{"id":20487181,"url":"https://github.com/fdocr/lecli","last_synced_at":"2025-10-11T20:14:13.451Z","repository":{"id":56880947,"uuid":"140754951","full_name":"fdocr/lecli","owner":"fdocr","description":"Let's Encrypt CLI to generate certificates","archived":false,"fork":false,"pushed_at":"2018-08-09T18:43:24.000Z","size":102,"stargazers_count":4,"open_issues_count":0,"forks_count":0,"subscribers_count":3,"default_branch":"master","last_synced_at":"2025-03-02T01:13:25.158Z","etag":null,"topics":["cli","https","letsencrypt","ssl"],"latest_commit_sha":null,"homepage":null,"language":"Ruby","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/fdocr.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE.txt","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2018-07-12T19:15:00.000Z","updated_at":"2021-01-23T19:15:57.000Z","dependencies_parsed_at":"2022-08-20T22:31:17.660Z","dependency_job_id":null,"html_url":"https://github.com/fdocr/lecli","commit_stats":null,"previous_names":["fdoxyz/lecli"],"tags_count":9,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/fdocr%2Flecli","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/fdocr%2Flecli/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/fdocr%2Flecli/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/fdocr%2Flecli/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/fdocr","download_url":"https://codeload.github.com/fdocr/lecli/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":241801261,"owners_count":20022394,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cli","https","letsencrypt","ssl"],"created_at":"2024-11-15T16:40:14.736Z","updated_at":"2025-10-11T20:14:08.428Z","avatar_url":"https://github.com/fdocr.png","language":"Ruby","funding_links":[],"categories":[],"sub_categories":[],"readme":"# lecli\n\nlecli is a gem that provides a CLI to generate Let's Encrypt certificates. The name stands for **L**et's **E**ncrypt **CLI**.\n\nlecli wraps the lower level [ACME protocol Client gem](https://github.com/unixcharles/acme-client) with the intention to create your custom [Certbot](https://certbot.eff.org/). This would make it easier for you to automate/script around it. In order to achieve this, lecli pairs well with cron jobs and the recommended [whenever gem](https://github.com/javan/whenever).\n\n## Installation\n\n```\n$ gem install lecli\n```\n\n## Getting started\n\nThe CLI will use the Let's Encrypt staging endpoint unless explicitly passed the `--production` flag. All other configuration data is managed by a config file - `lecli.yml`. To help understand the available options you can run the following in your terminal and a sample YAML file will be generated for you:\n\n```\n$ lecli yaml\n```\n\nNow let's see what's inside...\n\n### `lecli.yml`\n\n```\n---\ndomains:\n- example.com\n- test.net\n- yetanotherwebsite.com\ncommon_name: example.com\naccount_email: test@account.com\nrequest_key: request.pem\ncertificate_key: certificate.pem\nchallenges_relative_path: challenges\nsuccess_callback_script: deploy.sh\n```\n\nOnly required options in this file are **domains** (list of domains), **common_name** and **account_email**. All others can be deleted if you're OK with the defaults, all of which will be loaded for you *except* **success_callback_script**. If the callback script is not specified nothing will be executed after a successful certificate request.\n\n### The flow\n\nFrom the two available types of validation requests only HTTP (and not DNS) is supported [yet](#contributing). This means you'll need to serve a token (lecli will create them for you) accessible from each domain in the **list of domain addresses** requested.\n\nThe tokens will be written to the **challenges_relative_path** and need to be served behind each domain you are requesting, i.e. `example.com/.well-known/acme-challenge/#{token_filename}` needs to return the token created. If requesting multiple domains at once you will probably need some additional setup to route from each domain requested to where the tokens are persisted.\n\nAn example of a simple deployment is when working with a single domain and lecli is executed on the host machine. If working with an nginx server you can just point the challenges path to write the tokens on `/usr/share/nginx/html/.well-known/acme-challenge/`. This way the tokens will be served so that Let's Encrypt is able to reach them.\n\n![alt text](https://github.com/fdoxyz/lecli/blob/master/lecli_diagram.png)\n\nAfter Let's Encrypt is able to access both tokens on the list of domain addresses requested the certificates can be issued. The resulting certificate will be identified by the **email** and under the **common_name** provided. The certificates (`.pem` files) can be renamed with **request_key** and **certificate_key**.\n\nOptionally you can specify a script with **success_callback_script** to be executed. This script will function as a \"callback hook\" and it will run after successfully exporting the domains' certificate.\n\nNow that you've read about `lecli.yml` options available (keywords in **bold**). If you've made sure to: (1) Customize the options config file to create the desired certificate, and (2) made sure the **challenges_relative_path** path is available for a public internet request, then you're now ready to kick off the validation process by executing the following on your terminal:\n\n```\nlecli generate\n```\n\n### Making use of the result Certificates\n\nA simple example `nginx.conf` excerpt to make use of the result certificates could be the following\n\n```\nserver {\n  listen 443 ssl;\n  server_name example.com;\n\n  ssl_certificate       /etc/nginx/ssl/request.pem;\n  ssl_certificate_key   /etc/nginx/ssl/certificate.pem;\n\n  ...\n}\n```\n\nYou can script a server restart if needed, or any other setup that you require to make use of the newly created certificates. Just make sure to point the **success_callback_script** path in your config file (and make the script 'executable') so the CLI can automatically execute it if the request result was successful.\n\nIf you pair the CLI with a cron-job (specially using the [whenever](https://github.com/javan/whenever) gem) you've essentially put together a Let's Encrypt bot and can now leverage scripting for more complex deployments. Your certificates will be renewed periodically. When using **whenever** you'll have lecli CLI in your crontab as easy as:\n\n```\nevery :month, at: '4am' do\n  command \"lecli --production -f /path/to/config/file.yml\"\nend`\n```\n\nBe sure to run `lecli help` for more details.\n\n## Development\n\nAfter checking out the repo, run `bin/setup` to install dependencies. Then, run `bundle exec rake spec` to run the tests. You can also run `bin/console` for an interactive prompt that will allow you to experiment. To install this gem onto your local machine, run `bundle exec rake install`.\n\n## Contributing\n\nBug reports and pull requests are welcome on GitHub at https://github.com/fdoxyz/lecli.\n\nPlease include tests if new features are added and make sure rubocop styling guide is met.\n\n## License\n\nThe gem is available as open source under the terms of the [MIT License](https://opensource.org/licenses/MIT).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ffdocr%2Flecli","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ffdocr%2Flecli","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ffdocr%2Flecli/lists"}