AJ ONeal
7b079bcf3a
|
5 years ago | |
|---|---|---|
| .gitignore | 8 years ago | |
| .prettierrc | 5 years ago | |
| LICENSE | 5 years ago | |
| README.md | 5 years ago | |
| index.js | 5 years ago | |
| moz_test.js | 7 years ago | |
| package-lock.json | 5 years ago | |
| package.json | 5 years ago | |
| test.js | 5 years ago | |
README.md
acme-dns-01-cli | a Root project
An extremely simple reference implementation of an ACME (Let's Encrypt) dns-01 challenge strategy.
This generic implementation can be adapted to work with any node.js ACME client, although it was built for Greenlock and ACME.js.
_acme-challenge.example.com TXT xxxxxxxxxxxxxxxx TTL 60
- Prints the ACME challenge DNS Host and DNS Key Authorization Digest to the terminal
- (waits for you to hit enter before continuing)
- Let's you know when the challenge as succeeded or failed, and is safe to remove.
Other ACME Challenge Reference Implementations:
Install
npm install --save acme-dns-01-cli@3.x
If you have greenlock@v2.6 or lower, you'll need the old le-challenge-dns@2.x instead.
Usage
var Greenlock = require('greenlock');
Greenlock.create({
challenges: {
'http-01': require('acme-http-01-fs'),
'dns-01': require('acme-dns-01-cli').create({ debug: true }),
'tls-alpn-01': require('acme-tls-alpn-01-cli')
}
// ...
});
You can also switch between different implementations by
overwriting the default with the one that you want in approveDomains():
function approveDomains(opts) {
// ...
if (!opts.challenges) { opts.challenges = {}; }
opts.challenges['dns-01'] = acmeDns01Cli;
return Promise.resolve({ ... });
}
NOTE: If you request a certificate with 6 domains listed, it will require 6 individual challenges.
Exposed (Promise) Methods
For ACME Challenge:
set(opts)remove(opts)
The dns-01 strategy supports wildcards (whereas http-01 does not).
The options object has whatever options were set in approveDomains()
as well as the challenge, which looks like this:
{
"challenge": {
"identifier": { "type": "dns", "value": "example.com" },
"wildcard": true,
"altname": "*.example.com",
"type": "dns-01",
"token": "xxxxxx",
"keyAuthorization": "xxxxxx.abc123",
"dnsHost": "_acme-challenge.example.com",
"dnsAuthorization": "xyz567",
"expires": "1970-01-01T00:00:00Z"
}
}
For greenlock.js internals:
optionsstores the internal defaults merged with the user-supplied options
Optional:
get(limitedOpts)
Note: Typically there wouldn't be a get() for DNS because the NameServer (not Greenlock) answers the requests.
It could be used for testing implementations, but that's about it.
(though I suppose you could implement it if you happen to run your DNS and webserver together... kinda weird though)
If there were an implementation of Greenlock integrated directly into a NameServer (which currently there is not), it would probably look like this:
{
"challenge": {
"type": "dns-01",
"identifier": { "type": "dns", "value": "example.com" },
"token": "abc123",
"dnsHost": "_acme-challenge.example.com"
}
}
Legal & Rules of the Road
Greenlock™ and Bluecrypt™ are trademarks of AJ ONeal
The rule of thumb is "attribute, but don't confuse". For example:
Please contact us if you have any questions in regards to our trademark, attribution, and/or visible source policies. We want to build great software and a great community.
Greenlock™ | MPL-2.0 | Terms of Use | Privacy Policy