Compare commits
No commits in common. "master" and "v2.1.1" have entirely different histories.
122
README.md
122
README.md
|
@ -1,122 +1,54 @@
|
||||||
# [greenlock-challenge-manual](https://git.coolaj86.com/coolaj86/greenlock-challenge-manual.js)
|
| [Greenlock](https://git.coolaj86.com/coolaj86/greenlock.js) (library)
|
||||||
|
| [Greenlock CLI](https://git.coolaj86.com/coolaj86/greenlock-cli.js)
|
||||||
|
| [greenlock-express](https://git.coolaj86.com/coolaj86/greenlock-express.js)
|
||||||
|
| [greenlock-koa](https://git.coolaj86.com/coolaj86/greenlock-koa.js)
|
||||||
|
| [greenlock-hapi](https://git.coolaj86.com/coolaj86/greenlock-hapi.js)
|
||||||
|
|
|
||||||
|
|
||||||
| A [Root](https://rootprojects.org) Project |
|
le-challenge-manual
|
||||||
|
===================
|
||||||
|
|
||||||
An extremely simple reference implementation
|
A [Root](https://rootprojects.org) Project
|
||||||
of an ACME (Let's Encrypt) challenge strategy
|
|
||||||
for [Greenlock](https://git.coolaj86.com/coolaj86/greenlock-express.js) v2.7+ (and v3).
|
|
||||||
|
|
||||||
* Prints the ACME challenge details to the terminal
|
A manual cli-based strategy for node-letsencrypt.
|
||||||
* (waits for you to hit enter before continuing)
|
|
||||||
* Asks you to enter the challenge response.
|
|
||||||
* Let's you know it's safe to remove the challenge.
|
|
||||||
|
|
||||||
Other ACME Challenge Reference Implementations:
|
Prints the ACME challenge Token and Key and then waits for you to hit enter before continuing.
|
||||||
|
|
||||||
* [**greenlock-challenge-manual**](https://git.coolaj86.com/coolaj86/greenlock-challenge-manual.js)
|
|
||||||
* [greenlock-challenge-http](https://git.coolaj86.com/coolaj86/greenlock-challenge-http.js)
|
|
||||||
* [greenlock-challenge-dns](https://git.coolaj86.com/coolaj86/greenlock-challenge-dns.js)
|
|
||||||
|
|
||||||
Install
|
Install
|
||||||
-------
|
-------
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
npm install --save greenlock-challenge-manual@3.x
|
npm install --save le-challenge-manual@2.x
|
||||||
```
|
```
|
||||||
|
|
||||||
Usage
|
Usage
|
||||||
-----
|
-----
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
var Greenlock = require('greenlock');
|
var leChallenge = require('le-challenge-manual').create({
|
||||||
|
, debug: false
|
||||||
|
});
|
||||||
|
|
||||||
Greenlock.create({
|
var LE = require('letsencrypt');
|
||||||
...
|
|
||||||
, challenges: { 'http-01': require('greenlock-challenge-manual')
|
LE.create({
|
||||||
, 'dns-01': require('greenlock-challenge-manual')
|
server: LE.stagingServerUrl
|
||||||
, 'tls-alpn-01': require('greenlock-challenge-manual')
|
, challenge: leChallenge
|
||||||
}
|
|
||||||
...
|
|
||||||
});
|
});
|
||||||
```
|
```
|
||||||
|
|
||||||
Note: If you request a certificate with 6 domains listed,
|
NOTE: If you request a certificate with 6 domains listed,
|
||||||
it will require 6 individual challenges.
|
it will require 6 individual challenges.
