├── lib └── itamae │ └── plugin │ └── recipe │ ├── letsencrypt.rb │ └── letsencrypt │ ├── version.rb │ ├── cron.rb │ └── get.rb ├── .gitignore ├── Gemfile ├── Rakefile ├── CHANGELOG.md ├── LICENSE ├── itamae-plugin-recipe-letsencrypt.gemspec ├── README.md └── CODE_OF_CONDUCT.md /lib/itamae/plugin/recipe/letsencrypt.rb: -------------------------------------------------------------------------------- 1 | require "itamae/plugin/recipe/letsencrypt/version" 2 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | /.bundle/ 2 | /.yardoc 3 | /Gemfile.lock 4 | /_yardoc/ 5 | /coverage/ 6 | /doc/ 7 | /pkg/ 8 | /spec/reports/ 9 | /tmp/ 10 | -------------------------------------------------------------------------------- /Gemfile: -------------------------------------------------------------------------------- 1 | source 'https://rubygems.org' 2 | 3 | # Specify your gem's dependencies in itamae-plugin-recipe-letsencrypt.gemspec 4 | gemspec 5 | -------------------------------------------------------------------------------- /Rakefile: -------------------------------------------------------------------------------- 1 | require "bundler/gem_tasks" 2 | require "rspec/core/rake_task" 3 | 4 | RSpec::Core::RakeTask.new(:spec) 5 | 6 | task :default => :spec 7 | -------------------------------------------------------------------------------- /CHANGELOG.md: -------------------------------------------------------------------------------- 1 | ## v0.2.1 - 2017/01/10 2 | - Support Amazon Linux 3 | 4 | ## v0.2.0 - 2016/12/18 5 | - Support Standalone Challenge Type 6 | 7 | ## v0.1.0 - 2016/12/18 8 | - First release :tada: 9 | -------------------------------------------------------------------------------- /lib/itamae/plugin/recipe/letsencrypt/version.rb: -------------------------------------------------------------------------------- 1 | module Itamae 2 | module Plugin 3 | module Recipe 4 | module Letsencrypt 5 | VERSION = "0.2.1" 6 | end 7 | end 8 | end 9 | end 10 | -------------------------------------------------------------------------------- /lib/itamae/plugin/recipe/letsencrypt/cron.rb: -------------------------------------------------------------------------------- 1 | cron_text = <<-EOS 2 | # DO NOT EDIT 3 | # BECAUSE THIS CRON CREATE BY itamae-plugin-recipe-letsencrypt 4 | 0 0 1 * * #{node[:letsencrypt][:cron_user]} #{node[:letsencrypt][:certbot_auto_path]} renew 5 | EOS 6 | 7 | file node[:letsencrypt][:cron_file_path] do 8 | content cron_text 9 | end 10 | 11 | service_name = case node[:platform] 12 | when 'amazon' 13 | 'crond' 14 | else 15 | 'cron' 16 | end 17 | 18 | service service_name do 19 | action :start 20 | end 21 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | The MIT License (MIT) 2 | 3 | Copyright (c) 2016 Yusaku Hatanaka (hatappi) 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in 13 | all copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN 21 | THE SOFTWARE. 22 | -------------------------------------------------------------------------------- /itamae-plugin-recipe-letsencrypt.gemspec: -------------------------------------------------------------------------------- 1 | # coding: utf-8 2 | lib = File.expand_path('../lib', __FILE__) 3 | $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib) 4 | require 'itamae/plugin/recipe/letsencrypt/version' 5 | 6 | Gem::Specification.new do |spec| 7 | spec.name = "itamae-plugin-recipe-letsencrypt" 8 | spec.version = Itamae::Plugin::Recipe::Letsencrypt::VERSION 9 | spec.authors = ["Yusaku Hatanaka (hatappi)"] 10 | spec.email = ["hata.yusaku.1225@gmail.com"] 11 | 12 | spec.summary = %q{Itamae plugin to install letsencrypt} 13 | spec.description = %q{Itamae plugin to install letsencrypt} 14 | spec.homepage = 'https://github.com/hatappi/itamae-plugin-recipe-letsencrypt' 15 | spec.license = "MIT" 16 | 17 | spec.files = `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) } 18 | spec.bindir = "exe" 19 | spec.executables = spec.files.grep(%r{^exe/}) { |f| File.basename(f) } 20 | spec.require_paths = ["lib"] 21 | 22 | spec.add_development_dependency "bundler", "~> 1.12" 23 | spec.add_development_dependency "rake", "~> 10.0" 24 | spec.add_development_dependency "rspec", "~> 3.0" 25 | end 26 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Itamae::Plugin::Recipe::Letsencrypt 2 | 3 | This gem is [itamae](https://github.com/ryotarai/itamae) plugin. 4 | Get certificate of domain from [Let's Encrypt](https://letsencrypt.org/) 5 | 6 | ## Installation 7 | 8 | Add this line to your application's Gemfile: 9 | 10 | ```ruby 11 | gem 'itamae-plugin-recipe-letsencrypt' 12 | ``` 13 | 14 | And then execute: 15 | 16 | $ bundle 17 | 18 | Or install it yourself as: 19 | 20 | $ gem install itamae-plugin-recipe-letsencrypt 21 | 22 | ## Support 23 | - Debian GNU/Linux 8 (jessie) 24 | 25 | I have not confirmed it in other environments yet 26 | I will check in turn 27 | 28 | ## Usage 29 | 30 | ### Recipe 31 | 32 | ```rb 33 | include_recipe "letsencrypt::get" 34 | ``` 35 | 36 | ### Node 37 | `itamae -y node.yml` 38 | 39 | ```yaml 40 | # node.yml 41 | letsencrypt: 42 | certbot_auto_path: /usr/bin/certbot-auto 43 | email: test@example.com 44 | cron_user: root 45 | cron_file_path: /etc/cron.d/itamae-letsencrypt 46 | cron_configuration: true 47 | challenge_type: 'http-01' # port80 is http-01, port443 is tls-sni-01 48 | domains: 49 | - test.example.com 50 | - test2.example.com 51 | authenticator: standalone # standalone, webroot 52 | webroot_path: /var/www/example 53 | debug_mode: false 54 | ``` 55 | 56 | **Process of the port selected by `challenge_type` needs to be stopped** 57 | 58 | 59 | ## Contributing 60 | 61 | 1. Fork it ( https://github.com/hatappi/itamae-plugin-recipe-letsencrypt/fork ) 62 | 2. Create your feature branch (git checkout -b my-new-feature) 63 | 3. Commit your changes (git commit -am 'Add some feature') 64 | 4. Push to the branch (git push origin my-new-feature) 65 | 5. Create a new Pull Request 66 | 67 | 68 | ## License 69 | 70 | The gem is available as open source under the terms of the [MIT License](http://opensource.org/licenses/MIT). 71 | -------------------------------------------------------------------------------- /lib/itamae/plugin/recipe/letsencrypt/get.rb: -------------------------------------------------------------------------------- 1 | node.reverse_merge!( 2 | letsencrypt: { 3 | certbot_auto_path: '/usr/bin/certbot-auto', 4 | cron_user: 'root', 5 | cron_file_path: '/etc/cron.d/itamae-letsencrypt', 6 | cron_configuration: true, 7 | challenge_type: 'http-01', 8 | authenticator: 'standalone', 9 | debug_mode: false, 10 | } 11 | ) 12 | 13 | execute 'download certbot-auto' do 14 | command "wget https://dl.eff.org/certbot-auto -O #{node[:letsencrypt][:certbot_auto_path]}" 15 | not_if "test -f #{node[:letsencrypt][:certbot_auto_path]}" 16 | end 17 | 18 | execute 'change certbot-auto permission' do 19 | command "chmod a+x #{node[:letsencrypt][:certbot_auto_path]}" 20 | not_if "test -x #{node[:letsencrypt][:certbot_auto_path]}" 21 | end 22 | 23 | execute 'install dependency package' do 24 | cmd = "#{node[:letsencrypt][:certbot_auto_path]} -n --os-packages-only" 25 | cmd << ' --debug' if node[:letsencrypt][:debug_mode] 26 | command cmd 27 | not_if "test -n \"$(#{cmd} --dry-run | grep 'OS packages installed.')