116 lines
3.1 KiB
Markdown
116 lines
3.1 KiB
Markdown
# [le-challenge-dns](https://git.coolaj86.com/coolaj86/le-challenge-dns.js)
|
|
|
|
| A [Root](https://rootprojects.org) Project |
|
|
|
|
An extremely simple reference implementation
|
|
of an ACME (Let's Encrypt) dns-01 challenge strategy
|
|
for [Greenlock](https://git.coolaj86.com/coolaj86/greenlock-express.js) v2.7+ (and v3).
|
|
|
|
```
|
|
_acme-challenge.example.com TXT xxxxxxxxxxxxxxxx TTL 60
|
|
```
|
|
|
|
* Prints the ACME challenge DNS Host and DNS Key Authorization Digest to the terminal
|
|
* (waits for you to hit enter before continuing)
|
|
* Let's you know when the challenge as succeeded or failed, and is safe to remove.
|
|
|
|
Other ACME Challenge Reference Implementations:
|
|
|
|
* [le-challenge-manual](https://git.coolaj86.com/coolaj86/le-challenge-manual.js.git)
|
|
* [le-challenge-http](https://git.coolaj86.com/coolaj86/le-challenge-http.js.git)
|
|
* [**le-challenge-dns**](https://git.coolaj86.com/coolaj86/le-challenge-dns.js.git)
|
|
|
|
## Install
|
|
|
|
```bash
|
|
npm install --save le-challenge-dns@3.x
|
|
```
|
|
|
|
If you have `greenlock@v2.6` or lower, you'll need the old `le-challenge-dns@3.x` instead.
|
|
|
|
## Usage
|
|
|
|
```bash
|
|
var Greenlock = require('greenlock');
|
|
|
|
Greenlock.create({
|
|
...
|
|
, challenges: { 'http-01': require('le-challenge-http')
|
|
, 'dns-01': require('le-challenge-dns').create({ debug: true })
|
|
, 'tls-alpn-01': require('le-challenge-manual')
|
|
}
|
|
...
|
|
});
|
|
```
|
|
|
|
You can also switch between different implementations by
|
|
overwriting the default with the one that you want in `approveDomains()`:
|
|
|
|
```js
|
|
function approveDomains(opts, certs, cb) {
|
|
...
|
|
|
|
if (!opts.challenges) { opts.challenges = {}; }
|
|
opts.challenges['dns-01'] = leChallengeDns;
|
|
opts.challenges['http-01'] = ...
|
|
|
|
cb(null, { options: opts, certs: certs });
|
|
}
|
|
```
|
|
|
|
NOTE: If you request a certificate with 6 domains listed,
|
|
it will require 6 individual challenges.
|
|
|
|
|
|
## Exposed (Promise) Methods
|
|
|
|
For ACME Challenge:
|
|
|
|
* `set(opts)`
|
|
* `remove(opts)`
|
|
|
|
The `dns-01` strategy supports wildcards (whereas `http-01` does not).
|
|
|
|
The options object has whatever options were set in `approveDomains()`
|
|
as well as the `challenge`, which looks like this:
|
|
|
|
```js
|
|
{ challenge: {
|
|
identifier: { type: 'dns', value: 'example.com'
|
|
, wildcard: true
|
|
, altname: '*.example.com'
|
|
, type: 'dns-01'
|
|
, token: 'xxxxxx'
|
|
, keyAuthorization: 'xxxxxx.abc123'
|
|
, dnsHost: '_acme-challenge.example.com'
|
|
, dnsAuthorization: 'xyz567'
|
|
, expires: '1970-01-01T00:00:00Z'
|
|
}
|
|
}
|
|
```
|
|
|
|
For greenlock.js internals:
|
|
|
|
* `options` stores the internal defaults merged with the user-supplied options
|
|
|
|
Optional:
|
|
|
|
* `get(limitedOpts)`
|
|
|
|
Note: Typically there wouldn't be a `get()` for DNS because the NameServer (not Greenlock) answers the requests.
|
|
It could be used for testing implementations, but that's about it.
|
|
(though I suppose you could implement it if you happen to run your DNS and webserver together... kinda weird though)
|
|
|
|
If there were an implementation of Greenlock integrated directly into
|
|
a NameServer (which currently there is not), it would probably look like this:
|
|
|
|
```js
|
|
{ challenge: {
|
|
type: 'dns-01'
|
|
, identifier: { type: 'dns', value: 'example.com' }
|
|
, token: 'abc123'
|
|
, dnsHost: '_acme-challenge.example.com'
|
|
}
|
|
}
|
|
```
|