rails-letsencrypt 0.11.3 → 0.13.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: f0edc7fb113891045af86b87c2804503f58df7c77c3141dd613da62e14f70a41
-  data.tar.gz: e4049903145539cc020d3568c62d0e92f221909fe1c7696c9b8e72939ca7292e
+  metadata.gz: 0bcd52d0b1c063971fe7db79ea96162cdb3895bc8992b190de25773a5d6f3a59
+  data.tar.gz: 66ef7517093ba680cd0bdffbdf7dfc2e21f4822a29d41c9d3ba171e2f3cb4299
 SHA512:
-  metadata.gz: 885f68a89b22a6ae3abd0aa89b4d4cf868124fef706877b7e8f874212b590c7ed27af2ac1c46c2b9807a224393d60a43b3879609e46b1cf4d0d3e354e1f594bb
-  data.tar.gz: 4b0c77625b7cbc70fb120cb8554e780304478e17dd8c26fda1f220b630cdad15d98382186db41a1cfc89dcfec5c73f8af1b34632982cfec5178c09161a749822
+  metadata.gz: 643bfad8030d1a7962e49ae7a85b354c3c7e13737d3e2e2ce5b9657c0964e20f3faf867cd51b23a2a695d0e1e30e66d7d54a3e125d135b65f2527447fc2d14f9
+  data.tar.gz: c37a4c9465a91717846aa952510fd7e37ab006732bb35076c50d3057b7ae28aadd70f0acc12a9c7e9d396a4bafd831762d77e06bb03d74ce22cfccf31fda086b

data/README.md

@@ -1,11 +1,16 @@
-# LetsEncrypt [![Gem Version](https://badge.fury.io/rb/rails-letsencrypt.svg)](https://badge.fury.io/rb/rails-letsencrypt) [![Code Climate](https://codeclimate.com/github/elct9620/rails-letsencrypt/badges/gpa.svg)](https://codeclimate.com/github/elct9620/rails-letsencrypt)
+Rails LetsEncrypt
+===
+
+[![Gem Version](https://badge.fury.io/rb/rails-letsencrypt.svg)](https://badge.fury.io/rb/rails-letsencrypt)
+[![Code Climate](https://codeclimate.com/github/elct9620/rails-letsencrypt/badges/gpa.svg)](https://codeclimate.com/github/elct9620/rails-letsencrypt)
+[![Ask DeepWiki](https://deepwiki.com/badge.svg)](https://deepwiki.com/elct9620/rails-letsencrypt)
 
 Provide manageable Let's Encrypt Certificate for Rails.
 
 ## Requirement
 
-* Rails 6.1+
-* Ruby 2.7+
+* Rails 7.2+
+* Ruby 3.2+
 
 ## Installation
 
@@ -40,9 +45,13 @@ Add a file to `config/initializers/letsencrypt.rb` and put below config you need
 
 ```ruby
 LetsEncrypt.config do |config|
+  # Configure the ACME server
+  # Default is Let's Encrypt production server
+  # config.acme_server = 'https://acme-v02.api.letsencrypt.org/directory'
+
   # Using Let's Encrypt staging server or not
   # Default only `Rails.env.production? == true` will use Let's Encrypt production server.
-  config.use_staging = true
+  # config.use_staging = true
 
   # Set the private key path
   # Default is locate at config/letsencrypt.key
@@ -64,14 +73,57 @@ LetsEncrypt.config do |config|
 
   # Enable it if you want to customize the model
   # Default is LetsEncrypt::Certificate
-  #config.certificate_model = 'MyCertificate'
+  # config.certificate_model = 'MyCertificate'
+
+  # Configure the maximum attempts to re-check status when verifying or issuing
+  # config.max_attempts = 30
+
+  # Configure the interval between attempts
+  # config.retry_interval = 1
 end
 ```
 
+> [!WARNING]
+> **Depcrecation Notice**
+> The `use_staging` will be removed in the future, and the `acme_server` will be used to determine the server.
+
 ## Usage
 
 The SSL certificate setup depends on the web server, this gem can work with `ngx_mruby` or `kong`.
 
