fix renewal, add --renew-within, reorganise args
This commit is contained in:
parent
2f1b577117
commit
69f5fc9c45
47
README.md
47
README.md
|
@ -237,24 +237,19 @@ Usage:
|
||||||
letsencrypt [OPTIONS] [ARGS]
|
letsencrypt [OPTIONS] [ARGS]
|
||||||
|
|
||||||
Options:
|
Options:
|
||||||
|
--server [STRING] ACME Directory Resource URI. (Default is https://acme-v01.api.letsencrypt.org/directory))
|
||||||
|
|
||||||
--email EMAIL Email used for registration and recovery contact. (default: null)
|
--email EMAIL Email used for registration and recovery contact. (default: null)
|
||||||
|
|
||||||
|
--agree-tos BOOLEAN Agree to the Let's Encrypt Subscriber Agreement
|
||||||
|
|
||||||
--domains URL Domain names to apply. For multiple domains you can enter a comma
|
--domains URL Domain names to apply. For multiple domains you can enter a comma
|
||||||
separated list of domains as a parameter. (default: [])
|
separated list of domains as a parameter. (default: [])
|
||||||
|
|
||||||
--duplicate BOOLEAN Allow getting a certificate that duplicates an existing one
|
--renew-within [NUMBER] Renew certificates this many days before expiry. (default: 7)
|
||||||
|
|
||||||
--agree-tos BOOLEAN Agree to the Let's Encrypt Subscriber Agreement
|
--duplicate BOOLEAN Allow getting a certificate that duplicates an existing one/is
|
||||||
|
an early renewal.
|
||||||
--debug BOOLEAN show traces and logs
|
|
||||||
|
|
||||||
--tls-sni-01-port NUMBER Use TLS-SNI-01 challenge type with this port.
|
|
||||||
(must be 443 with most production servers) (Boulder allows 5001 in testing mode)
|
|
||||||
|
|
||||||
--http-01-port [NUMBER] Use HTTP-01 challenge type with this port, used for SimpleHttp challenge. (Default is 80)
|
|
||||||
(must be 80 with most production servers)
|
|
||||||
|
|
||||||
--dns-01 Use DNS-01 challenge type.
|
|
||||||
|
|
||||||
--rsa-key-size [NUMBER] Size (in bits) of the RSA key. (Default is 2048)
|
--rsa-key-size [NUMBER] Size (in bits) of the RSA key. (Default is 2048)
|
||||||
|
|
||||||
|
@ -269,9 +264,26 @@ Options:
|
||||||
|
|
||||||
--domain-key-path STRING Path to privkey.pem to use for domain (default: generate new)
|
--domain-key-path STRING Path to privkey.pem to use for domain (default: generate new)
|
||||||
|
|
||||||
|
--account-key-path STRING Path to privkey.pem to use for account (default: generate new)
|
||||||
|
|
||||||
--config-dir STRING Configuration directory. (Default is ~/letsencrypt/etc/)
|
--config-dir STRING Configuration directory. (Default is ~/letsencrypt/etc/)
|
||||||
|
|
||||||
--server [STRING] ACME Directory Resource URI. (Default is https://acme-v01.api.letsencrypt.org/directory))
|
--tls-sni-01-port NUMBER Use TLS-SNI-01 challenge type with this port.
|
||||||
|
(must be 443 with most production servers) (Boulder allows 5001 in testing mode)
|
||||||
|
|
||||||
|
--http-01-port [NUMBER] Use HTTP-01 challenge type with this port, used for SimpleHttp challenge. (Default is 80)
|
||||||
|
(must be 80 with most production servers)
|
||||||
|
|
||||||
|
--dns-01 Use DNS-01 challenge type.
|
||||||
|
|
||||||
|
--standalone [BOOLEAN] Obtain certs using a "standalone" webserver. (Default is true)
|
||||||
|
|
||||||
|
--manual [BOOLEAN] Print the token and key to the screen and wait for you to hit enter,
|
||||||
|
giving you time to copy it somewhere before continuing. (Default is false)
|
||||||
|
|
||||||
|
--webroot BOOLEAN Obtain certs by placing files in a webroot directory.
