letsencrypt_webfaction 3.2.0 → 4.0.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
-SHA256:
-  metadata.gz: c7ddff943c155f7b42dfb270c211d06fe766604ab692a3352affa77d9b970662
-  data.tar.gz: 5cc3af0aab0fecef297e2a6f934f49a32f2a7e3a0b700cfede6575bc9393239d
+SHA1:
+  metadata.gz: 2d709e490a30b32d1606e0603cca2c3e4e986813
+  data.tar.gz: 8089c0a8d1937633b300e9f81abcc5d7289621c1
 SHA512:
-  metadata.gz: e2829cfe4a51c6bd15db4e9cedb09577709985ad2eb8c0b03ff280b45a37bcf9147dbe4dcd5a2d66644d82869a8f37abb433457740afd72951c808a88323f3f5
-  data.tar.gz: 830363149c5f8bc4eef84151e784f03c5567b78ff1f2e1dfa684b84a394e3772268fdcbe7a35706dfb124e4084f38588a53055ef5b1b1289070f297411f82930
+  metadata.gz: 09355bdc2f2c0fa9721ed53a88a0f9ae92e0cba782f3cc59797117771644041ae837222ed24990d58ddc6b4fe441289accfde2b172eda6527abbaf486ddbb2f2
+  data.tar.gz: 33e97c3dd6c2085b3831b852000289ab8d8001df3ab7d01d7227dbb866dff215062770a26a273911372454937c85c0b4b91a8e7d6524f62f4a4a66004c26d3be

data.tar.gz.sig

@@ -1,3 +1,4 @@
-���_��w����@�������;`�/-�D!��Tg@����PX���e��G����E���á/׫i���m+#D�
-Qa����
-&����)m���cKo���0��z�x$��Rq�}M�i��.�m��x��!Xd�vu��x�W�Z��d���ϸc�gT��a �DF���;����2~�o��Ǿ_R(�G3˘e�M���Rq����?;ᛌ=��������@����j���F��\i�OGI1��P��%�?�
+��h�^�j=����e����AYn�\��+�f�;���
+��6G�Z��]�9�30���c
+��ut�U��}J���>��������P[&�	�m�����C�
+�����H��ei��^�>Cg;�nCl�U�ı�

data/.gitignore

@@ -16,3 +16,7 @@
 
 # Ignore spec next-failure file.
 /spec/.examples.txt
+
+/.ruby-version
+
+/spec/tmp

data/.rubocop.yml

@@ -1,3 +1,5 @@
+require: rubocop-performance
+
 AllCops:
   Exclude:
     # These are autogenerated binstubs.

data/.travis.yml

@@ -2,6 +2,4 @@ language: ruby
 rvm:
   - 2.3.1
   - 2.2
-before_install:
-  - gem install bundler
 cache: bundler

data/CHANGELOG.md

@@ -2,6 +2,11 @@ Unreleased
 
 * Your change here!
 
+v4.0.0
+
+* Support ACMEv2
+* No longer adds intermediate certs to bundle, as these don't appear to be provided.
+
 v3.2.0
 
 * New `--force` argument for easier handling of `endpoint` switching. Fixes [#132](https://github.com/will-in-wi/letsencrypt-webfaction/issues/132)

data/Gemfile

@@ -4,13 +4,13 @@ source 'https://rubygems.org'
 gemspec
 
 group :development, :test do
-  gem 'bundler', '~> 1.11'
   gem 'pry', '~> 0.10'
   gem 'pry-byebug', '~> 3.3'
   gem 'pry-doc'
   gem 'rake', '~> 12.0'
   gem 'rspec', '~> 3.4'
-  gem 'rubocop', '~> 0.51'
+  gem 'rubocop', '~> 0.68.0' # Forcing 0.68, as Ruby 2.2 is unsupported after this.
+  gem 'rubocop-performance'
   gem 'simplecov', '~> 0.11'
   gem 'timecop', '~> 0.9.1'
   gem 'webmock', '~> 3.4'

data/README.md

@@ -2,7 +2,17 @@
 
 LetsEncrypt utility client for WebFaction hosts.
 
