An effective ACME v2 client: Manage keys on the cloud (e.g. S3)
License: MIT License
Sorah is a Rubyist and a Rustacean. Currently working as a SWE of Site Reliability and Corporate Engineering (IT) at Cookpad.
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "dependabot[bot]")
First off, many thanks for updating your gem to handle v2. I'm really excited to try out wildcard certificates.
I'm running into an issue on v2.0.2 of the gem when ordering a certificate. It seems like Route53 is throwing errors because acmesmith is trying to create the same txt record twice.
Essentially i'm trying to order a certificate with the christestnew.mycompany.com as the common name and a wildcard *.christestnew.mycompany.com as an alt name.
Here's the command that I ran and the output:
> acmesmith order christestnew.mycompany.com *.christestnew.mycompany.com
=> Ordering a certificate for the following identifiers:
* christestnew.mycompany.com
* *.christestnew.mycompany.com
=> Generating CSR
=> Placing an order
=> Looking for required domain authorizations
* christestnew.mycompany.com
* christestnew.mycompany.com
=> Responsing to the challenges for the following identifier:
* Responder: Acmesmith::ChallengeResponders::Route53
* Identifiers:
- christestnew.mycompany.com (dns-01)
- christestnew.mycompany.com (dns-01)
=> Requesting RRSet change for challenge response
* /hostedzone/XXXXXXXXXXXXXX:
- UPSERT: _acme-challenge.christestnew.mycompany.com 5 TXT "u9b3NTcVRnDOJ9xIph6f4BWp7bYmzSF9eIsBR8HbSy4"
- UPSERT: _acme-challenge.christestnew.mycompany.com 5 TXT "4XQBBIkJ2xm4oBh2QcLu47Y4demHBBnJ-FGmOAVN0jc"
... /usr/local/rvm/gems/ruby-2.3.5/gems/aws-sdk-core-3.13.0/lib/seahorse/client/plugins/raise_response_errors.rb:15:in `call': The request contains an invalid set of changes for a resource record set 'TXT _acme-challenge.christestnew.mycompany.com.' (Aws::Route53::Errors::InvalidChangeBatch)
Hello!
I love this project, it has saved much time and effort in managing our SSL certs!
Anyways, I noticed that the way the autorenew command when using the S3 storage options works is either you optionally pass in a CN to the command or if you don't, it defaults to attempt to autorenew all the domains associated to your account that are listed in your bucket. I use multiple servers with different domains on them but they all use the same account. I think the autorenew command could read for the s3 bucket by checking the acmesmith.yml config file for the appropriate domains to search through instead of trying to autorenew them all.
For now my workaround is to just run the command for each domain to attempt to autorenew them individually but it would be nice to just run the autorenew command with the supplied config file and it attempts to autorenew the CNs listed there.
Let me know what you think!
I recently forked your repository because I wanted to contribute to development by creating a few pull requests. After cloning I ran the tests but most of them fail, complaining about missing certificates for example.com. The setup script installs the bundle only.
How should I set up this gem for local development?
