|
|
@ -60,141 +60,6 @@ TODO |
|
|
|
|
|
|
|
--> |
|
|
|
|
|
|
|
# Easy to Customize |
|
|
|
|
|
|
|
<!-- greenlock-manager-test => greenlock-manager-custom --> |
|
|
|
|
|
|
|
<!-- |
|
|
|
- [greenlock.js/examples/](https://git.rootprojects.org/root/greenlock.js/src/branch/master/examples) |
|
|
|
--> |
|
|
|
|
|
|
|
<details> |
|
|
|
<summary>[Custom SSL Cert & Domain Management](https://git.rootprojects.org/root/greenlock-manager-test.js)</summary> |
|
|
|
|
|
|
|
# SSL Certificate & Domain Management |
|
|
|
|
|
|
|
Full Docs: https://git.rootprojects.org/root/greenlock-manager-test.js |
|
|
|
|
|
|
|
This is what keeps the mapping of domains <-> certificates. |
|
|
|
In many cases it will interact with the same database as the Key & Cert Store, and probably the code as well. |
|
|
|
|
|
|
|
- set({ subject, altnames, renewAt }) |
|
|
|
- find({ altnames, renewBefore }) |
|
|
|
```js |
|
|
|
// should return a list of site configs: |
|
|
|
[ |
|
|
|
{ |
|
|
|
subject: 'example.com', |
|
|
|
altnames: ['example.com', 'exampleapi.com'], |
|
|
|
renewAt: 1575197231760 |
|
|
|
}, |
|
|
|
{ |
|
|
|
subject: '*.example.com', |
|
|
|
altnames: ['*.example.com'], |
|
|
|
renewAt: 1575197231760, |
|
|
|
challenges: { |
|
|
|
'dns-01': { |
|
|
|
module: 'acme-dns-01-dnsimple', |
|
|
|
apikey: 'xxxx' |
|
|
|
} |
|
|
|
} |
|
|
|
} |
|
|
|
]; |
|
|
|
``` |
|
|
|
- remove({ subject }) |
|
|
|
- defaults() (both getter and setter) |
|
|
|
```json |
|
|
|
{ |
|
|
|
"subscriberEmail": "jane@example.com", |
|
|
|
"agreeToTerms": true, |
|
|
|
"challenges": { |
|
|
|
"http-01": { |
|
|
|
"module": "acme-http-01-standalone" |
|
|
|
} |
|
|
|
} |
|
|
|
} |
|
|
|
``` |
|
|
|
|
|
|
|
</details> |
|
|
|
|
|
|
|
<details> |
|
|
|
<summary>[Custom Key & Cert Storage](https://git.rootprojects.org/root/greenlock-store-test.js)</summary> |
|
|
|
|
|
|
|
# Key and Certificate Store |
|
|
|
|
|
|
|
Full Docs: https://git.rootprojects.org/root/greenlock-store-test.js |
|
|
|
|
|
|
|
This set of callbacks update your service with new certificates and keypairs. |
|
|
|
|
|
|
|
Account Keys (JWK) |
|
|
|
|
|
|
|
(though typically you only have one account key - because you only have one subscriber email) |
|
|
|
|
|
|
|
- accounts.setKeypair({ email, keypair }) |
|
|
|
- accounts.checkKeypair({ email }) |
|
|
|
|
|
|
|
Certificate Keys (JWK + PEM) |
|
|
|
|
|
|
|
(typically you have one for each set of domains, and each load balancer) |
|
|
|
|
|
|
|
- certificates.setKeypair({ subject, keypair }) |
|
|
|
- certificates.checkKeypair({ subject }) |
|
|
|
(these are fine to implement the same as above, swapping subject/email) |
|
|
|
|
|
|
|
Certificate PEMs |
|
|
|
|
|
|
|
- certificates.set({ subject, pems }) |
|
|
|
- certificates.check({ subject }) |
|
|
|
|
|
|
|
</details> |
|
|
|
|
|
|
|
<details> |
|
|
|
