN0b25oYXVzMRIwEAYKCZIm
 iZPyLGQBGRYCdXMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDl8XJy
 iFDfTJHbPnQ43vJKAjVPwxRnPhThFeWgYlZ//SU6ZbO4GqewDSMyCrjtWOq+mE59
@@ -12,10 +12,10 @@ iL3gD6KBGRCdOVRmX+mgz0mIxchknFslbLE1aU9kNGabVw/25qUVxTid7HN5DAeY
 gkKUO+QWHBNH4QL3AgMBAAGjgYEwfzAJBgNVHRMEAjAAMAsGA1UdDwQEAwIEsDAd
 BgNVHQ4EFgQUFOFAV8TE1Qa285rrUux+StPq5WowIgYDVR0RBBswGYEXd2lsbGlh
 bUBqb2huc3RvbmhhdXMudXMwIgYDVR0SBBswGYEXd2lsbGlhbUBqb2huc3Rvbmhh
-dXMudXMwDQYJKoZIhvcNAQELBQADggEBAEZ6tJ2dwjke8nJbBATwwqwqqyISybGc
-/uw0ApMsYfK0pninuCV5jfpm4WbmqokqNOfbYvlHLpBKGz7uxJRKOioe6Ivl7LJu
-EHiagTaawLYJK0tZ3fH4K7VFx4pXNIbg6LYzOTIflaBQkVSkaVNfrczTJM11aADC
-qy0EH65AuAgNtypTvnCKGB6pztMIgxK0FTSdZnnxtC1ReQ1U8MpsaYpOap2Yvofo
-ilYPju4QWNSvpNVhV+T7JUvAHXva3Rayfp8SKRpvX8ZpRCjvpYfgbmNxXO2ST1qb
-KBba/yJfCMh+B65HfRUXBQRRDtJ2Vu8i0WmRUKenahAnpkkeVmqhWwY=
+dXMudXMwDQYJKoZIhvcNAQEFBQADggEBAMK2SPYRVs6wzv802pqS1fllhrW/a+fZ
+lU3UP5Gw7VlkFfB7i2J7kafB/kH1Qj6n4e9uu6YhzkodCAszXC0vJdBQoUB+nidO
++XFod0RVfCdcYCmhYsF8YMRqbTOPVDtoBXBISGzpt1boQykR6TZcZFkKEPsAAhRW
+jNRsRelqGB81uWs32PC50OFpQ9Sj8scB/331mAzn//i1F0kiQnQetQDCbr5IieOI
+is7nzWq9MtbVDHPaE5a10t+7UoSjPzWFe4qKnxjB8RjfGymDvy4+H2eJbRQE932E
+Dm3/IFNc1K3ekU2WQEZ3O0WHQY8bCBgCAD/U/CiTaLUOm4VsPnYLAx4=
 -----END CERTIFICATE-----

data/docs/rbenv.md

@@ -4,22 +4,20 @@ This method is useful if you are already using RBEnv to manage Ruby, or if you a
 
 Follow the instructions to [set up RBEnv](https://github.com/rbenv/rbenv) and [Ruby Build](https://github.com/rbenv/ruby-build#readme) on your WebFaction server.
 
-Once you have done so, install Ruby 2.1+, but <2.4 (probably 2.3.1 at time of writing). Then set the local Ruby and install the Gem. Finally unset the local Ruby so that you don't run into problems.
+Once you have done so, install Ruby 2.4+. Then set the local Ruby and install the Gem. Finally unset the local Ruby so that you don't run into problems.
 
-    $ rbenv install 2.3.1 # Installs Ruby 2.3.1
-    $ rbenv local 2.3.1 # Sets Ruby 2.3.1 as the default version in the current folder.
+    $ rbenv install 2.7.0 # Installs Ruby 2.7.0
+    $ rbenv local 2.7.0 # Sets Ruby 2.7.0 as the default version in the current folder.
     $ gem install letsencrypt_webfaction # Installs this utility from RubyGems.
     $ rbenv rehash # Makes RBenv aware of the letsencrypt_webfaction utility.
-    $ rm .ruby-version # Unsets Ruby 2.3.1 as the default version in the current folder.
-
-*Ruby 2.4.0+ is not supported since they removed the XMLRPC library from core and moved it to a gem. This Gem doesn't work in Ruby <2.3, leaving us with an issue as the majority of system Rubies used with this project are <2.4. So don't use 2.4 for now. If you absolutely want to, make sure you install the xmlrpc gem manually.*
+    $ rm .ruby-version # Unsets Ruby 2.7.0 as the default version in the current folder.
 