-*NOTE: Version 3 is out and requires some manual changes. See [the upgrade guide for details](docs/upgrading.md).*
+## *WebFaction has released first-party support for Let's Encrypt Certs!*
+
+The long-awaited support by [webfaction is here!](https://blog.webfaction.com/2018/09/issue-lets-encrypt-ssl-certificates-with-the-control-panel/) See [the blog post for details about how to use it](https://blog.webfaction.com/2018/09/issue-lets-encrypt-ssl-certificates-with-the-control-panel/), it's really easy! I've switched all of my personal certificates over to their implementation. If you are looking to start adding certificates to your site, start there, not with this tool.
+
+I am not going to abandon this application outright. Too many people have worked too hard on this to suddenly drop it. But I am not planning any further work on it, unless people find actual bugs. If you can't use the WebFaction control panel to issue your Let's Encrypt certs for some reason and so are using this tool, please file a support ticket with WebFaction and also [comment on this ticket](https://github.com/will-in-wi/letsencrypt-webfaction/issues/160).
+
+And finally, THANK YOU to all of you who have filed issues, contributed code and documentation, and helped others solve tickets. You have made this a tremendously fun and rewarding project to work on, and helped out so many fellow WebFaction customers.
+
+## Previous Readme
+
+*NOTE: Version 4 is out and requires some manual changes. See [the upgrade guide for details](docs/upgrading.md).*
 
 This tool automates the process of using LetsEncrypt on WebFaction hosts. It can be added to the Cron scheduled task runner where it will validate your domains automatically, obtain the certificates, and then install them using the Webfaction API.
 
@@ -67,7 +77,7 @@ After saving `~/.bash_profile`, run the command `source $HOME/.bash_profile` to
 
 Run `letsencrypt_webfaction init` to generate a registration cert and the config file. Open the config file `nano -w ~/letsencrypt_webfaction.toml` and edit to reflect your configuration.
 
-Now, you are ready to run `letsencrypt_webfaction run` from your SSH session to get certificates. Note that by default the config file `letsencrypt_webfaction.toml` is pointed at the LetsEncrypt staging endpoint (the line that says: `endpoint = "https://acme-staging.api.letsencrypt.org/"`); meaning you will only get "test" certificates installed while using the stage endpoint. To issue live certificates you will need to comment out default line, and uncomment the production endpoint line (the line that says: `endpoint = "https://acme-v01.api.letsencrypt.org/" # Production`).
+Now, you are ready to run `letsencrypt_webfaction run` from your SSH session to get certificates. Note that by default the config file `letsencrypt_webfaction.toml` is pointed at the LetsEncrypt staging endpoint (the line that says: `directory = "https://acme-staging-v02.api.letsencrypt.org/directory"`); meaning you will only get "test" certificates installed while using the stage endpoint. To issue live certificates you will need to comment out default line, and uncomment the production endpoint line (the line that says: `directory = "https://acme-v02.api.letsencrypt.org/directory" # Production`).
 
 When you have tested with staging, you can remove the certificate from WebFaction control panel (make sure no webapps are using it first) and re-run with the production endpoint.
 
@@ -83,13 +93,26 @@ Finally, if you would like the `http` site to redirect to your `https`, follow t
 
 The syntax of the letsencrypt_webfaction command is as follows:
 
-    $ letsencrypt_webfaction [cmd] [*args]
+    $ letsencrypt_webfaction [init|run] [*options]
+
+The commands are `init` and `run`. You can also use `--version` to get the currently installed version of letsencrypt_webfaction.
+
+#### `init`
+
+Generate registration cert and config file.
+
+#### `run`
+
+Generate certs and add to them to the control panel. This command has the following options:
 
-The commands are `init` and `run`. You can add the `--quiet` argument to the `run` command to keep normal output from appearing (useful in cron).
+* `--config=CONFIG`: Use alternative configuration path
+* `--force`: Re-issue certs regardless of expiration
+* `--help`: Show help for this command
+* `--quiet`: Run with minimal output (useful for cron)
 
 ### Testing
 
-To test certificate issuance, consider using the [LetsEncrypt staging server](https://community.letsencrypt.org/t/testing-against-the-lets-encrypt-staging-environment/6763). This doesn't have the rate limit of 5 certs per domain every 7 days. You can change the `endpoint` config line to be `https://acme-staging.api.letsencrypt.org/` in order to test the system.
+To test certificate issuance, consider using the [LetsEncrypt staging server](https://community.letsencrypt.org/t/testing-against-the-lets-encrypt-staging-environment/6763). This doesn't have the rate limit of 5 certs per domain every 7 days. You can change the `directory` config line to be `https://acme-staging-v02.api.letsencrypt.org/directory` in order to test the system.
 