When I try to authorize a domain, I get the following error:
acmesmith authorize domain.name. -c ./config/acmesmith/production.yml
/Users/kaimarshland/.rvm/gems/ruby-2.3.0/gems/acme-client-0.4.0/lib/acme/client/faraday_middleware.rb:43:in `raise_on_error!': DNS label is too short (Acme::Client::Error::Malformed)
from /Users/kaimarshland/.rvm/gems/ruby-2.3.0/gems/acme-client-0.4.0/lib/acme/client/faraday_middleware.rb:33:in `on_complete'
from /Users/kaimarshland/.rvm/gems/ruby-2.3.0/gems/acme-client-0.4.0/lib/acme/client/faraday_middleware.rb:18:in `block in call'
from /Users/kaimarshland/.rvm/gems/ruby-2.3.0/gems/faraday-0.9.2/lib/faraday/response.rb:57:in `on_complete'
from /Users/kaimarshland/.rvm/gems/ruby-2.3.0/gems/acme-client-0.4.0/lib/acme/client/faraday_middleware.rb:18:in `call'
from /Users/kaimarshland/.rvm/gems/ruby-2.3.0/gems/faraday-0.9.2/lib/faraday/rack_builder.rb:139:in `build_response'
from /Users/kaimarshland/.rvm/gems/ruby-2.3.0/gems/faraday-0.9.2/lib/faraday/connection.rb:377:in `run_request'
from /Users/kaimarshland/.rvm/gems/ruby-2.3.0/gems/faraday-0.9.2/lib/faraday/connection.rb:177:in `post'
from /Users/kaimarshland/.rvm/gems/ruby-2.3.0/gems/acme-client-0.4.0/lib/acme/client.rb:57:in `authorize'
from /Users/kaimarshland/.rvm/gems/ruby-2.3.0/gems/acmesmith-0.4.1/lib/acmesmith/command.rb:27:in `authorize'
from /Users/kaimarshland/.rvm/gems/ruby-2.3.0/gems/thor-0.19.1/lib/thor/command.rb:27:in `run'
from /Users/kaimarshland/.rvm/gems/ruby-2.3.0/gems/thor-0.19.1/lib/thor/invocation.rb:126:in `invoke_command'
from /Users/kaimarshland/.rvm/gems/ruby-2.3.0/gems/thor-0.19.1/lib/thor.rb:359:in `dispatch'
from /Users/kaimarshland/.rvm/gems/ruby-2.3.0/gems/thor-0.19.1/lib/thor/base.rb:440:in `start'
from /Users/kaimarshland/.rvm/gems/ruby-2.3.0/gems/acmesmith-0.4.1/bin/acmesmith:4:in `<top (required)>'
from /Users/kaimarshland/.rvm/gems/ruby-2.3.0/bin/acmesmith:23:in `load'
from /Users/kaimarshland/.rvm/gems/ruby-2.3.0/bin/acmesmith:23:in `<main>'
from /Users/kaimarshland/.rvm/gems/ruby-2.3.0/bin/ruby_executable_hooks:15:in `eval'
from /Users/kaimarshland/.rvm/gems/ruby-2.3.0/bin/ruby_executable_hooks:15:in `<main>'
My config looks like this:
endpoint: https://acme-v01.api.letsencrypt.org/
storage:
type: s3
region: 'us-west-1'
bucket: 'my-bucket'
prefix: 'production'
challenge_responders:
- route53: {}
account_key_passphrase: password
certificate_key_passphrase: secret
I have registered using:
acmesmith register mailto:[email protected] -c ./config/acmesmith/production.yml
I am using acmesmith 0.4.1 and acme-client (0.4.0). While the final error is thrown by the acme client, it seems like the cause is from sending an invalid request.
Hi,
I got a use case that I had a administrator AWS account and servals developer account.
For security purpose, I can't allow developers access the administrator account.
And, I also had a Hosted Zone in administrator account(Main domain), sub domains were hosted on per develop account.
When I use acmesmith to request changing RRset, I got an error.
like:
{"type"=>"urn:ietf:params:acme:error:dns", "detail"=>"DNS problem: NXDOMAIN looking up TXT for _acme-challenge.develop.example.com - check that a DNS record exists for this domain", "status"=>400}
Anyway, I figure out what happened.
The SOA record hosted on developer account's Hosted Zone(develop.example.com).
But, I used administrator account's credential to access AWS.
So, acmesmith can't upset a RRset for developer account's Hosted Zone(develop.example.com).
P.S. I got servals developer account, but a unified ssl certificate request platform(base on acmesmith lib)
So, I modify some code and created a pr.
It worked pretty good in my case.
Thank you very much with your acmesmith.
I have a cron to renew my certificates that runs everyday. I'm utilising the autorenew command to do this in the script below. There needs to be a way to figure out that renewal was not required so I can skip fetching and writing the certificates to disk all the time.
#!/bin/bash
/usr/local/bin/acmesmith autorenew -d10 -c /tmp/acmesmith.yml
/usr/local/bin/acmesmith save-certificate lmu.abc.com --output=/etc/nginx/ssl/lmu.abc.com/fullchain.pem -c /tmp/acmesmith.yml
/usr/local/bin/acmesmith save-private-key lmu.abc.com --output=/etc/nginx/ssl/lmu.abc.com/privkey.pem -c /tmp/acmesmith.ymlOne solution is to have the autorenew command throw a non-zero exit if the certificates do not need renewal.