 ## Cron usage
 
 Instead of the cron command in the readme, when using rbenv it would look like the following:
 
 ```cron
-18 3 * * *     RBENV_ROOT=~/.rbenv RBENV_VERSION=2.3.1 ~/.rbenv/bin/rbenv exec letsencrypt_webfaction --letsencrypt_account_email [you@youremail.com] --domains [yourdomain.com,www.yourdomain.com] --public ~/webapps/[yourapp/your_public_html]/ --quiet --username [yourusername] --password [yourpassword]
+18 3 * * *     RBENV_ROOT=~/.rbenv RBENV_VERSION=2.7.0 ~/.rbenv/bin/rbenv exec letsencrypt_webfaction --letsencrypt_account_email [you@youremail.com] --domains [yourdomain.com,www.yourdomain.com] --public ~/webapps/[yourapp/your_public_html]/ --quiet --username [yourusername] --password [yourpassword]
 ```
 
 ## Upgrading
@@ -27,5 +25,5 @@ Instead of the cron command in the readme, when using rbenv it would look like t
 To upgrade the installed version, run:
 
 ```sh
-RBENV_VERSION=2.3.1 gem install letsencrypt_webfaction
+RBENV_VERSION=2.7.0 gem install letsencrypt_webfaction
 ```

data/docs/upgrading.md

@@ -1,3 +1,30 @@
+# Upgrading from v3 to v4
+
+Switching to ACMEv2 broke backwards compatibility in a couple ways.
+
+- You need to change the `endpoint` entry in your config to `directory` and update it to staging or production.
+```toml
+directory = "https://acme-staging-v02.api.letsencrypt.org/directory" # Staging
+#directory = "https://acme-v02.api.letsencrypt.org/directory" # Production
+```
+- You need to change all references from Ruby 2.2 to 2.4.
+Run:
+```bash
+GEM_HOME=$HOME/.letsencrypt_webfaction/gems RUBYLIB=$GEM_HOME/lib gem2.4 install letsencrypt_webfaction
+```
+And then change
+```bash
+function letsencrypt_webfaction {
+    GEM_HOME=$HOME/.letsencrypt_webfaction/gems PATH=$PATH:$GEM_HOME/bin RUBYLIB=$GEM_HOME/lib ruby2.2 $HOME/.letsencrypt_webfaction/gems/bin/letsencrypt_webfaction $*
+}
+```
+to
+```bash
+function letsencrypt_webfaction {
+    GEM_HOME=$HOME/.letsencrypt_webfaction/gems PATH=$PATH:$GEM_HOME/bin RUBYLIB=$GEM_HOME/lib ruby2.4 $HOME/.letsencrypt_webfaction/gems/bin/letsencrypt_webfaction $*
+}
+```
+
 # Upgrading from v2 to v3
 
 Version 3 has a number of major ease of use improvements that break backwards compatibility:

data/exe/letsencrypt_webfaction

@@ -1,4 +1,5 @@
 #!/usr/bin/env ruby
+# frozen_string_literal: true
 
 require 'letsencrypt_webfaction/application'
 require 'letsencrypt_webfaction/errors'

data/letsencrypt_webfaction.gemspec

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 lib = File.expand_path('lib', __dir__)
 $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
 require 'letsencrypt_webfaction'
@@ -25,11 +27,9 @@ Gem::Specification.new do |spec|
   spec.cert_chain  = ['certs/will_in_wi.pem']
   spec.signing_key = File.expand_path('~/.ssh/gem-private_key.pem') if $PROGRAM_NAME.end_with?('gem')
 
