greenlock-koa.js/README.md

[![Join the chat at https://gitter.im/Daplie/letsencrypt-express](https://badges.gitter.im/Daplie/letsencrypt-express.svg)](https://gitter.im/Daplie/letsencrypt-express?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge)

| [letsencrypt (lib)](https://github.com/Daplie/node-letsencrypt)
| [letsencrypt-cli](https://github.com/Daplie/letsencrypt-cli) 
| [letsencrypt-express](https://github.com/Daplie/letsencrypt-express)
| [letsencrypt-cluster](https://github.com/Daplie/letsencrypt-cluster)
| **letsencrypt-koa**
| [letsencrypt-hapi](https://github.com/Daplie/letsencrypt-hapi)
|

# letsencrypt-koa

Free SSL and Automatic HTTPS for node.js with KOA and other middleware systems via Let's Encrypt

* Automatic Registration via SNI (`httpsOptions.SNICallback`)
  * **registrations** require an **approval callback** in *production*
* Automatic Renewal (around 80 days)
  * **renewals** are *fully automatic* and happen in the *background*, with **no downtime**
* Automatic vhost / virtual hosting

All you have to do is start the webserver and then visit it at it's domain name.

## Install

```
npm install --save letsencrypt-express@2.x
```

*Pay no attention to the man behind the curtain.* (just ignore that the name of the module is letsencrypt-express)

### Part 1: Setup

```javascript
'use strict';

var le = require('letsencrypt-express').create({
  server: 'staging' // in production use 'https://acme-v01.api.letsencrypt.org/directory'
  
, configDir: require('os').homedir() + '/letsencrypt/etc'

, approveDomains: function (opts, certs, cb) {
    opts.domains = certs && certs.altnames || opts.domains;
    opts.email = 'john.doe@example.com' // CHANGE ME
    opts.agreeTos = true;

    cb(null, { options: opts, certs: certs });
  }

 , debug: true
});
```

WARNING: If you don't do any checks and simply complete `approveRegistration` callback, an attacker will spoof SNI packets with bad hostnames and that will cause you to be rate-limited and or blocked from the ACME server. Alternatively, You can run registration *manually*:

```bash
npm install -g letsencrypt-cli

letsencrypt certonly --standalone \
  --server 'https://acme-v01.api.letsencrypt.org/directory' \
  --config-dir ~/letsencrypt/etc \
  --agree-tos --domains example.com --email user@example.com
  
# Note: the '--webrootPath' option is also available if you don't want to shut down your webserver to get the cert.
```

### Part 2: Just add Koa

```javascript
var http = require('http');
var https = require('spdy');
var koa = require('koa');
var app = koa();

app.use(function *() {
  this.body = 'Hello World';
});

var server = https.createServer(le.httpsOptions, le.middleware(app.callback()));

server.listen(443, function () {
 console.log('Listening at https://localhost:' + this.address().port);
});


var http = require('http');
var redirectHttps = koa().use(require('koa-sslify')()).callback();
http.createServer(le.middleware(redirectHttps)).listen(80, function () {
  console.log('handle ACME http-01 challenge and redirect to https');
});
```
add gitter badge meh 2016-04-22 18:12:45 +00:00			`[![Join the chat at https://gitter.im/Daplie/letsencrypt-express](https://badges.gitter.im/Daplie/letsencrypt-express.svg)](https://gitter.im/Daplie/letsencrypt-express?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge)`

Update README.md 2016-08-16 20:58:10 +00:00			`\| [letsencrypt (lib)](https://github.com/Daplie/node-letsencrypt)`
link to others 2016-04-22 18:20:15 +00:00			`\| [letsencrypt-cli](https://github.com/Daplie/letsencrypt-cli)`
			`\| [letsencrypt-express](https://github.com/Daplie/letsencrypt-express)`
update for v2.x 2016-08-16 20:58:02 +00:00			`\| [letsencrypt-cluster](https://github.com/Daplie/letsencrypt-cluster)`
link to others 2016-04-22 18:20:15 +00:00			`\| letsencrypt-koa`
			`\| [letsencrypt-hapi](https://github.com/Daplie/letsencrypt-hapi)`
			`\|`

