greenlock-cli.js/README.md

# letsencrypt-cli (for node.js)

CLI for node-letsencrypt modeled after the official client.

* Free SSL Certificates
* 90-day certificate lifetime
* One-off standalone registration / renewal
* On-the-fly registration / renewal via webroot

## Install Node

For **Windows**:

Choose **Stable** from <https://nodejs.org/en/>

For Linux and **OS X**:

```
curl -L bit.ly/iojs-min | bash
```

# Install LetsEncrypt

```bash
npm install -g letsencrypt-cli
```

## Usage

These commands are shown using the **testing server**.

When you want to use the **live server**,
simply remove the `--server https://acme-staging.api.letsencrypt.org/directory`
or change it to `--server https://acme-v01.api.letsencrypt.org/directory`.

**Note**: This has really only been tested with single domains so if
multiple domains doesn't work for you, file a bug.

### Standalone

```bash
letsencrypt certonly \
  --agree-tos --email john.doe@example.com \
  --standalone \
  --domains example.com,www.example.com \
  --server https://acme-staging.api.letsencrypt.org/directory \

ls ~/letsencrypt/etc/live
```

### WebRoot

```bash
sudo letsencrypt certonly \
  --agree-tos --email john.doe@example.com \
  --webroot --webroot-path /srv/www/acme-challenge \
  --config-dir /etc/letsencrypt \
  --domains example.com,www.example.com \
  --server https://acme-staging.api.letsencrypt.org/directory

ls /etc/letsencrypt/live/
```

## Test with a free domain

```bash
# Install Daplie DNS
npm install -g ddns-cli

# see terms of use
ddns --help

# agree to terms and get domain
ddns --random --email user@example.com --agree

# the default is to use the ip address from which
# you can the command, but you can also assign the
# ip manually
ddns --random --email user@example.com --agree -a '127.0.0.1'
```

Example domain:

```
rubber-duck-42.daplie.me
```

## Run without Root

If you'd like to allow node.js to use privileged ports `80` and `443`
(and everything under 1024 really) without being run as `root` or `sudo`,
you can use `setcap` to do so. (it may need to be run any time you reinstall node as well)

```bash
sudo setcap cap_net_bind_service=+ep /usr/local/bin/node
```

By default `node-letsencrypt` assumes your home directory `~/letsencrypt/`, but if
you really want to use `/etc/letsencrypt`, `/var/lib/letsencrypt/`, and `/var/log/letsencrypt`
you could change the permissions on them. **Probably a BAD IDEA**. Probabry a security risk.

```
# PROBABLY A BAD IDEA
sudo chown -R $(whoami) /etc/letsencrypt /var/lib/letsencrypt /var/log/letsencrypt 
```

## Command line Options

```
Usage:
  letsencrypt [OPTIONS] [ARGS]

Options:
      --email EMAIL             Email used for registration and recovery contact. (default: null)

      --domains URL             Domain names to apply. For multiple domains you can enter a comma
                                separated list of domains as a parameter. (default: [])

      --duplicate BOOLEAN       Allow getting a certificate that duplicates an existing one

      --agree-tos BOOLEAN       Agree to the Let's Encrypt Subscriber Agreement

      --debug BOOLEAN           show traces and logs

      --tls-sni-01-port NUMBER  Port number to perform tls-sni-01 challenge.
                                Boulder in testing mode defaults to 5001. (default: 443 and 5001)

      --http-01-port [NUMBER]   Port used in the SimpleHttp challenge. (Default is 80)

      --rsa-key-size [NUMBER]   Size (in bits) of the RSA key. (Default is 2048)

      --cert-path STRING        Path to where new cert.pem is saved
                                (Default is :conf/live/:hostname/cert.pem)

      --fullchain-path [STRING] Path to where new fullchain.pem (cert + chain) is saved
                                (Default is :conf/live/:hostname/fullchain.pem)

      --chain-path [STRING]     Path to where new chain.pem is saved
                                (Default is :conf/live/:hostname/chain.pem)

      --domain-key-path STRING  Path to privkey.pem to use for domain (default: generate new)

      --config-dir STRING       Configuration directory. (Default is ~/letsencrypt/etc/)

      --server [STRING]         ACME Directory Resource URI. (Default is https://acme-v01.api.letsencrypt.org/directory))

      --standalone [BOOLEAN]    Obtain certs using a "standalone" webserver.  (Default is true)

      --webroot BOOLEAN         Obtain certs by placing files in a webroot directory.

      --webroot-path STRING      public_html / webroot path.

  -h, --help                    Display help and usage details
```

