Compare commits
No commits in common. "dns-challenge-regression-fix" and "master" have entirely different histories.
dns-challe
...
master
|
@ -1,15 +1,26 @@
|
|||
letsencrypt.work
|
||||
letsencrypt.logs
|
||||
letsencrypt.config
|
||||
greenlock.json*
|
||||
TODO*
|
||||
link.sh
|
||||
.env
|
||||
.greenlockrc
|
||||
# generated by init
|
||||
app.js
|
||||
server.js
|
||||
example.js
|
||||
|
||||
# ---> Node
|
||||
# Logs
|
||||
logs
|
||||
*.log
|
||||
npm-debug.log*
|
||||
yarn-debug.log*
|
||||
yarn-error.log*
|
||||
|
||||
# Runtime data
|
||||
pids
|
||||
*.pid
|
||||
*.seed
|
||||
*.pid.lock
|
||||
|
||||
# Directory for instrumented libs generated by jscoverage/JSCover
|
||||
lib-cov
|
||||
|
@ -17,15 +28,61 @@ lib-cov
|
|||
# Coverage directory used by tools like istanbul
|
||||
coverage
|
||||
|
||||
# Grunt intermediate storage (http://gruntjs.com/creating-plugins#storing-task-files)
|
||||
# nyc test coverage
|
||||
.nyc_output
|
||||
|
||||
# Grunt intermediate storage (https://gruntjs.com/creating-plugins#storing-task-files)
|
||||
.grunt
|
||||
|
||||
# Bower dependency directory (https://bower.io/)
|
||||
bower_components
|
||||
|
||||
# node-waf configuration
|
||||
.lock-wscript
|
||||
|
||||
# Compiled binary addons (http://nodejs.org/api/addons.html)
|
||||
# Compiled binary addons (https://nodejs.org/api/addons.html)
|
||||
build/Release
|
||||
|
||||
# Dependency directory
|
||||
# https://www.npmjs.org/doc/misc/npm-faq.html#should-i-check-my-node_modules-folder-into-git
|
||||
node_modules
|
||||
# Dependency directories
|
||||
node_modules/
|
||||
jspm_packages/
|
||||
|
||||
# TypeScript v1 declaration files
|
||||
typings/
|
||||
|
||||
# Optional npm cache directory
|
||||
.npm
|
||||
|
||||
# Optional eslint cache
|
||||
.eslintcache
|
||||
|
||||
# Optional REPL history
|
||||
.node_repl_history
|
||||
|
||||
# Output of 'npm pack'
|
||||
*.tgz
|
||||
|
||||
# Yarn Integrity file
|
||||
.yarn-integrity
|
||||
|
||||
# dotenv environment variables file
|
||||
.env
|
||||
|
||||
# parcel-bundler cache (https://parceljs.org/)
|
||||
.cache
|
||||
|
||||
# next.js build output
|
||||
.next
|
||||
|
||||
# nuxt.js build output
|
||||
.nuxt
|
||||
|
||||
# vuepress build output
|
||||
.vuepress/dist
|
||||
|
||||
# Serverless directories
|
||||
.serverless
|
||||
|
||||
# FuseBox cache
|
||||
.fusebox/
|
||||
|
||||
|
|
16
.jshintrc
16
.jshintrc
|
@ -1,16 +0,0 @@
|
|||
{ "node": true
|
||||
, "browser": true
|
||||
, "jquery": true
|
||||
, "strict": true
|
||||
, "indent": 2
|
||||
, "onevar": true
|
||||
, "laxcomma": true
|
||||
, "laxbreak": true
|
||||
, "eqeqeq": true
|
||||
, "immed": true
|
||||
, "undef": true
|
||||
, "unused": true
|
||||
, "latedef": true
|
||||
, "curly": true
|
||||
, "trailing": true
|
||||
}
|
|
@ -0,0 +1,8 @@
|
|||
{
|
||||
"bracketSpacing": true,
|
||||
"printWidth": 80,
|
||||
"singleQuote": true,
|
||||
"tabWidth": 4,
|
||||
"trailingComma": "none",
|
||||
"useTabs": false
|
||||
}
|
519
LICENSE
519
LICENSE
|
@ -1,375 +1,312 @@
|
|||
Copyright 2015-2019 AJ ONeal
|
||||
|
||||
Mozilla Public License Version 2.0
|
||||
==================================
|
||||
|
||||
1. Definitions
|
||||
--------------
|
||||
1. Definitions
|
||||
|
||||
1.1. "Contributor"
|
||||
means each individual or legal entity that creates, contributes to
|
||||
the creation of, or owns Covered Software.