\"" 28 | end 29 | 30 | # get each domain certificate 31 | node[:letsencrypt][:domains].each do |domain| 32 | execute "get #{domain} certificate" do 33 | cmd = [ 34 | node[:letsencrypt][:certbot_auto_path], 35 | 'certonly', 36 | '--agree-tos', 37 | "-d #{domain}", 38 | "-m #{node[:letsencrypt][:email]}", 39 | "-a #{node[:letsencrypt][:authenticator]}", 40 | '--keep', 41 | '-n', 42 | "--preferred-challenges #{node[:letsencrypt][:challenge_type]}", 43 | ] 44 | cmd << "-w #{node[:letsencrypt][:webroot_path]}" if node[:letsencrypt][:webroot_path] 45 | cmd << '--debug' if node[:letsencrypt][:debug_mode] 46 | command cmd.join(' ') 47 | not_if "test -d /etc/letsencrypt/live/#{domain}" 48 | end 49 | end 50 | 51 | include_recipe 'letsencrypt::cron' if node[:letsencrypt][:cron_configuration] 52 | -------------------------------------------------------------------------------- /CODE_OF_CONDUCT.md: -------------------------------------------------------------------------------- 1 | # Contributor Code of Conduct 2 | 3 | As contributors and maintainers of this project, and in the interest of 4 | fostering an open and welcoming community, we pledge to respect all people who 5 | contribute through reporting issues, posting feature requests, updating 6 | documentation, submitting pull requests or patches, and other activities. 7 | 8 | We are committed to making participation in this project a harassment-free 9 | experience for everyone, regardless of level of experience, gender, gender 10 | identity and expression, sexual orientation, disability, personal appearance, 11 | body size, race, ethnicity, age, religion, or nationality. 12 | 13 | Examples of unacceptable behavior by participants include: 14 | 15 | * The use of sexualized language or imagery 16 | * Personal attacks 17 | * Trolling or insulting/derogatory comments 18 | * Public or private harassment 19 | * Publishing other's private information, such as physical or electronic 20 | addresses, without explicit permission 21 | * Other unethical or unprofessional conduct 22 | 23 | Project maintainers have the right and responsibility to remove, edit, or 24 | reject comments, commits, code, wiki edits, issues, and other contributions 25 | that are not aligned to this Code of Conduct, or to ban temporarily or 26 | permanently any contributor for other behaviors that they deem inappropriate, 27 | threatening, offensive, or harmful. 28 | 29 | By adopting this Code of Conduct, project maintainers commit themselves to 30 | fairly and consistently applying these principles to every aspect of managing 31 | this project. Project maintainers who do not follow or enforce the Code of 32 | Conduct may be permanently removed from the project team. 33 | 34 | This code of conduct applies both within project spaces and in public spaces 35 | when an individual is representing the project or its community. 36 | 37 | Instances of abusive, harassing, or otherwise unacceptable behavior may be 38 | reported by contacting a project maintainer at hata.yusaku.1225@gmail.com. All 39 | complaints will be reviewed and investigated and will result in a response that 40 | is deemed necessary and appropriate to the circumstances. Maintainers are 41 | obligated to maintain confidentiality with regard to the reporter of an 42 | incident. 43 | 44 | This Code of Conduct is adapted from the [Contributor Covenant][homepage], 45 | version 1.3.0, available at 46 | [http://contributor-covenant.org/version/1/3/0/][version] 47 | 48 | [homepage]: http://contributor-covenant.org 49 | [version]: http://contributor-covenant.org/version/1/3/0/ --------------------------------------------------------------------------------