|
||||||
|
|
||||||
|
--webroot-path STRING public_html / webroot path.
|
||||||
|
|
||||||
--apache BOOLEAN Obtain certs using Apache virtual hosts.
|
--apache BOOLEAN Obtain certs using Apache virtual hosts.
|
||||||
|
|
||||||
|
@ -301,14 +313,7 @@ Options:
|
||||||
--apache-disable STRING Command to run to disable the site in Apache.
|
--apache-disable STRING Command to run to disable the site in Apache.
|
||||||
(Default is `rm /etc/apache2/sites-enabled/{{{token}}}.conf`)
|
(Default is `rm /etc/apache2/sites-enabled/{{{token}}}.conf`)
|
||||||
|
|
||||||
--standalone [BOOLEAN] Obtain certs using a "standalone" webserver. (Default is true)
|
--debug BOOLEAN show traces and logs
|
||||||
|
|
||||||
--manual [BOOLEAN] Print the token and key to the screen and wait for you to hit enter,
|
|
||||||
giving you time to copy it somewhere before continuing. (Default is false)
|
|
||||||
|
|
||||||
--webroot BOOLEAN Obtain certs by placing files in a webroot directory.
|
|
||||||
|
|
||||||
--webroot-path STRING public_html / webroot path.
|
|
||||||
|
|
||||||
-h, --help Display help and usage details
|
-h, --help Display help and usage details
|
||||||
```
|
```
|
||||||
|
|
|
@ -5,14 +5,12 @@ var cli = require('cli');
|
||||||
var mkdirp = require('mkdirp');
|
var mkdirp = require('mkdirp');
|
||||||
|
|
||||||
cli.parse({
|
cli.parse({
|
||||||
email: [ false, " Email used for registration and recovery contact. (default: null)", 'email' ]
|
server: [ false, " ACME Directory Resource URI.", 'string', '' ]
|
||||||
, domains: [ false, " Domain names to apply. For multiple domains you can enter a comma separated list of domains as a parameter. (default: [])", 'string' ]
|
, email: [ false, " Email used for registration and recovery contact. (default: null)", 'email' ]
|
||||||
, duplicate: [ false, " Allow getting a certificate that duplicates an existing one", 'boolean', false ]
|
|
||||||
, 'agree-tos': [ false, " Agree to the Let's Encrypt Subscriber Agreement", 'boolean', false ]
|
, 'agree-tos': [ false, " Agree to the Let's Encrypt Subscriber Agreement", 'boolean', false ]
|
||||||
, debug: [ false, " show traces and logs", 'boolean', false ]
|
, domains: [ false, " Domain names to apply. For multiple domains you can enter a comma separated list of domains as a parameter. (default: [])", 'string' ]
|
||||||
, 'tls-sni-01-port': [ false, " Use TLS-SNI-01 challenge type with this port (only port 443 is valid with most production servers)", 'int' ]
|
, 'renew-within': [ false, " Renew certificates this many days before expiry", 'int', 7 ]
|
||||||
, 'http-01-port': [ false, " Use HTTP-01 challenge type with this port (only port 80 is valid with most production servers) (default: 80)", 'int' ]
|
, duplicate: [ false, " Allow getting a certificate that duplicates an existing one/is an early renewal", 'boolean', false ]
|
||||||
, 'dns-01': [ false, " Use DNS-01 challange type", 'boolean', false ]
|
|
||||||
, 'rsa-key-size': [ false, " Size (in bits) of the RSA key.", 'int', 2048 ]
|
, 'rsa-key-size': [ false, " Size (in bits) of the RSA key.", 'int', 2048 ]
|
||||||
, 'cert-path': [ false, " Path to where new cert.pem is saved", 'string',':configDir/live/:hostname/cert.pem' ]
|
, 'cert-path': [ false, " Path to where new cert.pem is saved", 'string',':configDir/live/:hostname/cert.pem' ]
|
||||||
