This is the master branch. It contains all the latest changes and should not be used in production unless you know what you're doing. While master
is supposed to be in a usable state, it may (and probably will) contain breaking changes from the last release.
Current stable release is 3.1.1
Let's make everything secure.
With the advent of free SSL and Heroku finally offering free SSL endpoints, it's about time we made it ridiculously easy to get an SSL cert for any Heroku application and keep it up to date.
We wrote a blog post about it here
Created by Substrakt.
You can install letsencrypt-heroku either directly on to Heroku, use Docker Compose or download the code and deploy it yourself anywhere you can run a Rack app.
First off, you'll need a Heroku auth token.
heroku plugins:install heroku-cli-oauth
heroku authorizations:create -d "letsencrypt-heroku"
heroku config:get AUTH_TOKEN
. The response is the secret token. Every request made to the API must have the query parameter auth_token=TOKEN
added to it. You'll receive a 403 error if you forget to do this.This application comes with a docker-compose.yml
file. Assuming you have Docker installed, you can run docker-compose up
and you'll be up and running immediately.
You can deploy this application anywhere you can run a Rack app. (Azure, Heroku, AWS, local, etc.)
git clone https://github.com/substrakt/letsencrypt-heroku.git
brew install redis
)gem install foreman
).env.sample
to .env
using cp .env.sample .env
. The .env
file is read when the application starts and should contain all of the required environment variables. One of these is the token generated earlier for Heroku. DO NOT COMMIT THIS FILE TO SOURCE CONTROLforeman start
.POST /certificate_request
{
"auth_token": "CHOSEN AUTH TOKEN",
"domains": ["www.substrakt.com", "substrakt.com"],
"zone": "CLOUDFLARE DOMAIN ZONE NAME (NOT ID)",
"heroku_app_name": "NAME OF HEROKU APP",
"cloudflare_api_key": "API KEY OF CLOUDFLARE ACCOUNT",
"cloudflare_email": "CLOUDFLARE EMAIL ADDRESS",
"heroku_oauth_token": "HEROKU OAUTH TOKEN"
}
This will start the process in the background and output something like this:
{
"status": "queued",
"uuid": "a97fc5e2fce7bc60a96aa4c3e4907152",
"url": "http://0.0.0.0/certificate_request/a97fc5e2fce7bc60a96aa4c3e4907152?auth_token=testtesttest"
}
That API URL will give you updates as to the certificate generation process. You should poll this to check how it's going. Redis is used as a store for status updates as well as the backend for Resque.
The output looks something like this:
{"status":"finished","message":"Generated certificate"}
That's it.
Pull requests and issues are very much welcome at this early stage.