Certman Gem Travis

CLI tool for AWS Certificate Manager.

Installation

Add this line to your application's Gemfile:

gem 'certman'

And then execute:

$ bundle

Or install it yourself as:

$ gem install certman

Usage

Request ACM Certificate with only AWS managed services

$ certman request blog.example.com
NOTICE! Your selected region is *ap-northeast-1*. Certman will create a certificate on *ap-northeast-1*. OK? Yes
NOTICE! Certman has chosen *us-east-1*  for S3/SES resources. OK? Yes
NOTICE! When requesting, Certman appends a Receipt Rule to the current Active Receipt Rule Set. OK? Yes
[✔] [ACM] Check Certificate (us-east-1) (successful)
[✔] [Route53] Check Hosted Zone (us-east-1) (successful)
[✔] [Route53] Check TXT Record (us-east-1) (successful)
[✔] [Route53] Check MX Record (us-east-1) (successful)
[✔] [SES] Check Active Rule Set (us-east-1) (successful)
[✔] [S3] Create Bucket for SES inbound (us-east-1) (successful)
[✔] [SES] Create Domain Identity (us-east-1) (successful)
[✔] [Route53] Create TXT Record Set to verify Domain Identity (us-east-1) (successful)
[✔] [SES] Check Domain Identity Status *verified* (us-east-1) (successful)
[✔] [Route53] Create MX Record Set (us-east-1) (successful)
[✔] [SES] Create and Active Receipt Rule Set (us-east-1) (successful)
[✔] [SES] Create Receipt Rule (us-east-1) (successful)
[✔] [ACM] Request Certificate (us-east-1) (successful)
[✔] [S3] Check approval mail (will take about 30 min) (us-east-1) (successful)
[✔] [SES] Delete Receipt Rule (us-east-1) (successful)
[✔] [SES] Delete Receipt Rule Set (us-east-1) (successful)
[✔] [Route53] Delete MX Record Set (us-east-1) (successful)
[✔] [Route53] Delete TXT Record Set (us-east-1) (successful)
[✔] [SES] Delete Verified Domain Identiry (us-east-1) (successful)
[✔] [S3] Delete Bucket (us-east-1) (successful)
Done.

certificate_arn: arn:aws:acm:ap-northeast-1:0123456789:certificate/123abcd4-5e67-8f90-123a-4567bc89d01

OR

NOTICE! Your selected region is *us-east-1*. Certman will create a certificate on *us-east-1*.
NOTICE! Certman has chosen *us-east-1* for S3/SES resources.
NOTICE! When requesting, Certman appends a Receipt Rule to the current Active Receipt Rule Set.
[✖] [ACM] Check Certificate (us-east-1) (error)

Certificate already exists!

certificate_arn: arn:aws:acm:us-east-1:0123456789:certificate/123abcd4-5e67-8f90-123a-4567bc89d01

Flags

--remain-resources

Skips deleting resources after a certificate has been successfully generated. This is necessary if you cannot use automatic validation (i.e., if your site is not accessible to the public internet via HTTPS). See How Manual Domain Validation Works for more information.

--non-interactive

Suppresses prompts from Certman (i.e, if using with a CI system, such as Travis or Jenkins).

--subject-alternative-names=www.test.example.com cert.test.example.com

Other domain names (separated by spaces) to associate with the requested certificate. Note that only the primary domain name is used for identification purposes and that AWS initially limits each certifcate to 10 SANs.

--hosted-zone=test.example.com

Specify the name (not the ID) of the Route53 Hosted Zone where the DNS record sets Certman uses will be located. By default, Certman will use the apex domain (i.e. "test.example.com" will have a default hosted-zone of "example.com").

Restore Resources

If you want to restore resources generated for an ACM certificate (i.e., in order to receive approval mail again, use certman restore-resources. This supports the --non-interactive and --hosted-zone flags from certman request.

$ certman restore-resources blog.example.com

Delete Certificate

$ certman delete blog.example.com
[✔] [ACM] Delete Certificate (successful)
Done.

License

The gem is available as open source under the terms of the MIT License.