-  spec.required_ruby_version = '>= 2.2.0'
-
-  spec.add_runtime_dependency 'acme-client', '~> 1.0'
-  spec.add_runtime_dependency 'toml-rb', '~> 1.1'
+  spec.required_ruby_version = '>= 2.4.0'
 
-  # This will be required for Ruby 2.4. But it is incompatible for Ruby <2.3. Unsupporting Ruby 2.4 for the moment.
-  # spec.add_runtime_dependency 'xmlrpc', '~> 0.3.0'
+  spec.add_runtime_dependency 'acme-client', '~> 2.0'
+  spec.add_runtime_dependency 'toml-rb', '~> 2.0'
+  spec.add_runtime_dependency 'xmlrpc', '~> 0.3.0'
 end

data/lib/letsencrypt_webfaction.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module LetsencryptWebfaction
-  VERSION = '3.1.1'.freeze
+  VERSION = '4.0.2'
 end

data/lib/letsencrypt_webfaction/application.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 require 'letsencrypt_webfaction/application/init'
 require 'letsencrypt_webfaction/application/run'
 require 'letsencrypt_webfaction/application/version'
@@ -18,7 +20,7 @@ module LetsencryptWebfaction
           $stderr.puts "Missing command. Must be one of #{SUPPORTED_COMMANDS.keys.join(', ')}"
           raise LetsencryptWebfaction::AppExitError, 'Missing command'
         elsif v2_command?(args)
-          $stderr.puts 'It looks like you are trying to run a version 2 command in version 3'
+          $stderr.puts 'It looks like you are trying to run a version 2 command in version 4'
           $stderr.puts 'See https://github.com/will-in-wi/letsencrypt-webfaction/blob/master/docs/upgrading.md'
           raise LetsencryptWebfaction::AppExitError, 'v2 command'
         else

data/lib/letsencrypt_webfaction/application/init.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 require 'letsencrypt_webfaction/options'
 
 require 'pathname'
@@ -7,7 +9,7 @@ require 'openssl'
 module LetsencryptWebfaction
   module Application
     class Init
-      def initialize(_); end # rubocop:disable Naming/UncommunicativeMethodParamName
+      def initialize(_); end
 
       def run!
         copy_config_file

data/lib/letsencrypt_webfaction/application/run.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 require 'letsencrypt_webfaction/options'
 require 'letsencrypt_webfaction/errors'
 require 'letsencrypt_webfaction/webfaction_api_credentials'
@@ -11,7 +13,7 @@ require 'pathname'
 module LetsencryptWebfaction
   module Application
     class Run
-      RENEWAL_DELTA = 14 # days
+      RENEWAL_DELTA = 30 # days
 
       def initialize(args)
         @config_path = DefaultConfigPath.new
@@ -46,6 +48,7 @@ module LetsencryptWebfaction
 
         def validate!
           return true if @path.exist?
+
           print_error
           raise AppExitError, 'config missing'
         end
@@ -70,7 +73,7 @@ module LetsencryptWebfaction
         end
       end
 
-      def parse_options(args)
+      def parse_options(args) # rubocop:disable Metrics/MethodLength
         OptionParser.new do |opts|
           opts.banner = 'Usage: letsencrypt_webfaction run [options]'
 
@@ -81,6 +84,10 @@ module LetsencryptWebfaction
           opts.on('--config=CONFIG', 'Alternative configuration path') do |c|
             @config_path = CustomConfigPath.new(c)
           end
+
+          opts.on('--force', 'When passed, all certs are re-issued regardless of expiration') do |d|
+            @force_refresh = d
+          end
         end.parse!(args)
       end
 
@@ -88,7 +95,10 @@ module LetsencryptWebfaction
         wf_cert_list = api_credentials.call('list_certificates')
         @options.certificates.each do |cert|
           wf_cert = wf_cert_list.find { |c| c['name'] == cert.cert_name }
-          if wf_cert.nil?
+          if @force_refresh
+            # Issue because nonexistent
+            Out.puts "Force issuing #{cert.cert_name}."
+          elsif wf_cert.nil?
             # Issue because nonexistent
             Out.puts "Issuing #{cert.cert_name} for the first time."
           elsif wf_cert['domains'].split(',').map(&:strip).sort == cert.domains.sort
@@ -116,6 +126,7 @@ module LetsencryptWebfaction
 