 After switching endpoints, you will likely want to run the command with `--force` in order to reissue all certificates from the new endpoint.
 
@@ -121,7 +144,7 @@ If you want to be notified upon failure, you can add `MAILTO=[you@youremail.com]
 
 While WebFaction staff maintain your standard server software, the support team will not upgrade your installation of LetsEncrypt WebFaction. You won't usually need to do this unless you have an issue but, as is good practice with most software, it's best kept up to date.
 
-You can find the current version by running `letsencrypt_webfaction --version`. Sort of. In versions >= 1.1.4, this will work. In older versions, this will just print `letsencrypt_webfaction: version unknown` due to an oversight on my part. So if you get the latter output, just upgrade.
+You can find the current version by running `letsencrypt_webfaction --version`. Sort of. In versions >= 1.1.4 (except for versions v3.0.0-v3.0.1), this will work. In older versions, this will just print `letsencrypt_webfaction: version unknown` due to an oversight on my part. So if you get the latter output, just upgrade.
 
 [The changelog](CHANGELOG.md) describes changes from version to version.
 

data/certs/will_in_wi.pem

@@ -1,7 +1,7 @@
 -----BEGIN CERTIFICATE-----
-MIIDhTCCAm2gAwIBAgIBATANBgkqhkiG9w0BAQsFADBEMRAwDgYDVQQDDAd3aWxs
+MIIDhTCCAm2gAwIBAgIBATANBgkqhkiG9w0BAQUFADBEMRAwDgYDVQQDDAd3aWxs
 aWFtMRwwGgYKCZImiZPyLGQBGRYMam9obnN0b25oYXVzMRIwEAYKCZImiZPyLGQB
-GRYCdXMwHhcNMTgwNjEwMTMxNTEwWhcNMTkwNjEwMTMxNTEwWjBEMRAwDgYDVQQD
+GRYCdXMwHhcNMjAwNDE2MDIxNzQ1WhcNMjEwNDE2MDIxNzQ1WjBEMRAwDgYDVQQD
 DAd3aWxsaWFtMRwwGgYKCZImiZPyLGQBGRYMam9obnN0b25oYXVzMRIwEAYKCZIm
 iZPyLGQBGRYCdXMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDl8XJy
 iFDfTJHbPnQ43vJKAjVPwxRnPhThFeWgYlZ//SU6ZbO4GqewDSMyCrjtWOq+mE59
@@ -12,10 +12,10 @@ iL3gD6KBGRCdOVRmX+mgz0mIxchknFslbLE1aU9kNGabVw/25qUVxTid7HN5DAeY
 gkKUO+QWHBNH4QL3AgMBAAGjgYEwfzAJBgNVHRMEAjAAMAsGA1UdDwQEAwIEsDAd
 BgNVHQ4EFgQUFOFAV8TE1Qa285rrUux+StPq5WowIgYDVR0RBBswGYEXd2lsbGlh
 bUBqb2huc3RvbmhhdXMudXMwIgYDVR0SBBswGYEXd2lsbGlhbUBqb2huc3Rvbmhh
-dXMudXMwDQYJKoZIhvcNAQELBQADggEBAEZ6tJ2dwjke8nJbBATwwqwqqyISybGc
-/uw0ApMsYfK0pninuCV5jfpm4WbmqokqNOfbYvlHLpBKGz7uxJRKOioe6Ivl7LJu
-EHiagTaawLYJK0tZ3fH4K7VFx4pXNIbg6LYzOTIflaBQkVSkaVNfrczTJM11aADC
-qy0EH65AuAgNtypTvnCKGB6pztMIgxK0FTSdZnnxtC1ReQ1U8MpsaYpOap2Yvofo
-ilYPju4QWNSvpNVhV+T7JUvAHXva3Rayfp8SKRpvX8ZpRCjvpYfgbmNxXO2ST1qb
-KBba/yJfCMh+B65HfRUXBQRRDtJ2Vu8i0WmRUKenahAnpkkeVmqhWwY=
+dXMudXMwDQYJKoZIhvcNAQEFBQADggEBAMK2SPYRVs6wzv802pqS1fllhrW/a+fZ
+lU3UP5Gw7VlkFfB7i2J7kafB/kH1Qj6n4e9uu6YhzkodCAszXC0vJdBQoUB+nidO
++XFod0RVfCdcYCmhYsF8YMRqbTOPVDtoBXBISGzpt1boQykR6TZcZFkKEPsAAhRW
+jNRsRelqGB81uWs32PC50OFpQ9Sj8scB/331mAzn//i1F0kiQnQetQDCbr5IieOI
+is7nzWq9MtbVDHPaE5a10t+7UoSjPzWFe4qKnxjB8RjfGymDvy4+H2eJbRQE932E
+Dm3/IFNc1K3ekU2WQEZ3O0WHQY8bCBgCAD/U/CiTaLUOm4VsPnYLAx4=
 -----END CERTIFICATE-----

