Module: LetsEncrypt

Defined in:
lib/letsencrypt.rb,
lib/letsencrypt/redis.rb,
lib/letsencrypt/engine.rb,
lib/letsencrypt/railtie.rb,
lib/letsencrypt/version.rb,
lib/letsencrypt/logger_proxy.rb,
lib/letsencrypt/configuration.rb,
app/models/lets_encrypt/certificate.rb,
app/jobs/lets_encrypt/application_job.rb,
app/jobs/lets_encrypt/renew_certificates_job.rb,
lib/generators/lets_encrypt/install_generator.rb,
lib/generators/lets_encrypt/register_generator.rb,
app/controllers/lets_encrypt/application_controller.rb,
app/controllers/lets_encrypt/verifications_controller.rb,
app/models/concerns/lets_encrypt/certificate_issuable.rb,
app/models/concerns/lets_encrypt/certificate_verifiable.rb

Overview

:nodoc:

Defined Under Namespace

Modules: CertificateIssuable, CertificateVerifiable, Generators Classes: ApplicationController, ApplicationJob, Certificate, Configuration, Engine, LoggerProxy, Railtie, Redis, RenewCertificatesJob, VerificationsController

Constant Summary collapse

ENDPOINT =

Production mode API Endpoint

'https://acme-v02.api.letsencrypt.org/directory'
ENDPOINT_STAGING =

Staging mode API Endpoint, the rate limit is higher but got invalid certificate for testing

'https://acme-staging-v02.api.letsencrypt.org/directory'
VERSION = 
'0.11.3'

Class Method Summary collapse

Class Method Details

.certificate_modelObject 



86
87
88
 
# File 'lib/letsencrypt.rb', line 86

def certificate_model
  @certificate_model ||= config.certificate_model.constantize
end

.clientObject

Create the ACME Client to Let’s Encrypt



23
24
25
26
27
28
 
# File 'lib/letsencrypt.rb', line 23

def client
  @client ||= ::Acme::Client.new(
    private_key: private_key,
    directory: directory
  )
end

.config(&block) ⇒ Object

Config how to Let’s Encrypt works for Rails

LetsEncrypt.config do |config|
  # Always use production mode to connect Let's Encrypt API server
  config.use_staging = false
 end



80
81
82
83
84
 
# File 'lib/letsencrypt.rb', line 80

def config(&block)
  @config ||= Configuration.new
  instance_exec(@config, &block) if block_given?
  @config
end

.directoryObject

Get current using Let’s Encrypt endpoint



42
43
44
 
# File 'lib/letsencrypt.rb', line 42

def directory
  @directory ||= config.use_staging? ? ENDPOINT_STAGING : ENDPOINT
end

.generate_private_keyObject 



63
64
65
66
67
68
 
# File 'lib/letsencrypt.rb', line 63

def generate_private_key
  key = OpenSSL::PKey::RSA.new(4096)
  File.write(private_key_path, key.to_s)
  logger.info "Created new private key for Let's Encrypt"
  key
end

.load_private_keyObject 



34
35
36
37
38
39
 
# File 'lib/letsencrypt.rb', line 34

def load_private_key
  return ENV.fetch('LETSENCRYPT_PRIVATE_KEY', nil) if config.use_env_key
  return File.open(private_key_path) if File.exist?(private_key_path)

  generate_private_key
end

.loggerObject 



70
71
72
 
# File 'lib/letsencrypt.rb', line 70

def logger
  @logger ||= LoggerProxy.new(Rails.logger, tags: ['LetsEncrypt'])
end

.private_keyObject 



30
31
32
 
# File 'lib/letsencrypt.rb', line 30

def private_key
  @private_key ||= OpenSSL::PKey::RSA.new(load_private_key)
end

.private_key_pathObject 



59
60
61
 
# File 'lib/letsencrypt.rb', line 59

def private_key_path
  config.private_key_path || Rails.root.join('config/letsencrypt.key')
end

.register(email) ⇒ Object

Register a Let’s Encrypt account

This is required a private key to do this, and Let’s Encrypt will use this private key to connect with domain and assign the owner who can renew and revoked.



52
53
54
55
56
57
 
# File 'lib/letsencrypt.rb', line 52

def register(email)
   = client.(contact: "mailto:#{email}", terms_of_service_agreed: true)
  logger.info "Successfully registered private key with address #{email}"
  .kid # TODO: Save KID
  true
end