make_ssl is wrapper CLI tool combined with a PEX build script to make deploying and running simp_le even simpler!
Usage: make-ssl-osx [OPTIONS] COMMAND [ARGS]...
This main entry point of the script is used to invoke an step-by-step
interactive SSL setup; invoking each of the subcommands in order.
Options:
--debug / --no-debug
-y, --yes Confirm all prompts with default action
--nginx-dir TEXT Location of nginx configuration
--email TEXT Lets Encrypt account email
--help Show this message and exit.
Commands:
configure_ssl_nginx Makes sure that the generated certificates...
confirm_domains Find the server_name values from the nginx...
generate_renew_script Using given domain names, generate a script...
get_files Find nginx configuration files, and ask user...
simp_le Run simp_le passing it further arguments (use...
If you're like me, you love and use Let's Encrypt often. This tool aims to assist in performing the (repetitive) actions required to secure each domain you work on.
Read more about Let's Encrypt at their official site.
simp_le, a simple Let's Encrypt client, is an excellent tool written by Jakub Warmuz who works on the official Let's Encrypt client.
For a short tutorial on Let's Encrypt using simp_le check out this blog entry.
The build.sh bash script generates a PEX (Python EXecutable) file, a stand-alone packaged executable for the CLI tool and it's dependencies (click, simp_le, and all the required cryptography libs). I found this to be a really nice way to freeze all requirements while avoiding the need to re-build dependencies (for non-wheel packages) for every machine we want to secure.
If you want to understand how PEX works, I encourage you to watch this video introduction by Brian Wickman.
This is simple CLI wrapper for running simp_le, and aims to provide a step-by-step guide (using prompts) to getting certs and securing your Nginx http server. When called without positional arguments, it currently follows the following steps:
- Prompt for the location of nginx config files directory and read every nginx FILE.conf found in above dir, and if it does not contain
acme-challenge, save the domains listed. Also prints out the required nginx config changes to add the challenge. - For every domain, verify it is reachable on http://domain (using requests).
- Generates a certificate renewal script, to be run as a monthly cronjob.
- Run
simp_lewith built arguments to initially generate LE account and certs. - Print out the required nginx config changes to configure ssl server with generated certificates (some assumptions are made in regards with protocols, strictness and ciphers).
Each of the above is also callable as an independent sub-command, e.g. running make-ssl-osx generate_renew_script will generate the "renew certificates" script. While each sub-command should prompt for required arguments (or use sane defaults), these can also be provided with options; see --help on any sub-command for more info.
To achieve the slick command line interface, Armin Ronacher's click is used.
To build locally (for your machine's architecture) simply run the bash build script:
$ ./build.sh <platform>
# for example to build for OSX
$ ./build.sh osx
This will create the PEX files at build/make-ssl-<platform>.
If you are on OSX and would like to build for Linux, a CentOS based Dockerfile is available to automate that process:
$ docker build -t make_ssl .
$ docker run -v `pwd`/build:/src/pex_make_ssl/build -it make_ssl