From d18bf7f3c593da31b5e58b611674dd9c886794a7 Mon Sep 17 00:00:00 2001 From: AJ ONeal Date: Tue, 16 Aug 2016 14:41:18 -0600 Subject: [PATCH] update to letsencrypt-express v2.x --- README.md | 44 ++++++++++++++++++++++++-------------------- 1 file changed, 24 insertions(+), 20 deletions(-) diff --git a/README.md b/README.md index 894fd5b..8b8679a 100644 --- a/README.md +++ b/README.md @@ -1,8 +1,9 @@ [![Join the chat at https://gitter.im/Daplie/letsencrypt-express](https://badges.gitter.im/Daplie/letsencrypt-express.svg)](https://gitter.im/Daplie/letsencrypt-express?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge) -| [letsencrypt (library)](https://github.com/Daplie/node-letsencrypt) +| [letsencrypt (lib)](https://github.com/Daplie/node-letsencrypt) | [letsencrypt-cli](https://github.com/Daplie/letsencrypt-cli) | [letsencrypt-express](https://github.com/Daplie/letsencrypt-express) +| [letsencrypt-cluster](https://github.com/Daplie/letsencrypt-cluster) | [letsencrypt-koa](https://github.com/Daplie/letsencrypt-koa) | **letsencrypt-hapi** | @@ -22,7 +23,7 @@ All you have to do is start the webserver and then visit it at it's domain name. ## Install ``` -npm install --save letsencrypt-express@1.x +npm install --save letsencrypt-express@2.x ``` *Pay no attention to the man behind the curtain.* (just ignore that the name of the module is letsencrypt-express) @@ -32,21 +33,24 @@ npm install --save letsencrypt-express@1.x ```javascript 'use strict'; -var LEX = require('letsencrypt-express').testing(); - -var lex = LEX.create({ - configDir: require('os').homedir() + '/letsencrypt/etc' -, approveRegistration: function (hostname, cb) { - cb(null, { - domains: [hostname] - , email: 'CHANGE_ME' // user@example.com - , agreeTos: true - }); +var le = require('letsencrypt-express').create({ + server: 'staging' // in production use https://acme-v01.api.letsencrypt.org/directory + +, configDir: require('os').homedir() + '/letsencrypt/etc' + +, approveDomains: function (opts, certs, cb) { + opts.domains = certs && certs.altnames || opts.domains; + opts.email = 'john.doe@example.com' // CHANGE ME + opts.agreeTos = true; + + cb(null, { options: opts, certs: certs }); } + + , debug: true }); ``` -WARNING: If you don't do any checks and simply complete `approveRegistration` callback, +WARNING: If you don't do any checks and simply complete `approveDomains` callback, an attacker will spoof SNI packets with bad hostnames and that will cause you to be rate-limited and/or blocked from the ACME server. Alternatively, You can run registration *manually*: @@ -55,6 +59,7 @@ Alternatively, You can run registration *manually*: npm install -g letsencrypt-cli letsencrypt certonly --standalone \ + --server 'https://acme-v01.api.letsencrypt.org/directory' \ --config-dir ~/letsencrypt/etc \ --agree-tos --domains example.com --email user@example.com @@ -67,8 +72,8 @@ letsencrypt certonly --standalone \ var hapi = require('hapi'); var https = require('spdy'); var server = new hapi.Server(); -var acmeResponder = LEX.createAcmeResponder(lex); -var httpsServer = https.createServer(lex.httpsOptions).listen(443); +var acmeResponder = le.middleware(); +var httpsServer = https.createServer(le.httpsOptions).listen(443); server.connection({ listener: httpsServer, autoListen: false, tls: true }); @@ -97,10 +102,9 @@ server.route({ ```javascript var http = require('http'); +var redirectHttps = require('redirect-https')(); -http.createServer(LEX.createAcmeResponder(lex, function redirectHttps(req, res) { - res.setHeader('Location', 'https://' + req.headers.host + req.url); - res.statusCode = 302; - res.end(''); -})).listen(80); +http.createServer(le.middleware(redirectHttps)).listen(80, function () { + console.log('handle ACME http-01 challenge and redirect to https'); +}); ```