acme-dns-01-cli.js/README.md

2.8 KiB

le-challenge-dns

| A Root Project | greenlock.js (library) | greenlock-express.js | greenlock-cli.js | acme-v2.js |

A manual (interactive CLI) dns-based strategy for greenlock.js for setting, retrieving, and clearing ACME DNS-01 challenges issued by the ACME server

Prints out a subdomain record for _acme-challenge with keyAuthDigest to be tested by the ACME server.

You can then update your DNS manually by whichever method you use and then press [enter] to continue the process.

_acme-challenge.example.com   TXT   xxxxxxxxxxxxxxxx    TTL 60

Install

npm install --save le-challenge-dns@3.x

If you have greenlock@v2.6 or lower, you'll need the old le-challenge-dns@3.x instead.

Usage

The challenge can be set globally like this:

var leChallengeDns = require('le-challenge-dns').create({
  debug: false
});

var Greenlock = require('greenlock');

Greenlock.create({
  ...
, challenges: {
    'dns-01': leChallengeDns
  }
, approveDomains: [ 'example.com', '*.example.com' ]
});

In can also be set in the approveDomains callback instead, like this:

function approveDomains(opts, certs, cb) {
  ...
  opts.subject = 'example.com'
  opts.domains = [ 'example.com', '*.example.com' ];

  cb(null, { options: opts, certs: certs });
}

If you didn't make the dns challenge globally available in the main greenlock config, you can make it locally available here:

function approveDomains(opts, certs, cb) {
  ...

  if (!opts.challenges) { opts.challenges = {}; }
  opts.challenges['dns-01'] = leChallengeDns;
  opts.challenges['http-01'] = ...

  cb(null, { options: opts, certs: certs });
}

NOTE: If you request a certificate with 6 domains listed, it will require 6 individual challenges.

Exposed Methods

For ACME Challenge:

  • set(opts, done)
  • remove(opts, done)

The options object has whatever options were set in approveDomains() as well as the challenge:

{ challenge: {
    identifier: { type: 'dns', value: 'example.com'
  , wildcard: true
  , altname: '*.example.com'
  , type: 'dns-01'
  , token: 'xxxxxx'
  , keyAuthorization: 'xxxxxx.abc123'
  , dnsHost: '_acme-challenge.example.com'
  , dnsAuthorization: 'abc123'
  , expires: '1970-01-01T00:00:00Z'
  }
}

Note: There's no get() because it's the DNS server, not the Greenlock server, that answers the requests. (though I suppose you could implement it if you happen to run your DNS and webserver together... kinda weird though)

For greenlock.js internals:

  • options stores the internal defaults merged with the user-supplied options