Module: Surtr::ACME
- Defined in:
- lib/surtr/acme.rb
Class Method Summary collapse
- .certificate(keyfile, endpoint, destination, domains) ⇒ Object
- .challenge(keyfile, endpoint, domain) ⇒ Object
- .keygen(keyfile) ⇒ Object
- .register(keyfile, endpoint, email) ⇒ Object
- .verify(keyfile, endpoint, domain) ⇒ Object
Class Method Details
.certificate(keyfile, endpoint, destination, domains) ⇒ Object
54 55 56 57 58 59 60 61 62 63 64 |
# File 'lib/surtr/acme.rb', line 54 def self.certificate (keyfile, endpoint, destination, domains) key = OpenSSL::PKey::RSA.new(File.read(keyfile)) client = Acme::Client.new(private_key: key, endpoint: "https://acme-#{endpoint}.api.letsencrypt.org") csr = Acme::Client::CertificateRequest.new(names: domains) certificate = client.new_certificate(csr) FileUtils.mkpath destination File.write File.join(destination, "privkey.pem"), certificate.request.private_key.to_pem File.write File.join(destination, "cert.pem"), certificate.to_pem File.write File.join(destination, "chain.pem"), certificate.chain_to_pem File.write File.join(destination, "fullchain.pem"), certificate.fullchain_to_pem end |
.challenge(keyfile, endpoint, domain) ⇒ Object
19 20 21 22 23 24 25 26 27 28 29 30 31 32 |
# File 'lib/surtr/acme.rb', line 19 def self.challenge (keyfile, endpoint, domain) key = OpenSSL::PKey::RSA.new(File.read(keyfile)) client = Acme::Client.new(private_key: key, endpoint: "https://acme-#{endpoint}.api.letsencrypt.org") auth = client.(domain: domain) case auth.status when "pending" challenge = auth.dns01 return [false, [challenge.record_name, domain].join("."), challenge.record_type, challenge.record_content] when "valid" return true else fail "#{domain}: unexpected authorization status: #{auth.status}" end end |
.keygen(keyfile) ⇒ Object
9 10 11 |
# File 'lib/surtr/acme.rb', line 9 def self.keygen (keyfile) File.write keyfile, OpenSSL::PKey::RSA.new(4096).to_pem end |
.register(keyfile, endpoint, email) ⇒ Object
13 14 15 16 17 |
# File 'lib/surtr/acme.rb', line 13 def self.register (keyfile, endpoint, email) key = OpenSSL::PKey::RSA.new(File.read(keyfile)) client = Acme::Client.new(private_key: key, endpoint: "https://acme-#{endpoint}.api.letsencrypt.org") client.register(contact: "mailto:#{email}").agree_terms end |
.verify(keyfile, endpoint, domain) ⇒ Object
34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 |
# File 'lib/surtr/acme.rb', line 34 def self.verify (keyfile, endpoint, domain) key = OpenSSL::PKey::RSA.new(File.read(keyfile)) client = Acme::Client.new(private_key: key, endpoint: "https://acme-#{endpoint}.api.letsencrypt.org") auth = client.(domain: domain) case auth.status when "pending" challenge = auth.dns01 challenge.request_verification while auth.verify_status == "pending" sleep 0.1 end return true when "valid" return true else fail "#{domain}: unexpected authorization status: #{auth.status}" end end |