|
||||
1.1. "Contributor" means each individual or legal entity that creates, contributes
|
||||
to the creation of, or owns Covered Software.
|
||||
|
||||
1.2. "Contributor Version"
|
||||
means the combination of the Contributions of others (if any) used
|
||||
by a Contributor and that particular Contributor's Contribution.
|
||||
1.2. "Contributor Version" means the combination of the Contributions of others
|
||||
(if any) used by a Contributor and that particular Contributor's Contribution.
|
||||
|
||||
1.3. "Contribution"
|
||||
means Covered Software of a particular Contributor.
|
||||
1.3. "Contribution" means Covered Software of a particular Contributor.
|
||||
|
||||
1.4. "Covered Software"
|
||||
means Source Code Form to which the initial Contributor has attached
|
||||
the notice in Exhibit A, the Executable Form of such Source Code
|
||||
Form, and Modifications of such Source Code Form, in each case
|
||||
including portions thereof.
|
||||
1.4. "Covered Software" means Source Code Form to which the initial Contributor
|
||||
has attached the notice in Exhibit A, the Executable Form of such Source Code
|
||||
Form, and Modifications of such Source Code Form, in each case including portions
|
||||
thereof.
|
||||
|
||||
1.5. "Incompatible With Secondary Licenses"
|
||||
means
|
||||
1.5. "Incompatible With Secondary Licenses" means
|
||||
|
||||
(a) that the initial Contributor has attached the notice described
|
||||
in Exhibit B to the Covered Software; or
|
||||
(a) that the initial Contributor has attached the notice described in Exhibit
|
||||
B to the Covered Software; or
|
||||
|
||||
(b) that the Covered Software was made available under the terms of
|
||||
version 1.1 or earlier of the License, but not also under the
|
||||
terms of a Secondary License.
|
||||
(b) that the Covered Software was made available under the terms of version
|
||||
1.1 or earlier of the License, but not also under the terms of a Secondary
|
||||
License.
|
||||
|
||||
1.6. "Executable Form"
|
||||
means any form of the work other than Source Code Form.
|
||||
1.6. "Executable Form" means any form of the work other than Source Code Form.
|
||||
|
||||
1.7. "Larger Work"
|
||||
means a work that combines Covered Software with other material, in
|
||||
a separate file or files, that is not Covered Software.
|
||||
1.7. "Larger Work" means a work that combines Covered Software with other
|
||||
material, in a separate file or files, that is not Covered Software.
|
||||
|
||||
1.8. "License"
|
||||
means this document.
|
||||
1.8. "License" means this document.
|
||||
|
||||
1.9. "Licensable"
|
||||
means having the right to grant, to the maximum extent possible,
|
||||
whether at the time of the initial grant or subsequently, any and
|
||||
all of the rights conveyed by this License.
|
||||
1.9. "Licensable" means having the right to grant, to the maximum extent possible,
|
||||
whether at the time of the initial grant or subsequently, any and all of the
|
||||
rights conveyed by this License.
|
||||
|
||||
1.10. "Modifications"
|
||||
means any of the following:
|
||||
1.10. "Modifications" means any of the following:
|
||||
|
||||
(a) any file in Source Code Form that results from an addition to,
|
||||
deletion from, or modification of the contents of Covered
|
||||
Software; or
|
||||
(a) any file in Source Code Form that results from an addition to, deletion
|
||||
from, or modification of the contents of Covered Software; or
|
||||
|
||||
(b) any new file in Source Code Form that contains any Covered
|
||||
Software.
|
||||
(b) any new file in Source Code Form that contains any Covered Software.
|
||||
|
||||
1.11. "Patent Claims" of a Contributor
|
||||
means any patent claim(s), including without limitation, method,
|
||||
process, and apparatus claims, in any patent Licensable by such
|
||||
Contributor that would be infringed, but for the grant of the
|
||||
License, by the making, using, selling, offering for sale, having
|
||||
made, import, or transfer of either its Contributions or its
|
||||
Contributor Version.