       def validate_options # rubocop:disable Metrics/MethodLength
         return if @options.valid?
+
         $stderr.puts 'The configuration file has an error:'
         @options.errors.each do |field, error|
           case error
@@ -148,19 +159,20 @@ module LetsencryptWebfaction
       end
 
       def client
-        @_client ||= Acme::Client.new(private_key: private_key, endpoint: @options.endpoint)
+        @_client ||= Acme::Client.new(private_key: private_key, directory: @options.directory)
+      end
+
+      def key_registered?
+        !client.kid.nil?
+      rescue Acme::Client::Error::AccountDoesNotExist
+        false
       end
 
       def register_key
+        return if key_registered?
+
         # If the private key is not known to the server, we need to register it for the first time.
-        registration = client.register(contact: "mailto:#{@options.letsencrypt_account_email}")
-
-        # You'll may need to agree to the term (that's up the to the server to require it or not but boulder does by default)
-        registration.agree_terms
-      rescue Acme::Client::Error::Malformed => e
-        # Stupid hack if the registration already exists.
-        return if e.message == 'Registration key is already in use'
-        raise
+        client.new_account(contact: "mailto:#{@options.letsencrypt_account_email}", terms_of_service_agreed: true)
       end
     end
   end

data/lib/letsencrypt_webfaction/application/version.rb

@@ -1,9 +1,11 @@
+# frozen_string_literal: true
+
 require 'letsencrypt_webfaction'
 
 module LetsencryptWebfaction
   module Application
     class Version
-      def initialize(_); end # rubocop:disable Naming/UncommunicativeMethodParamName
+      def initialize(_); end
 
       def run!
         puts LetsencryptWebfaction::VERSION

data/lib/letsencrypt_webfaction/certificate_installer.rb

@@ -1,10 +1,13 @@
+# frozen_string_literal: true
+
 require 'xmlrpc/client'
 
 module LetsencryptWebfaction
   class CertificateInstaller
-    def initialize(cert_name, certificate, credentials)
+    def initialize(cert_name, certificate, private_key, credentials)
       @cert_name = cert_name
       @certificate = certificate
+      @private_key = private_key
       @credentials = credentials
     end
 
@@ -15,7 +18,7 @@ module LetsencryptWebfaction
                else
                  'create_certificate'
                end
-      @credentials.call(action, @cert_name, @certificate.to_pem, @certificate.request.private_key.to_pem, @certificate.chain_to_pem)
+      @credentials.call(action, @cert_name, @certificate, @private_key.to_pem)
 
       true
     end

data/lib/letsencrypt_webfaction/certificate_issuer.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 require 'acme-client'
 require 'letsencrypt_webfaction/domain_validator'
 require 'letsencrypt_webfaction/certificate_installer'
@@ -22,19 +24,31 @@ module LetsencryptWebfaction
 
     private
 
+    def order
+      @_order ||= @client.new_order(identifiers: @cert_config.domains)
+    end
+
     def validator
-      @_validator ||= LetsencryptWebfaction::DomainValidator.new @cert_config.domains, @client, @cert_config.public_dirs
+      @_validator ||= LetsencryptWebfaction::DomainValidator.new order, @client, @cert_config.public_dirs
     end
 
     def certificate_installer
-      @_certificate_installer ||= LetsencryptWebfaction::CertificateInstaller.new(@cert_config.cert_name, certificate, @api_credentials)
+      @_certificate_installer ||= LetsencryptWebfaction::CertificateInstaller.new(@cert_config.cert_name, certificate, csr.private_key, @api_credentials)
     end
 
     def certificate
       # We can now request a certificate, you can pass anything that returns
       # a valid DER encoded CSR when calling to_der on it, for example a
       # OpenSSL::X509::Request too.
-      @_certificate ||= @client.new_certificate(csr)
+      @_certificate ||= begin
+        order.finalize(csr: csr)
+        while order.status == 'processing'
+          sleep(2)
+          order.reload
+        end
+
+        order.certificate
+      end
     end
 
     def csr

data/lib/letsencrypt_webfaction/domain_validator.rb

@@ -1,9 +1,11 @@
+# frozen_string_literal: true
+
 require 'fileutils'
 
 module LetsencryptWebfaction
   class DomainValidator
-    def initialize(domains, client, public_dirs)
-      @domains = domains
+    def initialize(order, client, public_dirs)
+      @order = order
       @client = client
       @public_dirs = public_dirs.map { |dir| File.expand_path(dir) }
     end
@@ -11,15 +13,18 @@ module LetsencryptWebfaction
     def validate! # rubocop:disable Metrics/MethodLength
       write_files!
 