<summary>[Custom ACME HTTP-01 Challenges](https://git.rootprojects.org/root/acme-http-01-test.js)</summary> |
|
|
|
|
|
|
|
# ACME Challenge HTTP-01 Strategies |
|
|
|
|
|
|
|
Full Docs: https://git.rootprojects.org/root/acme-http-01-test.js |
|
|
|
|
|
|
|
This validation and authorization strategy is done over plain HTTP on Port 80. |
|
|
|
|
|
|
|
These are used to set files containing tokens that Let's Encrypt will fetch from each domain |
|
|
|
before authorizing a certificate. |
|
|
|
|
|
|
|
**NOT for Wildcards**. |
|
|
|
|
|
|
|
- init({ request }) |
|
|
|
- set({ challenge: { type, token, keyAuthorization, challengeUrl } }) |
|
|
|
- get({ challenge: { type, token } }) |
|
|
|
- remove({ challenge: { type, token } }) |
|
|
|
|
|
|
|
<!-- |
|
|
|
TODO: getAcmeHttp01Challenge |
|
|
|
--> |
|
|
|
|
|
|
|
</details> |
|
|
|
|
|
|
|
<details> |
|
|
|
<summary>[Custom ACME DNS-01 Challenges](https://git.rootprojects.org/root/acme-dns-01-test.js)</summary> |
|
|
|
|
|
|
|
# ACME Challenge DNS-01 Strategies |
|
|
|
|
|
|
|
Full Docs https://git.rootprojects.org/root/acme-dns-01-test.js |
|
|
|
|
|
|
|
This validation and authorization strategy is done over DNS on UDP and TCP ports 53. |
|
|
|
|
|
|
|
**For Wildcards** |
|
|
|
|
|
|
|
These are used to set TXT records containing tokens that Let's Encrypt will fetch for |
|
|
|
each domain before authorizing a certificate. |
|
|
|
|
|
|
|
- init({ request }) |
|
|
|
- zones() |
|
|
|
- set({ challenge: { type, dnsZone, dnsPrefix, dnsHost, keyAuthorizationDigest } }) |
|
|
|
- get({ challenge: { type, dnsZone, dnsPrefix, dnsHost } }) |
|
|
|
- remove({ challenge: { type, dnsZone, dnsPrefix, dnsHost } }) |
|
|
|
|
|
|
|
</details> |
|
|
|
|
|
|
|
# JavaScript API |
|
|
|
|
|
|
|
<!-- |
|
|
@ -205,7 +70,7 @@ each domain before authorizing a certificate. |
|
|
|
<details> |
|
|
|
<summary>Greenlock.create({ packageAgent, maintainerEmail, staging })</summary> |
|
|
|
|
|
|
|
### Greenlock.create() |
|
|
|
## Greenlock.create() |
|
|
|
|
|
|
|
Creates an instance of greenlock with _environment_-level values. |
|
|
|
|
|
|
@ -241,7 +106,7 @@ var gl = Greenlock.create({ |
|
|
|
<details> |
|
|
|
<summary>Greenlock#manager.defaults()</summary> |
|
|
|
|
|
|
|
# Greenlock#manager.defaults() |
|
|
|
## Greenlock#manager.defaults() |
|
|
|
|
|
|
|
Acts as a getter when given no arguments. |
|
|
|
|
|
|
@ -287,7 +152,7 @@ greenlock.manager.defaults({ |
|
|
|
<details> |
|
|
|
<summary>Greenlock#add({ subject, altnames })</summary> |
|
|
|
|
|
|
|
# Greenlock#add() |
|
|
|
## Greenlock#add() |
|
|
|
|
|
|
|
Greenlock is a **Management Environment**. |
|
|
|
|
|
|
@ -317,7 +182,7 @@ gl.add({ |
|
|
|
<details> |
|
|
|
<summary>Greenlock#get({ servername })</summary> |
|
|
|
|
|
|
|
# Greenlock#get() |
|
|
|
## Greenlock#get() |
|
|
|
|
|
|
|