|
||||
1.11. "Patent Claims" of a Contributor means any patent claim(s), including
|
||||
without limitation, method, process, and apparatus claims, in any patent Licensable
|
||||
by such Contributor that would be infringed, but for the grant of the License,
|
||||
by the making, using, selling, offering for sale, having made, import, or
|
||||
transfer of either its Contributions or its Contributor Version.
|
||||
|
||||
1.12. "Secondary License"
|
||||
means either the GNU General Public License, Version 2.0, the GNU
|
||||
Lesser General Public License, Version 2.1, the GNU Affero General
|
||||
Public License, Version 3.0, or any later versions of those
|
||||
licenses.
|
||||
1.12. "Secondary License" means either the GNU General Public License, Version
|
||||
2.0, the GNU Lesser General Public License, Version 2.1, the GNU Affero General
|
||||
Public License, Version 3.0, or any later versions of those licenses.
|
||||
|
||||
1.13. "Source Code Form"
|
||||
means the form of the work preferred for making modifications.
|
||||
1.13. "Source Code Form" means the form of the work preferred for making modifications.
|
||||
|
||||
1.14. "You" (or "Your")
|
||||
means an individual or a legal entity exercising rights under this
|
||||
License. For legal entities, "You" includes any entity that
|
||||
controls, is controlled by, or is under common control with You. For
|
||||
purposes of this definition, "control" means (a) the power, direct
|
||||
or indirect, to cause the direction or management of such entity,
|
||||
whether by contract or otherwise, or (b) ownership of more than
|
||||
fifty percent (50%) of the outstanding shares or beneficial
|
||||
ownership of such entity.
|
||||
1.14. "You" (or "Your") means an individual or a legal entity exercising rights
|
||||
under this License. For legal entities, "You" includes any entity that controls,
|
||||
is controlled by, or is under common control with You. For purposes of this
|
||||
definition, "control" means (a) the power, direct or indirect, to cause the
|
||||
direction or management of such entity, whether by contract or otherwise,
|
||||
or (b) ownership of more than fifty percent (50%) of the outstanding shares
|
||||
or beneficial ownership of such entity.
|
||||
|
||||
2. License Grants and Conditions
|
||||
--------------------------------
|
||||
2. License Grants and Conditions
|
||||
|
||||
2.1. Grants
|
||||
2.1. Grants
|
||||
|
||||
Each Contributor hereby grants You a world-wide, royalty-free,
|
||||
non-exclusive license:
|
||||
Each Contributor hereby grants You a world-wide, royalty-free, non-exclusive
|
||||
license:
|
||||
|
||||
(a) under intellectual property rights (other than patent or trademark)
|
||||
Licensable by such Contributor to use, reproduce, make available,
|
||||
modify, display, perform, distribute, and otherwise exploit its
|
||||
Contributions, either on an unmodified basis, with Modifications, or
|
||||
as part of a Larger Work; and
|
||||
(a) under intellectual property rights (other than patent or trademark) Licensable
|
||||
by such Contributor to use, reproduce, make available, modify, display, perform,
|
||||
distribute, and otherwise exploit its Contributions, either on an unmodified
|
||||
basis, with Modifications, or as part of a Larger Work; and
|
||||
|
||||
(b) under Patent Claims of such Contributor to make, use, sell, offer
|
||||
for sale, have made, import, and otherwise transfer either its
|
||||
Contributions or its Contributor Version.
|
||||
(b) under Patent Claims of such Contributor to make, use, sell, offer for
|
||||
sale, have made, import, and otherwise transfer either its Contributions or
|
||||
its Contributor Version.
|
||||
|
||||
2.2. Effective Date
|
||||
2.2. Effective Date
|
||||
|
||||
The licenses granted in Section 2.1 with respect to any Contribution
|
||||
become effective for each Contribution on the date the Contributor first
|
||||
distributes such Contribution.
|
||||
The licenses granted in Section 2.1 with respect to any Contribution become
|
||||
effective for each Contribution on the date the Contributor first distributes
|
||||
such Contribution.
