111 lines
2.8 KiB
Markdown
111 lines
2.8 KiB
Markdown
# le-challenge-dns
|
|
|
|
| A [Root](https://rootprojects.org) Project
|
|
| [greenlock.js](https://git.coolaj86.com/coolaj86/greenlock.js) (library)
|
|
| [greenlock-express.js](https://git.coolaj86.com/coolaj86/greenlock-express.js)
|
|
| [greenlock-cli.js](https://git.coolaj86.com/coolaj86/greenlock-cli.js)
|
|
| [acme-v2.js](https://git.coolaj86.com/coolaj86/acme-v2.js)
|
|
|
|
|
|
|
A manual (interactive CLI) dns-based strategy for greenlock.js for setting, retrieving,
|
|
and clearing ACME DNS-01 challenges issued by the ACME server
|
|
|
|
Prints out a subdomain record for `_acme-challenge` with `keyAuthDigest`
|
|
to be tested by the ACME server.
|
|
|
|
You can then update your DNS manually by whichever method you use and then
|
|
press [enter] to continue the process.
|
|
|
|
```
|
|
_acme-challenge.example.com TXT xxxxxxxxxxxxxxxx TTL 60
|
|
```
|
|
|
|
## Install
|
|
|
|
```bash
|
|
npm install --save le-challenge-dns@3.x
|
|
```
|
|
|
|
If you have `greenlock@v2.6` or lower, you'll need the old `le-challenge-dns@3.x` instead.
|
|
|
|
## Usage
|
|
|
|
The challenge can be set globally like this:
|
|
|
|
```js
|
|
var leChallengeDns = require('le-challenge-dns').create({
|
|
debug: false
|
|
});
|
|
|
|
var Greenlock = require('greenlock');
|
|
|
|
Greenlock.create({
|
|
...
|
|
, challenges: {
|
|
'dns-01': leChallengeDns
|
|
}
|
|
, approveDomains: [ 'example.com', '*.example.com' ]
|
|
});
|
|
```
|
|
|
|
In can also be set in the `approveDomains` callback instead, like this:
|
|
|
|
```js
|
|
function approveDomains(opts, certs, cb) {
|
|
...
|
|
opts.subject = 'example.com'
|
|
opts.domains = [ 'example.com', '*.example.com' ];
|
|
|
|
cb(null, { options: opts, certs: certs });
|
|
}
|
|
```
|
|
|
|
If you didn't make the dns challenge globally available in the main greenlock config,
|
|
you can make it locally available here:
|
|
|
|
```js
|
|
function approveDomains(opts, certs, cb) {
|
|
...
|
|
|
|
if (!opts.challenges) { opts.challenges = {}; }
|
|
opts.challenges['dns-01'] = leChallengeDns;
|
|
opts.challenges['http-01'] = ...
|
|
|
|
cb(null, { options: opts, certs: certs });
|
|
}
|
|
```
|
|
|
|
NOTE: If you request a certificate with 6 domains listed,
|
|
it will require 6 individual challenges.
|
|
|
|
## Exposed Methods
|
|
|
|
For ACME Challenge:
|
|
|
|
* `set(opts, done)`
|
|
* `remove(opts, done)`
|
|
|
|
The options object has whatever options were set in `approveDomains()` as well as the `challenge`:
|
|
|
|
```js
|
|
{ challenge: {
|
|
identifier: { type: 'dns', value: 'example.com'
|
|
, wildcard: true
|
|
, altname: '*.example.com'
|
|
, type: 'dns-01'
|
|
, token: 'xxxxxx'
|
|
, keyAuthorization: 'xxxxxx.abc123'
|
|
, dnsHost: '_acme-challenge.example.com'
|
|
, dnsAuthorization: 'abc123'
|
|
, expires: '1970-01-01T00:00:00Z'
|
|
}
|
|
}
|
|
```
|
|
|
|
Note: There's no `get()` because it's the DNS server, not the Greenlock server, that answers the requests.
|
|
(though I suppose you could implement it if you happen to run your DNS and webserver together... kinda weird though)
|
|
|
|
For greenlock.js internals:
|
|
|
|
* `options` stores the internal defaults merged with the user-supplied options
|