Thank you for developing this gem to handle v2. I'm using it to renew our wildcard certificates based on a cronjob and the 3rd party plugin acmesmith-google-cloud-dns
#cronjob
#Ansible: *.muster-domain.de renew
25 1 * * * cd /etc/ssl/acme && /usr/local/rbenv/shims/acmesmith autorenew -d 10 *.muster-domain.de > /dev/null
I use the following post_issuing_hooks:
#acmesmith.yml
directory: https://acme-v02.api.letsencrypt.org/directory
storage:
type: filesystem
path: /etc/ssl/acme
challenge_responders:
- google_cloud_dns:
project_id: project_id
private_key_json_file: /etc/ssl/acme/project_id.json
ttl: 5
post_issuing_hooks:
"*.muster-domain.de":
- shell:
command: /usr/bin/systemctl reload nginx
- shell:
command: mail -s "New cert for ${COMMON_NAME} has been issued" [email protected] < /dev/null
The first time when I had our certificate being expired soon (in 10 days) I encountered the following error:
/usr/local/rbenv/versions/2.4.2/lib/ruby/gems/2.4.0/gems/acme-client-2.0.1/lib/acme/client/jwk/rsa.rb:35:in `sign': Private key is needed. (ArgumentError)
from /usr/local/rbenv/versions/2.4.2/lib/ruby/gems/2.4.0/gems/acme-client-2.0.1/lib/acme/client/jwk/rsa.rb:35:in `sign'
from /usr/local/rbenv/versions/2.4.2/lib/ruby/gems/2.4.0/gems/acme-client-2.0.1/lib/acme/client/jwk/base.rb:23:in `jws'
from /usr/local/rbenv/versions/2.4.2/lib/ruby/gems/2.4.0/gems/acme-client-2.0.1/lib/acme/client/faraday_middleware.rb:19:in `call'
from /usr/local/rbenv/versions/2.4.2/lib/ruby/gems/2.4.0/gems/faraday-0.15.4/lib/faraday/rack_builder.rb:143:in `build_response'
from /usr/local/rbenv/versions/2.4.2/lib/ruby/gems/2.4.0/gems/faraday-0.15.4/lib/faraday/connection.rb:387:in `run_request'
from /usr/local/rbenv/versions/2.4.2/lib/ruby/gems/2.4.0/gems/faraday-0.15.4/lib/faraday/connection.rb:175:in `post'
from /usr/local/rbenv/versions/2.4.2/lib/ruby/gems/2.4.0/gems/acme-client-2.0.1/lib/acme/client.rb:250:in `post'
from /usr/local/rbenv/versions/2.4.2/lib/ruby/gems/2.4.0/gems/acme-client-2.0.1/lib/acme/client.rb:88:in `account'
from /usr/local/rbenv/versions/2.4.2/lib/ruby/gems/2.4.0/gems/acme-client-2.0.1/lib/acme/client.rb:98:in `kid'
from /usr/local/rbenv/versions/2.4.2/lib/ruby/gems/2.4.0/gems/acme-client-2.0.1/lib/acme/client/faraday_middleware.rb:42:in `jws_header'
from /usr/local/rbenv/versions/2.4.2/lib/ruby/gems/2.4.0/gems/acme-client-2.0.1/lib/acme/client/faraday_middleware.rb:19:in `call'
from /usr/local/rbenv/versions/2.4.2/lib/ruby/gems/2.4.0/gems/faraday-0.15.4/lib/faraday/rack_builder.rb:143:in `build_response'
from /usr/local/rbenv/versions/2.4.2/lib/ruby/gems/2.4.0/gems/faraday-0.15.4/lib/faraday/connection.rb:387:in `run_request'
from /usr/local/rbenv/versions/2.4.2/lib/ruby/gems/2.4.0/gems/faraday-0.15.4/lib/faraday/connection.rb:175:in `post'
from /usr/local/rbenv/versions/2.4.2/lib/ruby/gems/2.4.0/gems/acme-client-2.0.1/lib/acme/client.rb:250:in `post'
from /usr/local/rbenv/versions/2.4.2/lib/ruby/gems/2.4.0/gems/acme-client-2.0.1/lib/acme/client.rb:113:in `new_order'
from /usr/local/rbenv/versions/2.4.2/lib/ruby/gems/2.4.0/gems/acmesmith-2.2.0/lib/acmesmith/client.rb:32:in `order'