|
||||||
|
|
||||||
Exposed (Promise) Methods
|
Exposed Methods
|
||||||
---------------
|
---------------
|
||||||
|
|
||||||
For ACME Challenge:
|
For ACME Challenge:
|
||||||
|
|
||||||
* `set(opts)`
|
* `set(opts, domain, key, val, done)`
|
||||||
* `remove(opts)`
|
* `get(defaults, domain, key, done)`
|
||||||
|
* `remove(defaults, domain, key, done)`
|
||||||
|
|
||||||
The options will look like this for normal domains:
|
For node-letsencrypt internals:
|
||||||
|
|
||||||
```js
|
* `getOptions()` returns the internal defaults merged with the user-supplied options
|
||||||
{ challenge: {
|
|
||||||
type: 'http-01'
|
|
||||||
, identifier: { type: 'dns', value: 'example.com' }
|
|
||||||
, wildcard: false
|
|
||||||
, expires: '2012-01-01T12:00:00.000Z'
|
|
||||||
, token: 'abc123'
|
|
||||||
, thumbprint: '<<account key thumbprint>>'
|
|
||||||
, keyAuthorization: 'abc123.xxxx'
|
|
||||||
, dnsHost: '_acme-challenge.example.com'
|
|
||||||
, dnsAuthorization: 'yyyy'
|
|
||||||
, altname: 'example.com'
|
|
||||||
}
|
|
||||||
}
|
|
||||||
```
|
|
||||||
|
|
||||||
And they'll look like this for wildcard domains:
|
|
||||||
|
|
||||||
```js
|
|
||||||
{ challenge: {
|
|
||||||
type: 'http-01'
|
|
||||||
, identifier: { type: 'dns', value: 'example.com' }
|
|
||||||
, wildcard: true
|
|
||||||
, expires: '2012-01-01T12:00:00.000Z'
|
|
||||||
, token: 'abc123'
|
|
||||||
, thumbprint: '<<account key thumbprint>>'
|
|
||||||
, keyAuthorization: 'abc123.xxxx'
|
|
||||||
, dnsHost: '_acme-challenge.example.com'
|
|
||||||
, dnsAuthorization: 'yyyy'
|
|
||||||
, altname: '*.example.com'
|
|
||||||
}
|
|
||||||
}
|
|
||||||
```
|
|
||||||
|
|
||||||
The only difference is that `altname` will have the `*.` prefix (which you would expect
|
|
||||||
but, of course, can't work as a specific a DNS record) and the `wildcard` property is `true`.
|
|
||||||
|
|
||||||
Optional
|
|
||||||
|
|
||||||
* `get(limitedOpts)`
|
|
||||||
|
|
||||||
Because the get method is apart from the main flow (such as a DNS query),
|
|
||||||
it's not always implemented and the options are much more limited in scope:
|
|
||||||
|
|
||||||
```js
|
|
||||||
{ challenge: {
|
|
||||||
type: 'http-01'
|
|
||||||
, identifier: { type: 'dns', value: 'example.com' }
|
|
||||||
, wildcard: false
|
|
||||||
, token: 'abc123'
|
|
||||||
, altname: 'example.com'
|
|
||||||
}
|
|
||||||
}
|
|
||||||
```
|
|
||||||
|
|
||||||
If there were an implementation of Greenlock integrated directly into
|
|
||||||
a NameServer (which currently there is not), it would probably look like this:
|
|
||||||
|
|
||||||
```js
|
|
||||||
{ challenge: {
|
|
||||||
type: 'dns-01'
|
|
||||||
, identifier: { type: 'dns', value: 'example.com' }
|
|
||||||
, token: 'abc123'
|
|
||||||
, dnsHost: '_acme-challenge.example.com'
|
|
||||||
}
|
|
||||||
}
|
|
||||||
```
|
|
||||||
|
|
143
index.js
143
index.js
|
@ -1,129 +1,50 @@
|
||||||
'use strict';
|
'use strict';
|
||||||
/*global Promise*/
|
|
||||||
|
|
||||||
var Challenge = module.exports;
|
var Challenge = module.exports;
|
||||||
|
|
||||||
Challenge.create = function (config) {
|
Challenge.create = function (defaults) {
|
||||||
// If your implementation needs config options, set them. Otherwise, don't bother (duh).
|
return {
|
||||||
|
getOptions: function () {
|
||||||
var http01 = require('greenlock-challenge-http').create(config);
|
return defaults;
|
||||||
var dns01 = require('greenlock-challenge-dns').create(config);
|
|
||||||
|
|
||||||
var challenger = {};
|
|
||||||
|
|
||||||
// Note: normally you'd implement these right here, but for the sake of
|
|
||||||
// documentation I've abstracted them out "Table of Contents"-style.
