Class: LeSSL::Manager
- Inherits:
-
Object
- Object
- LeSSL::Manager
- Defined in:
- lib/le_ssl/manager.rb
Constant Summary collapse
- PRODUCTION_ENDPOINT =
'https://acme-v01.api.letsencrypt.org/'
- DEVELOPMENT_ENDPOINT =
'https://acme-staging.api.letsencrypt.org/'
Instance Method Summary collapse
-
#authorize_for_domain(domain, options = {}) ⇒ Object
Authorize the client for a domain name.
-
#initialize(options = {}) ⇒ Manager
constructor
A new instance of Manager.
- #register(email) ⇒ Object
- #request_certificate(*domains) ⇒ Object
- #request_verification(challenge) ⇒ Object
Constructor Details
#initialize(options = {}) ⇒ Manager
Returns a new instance of Manager.
6 7 8 9 10 11 12 13 14 15 16 17 |
# File 'lib/le_ssl/manager.rb', line 6 def initialize(={}) email = [:email] || email_from_env raise LeSSL::NoContactEmailError if email.nil? raise LeSSL::TermsNotAcceptedError unless [:agree_terms] == true self.private_key = [:private_key].presence private_key # Check private key register(email) unless [:skip_register] == true end |
Instance Method Details
#authorize_for_domain(domain, options = {}) ⇒ Object
Authorize the client for a domain name.
Challenge options:
- HTTP (default and recommended)
- DNS (requires manual verification)
25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 |
# File 'lib/le_ssl/manager.rb', line 25 def (domain, ={}) = client.(domain: domain) # Default challenge is via HTTP # but the developer can also use # a DNS TXT record to authorize. if [:challenge] == :dns challenge = .dns01 unless [:skip_puts] puts "====================================================================" puts "Record:" puts puts " - Name: #{challenge.record_name}" puts " - Type: #{challenge.record_type}" puts " - Value: #{challenge.record_content}" puts puts "Create the record; Wait a minute (or two); Request for verification!" puts "====================================================================" end return challenge else challenge = .http01 file_name = Rails.root.join('public', challenge.filename) dir = File.dirname(Rails.root.join('public', challenge.filename)) FileUtils.mkdir_p(dir) File.write(file_name, challenge.file_content) request_verification(challenge) == 'invalid' return challenge.verify_status end end |
#register(email) ⇒ Object
85 86 87 88 89 90 91 |
# File 'lib/le_ssl/manager.rb', line 85 def register(email) client.register(contact: "mailto:#{email}").agree_terms return true rescue Acme::Client::Error::Malformed => e return false if e. == "Registration key is already in use" raise e end |
#request_certificate(*domains) ⇒ Object
69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 |
# File 'lib/le_ssl/manager.rb', line 69 def request_certificate(*domains) csr = Acme::Client::CertificateRequest.new(names: domains) certificate = client.new_certificate(csr) FileUtils.mkdir_p(Rails.root.join('config', 'ssl')) File.write(Rails.root.join('config', 'ssl', 'privkey.pem'), certificate.request.private_key.to_pem) File.write(Rails.root.join('config', 'ssl', 'cert.pem'), certificate.to_pem) File.write(Rails.root.join('config', 'ssl', 'chain.pem'), certificate.chain_to_pem) File.write(Rails.root.join('config', 'ssl', 'fullchain.pem'), certificate.fullchain_to_pem) return certificate rescue Acme::Client::Error::Unauthorized => e raise LeSSL::UnauthorizedError, e. end |
#request_verification(challenge) ⇒ Object
63 64 65 66 67 |
# File 'lib/le_ssl/manager.rb', line 63 def request_verification(challenge) challenge.request_verification sleep(1) return challenge.verify_status end |