data/docs/upgrading.md

@@ -1,3 +1,13 @@
+# Upgrading from v3 to v4
+
+Switching to ACMEv2 broke backwards compatibility in a couple ways.
+
+- You need to change the `endpoint` entry in your config to `directory` and update it to staging or production.
+```toml
+directory = "https://acme-staging-v02.api.letsencrypt.org/directory" # Staging
+#directory = "https://acme-v02.api.letsencrypt.org/directory" # Production
+```
+
 # Upgrading from v2 to v3
 
 Version 3 has a number of major ease of use improvements that break backwards compatibility:

data/letsencrypt_webfaction.gemspec

@@ -27,7 +27,7 @@ Gem::Specification.new do |spec|
 
   spec.required_ruby_version = '>= 2.2.0'
 
-  spec.add_runtime_dependency 'acme-client', '~> 1.0'
+  spec.add_runtime_dependency 'acme-client', '~> 2.0'
   spec.add_runtime_dependency 'toml-rb', '~> 1.1'
 
   # This will be required for Ruby 2.4. But it is incompatible for Ruby <2.3. Unsupporting Ruby 2.4 for the moment.

data/lib/letsencrypt_webfaction.rb

@@ -1,3 +1,3 @@
 module LetsencryptWebfaction
-  VERSION = '3.2.0'.freeze
+  VERSION = '4.0.0'.freeze
 end

data/lib/letsencrypt_webfaction/application.rb

@@ -18,7 +18,7 @@ module LetsencryptWebfaction
           $stderr.puts "Missing command. Must be one of #{SUPPORTED_COMMANDS.keys.join(', ')}"
           raise LetsencryptWebfaction::AppExitError, 'Missing command'
         elsif v2_command?(args)
-          $stderr.puts 'It looks like you are trying to run a version 2 command in version 3'
+          $stderr.puts 'It looks like you are trying to run a version 2 command in version 4'
           $stderr.puts 'See https://github.com/will-in-wi/letsencrypt-webfaction/blob/master/docs/upgrading.md'
           raise LetsencryptWebfaction::AppExitError, 'v2 command'
         else

data/lib/letsencrypt_webfaction/application/init.rb

@@ -7,7 +7,7 @@ require 'openssl'
 module LetsencryptWebfaction
   module Application
     class Init
-      def initialize(_); end # rubocop:disable Naming/UncommunicativeMethodParamName
+      def initialize(_); end
 
       def run!
         copy_config_file

data/lib/letsencrypt_webfaction/application/run.rb

@@ -46,6 +46,7 @@ module LetsencryptWebfaction
 
         def validate!
           return true if @path.exist?
+
           print_error
           raise AppExitError, 'config missing'
         end
@@ -123,6 +124,7 @@ module LetsencryptWebfaction
 
       def validate_options # rubocop:disable Metrics/MethodLength
         return if @options.valid?
+
         $stderr.puts 'The configuration file has an error:'
         @options.errors.each do |field, error|
           case error
@@ -155,19 +157,14 @@ module LetsencryptWebfaction
       end
 
       def client
-        @_client ||= Acme::Client.new(private_key: private_key, endpoint: @options.endpoint)
+        @_client ||= Acme::Client.new(private_key: private_key, directory: @options.directory)
       end
 
       def register_key
+        return if client.kid
+
         # If the private key is not known to the server, we need to register it for the first time.
-        registration = client.register(contact: "mailto:#{@options.letsencrypt_account_email}")
-
-        # You'll may need to agree to the term (that's up the to the server to require it or not but boulder does by default)
-        registration.agree_terms
-      rescue Acme::Client::Error::Malformed => e
-        # Stupid hack if the registration already exists.
-        return if e.message == 'Registration key is already in use'
-        raise
+        client.new_account(contact: "mailto:#{@options.letsencrypt_account_email}", terms_of_service_agreed: true)
       end
     end
   end