Note: some of the options may not be fully implemented. If you encounter a problem, please report a bug on the issues page.
Update README.md 2015-12-19 18:47:00 +00:00			`# letsencrypt-cli (for node.js)`
Update README.md 2015-12-16 09:16:09 +00:00
			`CLI for node-letsencrypt modeled after the official client.`

Update README.md 2015-12-16 12:00:27 +00:00			`* Free SSL Certificates`
			`* 90-day certificate lifetime`
			`* One-off standalone registration / renewal`
			`* On-the-fly registration / renewal via webroot`

Update README.md 2015-12-16 11:01:10 +00:00			`## Install Node`

Update README.md 2015-12-16 11:01:30 +00:00			`For Windows:`
Update README.md 2015-12-16 11:01:10 +00:00
			`Choose Stable from <https://nodejs.org/en/>`

Update README.md 2015-12-16 11:01:30 +00:00			`For Linux and OS X:`
Update README.md 2015-12-16 11:01:10 +00:00
			```
			`curl -L bit.ly/iojs-min \| bash`
			```

			`# Install LetsEncrypt`
Update README.md 2015-12-16 09:16:09 +00:00
			```bash
			`npm install -g letsencrypt-cli`
			```

			`## Usage`

Update README.md 2015-12-16 11:06:33 +00:00			`These commands are shown using the testing server.`

			`When you want to use the live server,`
			simply remove the `--server https://acme-staging.api.letsencrypt.org/directory`
			or change it to `--server https://acme-v01.api.letsencrypt.org/directory`.

			`Note: This has really only been tested with single domains so if`
			`multiple domains doesn't work for you, file a bug.`

Update README.md 2015-12-16 09:16:09 +00:00			`### Standalone`

			```bash
			`letsencrypt certonly \`
			`--agree-tos --email john.doe@example.com \`
			`--standalone \`
Update README.md 2015-12-16 11:06:33 +00:00			`--domains example.com,www.example.com \`
Update README.md 2015-12-16 11:16:25 +00:00			`--server https://acme-staging.api.letsencrypt.org/directory \`
Update README.md 2015-12-16 12:58:05 +00:00
Update README.md 2015-12-16 13:02:09 +00:00			`ls ~/letsencrypt/etc/live`
Update README.md 2015-12-16 09:16:09 +00:00			```

			`### WebRoot`

			```bash
Update README.md 2015-12-16 13:02:09 +00:00			`sudo letsencrypt certonly \`
Update README.md 2015-12-16 09:16:09 +00:00			`--agree-tos --email john.doe@example.com \`
			`--webroot --webroot-path /srv/www/acme-challenge \`
Update README.md 2015-12-16 13:02:09 +00:00			`--config-dir /etc/letsencrypt \`
Update README.md 2015-12-16 11:06:33 +00:00			`--domains example.com,www.example.com \`
			`--server https://acme-staging.api.letsencrypt.org/directory`
Update README.md 2015-12-16 12:58:05 +00:00
Update README.md 2015-12-16 13:02:09 +00:00			`ls /etc/letsencrypt/live/`
Update README.md 2015-12-16 09:16:09 +00:00			```
copy python's arguments 2015-12-16 11:01:10 +00:00
Update README.md 2015-12-16 13:32:00 +00:00			`## Test with a free domain`

