rails-letsencrypt 0.5.5 → 0.10.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
-SHA1:
-  metadata.gz: a5aeeebd0dd776f4fcc05752ea8b438878398d79
-  data.tar.gz: fdff5b40a3526cbff50a83c7811b5a9970ccdf19
+SHA256:
+  metadata.gz: 803822003496186ae2408760697b9ee88f136051e1cfed2ec6364ac6cfd1d90e
+  data.tar.gz: 8132cddcd9d2c6ceb6b039aec68a517873994041ef798a74d396fa92f59240f5
 SHA512:
-  metadata.gz: d8759789aae5935de7951c65bb1281de060485ed0ff0d5532f825cd1bb6a0087a2fab3e659c94d42dc76a81f5bf3da7a974eda33e8214d6d94d8f8666a86903f
-  data.tar.gz: d092e84fd25d14dd4e22546f922d9e74cce4a9357f5f0d1948f43c444fa1c8453170fbf313d51817648fcabefccf75e9c6b7ca9529a9bf3a45ef1d7d8d88f2d9
+  metadata.gz: 36ef4db53e0d1652115908850deb8a229f5566964b01415fd6ad4399f47401bd493fa556a4de6c21d7406cf17b2b7f009aef44ec98d4753ebaa24508ab63b8ab
+  data.tar.gz: 6fe213a8aaa548b1cead27f95aa56771aa5924b182d52902d5b584e17fe526674ba945ebb2b834c374be73f0ef335f42afa9b6d4a280806b6dd65c1106a1e924

data/README.md

@@ -2,6 +2,11 @@
 
 Provide manageable Let's Encrypt Certificate for Rails.
 