+### Service
+
+#### Renew Service
+
+```ruby
+certificate = LetsEncrypt::Certificate.find_by(domain: 'example.com')
+
+service = LetsEncrypt::RenewService.new
+service.execute(certificate)
+```
+
+#### Verify Service
+
+```ruby
+certificate = LetsEncrypt::Certificate.find_by(domain: 'example.com')
+
+order = LetsEncrypt.client.new_order(identifiers: [certificate.domain])
+
+service = LetsEncrypt::VerifyService.new
+service.execute(certificate, order)
+```
+
+#### Issue Service
+
+```ruby
+certificate = LetsEncrypt::Certificate.find_by(domain: 'example.com')
+
+order = LetsEncrypt.client.new_order(identifiers: [certificate.domain])
+
+service = LetsEncrypt::IssueService.new
+service.execute(certificate, order)
+```
+
 ### Certificate Model
 
 #### Create
@@ -83,6 +135,10 @@ cert = LetsEncrypt::Certificate.create(domain: 'example.com')
 cert.get # alias  `verify && issue`
 ```
 
+> [!WARNING]
+> **Depcrecation Notice**
+> The `get` will be replaced by `RenewService` in the future.
+
 #### Verify
 
 Makes a request to Let's Encrypt and verify domain
@@ -92,6 +148,10 @@ cert = LetsEncrypt::Certificate.find_by(domain: 'example.com')
 cert.verify
 ```
 
+> [!WARNING]
+> **Depcrecation Notice**
+> The `verify` will be replaced by `VerifyService` in the future.
+
 #### Issue
 
 Ask Let's Encrypt to issue a new certificate.
@@ -101,6 +161,10 @@ cert = LetsEncrypt::Certificate.find_by(domain: 'example.com')
 cert.issue
 ```
 
+> [!WARNING]
+> **Depcrecation Notice**
+> The `issue` will be replaced by `IssueService` in the future.
+
 #### Renew
 
 ```ruby
@@ -108,6 +172,10 @@ cert = LetsEncrypt::Certificate.find_by(domain: 'example.com')
 cert.renew
 ```
 
+> [!WARNING]
+> **Depcrecation Notice**
+> The `renew` will be replaced by `RenewService` in the future.
+
 #### Status
 
 Check a certificate is verified and issued.
@@ -136,7 +204,7 @@ rake letsencrypt:renew
 
 If you are using Sidekiq or others, you can enqueue renew task daily.
 
-```
+```ruby
 LetsEncrypt::RenewCertificatesJob.perform_later
 ```
 
@@ -145,11 +213,17 @@ LetsEncrypt::RenewCertificatesJob.perform_later
 When the certificate is trying to issue a new one, you can subscribe it for logging or error handling.
 
 ```ruby
-ActiveSupport::Notifications.subscribe('letsencrypt.issue') do |name, start, finish, id, payload|
-  Rails.logger.info("Certificate for #{payload[:domain]} is issued")
+ActiveSupport::Notifications.subscribe('letsencrypt.renew') do |name, start, finish, id, payload|
+  Rails.logger.info("Certificate for #{payload[:domain]} is renewed")
 end
 ```
 
+The available events are:
+
+* `letsencrypt.renew`
+* `letsencrypt.verify`
+* `letsencrypt.issue`
+
 ### ngx_mruby
 