, 'fullchain-path': [ false, " Path to where new fullchain.pem (cert + chain) is saved", 'string', ':configDir/live/:hostname/fullchain.pem' ]
|
, 'fullchain-path': [ false, " Path to where new fullchain.pem (cert + chain) is saved", 'string', ':configDir/live/:hostname/fullchain.pem' ]
|
||||||
|
@ -20,7 +18,9 @@ cli.parse({
|
||||||
, 'domain-key-path': [ false, " Path to privkey.pem to use for domain (default: generate new)", 'string' ]
|
, 'domain-key-path': [ false, " Path to privkey.pem to use for domain (default: generate new)", 'string' ]
|
||||||
, 'account-key-path': [ false, " Path to privkey.pem to use for account (default: generate new)", 'string' ]
|
, 'account-key-path': [ false, " Path to privkey.pem to use for account (default: generate new)", 'string' ]
|
||||||
, 'config-dir': [ false, " Configuration directory.", 'string', '~/letsencrypt/etc/' ]
|
, 'config-dir': [ false, " Configuration directory.", 'string', '~/letsencrypt/etc/' ]
|
||||||
, server: [ false, " ACME Directory Resource URI.", 'string', '' ]
|
, 'tls-sni-01-port': [ false, " Use TLS-SNI-01 challenge type with this port (only port 443 is valid with most production servers)", 'int' ]
|
||||||
|
, 'http-01-port': [ false, " Use HTTP-01 challenge type with this port (only port 80 is valid with most production servers) (default: 80)", 'int' ]
|
||||||
|
, 'dns-01': [ false, " Use DNS-01 challange type", 'boolean', false ]
|
||||||
, standalone: [ false, " Obtain certs using a \"standalone\" webserver.", 'boolean', false ]
|
, standalone: [ false, " Obtain certs using a \"standalone\" webserver.", 'boolean', false ]
|
||||||
, manual: [ false, " Print the token and key to the screen and wait for you to hit enter, giving you time to copy it somewhere before continuing (default: false)", 'boolean', false ]
|
, manual: [ false, " Print the token and key to the screen and wait for you to hit enter, giving you time to copy it somewhere before continuing (default: false)", 'boolean', false ]
|
||||||
, webroot: [ false, " Obtain certs by placing files in a webroot directory.", 'boolean', false ]
|
, webroot: [ false, " Obtain certs by placing files in a webroot directory.", 'boolean', false ]
|
||||||
|
@ -36,6 +36,7 @@ cli.parse({
|
||||||
, 'apache-reload': [ false, " Command to run to reload Apache.", 'string' ]
|
, 'apache-reload': [ false, " Command to run to reload Apache.", 'string' ]
|
||||||
, 'apache-disable': [ false, " Command to run to disable the site in Apache.", 'string' ]
|
, 'apache-disable': [ false, " Command to run to disable the site in Apache.", 'string' ]
|
||||||
//, 'standalone-supported-challenges': [ false, " Supported challenges, order preferences are randomly chosen. (default: http-01,tls-sni-01)", 'string', 'http-01,tls-sni-01']
|
//, 'standalone-supported-challenges': [ false, " Supported challenges, order preferences are randomly chosen. (default: http-01,tls-sni-01)", 'string', 'http-01,tls-sni-01']
|
||||||
|
, debug: [ false, " show traces and logs", 'boolean', false ]
|
||||||
, 'work-dir': [ false, "(ignored)", 'string', '~/letsencrypt/var/lib/' ]
|
, 'work-dir': [ false, "(ignored)", 'string', '~/letsencrypt/var/lib/' ]
|
||||||
, 'logs-dir': [ false, "(ignored)", 'string', '~/letsencrypt/var/log/' ]
|
, 'logs-dir': [ false, "(ignored)", 'string', '~/letsencrypt/var/log/' ]
|
||||||
});
|
});
|
||||||
|
|
33
index.js
33
index.js
|
@ -1,5 +1,7 @@
|
||||||
'use strict';
