# le-challenge-dns | A [Root](https://rootprojects.org) Project | [greenlock.js](https://git.coolaj86.com/coolaj86/greenlock.js) (library) | [greenlock-express.js](https://git.coolaj86.com/coolaj86/greenlock-express.js) | [greenlock-cli.js](https://git.coolaj86.com/coolaj86/greenlock-cli.js) | [acme-v2.js](https://git.coolaj86.com/coolaj86/acme-v2.js) | A manual (interactive CLI) dns-based strategy for greenlock.js for setting, retrieving, and clearing ACME DNS-01 challenges issued by the ACME server Prints out a subdomain record for `_acme-challenge` with `keyAuthDigest` to be tested by the ACME server. You can then update your DNS manually by whichever method you use and then press [enter] to continue the process. ``` _acme-challenge.example.com TXT xxxxxxxxxxxxxxxx TTL 60 ``` ## Install ```bash npm install --save le-challenge-dns@3.x ``` If you have `greenlock@v2.6` or lower, you'll need the old `le-challenge-dns@3.x` instead. ## Usage The challenge can be set globally like this: ```js var leChallengeDns = require('le-challenge-dns').create({ debug: false }); var Greenlock = require('greenlock'); Greenlock.create({ ... , challenges: { 'dns-01': leChallengeDns } , approveDomains: [ 'example.com', '*.example.com' ] }); ``` In can also be set in the `approveDomains` callback instead, like this: ```js function approveDomains(opts, certs, cb) { ... opts.subject = 'example.com' opts.domains = [ 'example.com', '*.example.com' ]; cb(null, { options: opts, certs: certs }); } ``` If you didn't make the dns challenge globally available in the main greenlock config, you can make it locally available here: ```js function approveDomains(opts, certs, cb) { ... if (!opts.challenges) { opts.challenges = {}; } opts.challenges['dns-01'] = leChallengeDns; opts.challenges['http-01'] = ... cb(null, { options: opts, certs: certs }); } ``` NOTE: If you request a certificate with 6 domains listed, it will require 6 individual challenges. ## Exposed Methods For ACME Challenge: * `set(opts, done)` * `remove(opts, done)` The options object has whatever options were set in `approveDomains()` as well as the `challenge`: ```js { challenge: { identifier: { type: 'dns', value: 'example.com' , wildcard: true , altname: '*.example.com' , type: 'dns-01' , token: 'xxxxxx' , keyAuthorization: 'xxxxxx.abc123' , dnsHost: '_acme-challenge.example.com' , dnsAuthorization: 'abc123' , expires: '1970-01-01T00:00:00Z' } } ``` Note: There's no `get()` because it's the DNS server, not the Greenlock server, that answers the requests. (though I suppose you could implement it if you happen to run your DNS and webserver together... kinda weird though) For greenlock.js internals: * `options` stores the internal defaults merged with the user-supplied options