 The setup is following this [Article](http://hb.matsumoto-r.jp/entry/2017/03/23/173236)
@@ -200,9 +274,5 @@ server {
 }
 ```
 
-### Kong
-
-Coming soon.
-
 ## License
 The gem is available as open source under the terms of the [MIT License](http://opensource.org/licenses/MIT).

data/app/jobs/lets_encrypt/renew_certificates_job.rb

@@ -6,10 +6,15 @@ module LetsEncrypt
     queue_as :default
 
     def perform
-      LetsEncrypt.certificate_model.renewable.each do |certificate|
-        next if certificate.renew
+      service = LetsEncrypt::RenewService.new
 
+      LetsEncrypt.certificate_model.renewable.each do |certificate|
+        service.execute(certificate)
+      rescue LetsEncrypt::MaxCheckExceeded, LetsEncrypt::InvalidStatus
+        certificate.update(renew_after: 1.day.from_now)
+      rescue Acme::Client::Error => e
         certificate.update(renew_after: 1.day.from_now)
+        Rails.logger.error("LetsEncrypt::RenewCertificatesJob: #{e.message}")
       end
     end
   end

data/app/models/lets_encrypt/certificate.rb

@@ -23,16 +23,13 @@ module LetsEncrypt
   #  index_letsencrypt_certificates_on_renew_after  (renew_after)
   #
   class Certificate < ApplicationRecord
-    include CertificateVerifiable
-    include CertificateIssuable
-
     self.table_name = 'letsencrypt_certificates'
 
     validates :domain, presence: true, uniqueness: true
 
     scope :active, -> { where('certificate IS NOT NULL AND expires_at > ?', Time.zone.now) }
     scope :renewable, -> { where('renew_after IS NULL OR renew_after <= ?', Time.zone.now) }
-    scope :expired, -> { where('expires_at <= ?', Time.zone.now) }
+    scope :expired, -> { where(expires_at: ..Time.zone.now) }
 
     before_create -> { self.key = OpenSSL::PKey::RSA.new(4096).to_s }
     after_destroy -> { delete_from_redis }, if: -> { LetsEncrypt.config.use_redis? && active? }
@@ -51,15 +48,6 @@ module LetsEncrypt
       Time.zone.now >= expires_at
     end
 
-    # Returns true if success get a new certificate
-    def get
-      ActiveSupport::Notifications.instrument('letsencrypt.issue', domain: domain) do
-        verify && issue
-      end
-    end
-
-    alias renew get
-
     # Returns full-chain bundled certificates
     def bundle
       (certificate || '') + (intermediaries || '')
@@ -73,6 +61,22 @@ module LetsEncrypt
       @key_object ||= OpenSSL::PKey::RSA.new(key)
     end
 
+    def challenge!(filename, file_content)
+      update!(
+        verification_path: filename,
+        verification_string: file_content
+      )
+    end
+
+    def refresh!(cert, fullchain)
+      update!(
+        certificate: cert.to_pem,
+        intermediaries: fullchain.join("\n\n"),
+        expires_at: cert.not_after,
+        renew_after: (cert.not_after - 1.month) + rand(10).days
+      )
+    end
+
     # Save certificate into redis
     def save_to_redis
       LetsEncrypt::Redis.save(self)
@@ -83,12 +87,47 @@ module LetsEncrypt
       LetsEncrypt::Redis.delete(self)
     end
 
-    protected
+    # Returns true if success get a new certificate
+    def get
+      logger.info "Getting certificate for #{domain}"
+      service = LetsEncrypt::RenewService.new
+      service.execute(self)
+      logger.info "Certificate issued for #{domain} " \
+                  "(expires on #{expires_at}, will renew after #{renew_after})"
+
+      true
+    rescue LetsEncrypt::MaxCheckExceeded, LetsEncrypt::InvalidStatus => e
+      logger.error "#{domain}: #{e.message}"
+      false
+    end
+
+    alias renew get
 
-    def logger
-      LetsEncrypt.logger
+    def verify
+      service = LetsEncrypt::VerifyService.new
+      service.execute(self, order)
+
+      true
+    rescue LetsEncrypt::MaxCheckExceeded, LetsEncrypt::InvalidStatus => e
+      logger.error "#{domain}: #{e.message}"
+      false
+    end
+
+    def issue
+      logger.info "Getting certificate for #{domain}"
+      service = LetsEncrypt::IssueService.new
+      service.execute(self, order)
+      logger.info "Certificate issued for #{domain} " \
+                  "(expires on #{expires_at}, will renew after #{renew_after})"