|
||||
|
||||
2.3. Limitations on Grant Scope
|
||||
2.3. Limitations on Grant Scope
|
||||
|
||||
The licenses granted in this Section 2 are the only rights granted under
|
||||
this License. No additional rights or licenses will be implied from the
|
||||
distribution or licensing of Covered Software under this License.
|
||||
Notwithstanding Section 2.1(b) above, no patent license is granted by a
|
||||
Contributor:
|
||||
The licenses granted in this Section 2 are the only rights granted under this
|
||||
License. No additional rights or licenses will be implied from the distribution
|
||||
or licensing of Covered Software under this License. Notwithstanding Section
|
||||
2.1(b) above, no patent license is granted by a Contributor:
|
||||
|
||||
(a) for any code that a Contributor has removed from Covered Software;
|
||||
or
|
||||
(a) for any code that a Contributor has removed from Covered Software; or
|
||||
|
||||
(b) for infringements caused by: (i) Your and any other third party's
|
||||
modifications of Covered Software, or (ii) the combination of its
|
||||
Contributions with other software (except as part of its Contributor
|
||||
Version); or
|
||||
(b) for infringements caused by: (i) Your and any other third party's modifications
|
||||
of Covered Software, or (ii) the combination of its Contributions with other
|
||||
software (except as part of its Contributor Version); or
|
||||
|
||||
(c) under Patent Claims infringed by Covered Software in the absence of
|
||||
its Contributions.
|
||||
(c) under Patent Claims infringed by Covered Software in the absence of its
|
||||
Contributions.
|
||||
|
||||
This License does not grant any rights in the trademarks, service marks,
|
||||
or logos of any Contributor (except as may be necessary to comply with
|
||||
the notice requirements in Section 3.4).
|
||||
This License does not grant any rights in the trademarks, service marks, or
|
||||
logos of any Contributor (except as may be necessary to comply with the notice
|
||||
requirements in Section 3.4).
|
||||
|
||||
2.4. Subsequent Licenses
|
||||
2.4. Subsequent Licenses
|
||||
|
||||
No Contributor makes additional grants as a result of Your choice to
|
||||
distribute the Covered Software under a subsequent version of this
|
||||
License (see Section 10.2) or under the terms of a Secondary License (if
|
||||
permitted under the terms of Section 3.3).
|
||||
No Contributor makes additional grants as a result of Your choice to distribute
|
||||
the Covered Software under a subsequent version of this License (see Section
|
||||
10.2) or under the terms of a Secondary License (if permitted under the terms
|
||||
of Section 3.3).
|
||||
|
||||
2.5. Representation
|
||||
2.5. Representation
|
||||
|
||||
Each Contributor represents that the Contributor believes its
|
||||
Contributions are its original creation(s) or it has sufficient rights
|
||||
to grant the rights to its Contributions conveyed by this License.
|
||||
Each Contributor represents that the Contributor believes its Contributions
|
||||
are its original creation(s) or it has sufficient rights to grant the rights
|
||||
to its Contributions conveyed by this License.
|
||||
|
||||
2.6. Fair Use
|
||||
2.6. Fair Use
|
||||
|
||||
This License is not intended to limit any rights You have under
|
||||
applicable copyright doctrines of fair use, fair dealing, or other
|
||||
equivalents.
|
||||
This License is not intended to limit any rights You have under applicable
|
||||
copyright doctrines of fair use, fair dealing, or other equivalents.
|
||||
|
||||
2.7. Conditions
|
||||
2.7. Conditions
|
||||
|
||||
Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted
|
||||
in Section 2.1.
|
||||
Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted in
|
||||
Section 2.1.
|
||||
|
||||
3. Responsibilities
|
||||
-------------------
|
||||
3. Responsibilities
|
||||
|
||||
3.1. Distribution of Source Form
|
||||
3.1. Distribution of Source Form
|
||||
|
||||
All distribution of Covered Software in Source Code Form, including any
|
||||
Modifications that You create or to which You contribute, must be under
|
||||
the terms of this License. You must inform recipients that the Source
|
||||
Code Form of the Covered Software is governed by the terms of this
|
||||
License, and how they can obtain a copy of this License. You may not
|
||||
attempt to alter or restrict the recipients' rights in the Source Code
|
||||
Form.
