#!/usr/bin/env node
'use strict';
var cli = require('cli');
var mkdirp = require('mkdirp');
cli.parse({
email: [ false, " Email used for registration and recovery contact. (default: null)", 'email' ]
, domains: [ false, " Domain names to apply. For multiple domains you can enter a comma separated list of domains as a parameter. (default: [])", 'string' ]
, duplicate: [ false, " Allow getting a certificate that duplicates an existing one", 'boolean', false ]
, 'agree-tos': [ false, " Agree to the Let's Encrypt Subscriber Agreement", 'boolean', false ]
, debug: [ false, " show traces and logs", 'boolean', false ]
, 'tls-sni-01-port': [ false, " Port number to perform tls-sni-01 challenge. Boulder in testing mode defaults to 5001. (default: 443,5001)", 'string' ]
, 'http-01-port': [ false, " Port used in the SimpleHttp challenge. (default: 80)", 'string' ]
, 'rsa-key-size': [ false, " Size (in bits) of the RSA key.", 'int', 2048 ]
, 'cert-path': [ false, " Path to where new cert.pem is saved", 'string',':config/live/:hostname/cert.pem' ]
, 'fullchain-path': [ false, " Path to where new fullchain.pem (cert + chain) is saved", 'string', ':config/live/:hostname/fullchain.pem' ]
, 'chain-path': [ false, " Path to where new chain.pem is saved", 'string', ':config/live/:hostname/chain.pem' ]
, 'domain-key-path': [ false, " Path to privkey.pem to use for domain (default: generate new)", 'string' ]
, 'config-dir': [ false, " Configuration directory.", 'string', '~/letsencrypt/etc/' ]
, server: [ false, " ACME Directory Resource URI.", 'string', 'https://acme-v01.api.letsencrypt.org/directory)' ]
, standalone: [ false, " Obtain certs using a \"standalone\" webserver.", 'boolean', false ]
//, manual: [ false, " Provide laborious manual instructions for obtaining a cert (default: false)", 'boolean', false ]
, webroot: [ false, " Obtain certs by placing files in a webroot directory.", 'boolean', false ]
, 'webroot-path': [ false, " public_html / webroot path.", 'string' ]
//, 'standalone-supported-challenges': [ false, " Supported challenges, order preferences are randomly chosen. (default: http-01,tls-sni-01)", 'string', 'http-01,tls-sni-01']
, 'work-dir': [ false, "(ignored)", 'string', '~/letsencrypt/var/lib/' ]
, 'logs-dir': [ false, "(ignored)", 'string', '~/letsencrypt/var/log/' ]
});
// ignore certonly and extraneous arguments
cli.main(function(_, options) {
console.log('');
var args = {};
var homedir = require('homedir')();
Object.keys(options).forEach(function (key) {
var val = options[key];
if ('string' === typeof val) {
val = val.replace(/^~/, homedir);
}
key = key.replace(/\-([a-z0-9A-Z])/g, function (c) { return c[1].toUpperCase(); });
args[key] = val;
});
Object.keys(args).forEach(function (key) {
var val = args[key];
if ('string' === typeof val) {
val = val.replace(/\:config/, args.configDir);
}
args[key] = val;
});
if (args.domains) {
args.domains = args.domains.split(',');
}
if (!(Array.isArray(args.domains) && args.domains.length) || !args.email || !args.agreeTos) {
console.error("\nUsage: letsencrypt certonly --standalone --domains example.com --email user@example.com --agree-tos");
console.error("\nSee letsencrypt --help for more details\n");
return;
}
if (args.tlsSni01Port) {
// [@agnat]: Coerce to string. cli returns a number although we request a string.
args.tlsSni01Port = "" + args.tlsSni01Port;
args.tlsSni01Port = args.tlsSni01Port.split(',').map(function (port) {
return parseInt(port, 10);
});
}
if (args.http01Port) {
// [@agnat]: Coerce to string. cli returns a number although we request a string.
args.http01Port = "" + args.http01Port;
args.http01Port = args.http01Port.split(',').map(function (port) {
return parseInt(port, 10);
});
}
mkdirp(args.configDir, function (err) {
if (err) {
console.error("Could not create --config-dir '" + args.configDir + "':", err.code);
console.error("Try setting --config-dir '/tmp'");
return;
}
var LE = require('letsencrypt');
var handlers;
if (args.webrootPath) {
handlers = require('../lib/webroot').create(args);
}
else /*if (args.standalone)*/ {
handlers = require('../lib/standalone').create();
handlers.startServers(args.http01Port || [80], args.tlsSni01Port || [443, 5001]);
}
// let LE know that we're handling standalone / webroot here
LE.create({
manual: true
, debug: args.debug
, configDir: args.configDir
, privkeyPath: ':config/live/:hostname/privkey.pem' //args.privkeyPath
, fullchainPath: args.fullchainPath
, certPath: args.certPath
, chainPath: args.chainPath
}, handlers).register(args, function (err, results) {
if (err) {
console.error('[Error]: letsencrypt-cli');
console.error(err.stack || err);
return;
}
if (!results || ('object' !== typeof results)) {
console.error("Error: An unknown error occurred. My best guess is that we got an error that we're not used to from the ACME server and accidentally interpretted it as a success... or forgot to expose the error.");
console.error(results);
err = new Error("Here's a stack trace, in case it helps:");
console.error(err.stack);
return;
}
if (handlers.closeServers) {
handlers.closeServers();
}
// should get back account, path to certs, pems, etc?
console.log('\nCertificates installed at:');
console.log(Object.keys(results).filter(function (key) {
return /Path/.test(key);
}).map(function (key) {
return results[key];
}).join('\n'));
process.exit(0);
});
});
});