Skip to content
/ letsencrypt-heroku-plugin Public

Heroku plugin which updates SSL certificate via LetsEncrypt

1 star 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

creative-co/letsencrypt-heroku-plugin

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

16 Commits
lib
lib
 
 
.editorconfig
.editorconfig
 
 
.eslintrc.json
.eslintrc.json
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 
index.js
index.js
 
 
package.json
package.json
 
 
yarn.lock
yarn.lock
 
 

Repository files navigation

Letsencrypt Heroku Plugin [DEPRECATED]

This plugin is deprecated

Please use Heroku Automated Certificate Management instead

Info

Heroku plugin which makes it easy to maintain an SNI SSL endpoint with a certificate obtained via LetsEncrypt. Integrate it into your CI to get auto-renewal.

Installation

$ heroku plugins:install letsencrypt-heroku-plugin

Usage

  1. Make sure REDIS_URL is set in your Heroku app:
$ heroku addons:create heroku-redis
  1. Within your app, implement ACME challenge:

TODO: move this to a gem, create examples for Rack / Express / Koa

# routes.rb - assuming you're on Rails
Rails.application.routes.draw do
  get '/.well-known/acme-challenge/*key' => proc { |env| [200, {}, [Redis.new(url: ENV["REDIS_URL"]).get(env['PATH_INFO']) || ""]] }
end
  1. Run the plugin on your local machine:
$ heroku letsencrypt:run

Using from CI

To get auto-renewal, run this plugin on daily basis from your CI (e.g. via Semaphore scheduled builds)

  1. Authorize your CI to access your Heroku app by setting HEROKU_API_KEY environment variable to your API key from your Heroku account page.

  2. Configure app name by setting HEROKU_APP environment variable or using -a CLI option

Configuration options

By default, the plugin will only issue a new certificate if the current certificate expires in 7 days or less. You can tune this behavior by setting EXPIRATION_THRESHOLD to a different number of days.

You can force certificate re-creation using --force CLI option.

NOTE: There is a rate limit on the API (~5 certificates per week). Set LETSENCRYPT_SERVER environment variable to staging when experimenting to overcome this limitation. Remember: staging certificates are not generally trusted and should be only used for experiments.

Troubleshooting

Set HEROKU_DEBUG and/or LETSENCRYPT_DEBUG env variables to 1 to see Heroku API logs and ACME details.

You might need to reset certbot cache in case you experimented with staging LetsEncrypt server first and then switched to production LetsEncrypt server. On MacOS, just delete ~/letsencrypt folder.

TODO

  • linting
  • (?) ES6 modules
  • le-store-in-memory to avoid caching issues and rm -rf ~/letsencrypt
  • multiple domains per app
  • wildcard domains
  • checking whether domains list changed / matches current alt names on the certificate
  • packaged server implementations (Rails / Rack / Express / Koa / ....)
  • validating DNS setup (CNAME checks / interactive guide)
  • CI setup

Authors

  • Vladimir Yartsev
  • Alex Netrebsky

Credits

Thanks to https://github.com/gboudreau for inspiration.

About

Heroku plugin which updates SSL certificate via LetsEncrypt

Topics

heroku letsencrypt ssl-certificate sni

Resources

Readme
Activity
Custom properties

Stars

1 star

Watchers

8 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors 2

  •  
  •  

Languages