|
||||
All distribution of Covered Software in Source Code Form, including any Modifications
|
||||
that You create or to which You contribute, must be under the terms of this
|
||||
License. You must inform recipients that the Source Code Form of the Covered
|
||||
Software is governed by the terms of this License, and how they can obtain
|
||||
a copy of this License. You may not attempt to alter or restrict the recipients'
|
||||
rights in the Source Code Form.
|
||||
|
||||
3.2. Distribution of Executable Form
|
||||
3.2. Distribution of Executable Form
|
||||
|
||||
If You distribute Covered Software in Executable Form then:
|
||||
If You distribute Covered Software in Executable Form then:
|
||||
|
||||
(a) such Covered Software must also be made available in Source Code
|
||||
Form, as described in Section 3.1, and You must inform recipients of
|
||||
the Executable Form how they can obtain a copy of such Source Code
|
||||
Form by reasonable means in a timely manner, at a charge no more
|
||||
than the cost of distribution to the recipient; and
|
||||
(a) such Covered Software must also be made available in Source Code Form,
|
||||
as described in Section 3.1, and You must inform recipients of the Executable
|
||||
Form how they can obtain a copy of such Source Code Form by reasonable means
|
||||
in a timely manner, at a charge no more than the cost of distribution to the
|
||||
recipient; and
|
||||
|
||||
(b) You may distribute such Executable Form under the terms of this
|
||||
License, or sublicense it under different terms, provided that the
|
||||
license for the Executable Form does not attempt to limit or alter
|
||||
the recipients' rights in the Source Code Form under this License.
|
||||
(b) You may distribute such Executable Form under the terms of this License,
|
||||
or sublicense it under different terms, provided that the license for the
|
||||
Executable Form does not attempt to limit or alter the recipients' rights
|
||||
in the Source Code Form under this License.
|
||||
|
||||
3.3. Distribution of a Larger Work
|
||||
3.3. Distribution of a Larger Work
|
||||
|
||||
You may create and distribute a Larger Work under terms of Your choice,
|
||||
provided that You also comply with the requirements of this License for
|
||||
the Covered Software. If the Larger Work is a combination of Covered
|
||||
Software with a work governed by one or more Secondary Licenses, and the
|
||||
Covered Software is not Incompatible With Secondary Licenses, this
|
||||
License permits You to additionally distribute such Covered Software
|
||||
under the terms of such Secondary License(s), so that the recipient of
|
||||
the Larger Work may, at their option, further distribute the Covered
|
||||
Software under the terms of either this License or such Secondary
|
||||
You may create and distribute a Larger Work under terms of Your choice, provided
|
||||
that You also comply with the requirements of this License for the Covered
|
||||
Software. If the Larger Work is a combination of Covered Software with a work
|
||||
governed by one or more Secondary Licenses, and the Covered Software is not
|
||||
Incompatible With Secondary Licenses, this License permits You to additionally
|
||||
distribute such Covered Software under the terms of such Secondary License(s),
|
||||
so that the recipient of the Larger Work may, at their option, further distribute
|
||||
the Covered Software under the terms of either this License or such Secondary
|
||||
License(s).
|
||||
|
||||
3.4. Notices
|
||||
3.4. Notices
|
||||
|
||||
You may not remove or alter the substance of any license notices
|
||||
(including copyright notices, patent notices, disclaimers of warranty,
|
||||
or limitations of liability) contained within the Source Code Form of
|
||||
the Covered Software, except that You may alter any license notices to
|
||||
the extent required to remedy known factual inaccuracies.
|
||||
You may not remove or alter the substance of any license notices (including
|
||||
copyright notices, patent notices, disclaimers of warranty, or limitations
|
||||
of liability) contained within the Source Code Form of the Covered Software,
|
||||
except that You may alter any license notices to the extent required to remedy
|
||||
known factual inaccuracies.
|
||||
|
||||
3.5. Application of Additional Terms
|
||||
3.5. Application of Additional Terms
|
||||
|
||||
You may choose to offer, and to charge a fee for, warranty, support,
|
||||
indemnity or liability obligations to one or more recipients of Covered
|
||||
Software. However, You may do so only on Your own behalf, and not on
|
||||
behalf of any Contributor. You must make it absolutely clear that any
|
||||
such warranty, support, indemnity, or liability obligation is offered by
|
||||
You alone, and You hereby agree to indemnify every Contributor for any
|
||||
liability incurred by such Contributor as a result of warranty, support,
|
||||
indemnity or liability terms You offer. You may include additional
|
||||
disclaimers of warranty and limitations of liability specific to any
|
||||
jurisdiction.