-      challenges.map(&:request_verification).tap do |requests|
+      challenges.map(&:request_validation).tap do |requests|
         next unless requests.any?(&:!)
+
         $stderr.puts 'Failed to request validations.'
         return false
       end
 
       10.times do
+        challenges.each(&:reload)
         break if no_challenges_pending?
-        sleep(1)
+
+        sleep(2)
       end
 
       return true if all_challenges_valid?
@@ -30,20 +35,16 @@ module LetsencryptWebfaction
 
     private
 
-    def authorizations
-      @authorizations ||= @domains.map { |domain| @client.authorize(domain: domain) }
-    end
-
     def challenges
-      @challenges ||= authorizations.map(&:http01)
+      @challenges ||= @order.authorizations.map(&:http)
     end
 
     def no_challenges_pending?
-      challenges.none? { |challenge| challenge.authorization.verify_status == 'pending' }
+      challenges.none? { |challenge| challenge.status == 'pending' }
     end
 
     def all_challenges_valid?
-      challenges.reject { |challenge| challenge.authorization.verify_status == 'valid' }.empty?
+      challenges.reject { |challenge| challenge.status == 'valid' }.empty?
     end
 
     def write_files!
@@ -59,7 +60,7 @@ module LetsencryptWebfaction
     end
 
     def print_errors
-      validations = authorizations.map(&:domain).zip(challenges)
+      validations = @order.authorizations.map(&:domain).zip(challenges)
       $stderr.puts 'Failed to verify statuses.'
       validations.each { |tuple| Validation.new(*tuple).print_error }
     end
@@ -71,7 +72,7 @@ module LetsencryptWebfaction
       end
 
       def print_error # rubocop:disable Metrics/MethodLength
-        case @challenge.authorization.verify_status
+        case @challenge.status
         when 'valid'
           $stderr.puts "#{@domain}: Success"
         when 'invalid'
@@ -80,7 +81,7 @@ module LetsencryptWebfaction
         when 'pending'
           $stderr.puts "#{@domain}: Still pending, but timed out"
         else
-          $stderr.puts "#{@domain}: Unexpected authorization status #{@challenge.authorization.verify_status}"
+          $stderr.puts "#{@domain}: Unexpected authorization status #{@challenge.status}"
         end
       end
 

data/lib/letsencrypt_webfaction/errors.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module LetsencryptWebfaction
   class Error < StandardError; end
   class InvalidConfigValueError < Error; end

data/lib/letsencrypt_webfaction/logger_output.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module LetsencryptWebfaction
   class LoggerOutput
     attr_accessor :quiet

data/lib/letsencrypt_webfaction/options.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 require 'toml-rb'
 require 'socket'
 
@@ -5,9 +7,9 @@ require 'letsencrypt_webfaction/options/certificate'
 
 module LetsencryptWebfaction
   class Options
-    NON_BLANK_FIELDS = %i[username password letsencrypt_account_email endpoint api_url servername].freeze
+    NON_BLANK_FIELDS = %i[username password letsencrypt_account_email directory api_url servername].freeze
 
-    WEBFACTION_API_URL = 'https://api.webfaction.com/'.freeze
+    WEBFACTION_API_URL = 'https://api.webfaction.com/'
 
     def initialize(args)
       @config = args
@@ -39,8 +41,8 @@ module LetsencryptWebfaction
       @config['letsencrypt_account_email']
     end
 