|
|
||||||
|
|
||||||
// call out to set the challenge, wherever
|
|
||||||
challenger.set = function (opts, cb) {
|
|
||||||
// Note: this can be defined as a thunk (like this) or a Promise
|
|
||||||
|
|
||||||
var ch = opts.challenge;
|
|
||||||
if ('http-01' === ch.type) {
|
|
||||||
return http01.set(opts, cb);
|
|
||||||
} else if ('dns-01' === ch.type) {
|
|
||||||
return dns01.set(opts, cb);
|
|
||||||
} else {
|
|
||||||
return Challenge._setAny(opts, cb);
|
|
||||||
}
|
}
|
||||||
|
, set: Challenge.set
|
||||||
|
, get: Challenge.get
|
||||||
|
, remove: Challenge.remove
|
||||||
};
|
};
|
||||||
|
|
||||||
// call out to remove the challenge, wherever
|
|
||||||
challenger.remove = function (opts) {
|
|
||||||
// Note: this can be defined synchronously (like this) or as a Promise, or a thunk
|
|
||||||
|
|
||||||
var ch = opts.challenge;
|
|
||||||
if ('http-01' === ch.type) {
|
|
||||||
return http01.remove(opts);
|
|
||||||
} else if ('dns-01' === ch.type) {
|
|
||||||
return dns01.remove(opts);
|
|
||||||
} else {
|
|
||||||
return Challenge._removeAny(opts);
|
|
||||||
}
|
|
||||||
};
|
|
||||||
|
|
||||||
// only really useful for http
|
|
||||||
// (and tls-alpn-01, which isn't implemented yet)
|
|
||||||
challenger.get = function (opts) {
|
|
||||||
// Note: this can be defined as a Promise (like this) or synchronously, or a thunk
|
|
||||||
|
|
||||||
var ch = opts.challenge;
|
|
||||||
if ('http-01' === ch.type) {
|
|
||||||
return http01.get(opts);
|
|
||||||
} else if ('dns-01' === ch.type) {
|
|
||||||
return dns01.get(opts);
|
|
||||||
} else {
|
|
||||||
return Challenge._get(opts);
|
|
||||||
}
|
|
||||||
};
|
|
||||||
|
|
||||||
// Whatever you set to 'options' will be merged into 'opts' just before each call
|
|
||||||
// (for convenience, so you don't have to merge it yourself).
|
|
||||||
challenger.options = { debug: config.debug };
|
|
||||||
|
|
||||||
return challenger;
|
|
||||||
};
|
};
|
||||||
|
|
||||||
Challenge._setAny = function (args, cb) {
|
// Show the user the token and key and wait for them to be ready to continue
|
||||||
var ch = args.challenge;
|
Challenge.set = function (args, domain, token, secret, cb) {
|
||||||
console.info("[ACME " + ch.type + " '" + ch.altname + "' CHALLENGE]");
|
|
||||||
console.info("Your mission (since you chose to accept it):");
|
|
||||||
console.info("You must, by whatever means necessary, use the following information"
|
|
||||||
+ " to make a device or service ready to respond to a '" + ch.type + "' request.");
|
|
||||||
console.info("");
|
console.info("");
|
||||||
console.info(JSON.stringify(ch, null, 2).replace(/^/gm, '\t'));
|
console.info("Challenge for '" + domain + "'");
|
||||||
console.info("");
|
console.info("");
|
||||||
console.info("Press the any key once the response is ready to continue with the '" + ch.type + "' challenge process");
|
console.info("We now present (for you copy-and-paste pleasure) your ACME Challenge");
|
||||||
console.info("[Press the ANY key to continue...]");
|
console.info("public Token and secret Key, in that order, respectively:");
|
||||||
|
console.info(token);
|
||||||
|
console.info(secret);
|
||||||
|
console.info("");
|
||||||
|
console.info(JSON.stringify({
|
||||||
|
domain: domain
|
||||||
|
, token: token
|
||||||
|
, key: secret
|
||||||
|
}, null, ' ').replace(/^/gm, '\t'));
|
||||||
|
console.info("");
|
||||||
|
console.info("hit enter to continue...");
|
||||||
process.stdin.resume();
|
process.stdin.resume();
|
||||||
process.stdin.once('data', function () {
|
process.stdin.on('data', function () {
|
||||||
process.stdin.pause();
|
process.stdin.pause();
|
||||||
cb(null, null);
|
cb(null);
|
||||||
});
|
});
|
||||||
};
|
};
|
||||||
|
|
||||||
Challenge._removeAny = function (args) {
|
// nothing to do here, that's why it's manual
|
||||||
var ch = args.challenge;
|
Challenge.get = function (args, domain, token, cb) {
|
||||||
console.info("");
|
cb(null);
|
||||||
console.info("[ACME " + ch.type + " '" + ch.altname + "' COMPLETE]: " + ch.status);
|
|
||||||
console.info("You may now undo whatever you did to create and ready the response.");
|
|
||||||
console.info("");
|
|
||||||
|
|
||||||
return null;
|
|
||||||
};
|
};
|
||||||
|
|
||||||
// This can be used for http-01 and tls-alpn-01 (when it's available), but not dns-01.
