Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Runs Acme Client
#!/usr/bin/env ruby
# Automatic Certificate Management Environment (ACME)
# https://letsencrypt.github.io/acme-spec/
require 'acme-client'
require 'openssl'
require 'fileutils'
# ENDPOINT = 'https://acme-v01.api.letsencrypt.org'
ENDPOINT = 'https://acme-staging.api.letsencrypt.org'
DOMAIN = 'example.com'
EMAIL = 'mailto:admin@example.com'
ACCOUNT_FILE = 'account.pem'
def verify(domain)
auth = @client.authorize domain: domain
challenge = auth.http01
FileUtils.mkdir_p File.join('public', File.dirname(challenge.filename))
File.write File.join('public', challenge.filename), challenge.file_content
puts <<-BLOCK
Move your challenge-file to the right
position in your public WEBROOT directory:
BLOCK
print ' ' + challenge.filename
gets
puts '...'
challenge.request_verification
until(challenge.verify_status == 'valid')
$stderr.puts challenge.verify_status
sleep(1)
end
$stderr.puts challenge.verify_status
File.delete File.join('public', challenge.filename)
end
if File.exist?(ACCOUNT_FILE)
$stderr.puts 'Using existing account ...'
account_key = OpenSSL::PKey::RSA.new(File.read ACCOUNT_FILE)
@client = Acme::Client.new private_key: account_key, endpoint: ENDPOINT
else
$stderr.puts 'Account file does not exist, creating new'
account_key = OpenSSL::PKey::RSA.new 4096
File.write ACCOUNT_FILE, account_key.to_pem
@client = Acme::Client.new private_key: account_key, endpoint: ENDPOINT
registration = @client.register contact: EMAIL
registration.agree_terms
$stderr.puts 'Creating verification file'
verify DOMAIN
end
# A certificate signing request
$stderr.puts 'Status verified, creating certificate'
private_key = OpenSSL::PKey::RSA.new 2048
csr = Acme::CertificateRequest.new ({
common_name: DOMAIN,
private_key: private_key,
subject: {
common_name: DOMAIN,
country_name: 'DE'
}
})
# Save the key
File.write('public.pem', private_key.public_key.to_pem)
File.write('private.pem', private_key.to_pem)
print 'Request a cetificate now? [y|N] '
(puts 'Bye bye ...'; exit) unless gets =~ /^[y|Y]+$/
# What is csr.to_der ?
# Encodes a DER-encoded String value
certificate = @client.new_certificate csr
# Save the certificate
File.write('cert.pem', certificate.to_pem)
File.write('chain.pem', certificate.chain_to_pem)
File.write('fullchain.pem', certificate.fullchain_to_pem)
puts 'Done'
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.