acme.js/examples/get-certificate-full.js

152 lines
4.5 KiB
JavaScript

async function main() {
'use strict';
require('dotenv').config();
var fs = require('fs');
// just to trigger the warning message out of the way
await fs.promises.readFile().catch(function() {});
console.warn('\n');
var MY_DOMAINS = process.env.DOMAINS.split(/[,\s]+/);
// In many cases all three of these are the same (your email)
// However, this is what they may look like when different:
var maintainerEmail = process.env.MAINTAINER_EMAIL;
var subscriberEmail = process.env.SUBSCRIBER_EMAIL;
//var customerEmail = 'jane.doe@gmail.com';
var pkg = require('../package.json');
var packageAgent = 'test-' + pkg.name + '/' + pkg.version;
// Choose either the production or staging URL
var directoryUrl = 'https://acme-staging-v02.api.letsencrypt.org/directory';
//var directoryUrl = 'https://acme-v02.api.letsencrypt.org/directory'
// This is intended to get at important messages without
// having to use even lower-level APIs in the code
var errors = [];
function notify(ev, msg) {
if ('error' === ev || 'warning' === ev) {
errors.push(ev.toUpperCase() + ' ' + msg.message);
return;
}
// ignore all for now
console.log(ev, msg.altname || '', msg.status || '');
}
var Keypairs = require('@root/keypairs');
var ACME = require('../');
var acme = ACME.create({ maintainerEmail, packageAgent, notify });
await acme.init(directoryUrl);
// You only need ONE account key, ever, in most cases
// save this and keep it safe. ECDSA is preferred.
var accountKeypair = await Keypairs.generate({ kty: 'EC', format: 'jwk' });
var accountKey = accountKeypair.private;
// This can be `true` or an async function which presents the terms of use
var agreeToTerms = true;
// If you are multi-tenanted or white-labled and need to present the terms of
// use to the Subscriber running the service, you can do so with a function.
var agreeToTerms = async function() {
return true;
};
console.info('registering new ACME account...');
var account = await acme.accounts.create({
subscriberEmail,
agreeToTerms,
accountKey
});
console.info('created account with id', account.key.kid);
// This is the key used by your WEBSERVER, typically named `privkey.pem`,
// `key.crt`, or `bundle.pem`. RSA may be preferrable for legacy compatibility.
// You can generate it fresh
var serverKeypair = await Keypairs.generate({ kty: 'RSA', format: 'jwk' });
var serverKey = serverKeypair.private;
var serverPem = await Keypairs.export({ jwk: serverKey });
await fs.promises.writeFile('./privkey.pem', serverPem, 'ascii');
console.info('wrote ./privkey.pem');
// Or you can load it from a file
var serverPem = await fs.promises.readFile('./privkey.pem', 'ascii');
var serverKey = await Keypairs.import({ pem: serverPem });
var CSR = require('@root/csr');
var PEM = require('@root/pem');
var Enc = require('@root/encoding/base64');
var encoding = 'der';
var typ = 'CERTIFICATE REQUEST';
var domains = MY_DOMAINS;
var csrDer = await CSR.csr({ jwk: serverKey, domains, encoding });
//var csr64 = Enc.bufToBase64(csrDer);
var csr = PEM.packBlock({ type: typ, bytes: csrDer });
// You can pick from existing challenge modules
// which integrate with a variety of popular services
// or you can create your own.
//
// The order of priority will be http-01, tls-alpn-01, dns-01
// dns-01 will always be used for wildcards
// dns-01 should be the only option given for local/private domains
var challenges = {
'dns-01': loadDns01()
};
console.info('validating domain authorization for ' + domains.join(' '));
var pems = await acme.certificates.create({
account,
accountKey,
csr,
domains,
challenges
});
var fullchain = pems.cert + '\n' + pems.chain + '\n';
await fs.promises.writeFile('fullchain.pem', fullchain, 'ascii');
console.info('wrote ./fullchain.pem');
if (errors.length) {
console.warn();
console.warn('[Warning]');
console.warn('The following warnings and/or errors were encountered:');
console.warn(errors.join('\n'));
}
}
main().catch(function(e) {
console.error(e.stack);
});
function loadDns01() {
var pluginName = process.env.CHALLENGE_PLUGIN;
var pluginOptions = process.env.CHALLENGE_OPTIONS;
var plugin;
if (!pluginOptions) {
console.error(
'Please create a .env in the format of examples/example.env to run the tests'
);
process.exit(1);
}
try {
plugin = require(pluginName);
} catch (err) {
console.error("Couldn't find '" + pluginName + "'. Is it installed?");
console.error("\tnpm install --save-dev '" + pluginName + "'");
process.exit(1);
}
return plugin.create(JSON.parse(pluginOptions));
}