ACME dns-01 challenge reference implementation for Greenlock v2.7+ (and v3).
Go to file
AJ ONeal 715c759423 v2.0.1 2016-09-08 19:11:01 -06:00
.gitignore Initial commit 2016-08-10 01:32:23 -06:00
LICENSE Initial commit 2016-08-10 01:32:23 -06:00
README.md getting there... 2016-09-07 14:58:25 -06:00
index.js add missing deps 2016-09-08 19:10:50 -06:00
package.json v2.0.1 2016-09-08 19:11:01 -06:00
test.js seems to pass tests 2016-09-08 19:01:03 -06:00

README.md

Join the chat at https://gitter.im/Daplie/letsencrypt-express

| letsencrypt (library) | letsencrypt-cli | letsencrypt-express | letsencrypt-koa | letsencrypt-hapi |

le-challenge-dns

A dns-based strategy for node-letsencrypt for setting, retrieving, and clearing ACME DNS-01 challenges issued by the ACME server

It creates a subdomain record for _acme-challenge wich challenge to be tested by the ACME server.

_acme-challenge.example.com   TXT   xxxxxxxxxxxxxxxx    TTL 60
  • Safe to use with node cluster
  • Safe to use with ephemeral services (Heroku, Joyent, etc)

Install

npm install --save le-challenge-dns@2.x

Usage

var leChallengeDns = require('le-challenge-dns').create({
  email: 'john.doe@example.com'
, refreshToken: '...'
, ttl: 60

, debug: false
});

var LE = require('letsencrypt');

LE.create({
  server: LE.stagingServerUrl                               // Change to LE.productionServerUrl in production
, challengeType: 'dns-01'
, challenges: {
    'dns-01': leChallengeDns
  }
, approvedDomains: [ 'example.com' ]
});

NOTE: If you request a certificate with 6 domains listed, it will require 6 individual challenges.

Exposed Methods

For ACME Challenge:

  • set(opts, domain, challange, keyAuthorization, done)
  • get(defaults, domain, challenge, done)
  • remove(defaults, domain, challenge, done)

Note: get() is a no-op for dns-01 and although dns-01 does not use keyAuthorization, it must be passed in as null to keep the correct method signature.

For node-letsencrypt internals:

  • getOptions() returns the internal defaults merged with the user-supplied options
  • loopback(defaults, domain, challange, keyAuthorization, done) should test, by external means, that the ACME server's challenge server will succeed
  • test(opts, domain, challange, keyAuthorization, done) runs set, loopback, remove, loopback