Class: LeSSL::Manager

Inherits:
Object
  • Object
show all
Defined in:
lib/le_ssl/manager.rb

Constant Summary collapse

PRODUCTION_ENDPOINT = 
'https://acme-v01.api.letsencrypt.org/'
DEVELOPMENT_ENDPOINT = 
'https://acme-staging.api.letsencrypt.org/'

Instance Method Summary collapse

Constructor Details

#initialize(options = {}) ⇒ Manager

Returns a new instance of Manager.

Raises:



6
7
8
9
10
11
12
13
14
15
16
17
 
# File 'lib/le_ssl/manager.rb', line 6

def initialize(options={})
	email = options[:email] || email_from_env

	raise LeSSL::NoContactEmailError if email.nil?
	raise LeSSL::TermsNotAcceptedError unless options[:agree_terms] == true

	self.private_key = options[:private_key].presence

	private_key			# Check private key

	register(email) unless options[:skip_register] == true
end

Instance Method Details

#authorize_for_domain(domain, options = {}) ⇒ Object

Authorize the client for a domain name.

Challenge options:

- HTTP (default and recommended)
- DNS (requires manual verification)



25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
 
# File 'lib/le_ssl/manager.rb', line 25

def authorize_for_domain(domain, options={})
	authorization = client.authorize(domain: domain)

	# Default challenge is via HTTP
	# but the developer can also use
	# a DNS TXT record to authorize.
	if options[:challenge] == :dns
		challenge = authorization.dns01

		unless options[:skip_puts]
			puts "===================================================================="
			puts "Record:"
			puts
			puts " - Name: #{challenge.record_name}"
			puts " - Type: #{challenge.record_type}"
			puts " - Value: #{challenge.record_content}"
			puts
			puts "Create the record; Wait a minute (or two); Request for verification!"
			puts "===================================================================="
		end

		return challenge
	else
		challenge = authorization.http01

		file_name = Rails.root.join('public', challenge.filename)
		dir = File.dirname(Rails.root.join('public', challenge.filename))

		FileUtils.mkdir_p(dir)

		File.write(file_name, challenge.file_content)

		request_verification(challenge) == 'invalid'
		
		return challenge.verify_status
	end
end

#register(email) ⇒ Object 



85
86
87
88
89
90
91
 
# File 'lib/le_ssl/manager.rb', line 85

def register(email)
	client.register(contact: "mailto:#{email}").agree_terms
	return true
rescue Acme::Client::Error::Malformed => e
	return false if e.message == "Registration key is already in use"
	raise e
end

#request_certificate(*domains) ⇒ Object 



69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
 
# File 'lib/le_ssl/manager.rb', line 69

def request_certificate(*domains)
	csr = Acme::Client::CertificateRequest.new(names: domains)
	certificate = client.new_certificate(csr)

	FileUtils.mkdir_p(Rails.root.join('config', 'ssl'))

	File.write(Rails.root.join('config', 'ssl', 'privkey.pem'), certificate.request.private_key.to_pem)
	File.write(Rails.root.join('config', 'ssl', 'cert.pem'), certificate.to_pem)
	File.write(Rails.root.join('config', 'ssl', 'chain.pem'), certificate.chain_to_pem)
	File.write(Rails.root.join('config', 'ssl', 'fullchain.pem'), certificate.fullchain_to_pem)

	return certificate
rescue Acme::Client::Error::Unauthorized => e
	raise LeSSL::UnauthorizedError, e.message
end

#request_verification(challenge) ⇒ Object 



63
64
65
66
67
 
# File 'lib/le_ssl/manager.rb', line 63

def request_verification(challenge)
	challenge.request_verification
	sleep(1)
	return challenge.verify_status
end