ACME dns-01 challenge reference implementation for Greenlock v2.7+ (and v3).
Go to file
AJ ONeal b9015b8952 v3.0.2: improve user message 2019-04-04 10:35:06 -06:00
.gitignore initial commit 2016-10-14 13:39:54 -06:00
LICENSE v3.0.0: update for greenlock v2.7+ 2019-04-02 20:59:11 -06:00
README.md v3.0.0: update for greenlock v2.7+ 2019-04-02 20:59:11 -06:00
index.js v3.0.2: improve user message 2019-04-04 10:35:06 -06:00
moz_test.js Full test working 2017-06-21 14:15:37 -07:00
package.json v3.0.2: improve user message 2019-04-04 10:35:06 -06:00
test.js move out junk test code 2018-05-12 19:17:26 -06:00

README.md

le-challenge-dns

| A Root Project | greenlock.js (library) | greenlock-express.js | greenlock-cli.js | acme-v2.js |

A manual (interactive CLI) dns-based strategy for greenlock.js for setting, retrieving, and clearing ACME DNS-01 challenges issued by the ACME server

Prints out a subdomain record for _acme-challenge with keyAuthDigest to be tested by the ACME server.

You can then update your DNS manually by whichever method you use and then press [enter] to continue the process.

_acme-challenge.example.com   TXT   xxxxxxxxxxxxxxxx    TTL 60

Install

npm install --save le-challenge-dns@3.x

If you have greenlock@v2.6 or lower, you'll need the old le-challenge-dns@3.x instead.

Usage

The challenge can be set globally like this:

var leChallengeDns = require('le-challenge-dns').create({
  debug: false
});

var Greenlock = require('greenlock');

Greenlock.create({
  ...
, challenges: {
    'dns-01': leChallengeDns
  }
, approveDomains: [ 'example.com', '*.example.com' ]
});

In can also be set in the approveDomains callback instead, like this:

function approveDomains(opts, certs, cb) {
  ...
  opts.subject = 'example.com'
  opts.domains = [ 'example.com', '*.example.com' ];

  cb(null, { options: opts, certs: certs });
}

If you didn't make the dns challenge globally available in the main greenlock config, you can make it locally available here:

function approveDomains(opts, certs, cb) {
  ...

  if (!opts.challenges) { opts.challenges = {}; }
  opts.challenges['dns-01'] = leChallengeDns;
  opts.challenges['http-01'] = ...

  cb(null, { options: opts, certs: certs });
}

NOTE: If you request a certificate with 6 domains listed, it will require 6 individual challenges.

Exposed Methods

For ACME Challenge:

  • set(opts, done)
  • remove(opts, done)

The options object has whatever options were set in approveDomains() as well as the challenge:

{ challenge: {
    identifier: { type: 'dns', value: 'example.com'
  , wildcard: true
  , altname: '*.example.com'
  , type: 'dns-01'
  , token: 'xxxxxx'
  , keyAuthorization: 'xxxxxx.abc123'
  , dnsHost: '_acme-challenge.example.com'
  , dnsAuthorization: 'abc123'
  , expires: '1970-01-01T00:00:00Z'
  }
}

Note: There's no get() because it's the DNS server, not the Greenlock server, that answers the requests. (though I suppose you could implement it if you happen to run your DNS and webserver together... kinda weird though)

For greenlock.js internals:

  • options stores the internal defaults merged with the user-supplied options