# [acme-dns-01-cli](https://git.rootprojects.org/root/acme-dns-01-cli.js) | a [Root](https://rootprojects.org) project An extremely simple reference implementation of an ACME (Let's Encrypt) dns-01 challenge strategy. This generic implementation can be adapted to work with any node.js ACME client, although it was built for [Greenlock](https://git.rootprojects.org/root/greenlock-express.js) and [ACME.js](https://git.rootprojects.org/root/acme-v2.js). ``` _acme-challenge.example.com TXT xxxxxxxxxxxxxxxx TTL 60 ``` - Prints the ACME challenge DNS Host and DNS Key Authorization Digest to the terminal - (waits for you to hit enter before continuing) - Let's you know when the challenge as succeeded or failed, and is safe to remove. Other ACME Challenge Reference Implementations: - [acme-http-01-cli](https://git.rootprojects.org/root/acme-http-01-cli.js.git) - [acme-http-01-fs](https://git.rootprojects.org/root/acme-http-01-webroot.js.git) - [**acme-dns-01-cli**](https://git.rootprojects.org/root/acme-dns-01-cli.js.git) ## Install ```bash npm install --save acme-dns-01-cli@3.x ``` If you have `greenlock@v2.6` or lower, you'll need the old `le-challenge-dns@2.x` instead. ## Usage ```js var Greenlock = require('greenlock'); Greenlock.create({ challenges: { 'http-01': require('acme-http-01-fs'), 'dns-01': require('acme-dns-01-cli').create({ debug: true }), 'tls-alpn-01': require('acme-tls-alpn-01-cli') } // ... }); ``` You can also switch between different implementations by overwriting the default with the one that you want in `approveDomains()`: ```js function approveDomains(opts) { // ... if (!opts.challenges) { opts.challenges = {}; } opts.challenges['dns-01'] = acmeDns01Cli; return Promise.resolve({ ... }); } ``` NOTE: If you request a certificate with 6 domains listed, it will require 6 individual challenges. ## Exposed (Promise) Methods For ACME Challenge: - `set(opts)` - `remove(opts)` The `dns-01` strategy supports wildcards (whereas `http-01` does not). The options object has whatever options were set in `approveDomains()` as well as the `challenge`, which looks like this: ```json { "challenge": { "identifier": { "type": "dns", "value": "example.com" }, "wildcard": true, "altname": "*.example.com", "type": "dns-01", "token": "xxxxxx", "keyAuthorization": "xxxxxx.abc123", "dnsHost": "_acme-challenge.example.com", "dnsAuthorization": "xyz567", "expires": "1970-01-01T00:00:00Z" } } ``` For greenlock.js internals: - `options` stores the internal defaults merged with the user-supplied options Optional: - `get(limitedOpts)` Note: Typically there wouldn't be a `get()` for DNS because the NameServer (not Greenlock) answers the requests. It could be used for testing implementations, but that's about it. (though I suppose you could implement it if you happen to run your DNS and webserver together... kinda weird though) If there were an implementation of Greenlock integrated directly into a NameServer (which currently there is not), it would probably look like this: ```json { "challenge": { "type": "dns-01", "identifier": { "type": "dns", "value": "example.com" }, "token": "abc123", "dnsHost": "_acme-challenge.example.com" } } ``` # Legal & Rules of the Road Greenlock™ and Bluecrypt™ are [trademarks](https://rootprojects.org/legal/#trademark) of AJ ONeal The rule of thumb is "attribute, but don't confuse". For example: > Built with [Greenlock](https://git.rootprojects.org/root/greenlock.js) (a [Root](https://rootprojects.org) project). Please [contact us](mailto:aj@therootcompany.com) if you have any questions in regards to our trademark, attribution, and/or visible source policies. We want to build great software and a great community. [Greenlock™](https://git.rootprojects.org/root/greenlock.js) | MPL-2.0 | [Terms of Use](https://therootcompany.com/legal/#terms) | [Privacy Policy](https://therootcompany.com/legal/#privacy)