Module: LetsEncrypt

Defined in:
lib/letsencrypt.rb,
lib/letsencrypt/redis.rb,
lib/letsencrypt/engine.rb,
lib/letsencrypt/railtie.rb,
lib/letsencrypt/version.rb,
lib/letsencrypt/logger_proxy.rb,
lib/letsencrypt/configuration.rb,
app/models/lets_encrypt/certificate.rb,
app/jobs/lets_encrypt/application_job.rb,
app/jobs/lets_encrypt/renew_certificates_job.rb,
lib/generators/lets_encrypt/install_generator.rb,
lib/generators/lets_encrypt/register_generator.rb,
app/controllers/lets_encrypt/application_controller.rb,
app/controllers/lets_encrypt/verifications_controller.rb,
app/models/concerns/lets_encrypt/certificate_issuable.rb,
app/models/concerns/lets_encrypt/certificate_verifiable.rb

Overview

:nodoc:

Defined Under Namespace

Modules: CertificateIssuable, CertificateVerifiable, Generators Classes: ApplicationController, ApplicationJob, Certificate, Configuration, Engine, LoggerProxy, Railtie, Redis, RenewCertificatesJob, VerificationsController

Constant Summary collapse

ENDPOINT =

Production mode API Endpoint

'https://acme-v02.api.letsencrypt.org/directory'
ENDPOINT_STAGING =

Staging mode API Endpoint, the rate limit is higher but got invalid certificate for testing

'https://acme-staging-v02.api.letsencrypt.org/directory'
VERSION = 
'0.8.0'

Class Method Summary collapse

Class Method Details

.certificate_modelObject 



90
91
92
 
# File 'lib/letsencrypt.rb', line 90

def certificate_model
  @certificate_model ||= config.certificate_model.constantize
end

.clientObject

Create the ACME Client to Let’s Encrypt



23
24
25
26
27
28
 
# File 'lib/letsencrypt.rb', line 23

def client
  @client ||= ::Acme::Client.new(
    private_key: private_key,
    directory: directory
  )
end

.config(&block) ⇒ Object

Config how to Let’s Encrypt works for Rails

LetsEncrypt.config do |config|
  # Always use production mode to connect Let's Encrypt API server
  config.use_staging = false
 end



79
80
81
82
83
 
# File 'lib/letsencrypt.rb', line 79

def config(&block)
  @config ||= Configuration.new
  instance_exec(@config, &block) if block_given?
  @config
end

.directoryObject

Get current using Let’s Encrypt endpoint



41
42
43
 
# File 'lib/letsencrypt.rb', line 41

def directory
  @endpoint ||= config.use_staging? ? ENDPOINT_STAGING : ENDPOINT
end

.generate_private_keyObject 



62
63
64
65
66
67
 
# File 'lib/letsencrypt.rb', line 62

def generate_private_key
  key = OpenSSL::PKey::RSA.new(4096)
  File.open(private_key_path, 'w') { |f| f.write(key.to_s) }
  logger.info "Created new private key for Let's Encrypt"
  key
end

.load_private_keyObject 



34
35
36
37
38
 
# File 'lib/letsencrypt.rb', line 34

def load_private_key
  return ENV['LETSENCRYPT_PRIVATE_KEY'] if config.use_env_key
  return File.open(private_key_path) if File.exist?(private_key_path)
  generate_private_key
end

.loggerObject 



69
70
71
 
# File 'lib/letsencrypt.rb', line 69

def logger
  @logger ||= LoggerProxy.new(Rails.logger, tags: ['LetsEncrypt'])
end

.private_keyObject 



30
31
32
 
# File 'lib/letsencrypt.rb', line 30

def private_key
  @private_key ||= OpenSSL::PKey::RSA.new(load_private_key)
end

.private_key_pathObject 



58
59
60
 
# File 'lib/letsencrypt.rb', line 58

def private_key_path
  config.private_key_path || Rails.root.join('config', 'letsencrypt.key')
end

.register(email) ⇒ Object

Register a Let’s Encrypt account

This is required a private key to do this, and Let’s Encrypt will use this private key to connect with domain and assign the owner who can renew and revoked.



51
52
53
54
55
56
 
# File 'lib/letsencrypt.rb', line 51

def register(email)
   = client.(contact: "mailto:#{email}", terms_of_service_agreed: true)
  logger.info "Successfully registered private key with address #{email}"
  .kid # TODO: Save KID
  true
end

.table_name_prefixObject

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future. 



86
87
88
 
# File 'lib/letsencrypt.rb', line 86

def table_name_prefix
  'letsencrypt_'
end