from /usr/local/rbenv/versions/2.4.2/lib/ruby/gems/2.4.0/gems/acmesmith-2.2.0/lib/acmesmith/client.rb:164:in `block in autorenew'
from /usr/local/rbenv/versions/2.4.2/lib/ruby/gems/2.4.0/gems/acmesmith-2.2.0/lib/acmesmith/client.rb:156:in `each'
from /usr/local/rbenv/versions/2.4.2/lib/ruby/gems/2.4.0/gems/acmesmith-2.2.0/lib/acmesmith/client.rb:156:in `autorenew'
from /usr/local/rbenv/versions/2.4.2/lib/ruby/gems/2.4.0/gems/acmesmith-2.2.0/lib/acmesmith/command.rb:140:in `autorenew'
from /usr/local/rbenv/versions/2.4.2/lib/ruby/gems/2.4.0/gems/thor-0.20.3/lib/thor/command.rb:27:in `run'
from /usr/local/rbenv/versions/2.4.2/lib/ruby/gems/2.4.0/gems/thor-0.20.3/lib/thor/invocation.rb:126:in `invoke_command'
from /usr/local/rbenv/versions/2.4.2/lib/ruby/gems/2.4.0/gems/thor-0.20.3/lib/thor.rb:387:in `dispatch'
from /usr/local/rbenv/versions/2.4.2/lib/ruby/gems/2.4.0/gems/thor-0.20.3/lib/thor/base.rb:466:in `start'
from /usr/local/rbenv/versions/2.4.2/lib/ruby/gems/2.4.0/gems/acmesmith-2.2.0/bin/acmesmith:4:in `<top (required)>'
from /usr/local/rbenv/versions/2.4.2/bin/acmesmith:23:in `load'
from /usr/local/rbenv/versions/2.4.2/bin/acmesmith:23:in `<main>'
As a last note, I was able to create the initial certificate using acmesmith order '*.muster-domain.de' , so if any thing is wrong with this configuration I hope that you can point it out ๐
v1.0.0 and v2.0.0 of 'acme-client' was released1, but only v1.0.0 works well with acmesmith.
Should we add a version specifier, '~> 1.0', for the dependency to 'acme-client' in the gemspec file for now?
continuing from #28
Hi Folks,
Great tool.
I'm automating with ansible, and would like to be able to run the authorize tool without it doing the slow (well it's slow if I'm doing more than 3 SANs, and Letsencrypt supports up to 100) DNS stuff for every SAN in a cert.
Could you either expose the verify step so that I can check if my SANs are authorized, so I can skip the authorize step, or could you just verify the SANs in a request first (as well as last), and skip the already authorized ones.
Also, what's the best way for me to know if my registration is good already, as this fails if I try to run it twice.
One fix for all this is to delete the entire bucket subdir under which all this sits, but I guess it's not your intention, as you would not have built in versioning support otherwise.
Thanks in advance.
Regards, David
LE is switching to ISRG root on January 11, 2021 1. It'll be handy if we can have an option to test the new chain before that date.
Certbot have the --preferred-chain option that can specify the chain of the certs. 2 3
Add a preferred-chain option in either order command or in acmesmith.yaml
I'd like to submit a PR after we decided which approach we want.
I have been using acmesmith for several years to update a wildcard certificate used by short-lived servers. As long as my cron-script has been running correctly, acmesmith has worked well.
Today we discovered that the certificate had expired. Looking at the log file, it seems that the autorenew function has not been able to complete since around 2023-10-04 (before that, it has been performing like clockwork).