+
+      true
+    rescue LetsEncrypt::MaxCheckExceeded, LetsEncrypt::InvalidStatus => e
+      logger.error "#{domain}: #{e.message}"
+      false
     end
 
+    protected
+
     def order
       @order ||= LetsEncrypt.client.new_order(identifiers: [domain])
     end

data/lib/generators/lets_encrypt/install_generator.rb

@@ -21,6 +21,10 @@ module LetsEncrypt
                            'db/migrate/create_letsencrypt_certificates.rb'
       end
 
+      def copy_config
+        copy_file 'letsencrypt.rb', 'config/initializers/letsencrypt.rb'
+      end
+
       def required_migration_version?
         Rails::VERSION::MAJOR >= 5
       end

data/lib/generators/lets_encrypt/templates/letsencrypt.rb

@@ -0,0 +1,38 @@
+LetsEncrypt.config do |config|
+  # Configure the ACME server
+  # Default is Let's Encrypt production server
+  # config.acme_server = 'https://acme-v02.api.letsencrypt.org/directory'
+
+  # Using Let's Encrypt staging server or not
+  # Default only `Rails.env.production? == true` will use Let's Encrypt production server.
+  # config.use_staging = true
+
+  # Set the private key path
+  # Default is locate at config/letsencrypt.key
+  config.private_key_path = Rails.root.join('config', 'letsencrypt.key')
+
+  # Use environment variable to set private key
+  # If enable, the API Client will use `LETSENCRYPT_PRIVATE_KEY` as private key
+  # Default is false
+  config.use_env_key = false
+
+  # Should sync certificate into redis
+  # When using ngx_mruby to dynamic load certificate, this will be helpful
+  # Default is false
+  config.save_to_redis = false
+
+  # The redis server url
+  # Default is nil
+  config.redis_url = 'redis://localhost:6379/1'
+
+  # Enable it if you want to customize the model
+  # Default is LetsEncrypt::Certificate
+  # config.certificate_model = 'MyCertificate'
+
+  # Configure the maximum attempts to re-check status when verifying or issuing
+  # config.max_attempts = 30
+
+  # Configure the interval between attempts
+  # config.retry_interval = 1
+end
+

data/lib/letsencrypt/configuration.rb

@@ -5,6 +5,8 @@ module LetsEncrypt
   class Configuration
     include ActiveSupport::Configurable
 
+    config_accessor :acme_directory
+
     config_accessor :use_staging do
       !Rails.env.production?
     end
@@ -20,6 +22,14 @@ module LetsEncrypt
       'LetsEncrypt::Certificate'
     end
 
+    config_accessor :max_attempts do
+      30
+    end
+
+    config_accessor :retry_interval do
+      1
+    end
+
     # Returns true if enabled `save_to_redis` feature
     def use_redis?
       save_to_redis == true

data/lib/letsencrypt/errors.rb

@@ -0,0 +1,8 @@
+# frozen_string_literal: true
+
+module LetsEncrypt
+  class Error < StandardError; end
+
+  class MaxCheckExceeded < Error; end
+  class InvalidStatus < Error; end
+end

data/lib/letsencrypt/issue_service.rb

@@ -0,0 +1,46 @@
+# frozen_string_literal: true
+
+module LetsEncrypt
+  # The issue service to download the certificate
+  class IssueService
+    attr_reader :checker
+
+    STATUS_PROCESSING = 'processing'
+
+    def initialize(config: LetsEncrypt.config)
+      @checker = StatusChecker.new(
+        max_attempts: config.max_attempts,
+        interval: config.retry_interval
+      )
+    end
+
+    def execute(certificate, order)
+      ActiveSupport::Notifications.instrument('letsencrypt.issue', domain: certificate.domain) do
+        issue(certificate, order)
+      end
+    end
+
+    private
+
+    def issue(certificate, order)
+      csr = build_csr(certificate)
+      order.finalize(csr:)
+      checker.execute do
+        order.reload
+        order.status != STATUS_PROCESSING
+      end
+      fullchain = order.certificate.split("\n\n")
+      cert = OpenSSL::X509::Certificate.new(fullchain.shift)
+      certificate.refresh!(cert, fullchain)
+    end
+
+    def build_csr(certificate)
+      Acme::Client::CertificateRequest.new(
+        private_key: OpenSSL::PKey::RSA.new(certificate.key),
+        subject: {
+          common_name: certificate.domain
+        }
+      )
+    end
+  end
+end

data/lib/letsencrypt/renew_service.rb