data/lib/letsencrypt_webfaction/application/version.rb

@@ -3,7 +3,7 @@ require 'letsencrypt_webfaction'
 module LetsencryptWebfaction
   module Application
     class Version
-      def initialize(_); end # rubocop:disable Naming/UncommunicativeMethodParamName
+      def initialize(_); end
 
       def run!
         puts LetsencryptWebfaction::VERSION

data/lib/letsencrypt_webfaction/certificate_installer.rb

@@ -2,9 +2,10 @@ require 'xmlrpc/client'
 
 module LetsencryptWebfaction
   class CertificateInstaller
-    def initialize(cert_name, certificate, credentials)
+    def initialize(cert_name, certificate, private_key, credentials)
       @cert_name = cert_name
       @certificate = certificate
+      @private_key = private_key
       @credentials = credentials
     end
 
@@ -15,7 +16,7 @@ module LetsencryptWebfaction
                else
                  'create_certificate'
                end
-      @credentials.call(action, @cert_name, @certificate.to_pem, @certificate.request.private_key.to_pem, @certificate.chain_to_pem)
+      @credentials.call(action, @cert_name, @certificate, @private_key.to_pem)
 
       true
     end

data/lib/letsencrypt_webfaction/certificate_issuer.rb

@@ -22,19 +22,31 @@ module LetsencryptWebfaction
 
     private
 
+    def order
+      @_order ||= @client.new_order(identifiers: @cert_config.domains)
+    end
+
     def validator
-      @_validator ||= LetsencryptWebfaction::DomainValidator.new @cert_config.domains, @client, @cert_config.public_dirs
+      @_validator ||= LetsencryptWebfaction::DomainValidator.new order, @client, @cert_config.public_dirs
     end
 
     def certificate_installer
-      @_certificate_installer ||= LetsencryptWebfaction::CertificateInstaller.new(@cert_config.cert_name, certificate, @api_credentials)
+      @_certificate_installer ||= LetsencryptWebfaction::CertificateInstaller.new(@cert_config.cert_name, certificate, csr.private_key, @api_credentials)
     end
 
     def certificate
       # We can now request a certificate, you can pass anything that returns
       # a valid DER encoded CSR when calling to_der on it, for example a
       # OpenSSL::X509::Request too.
-      @_certificate ||= @client.new_certificate(csr)
+      @_certificate ||= begin
+        order.finalize(csr: csr)
+        while order.status == 'processing'
+          sleep(2)
+          order.reload
+        end
+
+        order.certificate
+      end
     end
 
     def csr

data/lib/letsencrypt_webfaction/domain_validator.rb

@@ -2,8 +2,8 @@ require 'fileutils'
 
 module LetsencryptWebfaction
   class DomainValidator
-    def initialize(domains, client, public_dirs)
-      @domains = domains
+    def initialize(order, client, public_dirs)
+      @order = order
       @client = client
       @public_dirs = public_dirs.map { |dir| File.expand_path(dir) }
     end
@@ -11,15 +11,18 @@ module LetsencryptWebfaction
     def validate! # rubocop:disable Metrics/MethodLength
       write_files!
 
-      challenges.map(&:request_verification).tap do |requests|
+      challenges.map(&:request_validation).tap do |requests|
         next unless requests.any?(&:!)
+
         $stderr.puts 'Failed to request validations.'
         return false
       end
 
       10.times do
+        challenges.each(&:reload)
         break if no_challenges_pending?
-        sleep(1)
+
+        sleep(2)
       end
 
       return true if all_challenges_valid?
@@ -30,20 +33,16 @@ module LetsencryptWebfaction
 
     private
 
-    def authorizations
-      @authorizations ||= @domains.map { |domain| @client.authorize(domain: domain) }
-    end
-
     def challenges
-      @challenges ||= authorizations.map(&:http01)
+      @challenges ||= @order.authorizations.map(&:http)
     end
 
     def no_challenges_pending?
-      challenges.none? { |challenge| challenge.authorization.verify_status == 'pending' }
+      challenges.none? { |challenge| challenge.status == 'pending' }
     end
 
     def all_challenges_valid?
-      challenges.reject { |challenge| challenge.authorization.verify_status == 'valid' }.empty?
+      challenges.reject { |challenge| challenge.status == 'valid' }.empty?
     end
 
