This is the master branch. It contains all the latest changes and should not be used in production unless you know what you're doing. While master
is supposed to be in a usable state, it may (and probably will) contain breaking changes from the last release.
Current stable release is 3.1.1
Let's make everything secure.
With the advent of free SSL and Heroku finally offering free SSL endpoints, it's about time we made it ridiculously easy to get an SSL cert for any Heroku application and keep it up to date.
We wrote a blog post about it here
Created by Substrakt.
You can install letsencrypt-heroku either directly on to Heroku, use Docker Compose or download the code and deploy it yourself anywhere you can run a Rack app.
First off, you'll need a Heroku auth token.
heroku plugins:install heroku-cli-oauth
heroku authorizations:create -d "letsencrypt-heroku"
heroku config:get AUTH_TOKEN
. The response is the secret token. Every request made to the API must have the query parameter auth_token=TOKEN
added to it. You'll receive a 403 error if you forget to do this.
This application comes with a docker-compose.yml
file. Assuming you have Docker installed, you can run docker-compose up
and you'll be up and running immediately.
You can deploy this application anywhere you can run a Rack app. (Azure, Heroku, AWS, local, etc.)
git clone https://github.com/substrakt/letsencrypt-heroku.git
brew install redis
)gem install foreman
).env.sample
to .env
using cp .env.sample .env
. The .env
file is read when the application starts and should contain all of the required environment variables. One of these is the token generated earlier for Heroku. DO NOT COMMIT THIS FILE TO SOURCE CONTROL
foreman start
.POST /certificate_request
{
"auth_token": "CHOSEN AUTH TOKEN",
"domains": ["www.substrakt.com", "substrakt.com"],
"zone": "CLOUDFLARE DOMAIN ZONE NAME (NOT ID)",
"heroku_app_name": "NAME OF HEROKU APP",
"cloudflare_api_key": "API KEY OF CLOUDFLARE ACCOUNT",
"cloudflare_email": "CLOUDFLARE EMAIL ADDRESS",
"heroku_oauth_token": "HEROKU OAUTH TOKEN"
}
This will start the process in the background and output something like this:
{
"status": "queued",
"uuid": "a97fc5e2fce7bc60a96aa4c3e4907152",
"url": "http://0.0.0.0/certificate_request/a97fc5e2fce7bc60a96aa4c3e4907152?auth_token=testtesttest"
}
That API URL will give you updates as to the certificate generation process. You should poll this to check how it's going. Redis is used as a store for status updates as well as the backend for Resque.
The output looks something like this:
{"status":"finished","message":"Generated certificate"}
That's it.
Pull requests and issues are very much welcome at this early stage.
此处可能存在不合适展示的内容,页面不予展示。您可通过相关编辑功能自查并修改。
如您确认内容无涉及 不当用语 / 纯广告导流 / 暴力 / 低俗色情 / 侵权 / 盗版 / 虚假 / 无价值内容或违法国家有关法律法规的内容,可点击提交进行申诉,我们将尽快为您处理。