-    def endpoint
-      @config['endpoint']
+    def directory
+      @config['directory']
     end
 
     def api_url
@@ -57,6 +59,7 @@ module LetsencryptWebfaction
 
     def errors
       {}.tap do |e|
+        e[:endpoint] = 'needs to be updated to directory. See upgrade documentation.' if @config.key?('endpoint')
         NON_BLANK_FIELDS.each do |field|
           e[field] = "can't be blank" if public_send(field).nil? || public_send(field) == ''
         end

data/lib/letsencrypt_webfaction/options/certificate.rb

@@ -1,8 +1,10 @@
+# frozen_string_literal: true
+
 module LetsencryptWebfaction
   class Options
     class Certificate
       SUPPORTED_VALIDATION_METHODS = ['http01'].freeze
-      VALID_CERT_NAME = /[^a-zA-Z\d_]/
+      VALID_CERT_NAME = /[^a-zA-Z\d_]/.freeze
       VALID_KEY_SIZES = [2048, 4096].freeze
 
       def initialize(args)
@@ -11,6 +13,7 @@ module LetsencryptWebfaction
 
       def domains
         return [] if @args['domains'].nil? || @args['domains'] == ''
+
         Array(@args['domains'])
       end
 
@@ -20,6 +23,7 @@ module LetsencryptWebfaction
 
       def public_dirs
         return [] if @args['public'].nil? || @args['public'] == ''
+
         Array(@args['public'])
       end
 
@@ -41,7 +45,7 @@ module LetsencryptWebfaction
           e[:method] = 'must be "http01"' unless SUPPORTED_VALIDATION_METHODS.include?(validation_method)
           e[:public] = "can't be empty" if public_dirs.none?
           e[:name] = "can't be blank" if cert_name.nil? || cert_name == ''
-          e[:name] = 'can only include letters, numbers, and underscores' if cert_name =~ VALID_CERT_NAME
+          e[:name] = 'can only include letters, numbers, and underscores' if VALID_CERT_NAME.match?(cert_name)
           e[:key_size] = "must be one of #{VALID_KEY_SIZES.join(', ')}" unless VALID_KEY_SIZES.include?(key_size)
         end
       end

data/lib/letsencrypt_webfaction/webfaction_api_credentials.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 require 'xmlrpc/client'
 
 module LetsencryptWebfaction
@@ -24,6 +26,7 @@ module LetsencryptWebfaction
       !session_id.nil?
     rescue XMLRPC::FaultException => e
       return false if e.message == 'LoginError'
+
       raise
     end
 

data/templates/letsencrypt_webfaction.toml

@@ -1,4 +1,4 @@
-# Your Webfaction username and password
+# Your Webfaction username and password, for the API & control panel, not SSH
 username = "myusername"
 password = "mypassword"
 
@@ -6,9 +6,10 @@ password = "mypassword"
 letsencrypt_account_email = "me@example.com"
 
 # The ACME endpoint. Use the staging server until you get everything working.
-# Then switch to the production endpoint.
-endpoint = "https://acme-staging.api.letsencrypt.org/" # Staging
-#endpoint = "https://acme-v01.api.letsencrypt.org/" # Production
+# Then switch to the production endpoint. You may want to run with the --force
+# command after switching to reissue all certificates.
+directory = "https://acme-staging-v02.api.letsencrypt.org/directory" # Staging
+#directory = "https://acme-v02.api.letsencrypt.org/directory" # Production
 