**Disclaimer**: This is only intended for testing, demos, and SNICallback |
|
|
|
(in [Greenlock Express](https://git.rootprojects.org/root/greenlock-express.js)). |
|
|
@ -351,9 +216,9 @@ return greenlock.get({ servername }).then(function(site) { |
|
|
|
</details> |
|
|
|
|
|
|
|
<details> |
|
|
|
<summary>Greenlock#renew()</summary> |
|
|
|
<summary>Greenlock#renew({ renewBefore })</summary> |
|
|
|
|
|
|
|
# Greenlock#renew() |
|
|
|
## Greenlock#renew() |
|
|
|
|
|
|
|
This will renew only domains that have reached their `renewAt` or are within the befault `renewOffset`. |
|
|
|
|
|
|
@ -384,9 +249,10 @@ return greenlock.renew({}).then(function(results) { |
|
|
|
| expiresBefore | ms | Check domains that expire before the given date in milliseconds | |
|
|
|
--> |
|
|
|
|
|
|
|
<!-- |
|
|
|
</details> |
|
|
|
|
|
|
|
<!-- |
|
|
|
|
|
|
|
<details> |
|
|
|
<summary>Node.js</summary> |
|
|
|
--> |
|
|
@ -484,6 +350,143 @@ Greenlock Express integrates between Let's Encrypt's ACME Challenges and many po |
|
|
|
|
|
|
|
Search `acme-http-01-` or `acme-dns-01-` on npm to find more. |
|
|
|
|
|
|
|
# Easy to Customize |
|
|
|
|
|
|
|
<!-- greenlock-manager-test => greenlock-manager-custom --> |
|
|
|
|
|
|
|
<!-- |
|
|
|
- [greenlock.js/examples/](https://git.rootprojects.org/root/greenlock.js/src/branch/master/examples) |
|
|
|
--> |
|
|
|
|
|
|
|
<details> |
|
|
|
<summary>[Custom SSL Cert & Domain Management](https://git.rootprojects.org/root/greenlock-manager-test.js)</summary> |
|
|
|
|
|
|
|
# SSL Certificate & Domain Management |
|
|
|
|
|
|
|
Full Docs: https://git.rootprojects.org/root/greenlock-manager-test.js |
|
|
|
|
|
|
|
This is what keeps the mapping of domains <-> certificates. |
|
|
|
In many cases it will interact with the same database as the Key & Cert Store, and probably the code as well. |
|
|
|
|
|
|
|
- set({ subject, altnames, renewAt }) |
|
|
|
- find({ altnames, renewBefore }) |
|
|
|
```js |
|
|
|
// should return a list of site configs: |
|
|
|
[ |
|
|
|
{ |
|
|
|
subject: 'example.com', |
|
|
|
altnames: ['example.com', 'exampleapi.com'], |
|
|
|
renewAt: 1575197231760 |
|
|
|
}, |
|
|
|
{ |
|
|
|
subject: '*.example.com', |
|
|
|
altnames: ['*.example.com'], |
|
|
|
renewAt: 1575197231760, |
|
|
|
challenges: { |
|
|
|
'dns-01': { |
|
|
|
module: 'acme-dns-01-dnsimple', |
|
|
|
apikey: 'xxxx' |
|
|
|
} |
|
|
|
} |
|
|
|
} |
|
|
|
]; |
|
|
|
``` |
|
|
|
- remove({ subject }) |
|
|
|
- defaults() (both getter and setter) |
|
|
|
```json |
|
|
|
{ |
|
|
|
"subscriberEmail": "jane@example.com", |
|
|
|
"agreeToTerms": true, |
|
|
|
"challenges": { |
|
|
|
"http-01": { |
|
|
|
"module": "acme-http-01-standalone" |
|
|
|
} |
|
|
|
} |
|
|
|
} |
|
|
|
``` |
|
|
|
|
|
|
|
</details> |
|
|
|
|
|
|
|
<details> |
|
|
|
<summary>[Custom Key & Cert Storage](https://git.rootprojects.org/root/greenlock-store-test.js)</summary> |