|
'use strict';
|
||||||
|
|
||||||
|
var DAY = 24 * 60 * 60 * 1000;
|
||||||
|
|
||||||
var LE = require('letsencrypt');
|
var LE = require('letsencrypt');
|
||||||
|
|
||||||
module.exports.run = function (args) {
|
module.exports.run = function (args) {
|
||||||
|
@ -73,6 +75,7 @@ module.exports.run = function (args) {
|
||||||
, server: args.server
|
, server: args.server
|
||||||
, store: leStore
|
, store: leStore
|
||||||
, challenges: leChallenges
|
, challenges: leChallenges
|
||||||
|
, renewWithin: args.renewWithin * DAY
|
||||||
, duplicate: args.duplicate
|
, duplicate: args.duplicate
|
||||||
});
|
});
|
||||||
|
|
||||||
|
@ -93,29 +96,41 @@ module.exports.run = function (args) {
|
||||||
|
|
||||||
// Note: can't use args directly as null values will overwrite template values
|
// Note: can't use args directly as null values will overwrite template values
|
||||||
le.register({
|
le.register({
|
||||||
domains: args.domains
|
debug: args.debug
|
||||||
, email: args.email
|
, email: args.email
|
||||||
, agreeTos: args.agreeTos
|
, agreeTos: args.agreeTos
|
||||||
, challengeType: challengeType
|
, domains: args.domains
|
||||||
, rsaKeySize: args.rsaKeySize
|
, rsaKeySize: args.rsaKeySize
|
||||||
|
, challengeType: challengeType
|
||||||
|
}).then(function (certs) {
|
||||||
|
if (!certs._renewing) {
|
||||||
|
return certs;
|
||||||
|
}
|
||||||
|
console.log("");
|
||||||
|
console.log("Got certificate(s) for " + certs.altnames.join(', '));
|
||||||
|
console.log("\tIssued at " + new Date(certs.issuedAt).toISOString() + "");
|
||||||
|
console.log("\tValid until " + new Date(certs.expiresAt).toISOString() + "");
|
||||||
|
console.log("");
|
||||||
|
console.log("Renewing them now");
|
||||||
|
return certs._renewing;
|
||||||
}).then(function (certs) {
|
}).then(function (certs) {
|
||||||
if (servers) {
|
if (servers) {
|
||||||
servers.closeServers();
|
servers.closeServers();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
console.log("");
|
||||||
|
console.log("Got certificate(s) for " + certs.altnames.join(', '));
|
||||||
|
console.log("\tIssued at " + new Date(certs.issuedAt).toISOString() + "");
|
||||||
|
console.log("\tValid until " + new Date(certs.expiresAt).toISOString() + "");
|
||||||
|
console.log("");
|
||||||
|
|
||||||
// should get back account, path to certs, pems, etc?
|
// should get back account, path to certs, pems, etc?
|
||||||
console.log('\nCertificates installed at:');
|
console.log('\nCertificates installed at:');
|
||||||
console.log(Object.keys(args).filter(function (key) {
|
console.log(Object.keys(args).filter(function (key) {
|
||||||
return /Path/.test(key);
|
return /Path/.test(key);
|
||||||
}).map(function (key) {
|
}).map(function (key) {
|
||||||
return args[key];
|
return args[key];
|
||||||
}).join('\n').replace(/:hostname/, args.domains[0]));
|
}).join('\n').replace(/:hostname/g, args.domains[0]));
|
||||||
|
|
||||||
console.log("");
|
|
||||||
console.log("Got certificate(s) for " + certs.altnames.join(', '));
|
|
||||||
console.log("\tIssued at " + new Date(certs.issuedAt).toISOString() + "");
|
|
||||||
console.log("\tValid until " + new Date(certs.expiresAt).toISOString() + "");
|
|
||||||
console.log("");
|
|
||||||
|
|
||||||
process.exit(0);
|
process.exit(0);
|
||||||
}, function (err) {
|
}, function (err) {
|
||||||
|
|
Loading…
Reference in New Issue