+## Requirement
+
+* Rails 5+
+* Ruby 2.5+
+
 ## Installation
 
 Puts this in your Gemfile:
@@ -56,6 +61,10 @@ LetsEncrypt.config do |config|
   # The redis server url
   # Default is nil
   config.redis_url = 'redis://localhost:6379/1'
+
+  # Enable it if you want to customize the model
+  # Default is LetsEncrypt::Certificate
+  #config.certificate_model = 'MyCertificate'
 end
 ```
 

data/app/controllers/lets_encrypt/verifications_controller.rb

@@ -17,7 +17,7 @@ module LetsEncrypt
     end
 
     def certificate
-      LetsEncrypt::Certificate.find_by(verification_path: filename)
+      LetsEncrypt.certificate_model.find_by(verification_path: filename)
     end
 
     def filename

data/app/jobs/lets_encrypt/renew_certificates_job.rb

@@ -6,7 +6,7 @@ module LetsEncrypt
     queue_as :default
 
     def perform
-      LetsEncrypt::Certificate.renewable.each do |certificate|
+      LetsEncrypt.certificate_model.renewable.each do |certificate|
         next if certificate.renew
         certificate.update(renew_after: 1.day.from_now)
       end

data/app/models/concerns/lets_encrypt/certificate_issuable.rb

@@ -10,7 +10,7 @@ module LetsEncrypt
       logger.info "Getting certificate for #{domain}"
       create_certificate
       # rubocop:disable Metrics/LineLength
-      logger.info "Certificate issued (expires on #{expires_at}, will renew after #{renew_after})"
+      logger.info "Certificate issued for #{domain} (expires on #{expires_at}, will renew after #{renew_after})"
       # rubocop:enable Metrics/LineLength
       true
     end
@@ -18,21 +18,22 @@ module LetsEncrypt
     private
 
     def csr
-      csr = OpenSSL::X509::Request.new
-      csr.subject = OpenSSL::X509::Name.new(
-        [['CN', domain, OpenSSL::ASN1::UTF8STRING]]
+      Acme::Client::CertificateRequest.new(
+        private_key: OpenSSL::PKey::RSA.new(key),
+        subject: {
+          common_name: domain
+        }
       )
-      private_key = OpenSSL::PKey::RSA.new(key)
-      csr.public_key = private_key.public_key
-      csr.sign(private_key, OpenSSL::Digest::SHA256.new)
-      csr
     end
 
     def create_certificate
-      https_cert = LetsEncrypt.client.new_certificate(csr)
-      self.certificate = https_cert.to_pem
-      self.intermediaries = https_cert.chain_to_pem
-      self.expires_at = https_cert.x509.not_after
+      order.finalize(csr: csr)
+      sleep 1 while order.status == 'processing'
+      fullchain = order.certificate.split("\n\n")
+      cert = OpenSSL::X509::Certificate.new(fullchain.shift)
+      self.certificate = cert.to_pem
+      self.intermediaries = fullchain.join("\n\n")
+      self.expires_at = cert.not_after
       self.renew_after = (expires_at - 1.month) + rand(10).days
       save!
     end

data/app/models/concerns/lets_encrypt/certificate_verifiable.rb

@@ -7,7 +7,7 @@ module LetsEncrypt
 
     # Returns true if verify domain is succeed.
     def verify
-      start_authorize
+      create_order
       start_challenge
       wait_verify_status
       check_verify_status
@@ -17,9 +17,9 @@ module LetsEncrypt
 
     private
 
-    def start_authorize
-      authorization = LetsEncrypt.client.authorize(domain: domain)
-      @challenge = authorization.http01
+    def create_order
+      # TODO: Support multiple domain
+      @challenge = order.authorizations.first.http
       self.verification_path = @challenge.filename
       self.verification_string = @challenge.file_content
       save!
@@ -27,24 +27,25 @@ module LetsEncrypt
 
     def start_challenge
       logger.info "Attempting verification of #{domain}"
-      @challenge.request_verification
+      @challenge.request_validation
     end
 
     def wait_verify_status
       checks = 0
-      until @challenge.verify_status != 'pending'
+      until @challenge.status != 'pending'
         checks += 1
         if checks > 30
-          logger.info 'Status remained at pending for 30 checks'
+          logger.info "#{domain}: Status remained at pending for 30 checks"
           return false
         end
         sleep 1
+        @challenge.reload
       end
     end
 
     def check_verify_status
-      unless @challenge.verify_status == 'valid'
-        logger.info "Status was not valid (was: #{@challenge.verify_status})"
+      unless @challenge.status == 'valid'
+        logger.info "#{domain}: Status was not valid (was: #{@challenge.status})"
         return false
       end
 
@@ -55,11 +56,11 @@ module LetsEncrypt
       @retries ||= 0
       if e.is_a?(Acme::Client::Error::BadNonce) && @retries < 5
         @retries += 1
-        logger.info "Bad nounce encountered. Retrying (#{@retries} of 5 attempts)"
+        logger.info "#{domain}: Bad nounce encountered. Retrying (#{@retries} of 5 attempts)"
         sleep 1
         verify
       else
-        logger.info "Error: #{e.class} (#{e.message})"
+        logger.info "#{domain}: Error: #{e.class} (#{e.message})"
         return false
       end
     end

data/app/models/lets_encrypt/certificate.rb

@@ -34,6 +34,7 @@ module LetsEncrypt
 
     before_create -> { self.key = OpenSSL::PKey::RSA.new(4096).to_s }
     after_save -> { save_to_redis }, if: -> { LetsEncrypt.config.use_redis? && active? }
+    after_destroy -> { delete_from_redis }, if: -> { LetsEncrypt.config.use_redis? && active? }
 
     # Returns false if certificate is not issued.
     #
@@ -57,7 +58,7 @@ module LetsEncrypt
 
     # Returns full-chain bundled certificates
     def bundle
-      certificate + intermediaries
+      (certificate || '') + (intermediaries || '')
     end
 
     def certificate_object
@@ -73,10 +74,19 @@ module LetsEncrypt
       LetsEncrypt::Redis.save(self)
     end
 
+    # Delete certificate from redis
+    def delete_from_redis
+      LetsEncrypt::Redis.delete(self)
+    end
+
     protected
 
     def logger
       LetsEncrypt.logger
