support tls-sni-01 challenge
Previously the http-01 challenge was simply served over SSL.
This commit is contained in:
Ben Schmidt
parent
7d3702aa81
commit
b2407029ab
18
README.md
18
README.md
|
|
@ -48,8 +48,9 @@ multiple domains doesn't work for you, file a bug.
|
||||||
|
|
||||||
### Standalone
|
### Standalone
|
||||||
|
|
||||||
You can run standalone mode to get a cert **on the server** you will be
|
You can run standalone mode to get a cert **on the server**. You either use an
|
||||||
using it for over ports **80 and 443 (or 5001)** like so:
|
http-01 challenge (the default) on port 80, or a tls-sni-01 challenge on port
|
||||||
|
443 (or 5001). Like so:
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
letsencrypt certonly \
|
letsencrypt certonly \
|
||||||
|
|
@ -60,6 +61,17 @@ letsencrypt certonly \
|
||||||
--config-dir ~/letsencrypt/etc
|
--config-dir ~/letsencrypt/etc
|
||||||
```
|
```
|
||||||
|
|
||||||
|
or
|
||||||
|
|
||||||
|
```bash
|
||||||
|
letsencrypt certonly \
|
||||||
|
--agree-tos --email john.doe@example.com \
|
||||||
|
--standalone --tls-sni-01-port 443 \
|
||||||
|
--domains example.com,www.example.com \
|
||||||
|
--server https://acme-staging.api.letsencrypt.org/directory \
|
||||||
|
--config-dir ~/letsencrypt/etc
|
||||||
|
```
|
||||||
|
|
||||||
Then you can see your certs at `~/letsencrypt/etc/live`.
|
Then you can see your certs at `~/letsencrypt/etc/live`.
|
||||||
|
|
||||||
```
|
```
|
||||||
|
|
@ -174,7 +186,7 @@ Options:
|
||||||
|
|
||||||
--debug BOOLEAN show traces and logs
|
--debug BOOLEAN show traces and logs
|
||||||
|
|
||||||
--tls-sni-01-port NUMBER Use TLS-SNI-01 challenge type with this port. (Default is 443)
|
--tls-sni-01-port NUMBER Use TLS-SNI-01 challenge type with this port.
|
||||||
(must be 443 with most production servers) (Boulder allows 5001 in testing mode)
|
(must be 443 with most production servers) (Boulder allows 5001 in testing mode)
|
||||||
|
|
||||||
--http-01-port [NUMBER] Use HTTP-01 challenge type with this port, used for SimpleHttp challenge. (Default is 80)
|
--http-01-port [NUMBER] Use HTTP-01 challenge type with this port, used for SimpleHttp challenge. (Default is 80)
|
||||||
|
|
|
||||||
29
index.js
29
index.js
|
|
@ -15,6 +15,7 @@ module.exports.run = function (args) {
|
||||||
args.standalone = USE_DNS;
|
args.standalone = USE_DNS;
|
||||||
} else if (args.tlsSni01Port) {
|
} else if (args.tlsSni01Port) {
|
||||||
challengeType = 'tls-sni-01';
|
challengeType = 'tls-sni-01';
|
||||||
|
args.webrootPath = '';
|
||||||
} else /*if (args.http01Port)*/ {
|
} else /*if (args.http01Port)*/ {
|
||||||
challengeType = 'http-01';
|
challengeType = 'http-01';
|
||||||
}
|
}
|
||||||
|
|
@ -27,12 +28,13 @@ module.exports.run = function (args) {
|
||||||
// TODO rename le-challenge-fs to le-challenge-webroot
|
// TODO rename le-challenge-fs to le-challenge-webroot
|
||||||
leChallenge = require('./lib/webroot').create({ webrootPath: args.webrootPath });
|
leChallenge = require('./lib/webroot').create({ webrootPath: args.webrootPath });
|
||||||
}
|
}
|
||||||
|
else if (args.tlsSni01Port) {
|
||||||
|
leChallenge = require('le-challenge-sni').create({});
|
||||||
|
servers = require('./lib/servers').create(leChallenge);
|
||||||
|
}
|
||||||
else if (USE_DNS !== args.standalone) {
|
else if (USE_DNS !== args.standalone) {
|
||||||
leChallenge = require('le-challenge-standalone').create({});
|
leChallenge = require('le-challenge-standalone').create({});
|
||||||
servers = require('./lib/servers').create(leChallenge).startServers(
|
servers = require('./lib/servers').create(leChallenge);
|
||||||
args.http01Port || [80], args.tlsSni01Port || [443, 5001]
|
|
||||||
, { debug: args.debug }
|
|
||||||
);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
leStore = require('le-store-certbot').create({
|
leStore = require('le-store-certbot').create({
|
||||||
|
|
@ -51,14 +53,31 @@ module.exports.run = function (args) {
|
||||||
}
|
}
|
||||||
|
|
||||||
// let LE know that we're handling standalone / webroot here
|
// let LE know that we're handling standalone / webroot here
|
||||||
|
var leChallenges = {};
|
||||||
|
leChallenges[challengeType] = leChallenge;
|
||||||
var le = LE.create({
|
var le = LE.create({
|
||||||
debug: args.debug
|
debug: args.debug
|
||||||
, server: args.server
|
, server: args.server
|
||||||
, store: leStore
|
, store: leStore
|
||||||
, challenges: { 'http-01': leChallenge, 'tls-sni-01': leChallenge }
|
, challenges: leChallenges
|
||||||
, duplicate: args.duplicate
|
, duplicate: args.duplicate
|
||||||
});
|
});
|
||||||
|
|
||||||
|
if (servers) {
|
||||||
|
if (args.tlsSni01Port) {
|
||||||
|
servers = servers.startServers(
|
||||||
|
[], args.tlsSni01Port
|
||||||
|
, { debug: args.debug, httpsOptions: le.httpsOptions }
|
||||||
|
);
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
servers = servers.startServers(
|
||||||
|
args.http01Port || [80], []
|
||||||
|
, { debug: args.debug }
|
||||||
|
);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
// Note: can't use args directly as null values will overwrite template values
|
// Note: can't use args directly as null values will overwrite template values
|
||||||
le.register({
|
le.register({
|
||||||
domains: args.domains
|
domains: args.domains
|
||||||
|
|
|
||||||
|
|
@ -25,7 +25,7 @@ module.exports.create = function (challenge) {
|
||||||
, startServers: function (plainPorts, tlsPorts, opts) {
|
, startServers: function (plainPorts, tlsPorts, opts) {
|
||||||
opts = opts || {};
|
opts = opts || {};
|
||||||
|
|
||||||
var httpsOptions = require('localhost.daplie.com-certificates');
|
var httpsOptions = opts.httpsOptions || require('localhost.daplie.com-certificates');
|
||||||
var https = require('https');
|
var https = require('https');
|
||||||
var http = require('http');
|
var http = require('http');
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -37,6 +37,7 @@
|
||||||
"homedir": "^0.6.0",
|
"homedir": "^0.6.0",
|
||||||
"le-acme-core": "^2.0.5",
|
"le-acme-core": "^2.0.5",
|
||||||
"le-challenge-manual": "^2.0.0",
|
"le-challenge-manual": "^2.0.0",
|
||||||
|
"le-challenge-sni": "^2.0.0",
|
||||||
"le-challenge-standalone": "^2.0.0",
|
"le-challenge-standalone": "^2.0.0",
|
||||||
"le-store-certbot": "^2.0.2",
|
"le-store-certbot": "^2.0.2",
|
||||||
"letsencrypt": "^2.1.2",
|
"letsencrypt": "^2.1.2",
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue