generate-cert.rb

require 'openssl'
require 'fileutils'
require 'acme-client'
require 'byebug'

ENV['SSL_ADDR'] = '2804.7f3.8481.3cf7.x.4.ip6.name'
ENV['APPLICATION_ENV'] = 'development'

puts 'Registering client'

private_key = OpenSSL::PKey::RSA.new(4096)

#if ENV['APPLICATION_ENV'] == :production.to_s
#	endpoint = 'https://acme-v01.api.letsencrypt.org/'
#else
	endpoint = 'https://acme-staging.api.letsencrypt.org/'
#end

# Initialize the client
client = Acme::Client.new(private_key: private_key, endpoint: endpoint, connection_options: { request: { open_timeout: 5, timeout: 5 } })
registration = client.register(contact: 'mailto:[email protected]')
registration.agree_terms

####### AUTHORIZING THE CLIENT
puts 'Authorizing client to generate certificates'

authorization = client.authorize(domain: ENV['SSL_ADDR'])
challenge = authorization.dns01
debugger
challenge.request_verification

loop do
  begin
    puts '- Waiting authorization check'
    sleep(1)
    has_error = !challenge.error.nil?
    not_pending = challenge.authorization.verify_status != 'pending'
    puts "-- Status: #{challenge.authorization.verify_status}"
    has_certificate_response = not_pending || has_error
    if has_error
      raise "Let's Encrypt failed with error: #{challenge.error}"
    end
  end
  break if has_certificate_response
end

####### GENERATE CERTIFICATE IF DOEST NOT EXIST
puts 'Generating certificate'
csr = Acme::Client::CertificateRequest.new(names: [ENV['SSL_ADDR']])
certificate = client.new_certificate(csr)

puts 'Writing certificates'
FileUtils.mkdir_p(File.join('public', File.dirname(challenge.filename)))
File.write(File.join('public', challenge.filename), challenge.file_content)
File.write('keystore/https-certificates/privkey.pem', certificate.request.private_key.to_pem)
File.write('keystore/https-certificates/cert.pem', certificate.to_pem)
File.write('keystore/https-certificates/chain.pem', certificate.chain_to_pem)
File.write('keystore/https-certificates/fullchain.pem', certificate.fullchain_to_pem)

puts 'Finished'