     end
+
+    def order
+      @order ||= LetsEncrypt.client.new_order(identifiers: [domain])
+    end
   end
 end

data/lib/letsencrypt.rb

@@ -12,18 +12,18 @@ require 'letsencrypt/redis'
 # :nodoc:
 module LetsEncrypt
   # Production mode API Endpoint
-  ENDPOINT = 'https://acme-v01.api.letsencrypt.org/'
+  ENDPOINT = 'https://acme-v02.api.letsencrypt.org/directory'
 
   # Staging mode API Endpoint, the rate limit is higher
   # but got invalid certificate for testing
-  ENDPOINT_STAGING = 'https://acme-staging.api.letsencrypt.org'
+  ENDPOINT_STAGING = 'https://acme-staging-v02.api.letsencrypt.org/directory'
 
   class << self
     # Create the ACME Client to Let's Encrypt
     def client
       @client ||= ::Acme::Client.new(
         private_key: private_key,
-        endpoint: endpoint
+        directory: directory
       )
     end
 
@@ -38,7 +38,7 @@ module LetsEncrypt
     end
 
     # Get current using Let's Encrypt endpoint
-    def endpoint
+    def directory
       @endpoint ||= config.use_staging? ? ENDPOINT_STAGING : ENDPOINT
     end
 
@@ -49,10 +49,9 @@ module LetsEncrypt
     # connect with domain and assign the owner who can
     # renew and revoked.
     def register(email)
-      registration = client.register(contact: "mailto:#{email}")
+      account = client.new_account(contact: "mailto:#{email}", terms_of_service_agreed: true)
       logger.info "Successfully registered private key with address #{email}"
-      registration.agree_terms
-      logger.info 'Terms have been accepted'
+      account.kid # TODO: Save KID
       true
     end
 
@@ -87,5 +86,9 @@ module LetsEncrypt
     def table_name_prefix
       'letsencrypt_'
     end
+
+    def certificate_model
+      @certificate_model ||= config.certificate_model.constantize
+    end
   end
 end

data/lib/letsencrypt/configuration.rb

@@ -16,6 +16,10 @@ module LetsEncrypt
     config_accessor :save_to_redis
     config_accessor :redis_url
 
+    config_accessor :certificate_model do
+      'LetsEncrypt::Certificate'
+    end
+
     # Returns true if enabled `save_to_redis` feature
     def use_redis?
       save_to_redis == true

data/lib/letsencrypt/redis.rb

@@ -10,10 +10,18 @@ module LetsEncrypt
 
       # Save certificate into redis.
       def save(cert)
-        return unless cert.key.present? && cert.certificate.present?
-        LetsEncrypt.logger.info "Save #{cert.domain}'s certificate to redis"
+        return unless cert.key.present? && cert.bundle.present?
+        LetsEncrypt.logger.info "Save #{cert.domain}'s certificate (bundle) to redis"
         connection.set "#{cert.domain}.key", cert.key
-        connection.set "#{cert.domain}.crt", cert.certificate
+        connection.set "#{cert.domain}.crt", cert.bundle
+      end
+
+      # Delete certificate from redis.
+      def delete(cert)
+        return unless cert.key.present? && cert.certificate.present?
+        LetsEncrypt.logger.info "Delete #{cert.domain}'s certificate from redis"
+        connection.del "#{cert.domain}.key"
+        connection.del "#{cert.domain}.crt"
       end
     end
   end

data/lib/letsencrypt/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module LetsEncrypt
-  VERSION = '0.5.5'
+  VERSION = '0.10.0'
 end

data/lib/tasks/letsencrypt_tasks.rake

@@ -1,17 +1,20 @@
 # frozen_string_literal: true
 
 namespace :letsencrypt do
-  desc 'Renew the certificates will epxired'
+  desc "Renew certificates that already expired or expiring soon"
   task renew: :environment do
     count = 0
     failed = 0
-    LetsEncrypt::Certificate.renewable do |certificate|
+
+    LetsEncrypt.certificate_model.renewable.each do |certificate|
       count += 1
+
       next if certificate.renew
+
       failed += 1
-      log "Could not renew domain: #{certificate.domain}"
+      puts "Could not renew domain: #{certificate.domain}"
     end
 
-    puts "Total #{count} domains should renew, and #{failed} domains cannot be renewed."
+    puts "Renewed #{count - failed} out of #{count} domains"
   end
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: rails-letsencrypt
 version: !ruby/object:Gem::Version
-  version: 0.5.5
+  version: 0.10.0
 platform: ruby
 authors:
 - 蒼時弦也
-autorequire: 
+autorequire:
 bindir: bin
 cert_chain: []
-date: 2018-06-20 00:00:00.000000000 Z
+date: 2020-11-10 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails
@@ -16,28 +16,28 @@ dependencies:
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '4.1'
+        version: '5.0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '4.1'
+        version: '5.0'
 - !ruby/object:Gem::Dependency
   name: acme-client
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.0'
+        version: 2.0.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.0'
+        version: 2.0.0
 - !ruby/object:Gem::Dependency
   name: redis
   requirement: !ruby/object:Gem::Requirement
@@ -84,30 +84,30 @@ dependencies:
   name: simplecov
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '0'
+        version: 0.16.1
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '0'
+        version: 0.16.1
 - !ruby/object:Gem::Dependency
   name: coveralls
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '0'
+        version: 0.8.23
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '0'
+        version: 0.8.23
 - !ruby/object:Gem::Dependency
   name: codeclimate-test-reporter
   requirement: !ruby/object:Gem::Requirement
@@ -156,7 +156,7 @@ homepage: https://github.com/elct9620/rails-letsencrypt
 licenses:
 - MIT
 metadata: {}
-post_install_message: 
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -171,9 +171,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project: 
-rubygems_version: 2.6.14
-signing_key: 
+rubygems_version: 3.0.3
+signing_key:
 specification_version: 4
 summary: The Let's Encrypt certificate manager for rails
 test_files: []