     def write_files!
@@ -59,7 +58,7 @@ module LetsencryptWebfaction
     end
 
     def print_errors
-      validations = authorizations.map(&:domain).zip(challenges)
+      validations = @order.authorizations.map(&:domain).zip(challenges)
       $stderr.puts 'Failed to verify statuses.'
       validations.each { |tuple| Validation.new(*tuple).print_error }
     end
@@ -71,7 +70,7 @@ module LetsencryptWebfaction
       end
 
       def print_error # rubocop:disable Metrics/MethodLength
-        case @challenge.authorization.verify_status
+        case @challenge.status
         when 'valid'
           $stderr.puts "#{@domain}: Success"
         when 'invalid'
@@ -80,7 +79,7 @@ module LetsencryptWebfaction
         when 'pending'
           $stderr.puts "#{@domain}: Still pending, but timed out"
         else
-          $stderr.puts "#{@domain}: Unexpected authorization status #{@challenge.authorization.verify_status}"
+          $stderr.puts "#{@domain}: Unexpected authorization status #{@challenge.status}"
         end
       end
 

data/lib/letsencrypt_webfaction/options.rb

@@ -5,7 +5,7 @@ require 'letsencrypt_webfaction/options/certificate'
 
 module LetsencryptWebfaction
   class Options
-    NON_BLANK_FIELDS = %i[username password letsencrypt_account_email endpoint api_url servername].freeze
+    NON_BLANK_FIELDS = %i[username password letsencrypt_account_email directory api_url servername].freeze
 
     WEBFACTION_API_URL = 'https://api.webfaction.com/'.freeze
 
@@ -39,8 +39,8 @@ module LetsencryptWebfaction
       @config['letsencrypt_account_email']
     end
 
-    def endpoint
-      @config['endpoint']
+    def directory
+      @config['directory']
     end
 
     def api_url
@@ -57,6 +57,7 @@ module LetsencryptWebfaction
 
     def errors
       {}.tap do |e|
+        e[:endpoint] = 'needs to be updated to directory. See upgrade documentation.' if @config.key?('endpoint')
         NON_BLANK_FIELDS.each do |field|
           e[field] = "can't be blank" if public_send(field).nil? || public_send(field) == ''
         end

data/lib/letsencrypt_webfaction/options/certificate.rb

@@ -2,7 +2,7 @@ module LetsencryptWebfaction
   class Options
     class Certificate
       SUPPORTED_VALIDATION_METHODS = ['http01'].freeze
-      VALID_CERT_NAME = /[^a-zA-Z\d_]/
+      VALID_CERT_NAME = /[^a-zA-Z\d_]/.freeze
       VALID_KEY_SIZES = [2048, 4096].freeze
 
       def initialize(args)
@@ -11,6 +11,7 @@ module LetsencryptWebfaction
 
       def domains
         return [] if @args['domains'].nil? || @args['domains'] == ''
+
         Array(@args['domains'])
       end
 
@@ -20,6 +21,7 @@ module LetsencryptWebfaction
 
       def public_dirs
         return [] if @args['public'].nil? || @args['public'] == ''
+
         Array(@args['public'])
       end
 

data/lib/letsencrypt_webfaction/webfaction_api_credentials.rb

@@ -24,6 +24,7 @@ module LetsencryptWebfaction
       !session_id.nil?
     rescue XMLRPC::FaultException => e
       return false if e.message == 'LoginError'
+
       raise
     end
 

data/templates/letsencrypt_webfaction.toml

@@ -1,4 +1,4 @@
-# Your Webfaction username and password
+# Your Webfaction username and password, for the API & control panel, not SSH
 username = "myusername"
 password = "mypassword"
 
@@ -8,8 +8,8 @@ letsencrypt_account_email = "me@example.com"
 # The ACME endpoint. Use the staging server until you get everything working.
 # Then switch to the production endpoint. You may want to run with the --force
 # command after switching to reissue all certificates.
-endpoint = "https://acme-staging.api.letsencrypt.org/" # Staging
-#endpoint = "https://acme-v01.api.letsencrypt.org/" # Production
+directory = "https://acme-staging-v02.api.letsencrypt.org/directory" # Staging
+#directory = "https://acme-v02.api.letsencrypt.org/directory" # Production
 
