v2.6.7: more reasonable defaults

This commit is contained in:
AJ ONeal 2018-12-22 07:35:54 -07:00
parent 7e08b4c157
commit c45fcdf150
3 changed files with 29 additions and 39 deletions

View File

@ -154,39 +154,15 @@ Great when
////////////////////
var greenlock = require('greenlock').create({
version: 'draft-12'
, server: 'https://acme-v02.api.letsencrypt.org/directory'
, configDir: '~/.config/acme'
, email: 'user@example.com' // IMPORTANT: Change email and domains
email: 'user@example.com' // IMPORTANT: Change email and domains
, agreeTos: true // Accept Let's Encrypt v2 Agreement
, configDir: '~/.config/acme' // A writable folder (a non-fs plugin)
, communityMember: true // Get (rare) non-mandatory updates about cool greenlock-related stuff (default false)
, securityUpdates: true // Important and mandatory notices related to security or breaking API changes (default true)
, approveDomains: approveDomains
});
```
```js
/////////////////////
// APPROVE DOMAINS //
/////////////////////
function approveDomains(opts, certs, cb) {
// check for domains you want to receive certificates for
if ('example.com' === opts.domain) {
cb(null, { options: opts, certs: certs });
return;
}
// return error otherwise
cb(new Error("bad domain"));
}
```
```js
////////////////////
// CREATE SERVERS //
@ -225,9 +201,13 @@ var greenlock = Greenlock.create({
version: 'draft-12'
, server: 'https://acme-v02.api.letsencrypt.org/directory'
// approve a growing list of domains
// Use the approveDomains callback to set per-domain config
// (default: approve any domain that passes self-test of built-in challenges)
, approveDomains: approveDomains
// the default servername to use when the client doesn't specify
, servername: 'example.com'
// If you wish to replace the default account and domain key storage plugin
, store: require('le-store-certbot').create({
configDir: path.join(os.homedir(), 'acme/etc')
@ -253,13 +233,10 @@ function approveDomains(opts, certs, cb) {
// The domains being approved for the first time are listed in opts.domains
// Certs being renewed are listed in certs.altnames
if (certs) {
opts.domains = certs.altnames;
}
else {
opts.email = 'john.doe@example.com';
opts.agreeTos = true;
}
// certs.domains;
// certs.altnames;
opts.email = 'john.doe@example.com';
opts.agreeTos = true;
// NOTE: you can also change other options such as `challengeType` and `challenge`
// opts.challengeType = 'http-01';
@ -530,6 +507,9 @@ See https://git.coolaj86.com/coolaj86/le-challenge-fs.js
# Change History
* v2.6
* better defaults, fewer explicit options
* better pre-flight self-tests, explicit domains not required
* v2.5
* bugfix JWK (update rsa-compat)
* eliminate all external non-optional dependencies

View File

@ -142,6 +142,8 @@ Greenlock.create = function (gl) {
// BEGIN VERSION MADNESS //
///////////////////////////
gl.version = gl.version || 'draft-11';
gl.server = gl.server || 'https://acme-v02.api.letsencrypt.org/directory';
if (!gl.version) {
//console.warn("Please specify version: 'v01' (Let's Encrypt v1) or 'draft-12' (Let's Encrypt v2 / ACME draft 12)");
console.warn("");
@ -378,7 +380,6 @@ Greenlock.create = function (gl) {
gl.approveDomains = null;
}
if (!gl.approveDomains) {
gl.approvedDomains = gl.approvedDomains || [];
gl.approveDomains = function (lexOpts, certs, cb) {
var err;
var emsg;
@ -389,9 +390,18 @@ Greenlock.create = function (gl) {
if (!gl.agreeTos) {
throw new Error("le-sni-auto is not properly configured. Missing agreeTos");
}
if (!gl.approvedDomains.length) {
throw new Error("le-sni-auto is not properly configured. Missing approveDomains(domain, certs, callback)");
if (!/[a-z]/i.test(lexOpts.domain)) {
cb(new Error("le-sni-auto does not allow IP addresses in SNI"));
return;
}
if (!Array.isArray(gl.approvedDomains)) {
// The acme-v2 package uses pre-flight test challenges to
// verify that each requested domain is hosted by the server
// these checks are sufficient for most use cases
return cb(null, { options: lexOpts, certs: certs });
}
if (lexOpts.domains.every(function (domain) {
return -1 !== gl.approvedDomains.indexOf(domain);
})) {

View File

@ -1,6 +1,6 @@
{
"name": "greenlock",
"version": "2.6.1",
"version": "2.6.7",
"description": "Let's Encrypt for node.js on npm",
"main": "index.js",
"files": [