I suspect it is related to whatever was changed in the 2.6.0 release, so I'm going to try using the docker container for the
This is the error log that happens when trying to run autorenew:
bundler: failed to load command: bin/acmesmith (bin/acmesmith)
/usr/lib/ruby/3.2.0/timeout.rb:101:in `initialize': can't create Thread: Operation not permitted (ThreadError)
from /usr/lib/ruby/3.2.0/timeout.rb:101:in `new'
from /usr/lib/ruby/3.2.0/timeout.rb:101:in `create_timeout_thread'
from /usr/lib/ruby/3.2.0/timeout.rb:134:in `block in ensure_timeout_thread_created'
from /usr/lib/ruby/3.2.0/timeout.rb:132:in `synchronize'
from /usr/lib/ruby/3.2.0/timeout.rb:132:in `ensure_timeout_thread_created'
from /usr/lib/ruby/3.2.0/timeout.rb:181:in `timeout'
from /usr/lib/ruby/3.2.0/net/http.rb:1269:in `connect'
from /usr/lib/ruby/3.2.0/net/http.rb:1248:in `do_start'
from /usr/lib/ruby/3.2.0/net/http.rb:1243:in `start'
from /usr/lib/ruby/3.2.0/delegate.rb:87:in `method_missing'
from /gems/ruby/3.2.0/gems/aws-sdk-core-3.185.0/lib/seahorse/client/net_http/connection_pool.rb:307:in `start_session'
from /gems/ruby/3.2.0/gems/aws-sdk-core-3.185.0/lib/seahorse/client/net_http/connection_pool.rb:100:in `session_for'
from /gems/ruby/3.2.0/gems/aws-sdk-core-3.185.0/lib/seahorse/client/net_http/handler.rb:128:in `session'
from /gems/ruby/3.2.0/gems/aws-sdk-core-3.185.0/lib/seahorse/client/net_http/handler.rb:76:in `transmit'
from /gems/ruby/3.2.0/gems/aws-sdk-core-3.185.0/lib/seahorse/client/net_http/handler.rb:50:in `call'
from /gems/ruby/3.2.0/gems/aws-sdk-core-3.185.0/lib/seahorse/client/plugins/content_length.rb:24:in `call'
from /gems/ruby/3.2.0/gems/aws-sdk-core-3.185.0/lib/seahorse/client/plugins/request_callback.rb:118:in `call'
from /gems/ruby/3.2.0/gems/aws-sdk-s3-1.136.0/lib/aws-sdk-s3/plugins/s3_signer.rb:73:in `call'
from /gems/ruby/3.2.0/gems/aws-sdk-s3-1.136.0/lib/aws-sdk-s3/plugins/s3_host_id.rb:17:in `call'
from /gems/ruby/3.2.0/gems/aws-sdk-core-3.185.0/lib/aws-sdk-core/xml/error_handler.rb:10:in `call'
from /gems/ruby/3.2.0/gems/aws-sdk-core-3.185.0/lib/aws-sdk-core/plugins/sign.rb:49:in `call'
from /gems/ruby/3.2.0/gems/aws-sdk-core-3.185.0/lib/aws-sdk-core/plugins/transfer_encoding.rb:26:in `call'
from /gems/ruby/3.2.0/gems/aws-sdk-core-3.185.0/lib/aws-sdk-core/plugins/helpful_socket_errors.rb:12:in `call'
from /gems/ruby/3.2.0/gems/aws-sdk-s3-1.136.0/lib/aws-sdk-s3/plugins/s3_signer.rb:48:in `call'
from /gems/ruby/3.2.0/gems/aws-sdk-s3-1.136.0/lib/aws-sdk-s3/plugins/redirects.rb:20:in `call'
from /gems/ruby/3.2.0/gems/aws-sdk-core-3.185.0/lib/aws-sdk-core/plugins/retry_errors.rb:360:in `call'
from /gems/ruby/3.2.0/gems/aws-sdk-core-3.185.0/lib/aws-sdk-core/plugins/user_agent.rb:37:in `call'
from /gems/ruby/3.2.0/gems/aws-sdk-core-3.185.0/lib/aws-sdk-core/plugins/http_checksum.rb:19:in `call'
from /gems/ruby/3.2.0/gems/aws-sdk-core-3.185.0/lib/aws-sdk-core/plugins/endpoint_pattern.rb:30:in `call'
from /gems/ruby/3.2.0/gems/aws-sdk-core-3.185.0/lib/aws-sdk-core/plugins/checksum_algorithm.rb:136:in `call'
from /gems/ruby/3.2.0/gems/aws-sdk-core-3.185.0/lib/aws-sdk-core/plugins/request_compression.rb:94:in `call'