|
||||
You may choose to offer, and to charge a fee for, warranty, support, indemnity
|
||||
or liability obligations to one or more recipients of Covered Software. However,
|
||||
You may do so only on Your own behalf, and not on behalf of any Contributor.
|
||||
You must make it absolutely clear that any such warranty, support, indemnity,
|
||||
or liability obligation is offered by You alone, and You hereby agree to indemnify
|
||||
every Contributor for any liability incurred by such Contributor as a result
|
||||
of warranty, support, indemnity or liability terms You offer. You may include
|
||||
additional disclaimers of warranty and limitations of liability specific to
|
||||
any jurisdiction.
|
||||
|
||||
4. Inability to Comply Due to Statute or Regulation
|
||||
---------------------------------------------------
|
||||
4. Inability to Comply Due to Statute or Regulation
|
||||
|
||||
If it is impossible for You to comply with any of the terms of this
|
||||
License with respect to some or all of the Covered Software due to
|
||||
statute, judicial order, or regulation then You must: (a) comply with
|
||||
the terms of this License to the maximum extent possible; and (b)
|
||||
describe the limitations and the code they affect. Such description must
|
||||
be placed in a text file included with all distributions of the Covered
|
||||
Software under this License. Except to the extent prohibited by statute
|
||||
or regulation, such description must be sufficiently detailed for a
|
||||
recipient of ordinary skill to be able to understand it.
|
||||
If it is impossible for You to comply with any of the terms of this License
|
||||
with respect to some or all of the Covered Software due to statute, judicial
|
||||
order, or regulation then You must: (a) comply with the terms of this License
|
||||
to the maximum extent possible; and (b) describe the limitations and the code
|
||||
they affect. Such description must be placed in a text file included with
|
||||
all distributions of the Covered Software under this License. Except to the
|
||||
extent prohibited by statute or regulation, such description must be sufficiently
|
||||
detailed for a recipient of ordinary skill to be able to understand it.
|
||||
|
||||
5. Termination
|
||||
--------------
|
||||
5. Termination
|
||||
|
||||
5.1. The rights granted under this License will terminate automatically
|
||||
if You fail to comply with any of its terms. However, if You become
|
||||
compliant, then the rights granted under this License from a particular
|
||||
Contributor are reinstated (a) provisionally, unless and until such
|
||||
Contributor explicitly and finally terminates Your grants, and (b) on an
|
||||
ongoing basis, if such Contributor fails to notify You of the
|
||||
non-compliance by some reasonable means prior to 60 days after You have
|
||||
come back into compliance. Moreover, Your grants from a particular
|
||||
Contributor are reinstated on an ongoing basis if such Contributor
|
||||
notifies You of the non-compliance by some reasonable means, this is the
|
||||
first time You have received notice of non-compliance with this License
|
||||
from such Contributor, and You become compliant prior to 30 days after
|
||||
Your receipt of the notice.
|
||||
5.1. The rights granted under this License will terminate automatically if
|
||||
You fail to comply with any of its terms. However, if You become compliant,
|
||||
then the rights granted under this License from a particular Contributor are
|
||||
reinstated (a) provisionally, unless and until such Contributor explicitly
|
||||
and finally terminates Your grants, and (b) on an ongoing basis, if such Contributor
|
||||
fails to notify You of the non-compliance by some reasonable means prior to
|
||||
60 days after You have come back into compliance. Moreover, Your grants from
|
||||
a particular Contributor are reinstated on an ongoing basis if such Contributor
|
||||
notifies You of the non-compliance by some reasonable means, this is the first
|
||||
time You have received notice of non-compliance with this License from such
|
||||
Contributor, and You become compliant prior to 30 days after Your receipt
|
||||
of the notice.
