2.8 KiB
le-challenge-dns
| A Root Project | greenlock.js (library) | greenlock-express.js | greenlock-cli.js | acme-v2.js |
A manual (interactive CLI) dns-based strategy for greenlock.js for setting, retrieving, and clearing ACME DNS-01 challenges issued by the ACME server
Prints out a subdomain record for _acme-challenge
with keyAuthDigest
to be tested by the ACME server.
You can then update your DNS manually by whichever method you use and then press [enter] to continue the process.
_acme-challenge.example.com TXT xxxxxxxxxxxxxxxx TTL 60
Install
npm install --save le-challenge-dns@3.x
If you have greenlock@v2.6
or lower, you'll need the old le-challenge-dns@3.x
instead.
Usage
The challenge can be set globally like this:
var leChallengeDns = require('le-challenge-dns').create({
debug: false
});
var Greenlock = require('greenlock');
Greenlock.create({
...
, challenges: {
'dns-01': leChallengeDns
}
, approveDomains: [ 'example.com', '*.example.com' ]
});
In can also be set in the approveDomains
callback instead, like this:
function approveDomains(opts, certs, cb) {
...
opts.subject = 'example.com'
opts.domains = [ 'example.com', '*.example.com' ];
cb(null, { options: opts, certs: certs });
}
If you didn't make the dns challenge globally available in the main greenlock config, you can make it locally available here:
function approveDomains(opts, certs, cb) {
...
if (!opts.challenges) { opts.challenges = {}; }
opts.challenges['dns-01'] = leChallengeDns;
opts.challenges['http-01'] = ...
cb(null, { options: opts, certs: certs });
}
NOTE: If you request a certificate with 6 domains listed, it will require 6 individual challenges.
Exposed Methods
For ACME Challenge:
set(opts, done)
remove(opts, done)
The options object has whatever options were set in approveDomains()
as well as the challenge
:
{ challenge: {
identifier: { type: 'dns', value: 'example.com'
, wildcard: true
, altname: '*.example.com'
, type: 'dns-01'
, token: 'xxxxxx'
, keyAuthorization: 'xxxxxx.abc123'
, dnsHost: '_acme-challenge.example.com'
, dnsAuthorization: 'abc123'
, expires: '1970-01-01T00:00:00Z'
}
}
Note: There's no get()
because it's the DNS server, not the Greenlock server, that answers the requests.
(though I suppose you could implement it if you happen to run your DNS and webserver together... kinda weird though)
For greenlock.js internals:
options
stores the internal defaults merged with the user-supplied options