from /gems/ruby/3.2.0/gems/aws-sdk-s3-1.136.0/lib/aws-sdk-s3/plugins/expect_100_continue.rb:23:in `call'
from /gems/ruby/3.2.0/gems/aws-sdk-s3-1.136.0/lib/aws-sdk-s3/plugins/bucket_name_restrictions.rb:21:in `call'
from /gems/ruby/3.2.0/gems/aws-sdk-core-3.185.0/lib/aws-sdk-core/rest/handler.rb:10:in `call'
from /gems/ruby/3.2.0/gems/aws-sdk-core-3.185.0/lib/aws-sdk-core/plugins/recursion_detection.rb:18:in `call'
from /gems/ruby/3.2.0/gems/aws-sdk-s3-1.136.0/lib/aws-sdk-s3/plugins/endpoints.rb:41:in `call'
from /gems/ruby/3.2.0/gems/aws-sdk-core-3.185.0/lib/aws-sdk-core/plugins/endpoint_discovery.rb:84:in `call'
from /gems/ruby/3.2.0/gems/aws-sdk-core-3.185.0/lib/seahorse/client/plugins/endpoint.rb:47:in `call'
from /gems/ruby/3.2.0/gems/aws-sdk-s3-1.136.0/lib/aws-sdk-s3/plugins/url_encoded_keys.rb:43:in `manage_keys'
from /gems/ruby/3.2.0/gems/aws-sdk-s3-1.136.0/lib/aws-sdk-s3/plugins/url_encoded_keys.rb:35:in `call'
from /gems/ruby/3.2.0/gems/aws-sdk-core-3.185.0/lib/aws-sdk-core/plugins/param_validator.rb:26:in `call'
from /gems/ruby/3.2.0/gems/aws-sdk-core-3.185.0/lib/seahorse/client/plugins/raise_response_errors.rb:16:in `call'
from /gems/ruby/3.2.0/gems/aws-sdk-s3-1.136.0/lib/aws-sdk-s3/plugins/sse_cpk.rb:24:in `call'
from /gems/ruby/3.2.0/gems/aws-sdk-s3-1.136.0/lib/aws-sdk-s3/plugins/dualstack.rb:21:in `call'
from /gems/ruby/3.2.0/gems/aws-sdk-s3-1.136.0/lib/aws-sdk-s3/plugins/accelerate.rb:43:in `call'
from /gems/ruby/3.2.0/gems/aws-sdk-core-3.185.0/lib/aws-sdk-core/plugins/checksum_algorithm.rb:111:in `call'
from /gems/ruby/3.2.0/gems/aws-sdk-core-3.185.0/lib/aws-sdk-core/plugins/jsonvalue_converter.rb:16:in `call'
from /gems/ruby/3.2.0/gems/aws-sdk-core-3.185.0/lib/aws-sdk-core/plugins/idempotency_token.rb:19:in `call'
from /gems/ruby/3.2.0/gems/aws-sdk-core-3.185.0/lib/aws-sdk-core/plugins/param_converter.rb:26:in `call'
from /gems/ruby/3.2.0/gems/aws-sdk-core-3.185.0/lib/seahorse/client/plugins/request_callback.rb:89:in `call'
from /gems/ruby/3.2.0/gems/aws-sdk-core-3.185.0/lib/aws-sdk-core/plugins/response_paging.rb:12:in `call'
from /gems/ruby/3.2.0/gems/aws-sdk-core-3.185.0/lib/seahorse/client/plugins/response_target.rb:24:in `call'
from /gems/ruby/3.2.0/gems/aws-sdk-core-3.185.0/lib/seahorse/client/request.rb:72:in `send_request'
from /gems/ruby/3.2.0/gems/aws-sdk-s3-1.136.0/lib/aws-sdk-s3/client.rb:8682:in `list_objects'
from /app/lib/acmesmith/storages/s3.rb:118:in `list_certificates'
from /app/lib/acmesmith/client.rb:126:in `autorenew'
from /app/lib/acmesmith/command.rb:148:in `autorenew'
from /gems/ruby/3.2.0/gems/thor-1.2.2/lib/thor/command.rb:27:in `run'
from /gems/ruby/3.2.0/gems/thor-1.2.2/lib/thor/invocation.rb:127:in `invoke_command'
from /gems/ruby/3.2.0/gems/thor-1.2.2/lib/thor.rb:392:in `dispatch'
from /gems/ruby/3.2.0/gems/thor-1.2.2/lib/thor/base.rb:485:in `start'
from bin/acmesmith:4:in `<top (required)>'
from /var/lib/gems/3.2.0/gems/bundler-2.4.13/lib/bundler/cli/exec.rb:58:in `load'
from /var/lib/gems/3.2.0/gems/bundler-2.4.13/lib/bundler/cli/exec.rb:58:in `kernel_load'
from /var/lib/gems/3.2.0/gems/bundler-2.4.13/lib/bundler/cli/exec.rb:23:in `run'