 # The URL to the WebFaction API. You should not change this under normal
 # circumstances.

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: letsencrypt_webfaction
 version: !ruby/object:Gem::Version
-  version: 3.2.0
+  version: 4.0.0
 platform: ruby
 authors:
 - William Johnston
@@ -10,9 +10,9 @@ bindir: exe
 cert_chain:
 - |
   -----BEGIN CERTIFICATE-----
-  MIIDhTCCAm2gAwIBAgIBATANBgkqhkiG9w0BAQsFADBEMRAwDgYDVQQDDAd3aWxs
+  MIIDhTCCAm2gAwIBAgIBATANBgkqhkiG9w0BAQUFADBEMRAwDgYDVQQDDAd3aWxs
   aWFtMRwwGgYKCZImiZPyLGQBGRYMam9obnN0b25oYXVzMRIwEAYKCZImiZPyLGQB
-  GRYCdXMwHhcNMTgwNjEwMTMxNTEwWhcNMTkwNjEwMTMxNTEwWjBEMRAwDgYDVQQD
+  GRYCdXMwHhcNMjAwNDE2MDIxNzQ1WhcNMjEwNDE2MDIxNzQ1WjBEMRAwDgYDVQQD
   DAd3aWxsaWFtMRwwGgYKCZImiZPyLGQBGRYMam9obnN0b25oYXVzMRIwEAYKCZIm
   iZPyLGQBGRYCdXMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDl8XJy
   iFDfTJHbPnQ43vJKAjVPwxRnPhThFeWgYlZ//SU6ZbO4GqewDSMyCrjtWOq+mE59
@@ -23,14 +23,14 @@ cert_chain:
   gkKUO+QWHBNH4QL3AgMBAAGjgYEwfzAJBgNVHRMEAjAAMAsGA1UdDwQEAwIEsDAd
   BgNVHQ4EFgQUFOFAV8TE1Qa285rrUux+StPq5WowIgYDVR0RBBswGYEXd2lsbGlh
   bUBqb2huc3RvbmhhdXMudXMwIgYDVR0SBBswGYEXd2lsbGlhbUBqb2huc3Rvbmhh
-  dXMudXMwDQYJKoZIhvcNAQELBQADggEBAEZ6tJ2dwjke8nJbBATwwqwqqyISybGc
-  /uw0ApMsYfK0pninuCV5jfpm4WbmqokqNOfbYvlHLpBKGz7uxJRKOioe6Ivl7LJu
-  EHiagTaawLYJK0tZ3fH4K7VFx4pXNIbg6LYzOTIflaBQkVSkaVNfrczTJM11aADC
-  qy0EH65AuAgNtypTvnCKGB6pztMIgxK0FTSdZnnxtC1ReQ1U8MpsaYpOap2Yvofo
-  ilYPju4QWNSvpNVhV+T7JUvAHXva3Rayfp8SKRpvX8ZpRCjvpYfgbmNxXO2ST1qb
-  KBba/yJfCMh+B65HfRUXBQRRDtJ2Vu8i0WmRUKenahAnpkkeVmqhWwY=
+  dXMudXMwDQYJKoZIhvcNAQEFBQADggEBAMK2SPYRVs6wzv802pqS1fllhrW/a+fZ
+  lU3UP5Gw7VlkFfB7i2J7kafB/kH1Qj6n4e9uu6YhzkodCAszXC0vJdBQoUB+nidO
+  +XFod0RVfCdcYCmhYsF8YMRqbTOPVDtoBXBISGzpt1boQykR6TZcZFkKEPsAAhRW
+  jNRsRelqGB81uWs32PC50OFpQ9Sj8scB/331mAzn//i1F0kiQnQetQDCbr5IieOI
+  is7nzWq9MtbVDHPaE5a10t+7UoSjPzWFe4qKnxjB8RjfGymDvy4+H2eJbRQE932E
+  Dm3/IFNc1K3ekU2WQEZ3O0WHQY8bCBgCAD/U/CiTaLUOm4VsPnYLAx4=
   -----END CERTIFICATE-----
-date: 2018-08-12 00:00:00.000000000 Z
+date: 2020-04-16 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: acme-client
@@ -38,14 +38,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.0'
+        version: '2.0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.0'
+        version: '2.0'
 - !ruby/object:Gem::Dependency
   name: toml-rb
   requirement: !ruby/object:Gem::Requirement
@@ -125,7 +125,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.7.7
+rubygems_version: 2.5.1
 signing_key: 
 specification_version: 4
 summary: LetsEncrypt utility client for WebFaction hosts.