|
// might as well tell the user that whatever they were setting up has been checked
|
||||||
// And not all http-01 or tls-alpn-01 strategies will need to implement this.
|
Challenge.remove = function (args, domain, token, cb) {
|
||||||
Challenge._get = function (args) {
|
console.info("Challenge for '" + domain + "' complete.");
|
||||||
var ch = args.challenge;
|
console.info("");
|
||||||
|
cb(null);
|
||||||
if (!Challenge._getCache[ch.altname + ':' + ch.token]) {
|
|
||||||
Challenge._getCache[ch.altname + ':' + ch.token] = true;
|
|
||||||
console.info("");
|
|
||||||
console.info("[ACME " + ch.type + " '" + ch.altname + "' REQUEST]: " + ch.status);
|
|
||||||
console.info("The '" + ch.type + "' challenge request has arrived!");
|
|
||||||
console.info("It's now time to painstakingly type out the expected response object with your bear hands.");
|
|
||||||
console.log("Yes. Your bear hands.");
|
|
||||||
console.log('ex: { "keyAuthorization": "xxxxxxxx.yyyyyyyy" }');
|
|
||||||
process.stdout.write("> ");
|
|
||||||
}
|
|
||||||
|
|
||||||
return new Promise(function (resolve, reject) {
|
|
||||||
process.stdin.resume();
|
|
||||||
process.stdin.once('error', reject);
|
|
||||||
process.stdin.once('data', function (chunk) {
|
|
||||||
process.stdin.pause();
|
|
||||||
var result = chunk.toString('utf8').trim();
|
|
||||||
try {
|
|
||||||
result = JSON.parse(result);
|
|
||||||
} catch(e) {
|
|
||||||
args.challenge.keyAuthorization = result;
|
|
||||||
result = args.challenge;
|
|
||||||
}
|
|
||||||
resolve(result);
|
|
||||||
});
|
|
||||||
});
|
|
||||||
};
|
};
|
||||||
// Because the ACME server will hammer us with requests, and that's confusing during a manual test:
|
|
||||||
Challenge._getCache = {};
|
|
||||||
|
|
|
@ -1,18 +1,5 @@
|
||||||
{
|
{
|
||||||
"name": "greenlock-challenge-manual",
|
"name": "le-challenge-manual",
|
||||||
"version": "3.0.4",
|
"version": "2.1.1",
|
||||||
"lockfileVersion": 1,
|
"lockfileVersion": 1
|
||||||
"requires": true,
|
|
||||||
"dependencies": {
|
|
||||||
"greenlock-challenge-dns": {
|
|
||||||
"version": "3.0.4",
|
|
||||||
"resolved": "https://registry.npmjs.org/greenlock-challenge-dns/-/greenlock-challenge-dns-3.0.4.tgz",
|
|
||||||
"integrity": "sha512-CJI9RAtrZl9ICldyU5cRGzb1/wIbS3O+MJy9z7gKb7fLDNF7Wmw9Fv2agBLSOtIPr7TYgyyesvt8ppA4OIS+yg=="
|
|
||||||
},
|
|
||||||
"greenlock-challenge-http": {
|
|
||||||
"version": "3.0.1",
|
|
||||||
"resolved": "https://registry.npmjs.org/greenlock-challenge-http/-/greenlock-challenge-http-3.0.1.tgz",
|
|
||||||
"integrity": "sha512-u+r8VtT+Qve0wucVZEPivFRT7DP+Jfl7McGMbna0BFVvAc+NJyOJGyvBa6aGDi4qgEhx7pjh0yCsCEKDHI2zDw=="
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
21
package.json
21
package.json
|
@ -1,21 +1,22 @@
|
||||||
{
|
{
|
||||||
"name": "greenlock-challenge-manual",
|
"name": "le-challenge-manual",
|
||||||
"version": "3.0.4",
|
"version": "2.1.1",
|
||||||
"description": "A cli-based strategy for node-letsencrypt. Prints the ACME challenge Token and Key and then waits for you to hit enter before continuing.",
|
"description": "A cli-based strategy for node-letsencrypt. Prints the ACME challenge Token and Key and then waits for you to hit enter before continuing.",
|
||||||
"main": "index.js",
|
"main": "index.js",
|
||||||
"homepage": "https://git.coolaj86.com/coolaj86/greenlock-challenge-manual.js",
|
"homepage": "https://git.coolaj86.com/coolaj86/le-challenge-manual.js",
|
||||||
"scripts": {
|
"scripts": {
|
||||||
"test": "node test.js"
|
"test": "node test.js"
|
||||||
},
|
},
|
||||||
"repository": {
|
"repository": {
|
||||||
"type": "git",
|
"type": "git",
|
||||||
"url": "https://git.coolaj86.com/coolaj86/greenlock-challenge-manual.js.git"
|
"url": "https://git.coolaj86.com/coolaj86/le-challenge-manual.js.git"
|
||||||
},
|
},
|
||||||
"keywords": [
|
"keywords": [
|
||||||
"Let's Encrypt",
|
"le-challenge",
|
||||||
"ACME",
|
"le-challenge-",
|
||||||
"challenge",
|
|
||||||
"manual",
|
"manual",
|
||||||
|
"acme",
|
||||||
|
"letsencrypt",
|
||||||
"certbot",
|
"certbot",
|
||||||
"cli",
|
"cli",
|
||||||
"commandline"
|
"commandline"
|
||||||
|
@ -23,10 +24,6 @@
|
||||||
"author": "AJ ONeal <coolaj86@gmail.com> (https://coolaj86.com/)",
|
"author": "AJ ONeal <coolaj86@gmail.com> (https://coolaj86.com/)",
|
||||||
"license": "MPL-2.0",
|
"license": "MPL-2.0",
|
||||||
"bugs": {
|
"bugs": {
|
||||||
"url": "https://git.coolaj86.com/coolaj86/greenlock-challenge-manual.js/issues"
|
"url": "https://git.coolaj86.com/coolaj86/le-challenge-manual.js/issues"
|
||||||
},
|
|
||||||
"dependencies": {
|
|
||||||
"greenlock-challenge-dns": "^3.0.3",
|
|
||||||
"greenlock-challenge-http": "^3.0.0"
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
33
test.js
33
test.js
|
@ -1,25 +1,20 @@
|
||||||
'use strict';
|
'use strict';
|
||||||
|
|
||||||
var tester = require('greenlock-challenge-test');
|
var challenge = require('./').create({});
|
||||||
|
|
||||||
var challenger = require('./').create({});
|
var opts = challenge.getOptions();
|
||||||
|
|
||||||
// The dry-run tests can pass on, literally, 'example.com'
|
|
||||||
// but the integration tests require that you have control over the domain
|
|
||||||
var domain = 'example.com';
|
var domain = 'example.com';
|
||||||
var wildname = '*.example.com';
|
var token = 'token-id';
|
||||||
|
var key = 'secret-key';
|
||||||
|
|
||||||
tester.test('http-01', domain, challenger).then(function () {
|
// this will cause the prompt to appear
|
||||||
console.info("PASS http-01");
|
challenge.set(opts, domain, token, key, function (err) {
|
||||||
return tester.test('dns-01', wildname, challenger).then(function () {
|
// if there's an error, there's a problem
|
||||||
console.info("PASS dns-01");
|
if (err) {
|
||||||
});
|
throw err;
|
||||||
}).then(function () {
|
}
|
||||||
return tester.test('fake-01', domain, challenger).then(function () {
|
|
||||||
console.info("PASS fake-01");
|
// this will cause the final completion message to appear
|
||||||
});
|
challenge.remove(opts, domain, token, function () {
|
||||||
}).catch(function (err) {
|
});
|
||||||
console.error("FAIL");
|
|
||||||
console.error(err);
|
|
||||||
process.exit(20);
|
|
||||||
});
|
});
|
||||||
|
|
Loading…
Reference in New Issue