@@ -0,0 +1,25 @@
+# frozen_string_literal: true
+
+module LetsEncrypt
+  # The renew service to create or renew the certificate
+  class RenewService
+    attr_reader :acme_client, :config
+
+    def initialize(acme_client: LetsEncrypt.client, config: LetsEncrypt.config)
+      @acme_client = acme_client
+      @config = config
+    end
+
+    def execute(certificate)
+      ActiveSupport::Notifications.instrument('letsencrypt.renew', domain: certificate.domain) do
+        order = acme_client.new_order(identifiers: [certificate.domain])
+
+        verify_service = VerifyService.new(config:)
+        verify_service.execute(certificate, order)
+
+        issue_service = IssueService.new(config:)
+        issue_service.execute(certificate, order)
+      end
+    end
+  end
+end

data/lib/letsencrypt/status_checker.rb

@@ -0,0 +1,26 @@
+# frozen_string_literal: true
+
+module LetsEncrypt
+  # The status checker to make a loop until the status is reached
+  class StatusChecker
+    attr_reader :max_attempts, :interval
+
+    def initialize(max_attempts:, interval:)
+      @max_attempts = max_attempts
+      @interval = interval
+    end
+
+    def execute
+      attempts = 0
+
+      loop do
+        break if yield
+
+        attempts += 1
+        raise MaxCheckExceeded, "Max attempts exceeded (#{max_attempts})" if attempts >= max_attempts
+
+        sleep interval
+      end
+    end
+  end
+end

data/lib/letsencrypt/verify_service.rb

@@ -0,0 +1,46 @@
+# frozen_string_literal: true
+
+module LetsEncrypt
+  # Process the verification of the domain
+  class VerifyService
+    STATUS_PENDING = 'pending'
+    STATUS_VALID = 'valid'
+
+    attr_reader :checker
+
+    def initialize(config: LetsEncrypt.config)
+      @checker = StatusChecker.new(
+        max_attempts: config.max_attempts,
+        interval: config.retry_interval
+      )
+    end
+
+    def execute(certificate, order)
+      ActiveSupport::Notifications.instrument('letsencrypt.verify', domain: certificate.domain) do
+        verify(certificate, order)
+      end
+    end
+
+    private
+
+    def verify(certificate, order)
+      challenge = order.authorizations.first.http
+
+      certificate.challenge!(challenge.filename, challenge.file_content)
+
+      challenge.request_validation
+
+      checker.execute do
+        challenge.reload
+        challenge.status != STATUS_PENDING
+      end
+      assert(challenge)
+    end
+
+    def assert(challenge)
+      return if challenge.status == STATUS_VALID
+
+      raise LetsEncrypt::InvalidStatus, "Status not valid (was: #{challenge.status})"
+    end
+  end
+end

data/lib/letsencrypt/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module LetsEncrypt
-  VERSION = '0.11.3'
+  VERSION = '0.13.0'
 end

data/lib/letsencrypt.rb

@@ -5,9 +5,13 @@ require 'acme-client'
 require 'redis'
 require 'letsencrypt/railtie'
 require 'letsencrypt/engine'
+require 'letsencrypt/errors'
 require 'letsencrypt/configuration'
-require 'letsencrypt/logger_proxy'
 require 'letsencrypt/redis'
+require 'letsencrypt/status_checker'
+require 'letsencrypt/verify_service'
+require 'letsencrypt/issue_service'
+require 'letsencrypt/renew_service'
 
 # :nodoc:
 module LetsEncrypt
@@ -22,8 +26,9 @@ module LetsEncrypt
     # Create the ACME Client to Let's Encrypt
     def client
       @client ||= ::Acme::Client.new(
-        private_key: private_key,
-        directory: directory
+        private_key:,
+        directory:,
+        bad_nonce_retry: 5
       )
     end
 
@@ -40,7 +45,8 @@ module LetsEncrypt
 
     # Get current using Let's Encrypt endpoint
     def directory
-      @directory ||= config.use_staging? ? ENDPOINT_STAGING : ENDPOINT
+      @directory ||= config.acme_directory ||
+                     (config.use_staging? ? ENDPOINT_STAGING : ENDPOINT)
     end
 
     # Register a Let's Encrypt account
@@ -68,7 +74,7 @@ module LetsEncrypt
     end
 
     def logger
-      @logger ||= LoggerProxy.new(Rails.logger, tags: ['LetsEncrypt'])
+      @logger ||= Rails.logger.tagged('LetsEncrypt')
     end
 
     # Config how to Let's Encrypt works for Rails