 # The URL to the WebFaction API. You should not change this under normal
 # circumstances.

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: letsencrypt_webfaction
 version: !ruby/object:Gem::Version
-  version: 3.1.1
+  version: 4.0.2
 platform: ruby
 authors:
 - William Johnston
@@ -10,9 +10,9 @@ bindir: exe
 cert_chain:
 - |
   -----BEGIN CERTIFICATE-----
-  MIIDhTCCAm2gAwIBAgIBATANBgkqhkiG9w0BAQsFADBEMRAwDgYDVQQDDAd3aWxs
+  MIIDhTCCAm2gAwIBAgIBATANBgkqhkiG9w0BAQUFADBEMRAwDgYDVQQDDAd3aWxs
   aWFtMRwwGgYKCZImiZPyLGQBGRYMam9obnN0b25oYXVzMRIwEAYKCZImiZPyLGQB
-  GRYCdXMwHhcNMTgwNjEwMTMxNTEwWhcNMTkwNjEwMTMxNTEwWjBEMRAwDgYDVQQD
+  GRYCdXMwHhcNMjAwNDE2MDIxNzQ1WhcNMjEwNDE2MDIxNzQ1WjBEMRAwDgYDVQQD
   DAd3aWxsaWFtMRwwGgYKCZImiZPyLGQBGRYMam9obnN0b25oYXVzMRIwEAYKCZIm
   iZPyLGQBGRYCdXMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDl8XJy
   iFDfTJHbPnQ43vJKAjVPwxRnPhThFeWgYlZ//SU6ZbO4GqewDSMyCrjtWOq+mE59
@@ -23,14 +23,14 @@ cert_chain:
   gkKUO+QWHBNH4QL3AgMBAAGjgYEwfzAJBgNVHRMEAjAAMAsGA1UdDwQEAwIEsDAd
   BgNVHQ4EFgQUFOFAV8TE1Qa285rrUux+StPq5WowIgYDVR0RBBswGYEXd2lsbGlh
   bUBqb2huc3RvbmhhdXMudXMwIgYDVR0SBBswGYEXd2lsbGlhbUBqb2huc3Rvbmhh
-  dXMudXMwDQYJKoZIhvcNAQELBQADggEBAEZ6tJ2dwjke8nJbBATwwqwqqyISybGc
-  /uw0ApMsYfK0pninuCV5jfpm4WbmqokqNOfbYvlHLpBKGz7uxJRKOioe6Ivl7LJu
-  EHiagTaawLYJK0tZ3fH4K7VFx4pXNIbg6LYzOTIflaBQkVSkaVNfrczTJM11aADC
-  qy0EH65AuAgNtypTvnCKGB6pztMIgxK0FTSdZnnxtC1ReQ1U8MpsaYpOap2Yvofo
-  ilYPju4QWNSvpNVhV+T7JUvAHXva3Rayfp8SKRpvX8ZpRCjvpYfgbmNxXO2ST1qb
-  KBba/yJfCMh+B65HfRUXBQRRDtJ2Vu8i0WmRUKenahAnpkkeVmqhWwY=
+  dXMudXMwDQYJKoZIhvcNAQEFBQADggEBAMK2SPYRVs6wzv802pqS1fllhrW/a+fZ
+  lU3UP5Gw7VlkFfB7i2J7kafB/kH1Qj6n4e9uu6YhzkodCAszXC0vJdBQoUB+nidO
+  +XFod0RVfCdcYCmhYsF8YMRqbTOPVDtoBXBISGzpt1boQykR6TZcZFkKEPsAAhRW
+  jNRsRelqGB81uWs32PC50OFpQ9Sj8scB/331mAzn//i1F0kiQnQetQDCbr5IieOI
+  is7nzWq9MtbVDHPaE5a10t+7UoSjPzWFe4qKnxjB8RjfGymDvy4+H2eJbRQE932E
+  Dm3/IFNc1K3ekU2WQEZ3O0WHQY8bCBgCAD/U/CiTaLUOm4VsPnYLAx4=
   -----END CERTIFICATE-----
-date: 2018-08-05 00:00:00.000000000 Z
+date: 2020-08-23 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: acme-client
@@ -38,28 +38,42 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.0'
+        version: '2.0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.0'
+        version: '2.0'
 - !ruby/object:Gem::Dependency
   name: toml-rb
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.1'
+        version: '2.0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.1'
+        version: '2.0'
+- !ruby/object:Gem::Dependency
+  name: xmlrpc
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.3.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.3.0
 description: A tool to simplify the manual process of using LetsEncrypt on Webfaction
   hosts. It can be added to cron where it will validate your domains automatically,
   place the generated certs in a common folder, and then email the WebFaction support
@@ -117,15 +131,14 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: 2.2.0
+      version: 2.4.0
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project: 
-rubygems_version: 2.7.7
+rubygems_version: 3.1.2
 signing_key: 
 specification_version: 4
 summary: LetsEncrypt utility client for WebFaction hosts.