Initial commit 2016-04-18 17:05:06 +00:00			`# letsencrypt-koa`
Update README.md 2016-04-18 17:07:30 +00:00
Initial commit 2016-04-18 17:05:06 +00:00			`Free SSL and Automatic HTTPS for node.js with KOA and other middleware systems via Let's Encrypt`
Update README.md 2016-04-18 17:07:30 +00:00
			* Automatic Registration via SNI (`httpsOptions.SNICallback`)
			`* registrations require an approval callback in production`
			`* Automatic Renewal (around 80 days)`
			`* renewals are fully automatic and happen in the background, with no downtime`
			`* Automatic vhost / virtual hosting`

			`All you have to do is start the webserver and then visit it at it's domain name.`

			`## Install`

			```
update for v2.x 2016-08-16 20:58:02 +00:00			`npm install --save letsencrypt-express@2.x`
Update README.md 2016-04-18 17:07:30 +00:00			```

Update README.md 2016-04-18 17:08:49 +00:00			`Pay no attention to the man behind the curtain. (just ignore that the name of the module is letsencrypt-express)`

Update README.md 2016-04-18 17:07:30 +00:00			`### Part 1: Setup`

			```javascript
			`'use strict';`

update for v2.x 2016-08-16 20:58:02 +00:00			`var le = require('letsencrypt-express').create({`
			`server: 'staging' // in production use 'https://acme-v01.api.letsencrypt.org/directory'`

			`, configDir: require('os').homedir() + '/letsencrypt/etc'`

			`, approveDomains: function (opts, certs, cb) {`
			`opts.domains = certs && certs.altnames \|\| opts.domains;`
			`opts.email = 'john.doe@example.com' // CHANGE ME`
			`opts.agreeTos = true;`

			`cb(null, { options: opts, certs: certs });`
Update README.md 2016-04-18 17:07:30 +00:00			`}`
update for v2.x 2016-08-16 20:58:02 +00:00
			`, debug: true`
Update README.md 2016-04-18 17:07:30 +00:00			`});`
			```

			WARNING: If you don't do any checks and simply complete `approveRegistration` callback, an attacker will spoof SNI packets with bad hostnames and that will cause you to be rate-limited and or blocked from the ACME server. Alternatively, You can run registration manually:

			```bash
			`npm install -g letsencrypt-cli`

			`letsencrypt certonly --standalone \`
update for v2.x 2016-08-16 20:58:02 +00:00			`--server 'https://acme-v01.api.letsencrypt.org/directory' \`
Update README.md 2016-04-18 17:07:30 +00:00			`--config-dir ~/letsencrypt/etc \`
			`--agree-tos --domains example.com --email user@example.com`

			`# Note: the '--webrootPath' option is also available if you don't want to shut down your webserver to get the cert.`
			```

			`### Part 2: Just add Koa`

			```javascript
			`var http = require('http');`
Update README.md 2016-04-18 17:09:44 +00:00			`var https = require('spdy');`
Update README.md 2016-04-18 17:07:30 +00:00			`var koa = require('koa');`
			`var app = koa();`

			`app.use(function *() {`
			`this.body = 'Hello World';`
			`});`

update for v2.x 2016-08-16 20:58:02 +00:00			`var server = https.createServer(le.httpsOptions, le.middleware(app.callback()));`
Update README.md 2016-04-18 17:07:30 +00:00
			`server.listen(443, function () {`
			`console.log('Listening at https://localhost:' + this.address().port);`
			`});`

update for v2.x 2016-08-16 20:58:02 +00:00
			`var http = require('http');`
			`var redirectHttps = koa().use(require('koa-sslify')()).callback();`
			`http.createServer(le.middleware(redirectHttps)).listen(80, function () {`
			`console.log('handle ACME http-01 challenge and redirect to https');`
Update README.md 2016-04-18 17:07:30 +00:00			`});`
			```