from /var/lib/gems/3.2.0/gems/bundler-2.4.13/lib/bundler/cli.rb:492:in `exec'
from /var/lib/gems/3.2.0/gems/bundler-2.4.13/lib/bundler/vendor/thor/lib/thor/command.rb:27:in `run'
from /var/lib/gems/3.2.0/gems/bundler-2.4.13/lib/bundler/vendor/thor/lib/thor/invocation.rb:127:in `invoke_command'
from /var/lib/gems/3.2.0/gems/bundler-2.4.13/lib/bundler/vendor/thor/lib/thor.rb:392:in `dispatch'
from /var/lib/gems/3.2.0/gems/bundler-2.4.13/lib/bundler/cli.rb:34:in `dispatch'
from /var/lib/gems/3.2.0/gems/bundler-2.4.13/lib/bundler/vendor/thor/lib/thor/base.rb:485:in `start'
from /var/lib/gems/3.2.0/gems/bundler-2.4.13/lib/bundler/cli.rb:28:in `start'
from /var/lib/gems/3.2.0/gems/bundler-2.4.13/exe/bundle:45:in `block in <top (required)>'
from /var/lib/gems/3.2.0/gems/bundler-2.4.13/lib/bundler/friendly_errors.rb:117:in `with_friendly_errors'
from /var/lib/gems/3.2.0/gems/bundler-2.4.13/exe/bundle:33:in `<top (required)>'
from /usr/local/bin/bundle:25:in `load'
from /usr/local/bin/bundle:25:in `<main>'
Have a ruby client, along with the existing command-line client. This would provide a larger control over using this ACME client. One use case being, where you would want to take specific action on occurrence of a certain type of error.
A breaking change in unixcharles/acme-client#66 (published to RubyGems in v0.3.2) caused acmesmith to fail with uninitialized constant Acme (NameError) because this library uses require 'acme/client'. This change was reverted in unixcharles/acme-client#83 (not yet published to RubyGems), so future versions should work again. However, this means that all versions of acmesmith are broken when used with acme-client 0.3.2 through 0.3.6.
Possible fixes for future release of acmesmith:
require acme/client to require acme-clientacme-client dependency to ['< 0.3.2'], ['> 0.3.6'] to avoid the incompatible versionsHi.
The use case here is that we want a central storage in one AWS account and Route53 hosted zone in multiple AWS accounts.
We've made a working prototype for this feature. We want to discuss how the config should look like before create a pr.
The proposed config format is
challenge_responders:
- route53:
# aws_access_key: # aws credentials (optional); If omit, default configuration of aws-sdk use will be used.
# access_key_id:
# secret_access_key:
# session_token:
# hosted_zone_map: # hosted zone map (optional); This is to specify exactly one hosted zone to use. This will be required when there are multiple hosted zone with same domain name. Usually
# "example.org.": "/hostedzone/DEADBEEF"
# alternative format, required when the hosted zone is in an account different from the storage account. or having zones in multiple accounts.
# "example.com.":
# id: "/hostedzone/8BADFOOD"
# role_arn: "arn:aws:iam::123451234512:role/switched_role" 
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
Django
The Web framework for perfectionists with deadlines.
Laravel
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft
Open source projects and samples from Microsoft.
Google
Google โค๏ธ Open Source for everyone.
Alibaba
Alibaba Open Source for everyone
D3
Data-Driven Documents codes.
Tencent
China tencent open source team.