@@ -77,9 +83,9 @@ module LetsEncrypt
     #    # Always use production mode to connect Let's Encrypt API server
     #    config.use_staging = false
     #   end
-    def config(&block)
+    def config(&)
       @config ||= Configuration.new
-      instance_exec(@config, &block) if block_given?
+      instance_exec(@config, &) if block_given?
       @config
     end
 

data/lib/tasks/letsencrypt_tasks.rake

@@ -3,18 +3,21 @@
 namespace :letsencrypt do
   desc 'Renew certificates that already expired or expiring soon'
   task renew: :environment do
-    count = 0
+    success = 0
     failed = 0
 
-    LetsEncrypt.certificate_model.renewable.each do |certificate|
-      count += 1
-
-      next if certificate.renew
+    service = LetsEncrypt::RenewService.new
 
+    LetsEncrypt.certificate_model.renewable.each do |certificate|
+      service.execute(certificate)
+      success += 1
+    rescue Acme::Client::Error, LetsEncrypt::MaxCheckExceeded, LetsEncrypt::InvalidStatus => e
       failed += 1
-      puts "Could not renew domain: #{certificate.domain}"
+      puts "Could not renew domain: #{certificate.domain} - #{e.message}"
     end
 
-    puts "Renewed #{count - failed} out of #{count} domains"
+    puts "Renewed #{success} certificates successfully."
+    puts "Failed to renew #{failed} certificates."
+    puts "Total: #{success + failed} certificates."
   end
 end

metadata

@@ -1,14 +1,13 @@
 --- !ruby/object:Gem::Specification
 name: rails-letsencrypt
 version: !ruby/object:Gem::Version
-  version: 0.11.3
+  version: 0.13.0
 platform: ruby
 authors:
 - 蒼時弦也
-autorequire:
 bindir: bin
 cert_chain: []
-date: 2024-02-13 00:00:00.000000000 Z
+date: 2025-05-20 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: acme-client
@@ -143,26 +142,28 @@ executables: []
 extensions: []
 extra_rdoc_files: []
 files:
-- MIT-LICENSE
 - README.md
 - Rakefile
 - app/controllers/lets_encrypt/application_controller.rb
 - app/controllers/lets_encrypt/verifications_controller.rb
 - app/jobs/lets_encrypt/application_job.rb
 - app/jobs/lets_encrypt/renew_certificates_job.rb
-- app/models/concerns/lets_encrypt/certificate_issuable.rb
-- app/models/concerns/lets_encrypt/certificate_verifiable.rb
 - app/models/lets_encrypt/certificate.rb
 - config/routes.rb
 - lib/generators/lets_encrypt/install_generator.rb
 - lib/generators/lets_encrypt/register_generator.rb
+- lib/generators/lets_encrypt/templates/letsencrypt.rb
 - lib/generators/lets_encrypt/templates/migration.rb
 - lib/letsencrypt.rb
 - lib/letsencrypt/configuration.rb
 - lib/letsencrypt/engine.rb
-- lib/letsencrypt/logger_proxy.rb
+- lib/letsencrypt/errors.rb
+- lib/letsencrypt/issue_service.rb
 - lib/letsencrypt/railtie.rb
 - lib/letsencrypt/redis.rb
+- lib/letsencrypt/renew_service.rb
+- lib/letsencrypt/status_checker.rb
+- lib/letsencrypt/verify_service.rb
 - lib/letsencrypt/version.rb
 - lib/rails-letsencrypt.rb
 - lib/tasks/letsencrypt_tasks.rake
@@ -171,7 +172,6 @@ licenses:
 - MIT
 metadata:
   rubygems_mfa_required: 'true'
-post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -179,15 +179,14 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: 2.7.0
+      version: 3.2.0
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.1.6
-signing_key:
+rubygems_version: 3.6.2
 specification_version: 4
 summary: The Let's Encrypt certificate manager for rails
 test_files: []

data/MIT-LICENSE

@@ -1,20 +0,0 @@
-Copyright 2017 蒼時弦也
-
-Permission is hereby granted, free of charge, to any person obtaining
-a copy of this software and associated documentation files (the
-"Software"), to deal in the Software without restriction, including
-without limitation the rights to use, copy, modify, merge, publish,
-distribute, sublicense, and/or sell copies of the Software, and to
-permit persons to whom the Software is furnished to do so, subject to
-the following conditions:
-
-The above copyright notice and this permission notice shall be
-included in all copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
-EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
-MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
-NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
-LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
-OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
-WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/app/models/concerns/lets_encrypt/certificate_issuable.rb

@@ -1,43 +0,0 @@
-# frozen_string_literal: true
-
-module LetsEncrypt
-  # :nodoc:
-  module CertificateIssuable
-    extend ActiveSupport::Concern
-
-    # Returns true if issue new certificate succeed.
-    def issue
-      logger.info "Getting certificate for #{domain}"
-      create_certificate
-      logger.info "Certificate issued for #{domain} (expires on #{expires_at}, will renew after #{renew_after})"
-      true
-    end
-
-    private
-
-    def csr
-      Acme::Client::CertificateRequest.new(
-        private_key: OpenSSL::PKey::RSA.new(key),
-        subject: {
-          common_name: domain
-        }
-      )
-    end
-
-    def create_certificate
-      order.finalize(csr: csr)
-      sleep 1 while order.status == 'processing'
-      fullchain = order.certificate.split("\n\n")
-      assign_new_certificate(fullchain)
-      save!
-    end
-
-    def assign_new_certificate(fullchain)
-      cert = OpenSSL::X509::Certificate.new(fullchain.shift)
-      self.certificate = cert.to_pem
-      self.intermediaries = fullchain.join("\n\n")
-      self.expires_at = cert.not_after
-      self.renew_after = (expires_at - 1.month) + rand(10).days
-    end
-  end
-end

data/app/models/concerns/lets_encrypt/certificate_verifiable.rb

@@ -1,68 +0,0 @@
-# frozen_string_literal: true
-
-module LetsEncrypt
-  # :nodoc:
-  module CertificateVerifiable
-    extend ActiveSupport::Concern
-
-    # Returns true if verify domain is succeed.
-    def verify
-      create_order
-      start_challenge
-      wait_verify_status
-      check_verify_status
-    rescue Acme::Client::Error => e
-      retry_on_verify_error(e)
-    end
-
-    private
-
-    def create_order
-      # TODO: Support multiple domain
-      @challenge = order.authorizations.first.http
-      self.verification_path = @challenge.filename
-      self.verification_string = @challenge.file_content
-      save!
-    end
-
-    def start_challenge
-      logger.info "Attempting verification of #{domain}"
-      @challenge.request_validation
-    end
-
-    def wait_verify_status
-      checks = 0
-      until @challenge.status != 'pending'
-        checks += 1
-        if checks > 30
-          logger.info "#{domain}: Status remained at pending for 30 checks"
-          return false
-        end
-        sleep 1
-        @challenge.reload
-      end
-    end
-
-    def check_verify_status
-      unless @challenge.status == 'valid'
-        logger.info "#{domain}: Status was not valid (was: #{@challenge.status})"
-        return false
-      end
-
-      true
-    end
-
-    def retry_on_verify_error(error)
-      @retries ||= 0
-      if error.is_a?(Acme::Client::Error::BadNonce) && @retries < 5
-        @retries += 1
-        logger.info "#{domain}: Bad nounce encountered. Retrying (#{@retries} of 5 attempts)"
-        sleep 1
-        verify
-      else
-        logger.info "#{domain}: Error: #{error.class} (#{error.message})"
-        false
-      end
-    end
-  end
-end

data/lib/letsencrypt/logger_proxy.rb

@@ -1,39 +0,0 @@
-# frozen_string_literal: true
-
-module LetsEncrypt
-  # :nodoc:
-  class LoggerProxy
-    attr_reader :tags
-
-    def initialize(logger, tags:)
-      @logger = logger
-      @tags = tags.flatten
-    end
-
-    def add_tags(*tags)
-      @tags += tags.flatten
-      @tags = @tags.uniq
-    end
-
-    def tag(logger, &block)
-      if logger.respond_to?(:tagged)
-        current_tags = tags - logger.formatter.current_tags
-        logger.tagged(*current_tags, &block)
-      else
-        yield
-      end
-    end
-
-    %i[debug info warn error fatal unknown].each do |severity|
-      define_method(severity) do |message|
-        log severity, message
-      end
-    end
-
-    private
-
-    def log(type, message)
-      tag(@logger) { @logger.send type, message }
-    end
-  end
-end