2019-04-03 04:48:57 +00:00
|
|
|
#!/usr/bin/env node
|
|
|
|
'use strict';
|
|
|
|
/*global Promise*/
|
|
|
|
|
|
|
|
///////////////////////
|
|
|
|
// wildcard example //
|
|
|
|
//////////////////////
|
|
|
|
|
|
|
|
//
|
|
|
|
// wildcard example
|
|
|
|
//
|
|
|
|
|
|
|
|
//var glx = require('greenlock-express')
|
|
|
|
var glx = require('./').create({
|
|
|
|
|
|
|
|
version: 'draft-11' // Let's Encrypt v2 is ACME draft 11
|
|
|
|
|
|
|
|
, server: 'https://acme-staging-v02.api.letsencrypt.org/directory'
|
|
|
|
//, server: 'https://acme-v02.api.letsencrypt.org/directory' // If at first you don't succeed, stop and switch to staging
|
|
|
|
// https://acme-staging-v02.api.letsencrypt.org/directory
|
|
|
|
|
|
|
|
, configDir: '~/acme/' // You MUST have access to write to directory where certs
|
|
|
|
// are saved. ex: /home/foouser/.config/acme
|
|
|
|
|
|
|
|
, approveDomains: myApproveDomains // Greenlock's wraps around tls.SNICallback. Check the
|
|
|
|
// domain name here and reject invalid ones
|
|
|
|
|
|
|
|
, app: require('./my-express-app.js') // Any node-style http app (i.e. express, koa, hapi, rill)
|
|
|
|
|
|
|
|
/* CHANGE TO A VALID EMAIL */
|
|
|
|
, email: 'jon.doe@example.com' // Email for Let's Encrypt account and Greenlock Security
|
|
|
|
, agreeTos: true // Accept Let's Encrypt ToS
|
|
|
|
, communityMember: true // Join Greenlock to (very rarely) get important updates
|
|
|
|
|
|
|
|
//, debug: true
|
|
|
|
, store: require('le-store-fs')
|
|
|
|
});
|
|
|
|
|
|
|
|
var server = glx.listen(80, 443);
|
|
|
|
server.on('listening', function () {
|
|
|
|
console.info(server.type + " listening on", server.address());
|
|
|
|
});
|
|
|
|
|
|
|
|
function myApproveDomains(opts) {
|
2019-04-03 04:51:03 +00:00
|
|
|
console.log('sni:', opts.domain);
|
2019-04-03 04:48:57 +00:00
|
|
|
|
|
|
|
// must be 'example.com' or start with 'example.com'
|
2019-04-03 04:51:03 +00:00
|
|
|
if ('example.com' !== opts.domain
|
|
|
|
&& 'example.com' !== opts.domain.split('.').slice(1).join('.')) {
|
|
|
|
return Promise.reject(new Error("we don't serve your kind here: " + opts.domain));
|
2019-04-03 04:48:57 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
// the primary domain for the cert
|
|
|
|
opts.subject = 'example.com';
|
|
|
|
// the altnames (including the primary)
|
|
|
|
opts.domains = [ opts.subject, '*.example.com' ];
|
|
|
|
|
|
|
|
if (!opts.challenges) { opts.challenges = {}; }
|
|
|
|
opts.challenges['http-01'] = require('le-challenge-fs').create({});
|
2019-04-03 05:01:57 +00:00
|
|
|
// Note: When implementing a dns-01 plugin you should make it check in a loop
|
|
|
|
// until it can positively confirm that the DNS changes have propagated.
|
|
|
|
// That could take several seconds to a few minutes.
|
2019-04-03 04:48:57 +00:00
|
|
|
opts.challenges['dns-01'] = require('le-challenge-dns').create({});
|
|
|
|
|
|
|
|
// explicitly set account id and certificate.id
|
|
|
|
opts.account = { id: opts.email };
|
|
|
|
opts.certificate = { id: opts.subject };
|
|
|
|
|
|
|
|
return Promise.resolve(opts);
|
|
|
|
}
|