|
|
|
|
|
|
|
# Key and Certificate Store |
|
|
|
|
|
|
|
Full Docs: https://git.rootprojects.org/root/greenlock-store-test.js |
|
|
|
|
|
|
|
This set of callbacks update your service with new certificates and keypairs. |
|
|
|
|
|
|
|
Account Keys (JWK) |
|
|
|
|
|
|
|
(though typically you only have one account key - because you only have one subscriber email) |
|
|
|
|
|
|
|
- accounts.setKeypair({ email, keypair }) |
|
|
|
- accounts.checkKeypair({ email }) |
|
|
|
|
|
|
|
Certificate Keys (JWK + PEM) |
|
|
|
|
|
|
|
(typically you have one for each set of domains, and each load balancer) |
|
|
|
|
|
|
|
- certificates.setKeypair({ subject, keypair }) |
|
|
|
- certificates.checkKeypair({ subject }) |
|
|
|
(these are fine to implement the same as above, swapping subject/email) |
|
|
|
|
|
|
|
Certificate PEMs |
|
|
|
|
|
|
|
- certificates.set({ subject, pems }) |
|
|
|
- certificates.check({ subject }) |
|
|
|
|
|
|
|
</details> |
|
|
|
|
|
|
|
<details> |
|
|
|
<summary>[Custom ACME HTTP-01 Challenges](https://git.rootprojects.org/root/acme-http-01-test.js)</summary> |
|
|
|
|
|
|
|
# ACME Challenge HTTP-01 Strategies |
|
|
|
|
|
|
|
Full Docs: https://git.rootprojects.org/root/acme-http-01-test.js |
|
|
|
|
|
|
|
This validation and authorization strategy is done over plain HTTP on Port 80. |
|
|
|
|
|
|
|
These are used to set files containing tokens that Let's Encrypt will fetch from each domain |
|
|
|
before authorizing a certificate. |
|
|
|
|
|
|
|
**NOT for Wildcards**. |
|
|
|
|
|
|
|
- init({ request }) |
|
|
|
- set({ challenge: { type, token, keyAuthorization, challengeUrl } }) |
|
|
|
- get({ challenge: { type, token } }) |
|
|
|
- remove({ challenge: { type, token } }) |
|
|
|
|
|
|
|
<!-- |
|
|
|
TODO: getAcmeHttp01Challenge |
|
|
|
--> |
|
|
|
|
|
|
|
</details> |
|
|
|
|
|
|
|
<details> |
|
|
|
<summary>[Custom ACME DNS-01 Challenges](https://git.rootprojects.org/root/acme-dns-01-test.js)</summary> |
|
|
|
|
|
|
|
# ACME Challenge DNS-01 Strategies |
|
|
|
|
|
|
|
Full Docs https://git.rootprojects.org/root/acme-dns-01-test.js |
|
|
|
|
|
|
|
This validation and authorization strategy is done over DNS on UDP and TCP ports 53. |
|
|
|
|
|
|
|
**For Wildcards** |
|
|
|
|
|
|
|
These are used to set TXT records containing tokens that Let's Encrypt will fetch for |
|
|
|
each domain before authorizing a certificate. |
|
|
|
|
|
|
|
- init({ request }) |
|
|
|
- zones() |
|
|
|
- set({ challenge: { type, dnsZone, dnsPrefix, dnsHost, keyAuthorizationDigest } }) |
|
|
|
- get({ challenge: { type, dnsZone, dnsPrefix, dnsHost } }) |
|
|
|
- remove({ challenge: { type, dnsZone, dnsPrefix, dnsHost } }) |
|
|
|
|
|
|
|
</details> |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# Commercial Support |
|
|
|
|
|
|
|
Do you need... |
|
|
|