Skip to content

Instantly share code, notes, and snippets.

@jcjones
jcjones / keybase.md
Created March 2, 2015 04:58
keybase proof

Keybase proof

I hereby claim:

  • I am jcjones on github.
  • I am pug (https://keybase.io/pug) on keybase.
  • I have a public key whose fingerprint is EA9F F90C 541F 3487 2CA0 26FB BD4E B26B 978D F884

To claim this, I am signing this object:

@jcjones
jcjones / ocsp-demo-test.sh
Last active August 29, 2015 14:22
Run from the Boulder directory so that ./test/test-ca.pem is available.
#!/bin/bash
# run from Boulder dev directory
OCSP="http://ocsp.int-x1.letsencrypt.org/"
CA_CERT="test/test-ca.pem"
SERIAL=0x02000000000000016DD50EDFA6DAAF26
openssl ocsp -no_nonce -reqout /tmp/ocsp.req \
-issuer ${CA_CERT} \
-serial ${SERIAL} \
#!/bin/bash
TOPIC=$(git symbolic-ref --short HEAD 2>/dev/null)
DEST=master
die() {
echo $@
exit 1
}
git pull --rebase origin ${DEST} || die
@jcjones
jcjones / user-agents-2016-01-11.csv
Created January 11, 2016 16:06
User Agents in LE Production, 12 hour period, 11 Jan 2016
user_agent _approxcount percentage
Go 1.1 package http 667546 63.69%
- 77436 7.39%
LetsEncryptPythonClient/0.1.1 (Ubuntu 14.04) Authenticator/webroot Installer/none 35653 3.40%
LiveConfig (2.0.1) 25291 2.41%
Go-http-client/1.1 24507 2.34%
acme-python 22750 2.17%
LetsEncryptPythonClient/0.1.1 (Ubuntu 15.10) Authenticator/webroot Installer/none 15648 1.49%
LetsEncryptPythonClient/0.1.1 (debian 7.9) Authenticator/webroot Installer/none 14265 1.36%
LetsEncryptPythonClient/0.1.1 (Ubuntu 12.04) Authenticator/webroot Installer/none 12466 1.19%
@jcjones
jcjones / AvgNumberOfNames.sql
Created February 21, 2016 04:49
How many DNS Names are, on average, in each certificate issued by Let's Encrypt?
SELECT
AVG(count)
FROM
(SELECT
c.certID,
(SELECT
COUNT(n.name)
FROM
name AS n
WHERE
@jcjones
jcjones / An Early Look at Let's Encrypt's Impact.md
Last active February 21, 2016 15:39
ct-sql datasets, 2016-02-18
@jcjones
jcjones / letsencrypt-ct-sql-views.sql
Last active February 22, 2016 23:29
Useful views for the ct-sql database
CREATE VIEW `le_certificate` AS
SELECT
`certificate`.`certID` AS `certID`,
`certificate`.`serial` AS `serial`,
`certificate`.`issuerID` AS `issuerID`,
`certificate`.`subject` AS `subject`,
`certificate`.`notBefore` AS `notBefore`,
`certificate`.`notAfter` AS `notAfter`
FROM
`certificate`
DROP TABLE IF EXISTS `company`;
DROP TABLE IF EXISTS `issuercompany`;
CREATE TABLE IF NOT EXISTS `company` (
`companyID` INT NOT NULL AUTO_INCREMENT,
`companyName` VARCHAR(255) NOT NULL,
PRIMARY KEY (`companyID`));
CREATE TABLE IF NOT EXISTS `issuercompany` (
`companyID` INT NOT NULL,
@jcjones
jcjones / letsencrypt-renew.sh
Last active October 11, 2016 16:29
Cron script to renew Let's Encrypt certs using the official client
#!/bin/bash
# This is free and unencumbered software released into the public domain.
#
# This script is designed to be run daily by cron. Please run it with randomness in its timing to
# avoid load spikes at Let's Encrypt. One example, running between midnight at 2 AM, would be:
#
# 0 0 * * * sleep $[(RANDOM % 115)+5]m ; /usr/sbin/letsencrypt-renew.sh
#
# If you aren't using Nginx, adjust the startServer and stopServer methods to suit. Also, you could
# use the webroot method.
#!/bin/bash
#
# Download the current NSS keystore from Mozilla-Central, and import it into
# a Java Keystore (JKS).
#
function ensure_in_path() {
prog=$1
shift