From 6953068a7b6261c2e0effd8573e7fa711d132b0b Mon Sep 17 00:00:00 2001 From: AJ ONeal Date: Sat, 19 May 2018 17:54:08 -0600 Subject: [PATCH] make production default --- README.md | 31 +++++++++++++++++++++---------- examples/force-renew.js | 7 ++++++- examples/normal.js | 5 +++-- examples/remote-access.js | 7 +++---- examples/simple.js | 5 +++-- examples/vhost.js | 5 +++-- 6 files changed, 39 insertions(+), 21 deletions(-) diff --git a/README.md b/README.md index 468c807..9f44193 100644 --- a/README.md +++ b/README.md @@ -102,8 +102,9 @@ require('greenlock-express').create({ // Let's Encrypt v2 is ACME draft 11 version: 'draft-11' - // You MUST change 'acme-staging-v02' to 'acme-v02' in production -, server: 'https://acme-staging-v02.api.letsencrypt.org/directory' // staging +, server: 'https://acme-v02.api.letsencrypt.org/directory' + // Note: If at first you don't succeed, switch to staging to debug + // https://acme-staging-v02.api.letsencrypt.org/directory // You MUST change this to a valid email address , email: 'john.doe@example.com' @@ -157,18 +158,27 @@ Double check the following: * **API limits** * You MUST NOT exceed the API [**usage limits**](https://letsencrypt.org/docs/staging-environment/) per domain, certificate, IP address, etc * **Red Lock, Untrusted** - * You MUST change the `server` value **in production** - * Shorten the 'acme-staging-v02' part of the server URL to 'acme-v02' + * You MUST use the **production** server url, not staging + * The API URL should not have 'acme-staging-v02', but should have 'acme-v02' + * Delete the `configDir` used for getting certificates in staging -### Get it working in staging first! +### Production vs Staging + +If at first you don't succeed, stop and switch to staging. There are a number of common problems related to system configuration - firewalls, ports, permissions, etc - that you are likely to run up against when using greenlock for your first time. -In order to avoid being blocked by hitting rate limits with bad requests, -you should always test against the `staging` server -(`https://acme-staging-v02.api.letsencrypt.org/directory`) first. +I've put a "dry run" in place with built-in diagnostics, so hopefully +you get everything right on your first or second try. + +However, in order to avoid being blocked by hitting the bad request rate limits +you should switch to using the `staging` server for any testing or debugging. + +``` +https://acme-staging-v02.api.letsencrypt.org/directory +``` Plugins ===== @@ -254,8 +264,9 @@ It looks a little more like this: // returns an instance of greenlock.js with additional helper methods var lex = require('greenlock-express').create({ - // set to https://acme-v02.api.letsencrypt.org/directory in production - server: 'https://acme-staging-v02.api.letsencrypt.org/directory' + server: 'https://acme-v02.api.letsencrypt.org/directory' + // Note: If at first you don't succeed, stop and switch to staging: + // https://acme-staging-v02.api.letsencrypt.org/directory , version: 'draft-11' // Let's Encrypt v2 (ACME v2) // If you wish to replace the default account and domain key storage plugin diff --git a/examples/force-renew.js b/examples/force-renew.js index 6994484..8c8f463 100644 --- a/examples/force-renew.js +++ b/examples/force-renew.js @@ -3,7 +3,12 @@ //require('greenlock-express') require('../').create({ - server: 'staging' + // Let's Encrypt v2 is ACME draft 11 + version: 'draft-11' + +, server: 'https://acme-v02.api.letsencrypt.org/directory' + // Note: If at first you don't succeed, stop and switch to staging + // https://acme-staging-v02.api.letsencrypt.org/directory , email: 'john.doe@example.com' diff --git a/examples/normal.js b/examples/normal.js index 654326c..c4bebb0 100644 --- a/examples/normal.js +++ b/examples/normal.js @@ -21,8 +21,9 @@ require('../').create({ // Let's Encrypt v2 is ACME draft 11 version: 'draft-11' - // You MUST change 'acme-staging-v02' to 'acme-v02' in production -, server: 'https://acme-staging-v02.api.letsencrypt.org/directory' // staging +, server: 'https://acme-v02.api.letsencrypt.org/directory' + // Note: If at first you don't succeed, stop and switch to staging + // https://acme-staging-v02.api.letsencrypt.org/directory // The previous 'simple' example set these values statically, // but this example uses approveDomains() to set them dynamically diff --git a/examples/remote-access.js b/examples/remote-access.js index d5c7742..05bad38 100644 --- a/examples/remote-access.js +++ b/examples/remote-access.js @@ -18,10 +18,9 @@ var secret = require('crypto').randomBytes(16).toString('hex'); require('../').create({ version: 'draft-11' - // WARNING: This runs PRODUCTION by default. - // Uncomment staging instead if you're a first-timer. -, server: 'https://acme-v02.api.letsencrypt.org/directory' // production -//, server: 'https://acme-staging-v02.api.letsencrypt.org/directory' // staging +, server: 'https://acme-v02.api.letsencrypt.org/directory' + // Note: If at first you don't succeed, stop and switch to staging + // https://acme-staging-v02.api.letsencrypt.org/directory , email: email , agreeTos: agreeLeTos diff --git a/examples/simple.js b/examples/simple.js index 3e699c1..e53cc58 100644 --- a/examples/simple.js +++ b/examples/simple.js @@ -6,8 +6,9 @@ require('../').create({ // Let's Encrypt v2 is ACME draft 11 version: 'draft-11' - // You MUST change 'acme-staging-v02' to 'acme-v02' in production -, server: 'https://acme-staging-v02.api.letsencrypt.org/directory' +, server: 'https://acme-v02.api.letsencrypt.org/directory' + // Note: If at first you don't succeed, stop and switch to staging + // https://acme-staging-v02.api.letsencrypt.org/directory // You MUST change this to a valid email address , email: 'john.doe@example.com' diff --git a/examples/vhost.js b/examples/vhost.js index a256d44..09978cc 100644 --- a/examples/vhost.js +++ b/examples/vhost.js @@ -21,8 +21,9 @@ require('../').create({ // Let's Encrypt v2 is ACME draft 11 version: 'draft-11' - // You MUST change 'acme-staging-v02' to 'acme-v02' in production -, server: 'https://acme-v02.api.letsencrypt.org/directory' // staging +, server: 'https://acme-v02.api.letsencrypt.org/directory' + // Note: If at first you don't succeed, stop and switch to staging + // https://acme-staging-v02.api.letsencrypt.org/directory , approveDomains: function (opts, certs, cb) { // In this example the filesystem is our "database".