			```bash
			`# Install Daplie DNS`
			`npm install -g ddns-cli`

			`# see terms of use`
			`ddns --help`

			`# agree to terms and get domain`
			`ddns --random --email user@example.com --agree`
Update README.md 2015-12-16 13:33:17 +00:00
			`# the default is to use the ip address from which`
			`# you can the command, but you can also assign the`
			`# ip manually`
			`ddns --random --email user@example.com --agree -a '127.0.0.1'`
Update README.md 2015-12-16 13:32:00 +00:00			```

			`Example domain:`

			```
			`rubber-duck-42.daplie.me`
			```

Update README.md 2015-12-16 11:16:25 +00:00			`## Run without Root`

			If you'd like to allow node.js to use privileged ports `80` and `443`
			(and everything under 1024 really) without being run as `root` or `sudo`,
			you can use `setcap` to do so. (it may need to be run any time you reinstall node as well)

			```bash
			`sudo setcap cap_net_bind_service=+ep /usr/local/bin/node`
			```

Update README.md 2015-12-16 13:02:09 +00:00			By default `node-letsencrypt` assumes your home directory `~/letsencrypt/`, but if
			you really want to use `/etc/letsencrypt`, `/var/lib/letsencrypt/`, and `/var/log/letsencrypt`
			`you could change the permissions on them. Probably a BAD IDEA. Probabry a security risk.`

			```
			`# PROBABLY A BAD IDEA`
			`sudo chown -R $(whoami) /etc/letsencrypt /var/lib/letsencrypt /var/log/letsencrypt`
			```

copy python's arguments 2015-12-16 11:01:10 +00:00			`## Command line Options`

			```
			`Usage:`
			`letsencrypt [OPTIONS] [ARGS]`

			`Options:`
			`--email EMAIL Email used for registration and recovery contact. (default: null)`

			`--domains URL Domain names to apply. For multiple domains you can enter a comma`
			`separated list of domains as a parameter. (default: [])`

			`--duplicate BOOLEAN Allow getting a certificate that duplicates an existing one`

			`--agree-tos BOOLEAN Agree to the Let's Encrypt Subscriber Agreement`

			`--debug BOOLEAN show traces and logs`

			`--tls-sni-01-port NUMBER Port number to perform tls-sni-01 challenge.`
			`Boulder in testing mode defaults to 5001. (default: 443 and 5001)`

			`--http-01-port [NUMBER] Port used in the SimpleHttp challenge. (Default is 80)`

			`--rsa-key-size [NUMBER] Size (in bits) of the RSA key. (Default is 2048)`

			`--cert-path STRING Path to where new cert.pem is saved`
			`(Default is :conf/live/:hostname/cert.pem)`

			`--fullchain-path [STRING] Path to where new fullchain.pem (cert + chain) is saved`
			`(Default is :conf/live/:hostname/fullchain.pem)`

			`--chain-path [STRING] Path to where new chain.pem is saved`
			`(Default is :conf/live/:hostname/chain.pem)`

			`--domain-key-path STRING Path to privkey.pem to use for domain (default: generate new)`

Update README.md 2015-12-16 11:17:06 +00:00			`--config-dir STRING Configuration directory. (Default is ~/letsencrypt/etc/)`
copy python's arguments 2015-12-16 11:01:10 +00:00
			`--server [STRING] ACME Directory Resource URI. (Default is https://acme-v01.api.letsencrypt.org/directory))`

			`--standalone [BOOLEAN] Obtain certs using a "standalone" webserver. (Default is true)`

			`--webroot BOOLEAN Obtain certs by placing files in a webroot directory.`

			`--webroot-path STRING public_html / webroot path.`

			`-h, --help Display help and usage details`
			```
Update README.md 2015-12-16 13:03:03 +00:00
			`Note: some of the options may not be fully implemented. If you encounter a problem, please report a bug on the issues page.`