-
-
Save schu/83794a0ce5cb041c9d9a to your computer and use it in GitHub Desktop.
Runs Acme Client
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env ruby | |
| require 'acme-client' | |
| #Production | |
| #ENDPOINT = 'https://acme-v01.api.letsencrypt.org' | |
| #Testing | |
| ENDPOINT = 'https://acme-staging.api.letsencrypt.org' | |
| EMAIL = 'mailto:technion@lolware.net' | |
| DOMAIN = 'lolware.net' | |
| WEBROOT = '/var/www/html/' | |
| ACCOUNT_FILE = 'account_key.pem' | |
| def verify(domain) | |
| simple_http = $client.authorize(domain: domain).simple_http | |
| open WEBROOT + simple_http.filename, 'w' do |io| | |
| io.write simple_http.file_content | |
| end | |
| simple_http.request_verification | |
| while(simple_http.verify_status == 'pending') | |
| sleep(1) | |
| end | |
| File.delete(WEBROOT + simple_http.filename) | |
| end | |
| if File.exist?(ACCOUNT_FILE) | |
| puts "Using existing account.." | |
| private_key = OpenSSL::PKey::RSA.new(File.read ACCOUNT_FILE) | |
| $client = Acme::Client.new(private_key: private_key, endpoint: ENDPOINT) | |
| else | |
| puts "Account file does not exist, creating new" | |
| private_key = OpenSSL::PKey::RSA.new 4096 | |
| open ACCOUNT_FILE, 'w' do |io| | |
| io.write private_key.to_pem | |
| end | |
| $client = Acme::Client.new(private_key: private_key, endpoint: ENDPOINT) | |
| registration = $client.register(contact: EMAIL) | |
| registration.agree_terms | |
| puts "Creating verification file" | |
| verify(DOMAIN) | |
| verify('www.' + DOMAIN) | |
| end | |
| puts "Status verified, creating certificate" | |
| csr = OpenSSL::X509::Request.new | |
| certificate_private_key = OpenSSL::PKey::RSA.new(2048) | |
| csr.subject = OpenSSL::X509::Name.new([ | |
| ['CN', DOMAIN, OpenSSL::ASN1::UTF8STRING] | |
| ]) | |
| ef = OpenSSL::X509::ExtensionFactory.new | |
| ext = ef.create_extension("subjectAltName", "DNS:#{DOMAIN}, DNS:www.#{DOMAIN}", false | |
| ) | |
| ext_req = OpenSSL::ASN1::Set([ OpenSSL::ASN1::Sequence([ext]) ]) | |
| csr.add_attribute(OpenSSL::X509::Attribute.new("extReq", ext_req)) | |
| csr.public_key = certificate_private_key.public_key | |
| csr.sign(certificate_private_key, OpenSSL::Digest::SHA256.new) | |
| puts "Writing out ssl_cert.pem and ssl_private_key.pem" | |
| ssl = $client.new_certificate(csr) | |
| open 'ssl_private_key.pem', 'w' do |io| | |
| io.write certificate_private_key.to_pem | |
| end | |
| open 'ssl_cert.pem', 'w' do |io| | |
| io.write ssl.to_pem | |
| end |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment