capistrano-lets-encrypt

Capistrano::LetsEncrypt

Let's encrypt support for Capistrano 3.x

Thanks to @unixcharles and @zealot128 for their libraries, acme-client and letsencrypt-cli for managing part of the workflow to work with Let's encrypt. This library use both to create a series of capistrano tasks that should help you create certs on your projects deployed with capistrano

Installation

Add this line to your application's Gemfile:

gem 'capistrano-lets-encrypt'
gem 'capistrano'

And then execute:

$ bundle

Or install it yourself as:

$ gem install capistrano-lets-encrypt

Usage

Require in Capfile to use the default task:

require 'capistrano/lets-encrypt'

You will get the following tasks

cap lets_encrypt:register            # Register a Let's encrypt account
cap lets_encrypt:check_certificate   # Check for validity of certificates
cap lets_encrypt:authorize           # Authorize a domain using ACME protocol
cap lets_encrypt:cert                # Create certificates and private keys

Configurable options (copy into deploy.rb), shown here with examples:

# Set the roles where the let's encrypt process should be started
# Be sure at least one server has primary: true
# default value: :web
set :lets_encrypt_roles, :lets_encrypt

# Optionally set the user to use when installing on the remote system
# default value: nil
set :lets_encrypt_user, nil

# Set it to true to use let's encrypt staging servers
# default value: false
set :lets_encrypt_test, true

# Set your let's encrypt account email (required)
# The account will be created if no private key match
# default value: nil
set :lets_encrypt_email, nil

# Set the path to your let's encrypt account private key
# default value: "#{fetch(:lets_encrypt_email)}.account_key.pem"
set :lets_encrypt_account_key, "#{fetch(:lets_encrypt_email)}.account_key.pem"

# Set the domains you want to register (required)
# This must be a string of one or more domains separated a space - e.g. "example.com example2.com"
# default value: nil
set :lets_encrypt_domains, nil

# Set the path from where you are serving your static assets
# default value: "#{release_path}/public"
set :lets_encrypt_challenge_public_path, "#{release_path}/public"

# Set the path where the new certs are going to be saved
# default value: "#{shared_path}/ssl/certs"
set :lets_encrypt_output_path, "#{shared_path}/ssl/certs"

# Set the local path where the certs will be saved
# default value: "~/certs"
set :lets_encrypt_local_output_path, "~/certs"

# Set the minimum time that the cert should be valid
# default value: 30
set :lets_encrypt_days_valid, 15

Requirements

This tool needs Ruby >= 2.1 (as the dependency acme-client needs that because of use of keyword arguments).

Contributing

1. Fork it
2. Create your feature branch (git checkout -b my-new-feature)
3. Commit your changes (git commit -am 'Add some feature')
4. Push to the branch (git push origin my-new-feature)
5. Create new Pull Request

Credits

Thank you contributors!

capistrano-lets-encrypt is maintained by platanus.

License

Guides is © 2014 platanus, spa. It is free software and may be redistributed under the terms specified in the LICENSE file.