|
||||
|
||||
5.2. If You initiate litigation against any entity by asserting a patent
|
||||
infringement claim (excluding declaratory judgment actions,
|
||||
counter-claims, and cross-claims) alleging that a Contributor Version
|
||||
directly or indirectly infringes any patent, then the rights granted to
|
||||
You by any and all Contributors for the Covered Software under Section
|
||||
2.1 of this License shall terminate.
|
||||
5.2. If You initiate litigation against any entity by asserting a patent infringement
|
||||
claim (excluding declaratory judgment actions, counter-claims, and cross-claims)
|
||||
alleging that a Contributor Version directly or indirectly infringes any patent,
|
||||
then the rights granted to You by any and all Contributors for the Covered
|
||||
Software under Section 2.1 of this License shall terminate.
|
||||
|
||||
5.3. In the event of termination under Sections 5.1 or 5.2 above, all
|
||||
end user license agreements (excluding distributors and resellers) which
|
||||
have been validly granted by You or Your distributors under this License
|
||||
prior to termination shall survive termination.
|
||||
5.3. In the event of termination under Sections 5.1 or 5.2 above, all end
|
||||
user license agreements (excluding distributors and resellers) which have
|
||||
been validly granted by You or Your distributors under this License prior
|
||||
to termination shall survive termination.
|
||||
|
||||
************************************************************************
|
||||
* *
|
||||
* 6. Disclaimer of Warranty *
|
||||
* ------------------------- *
|
||||
* *
|
||||
* Covered Software is provided under this License on an "as is" *
|
||||
* basis, without warranty of any kind, either expressed, implied, or *
|
||||
* statutory, including, without limitation, warranties that the *
|
||||
* Covered Software is free of defects, merchantable, fit for a *
|
||||
* particular purpose or non-infringing. The entire risk as to the *
|
||||
* quality and performance of the Covered Software is with You. *
|
||||
* Should any Covered Software prove defective in any respect, You *
|
||||
* (not any Contributor) assume the cost of any necessary servicing, *
|
||||
* repair, or correction. This disclaimer of warranty constitutes an *
|
||||
* essential part of this License. No use of any Covered Software is *
|
||||
* authorized under this License except under this disclaimer. *
|
||||
* *
|
||||
************************************************************************
|
||||
6. Disclaimer of Warranty
|
||||
|
||||
************************************************************************
|
||||
* *
|
||||
* 7. Limitation of Liability *
|
||||
* -------------------------- *
|
||||
* *
|
||||
* Under no circumstances and under no legal theory, whether tort *
|
||||
* (including negligence), contract, or otherwise, shall any *
|
||||
* Contributor, or anyone who distributes Covered Software as *
|
||||
* permitted above, be liable to You for any direct, indirect, *
|
||||
* special, incidental, or consequential damages of any character *
|
||||
* including, without limitation, damages for lost profits, loss of *
|
||||
* goodwill, work stoppage, computer failure or malfunction, or any *
|
||||
* and all other commercial damages or losses, even if such party *
|
||||
* shall have been informed of the possibility of such damages. This *
|
||||
* limitation of liability shall not apply to liability for death or *
|
||||
* personal injury resulting from such party's negligence to the *
|
||||
* extent applicable law prohibits such limitation. Some *
|
||||
* jurisdictions do not allow the exclusion or limitation of *
|
||||
* incidental or consequential damages, so this exclusion and *
|
||||
* limitation may not apply to You. *
|
||||
* *
|
||||
************************************************************************
|
||||
Covered Software is provided under this License on an "as is" basis, without
|
||||
warranty of any kind, either expressed, implied, or statutory, including,
|
||||
without limitation, warranties that the Covered Software is free of defects,
|
||||
merchantable, fit for a particular purpose or non-infringing. The entire risk
|
||||
as to the quality and performance of the Covered Software is with You. Should
|
||||
any Covered Software prove defective in any respect, You (not any Contributor)
|
||||
assume the cost of any necessary servicing, repair, or correction. This disclaimer
|
||||
of warranty constitutes an essential part of this License. No use of any Covered
|
||||
Software is authorized under this License except under this disclaimer.
|
||||
|
||||
8. Litigation
|
||||
-------------
|
||||
7. Limitation of Liability
|
||||
|
||||
Any litigation relating to this License may be brought only in the
|
||||
courts of a jurisdiction where the defendant maintains its principal
|
||||
place of business and such litigation shall be governed by laws of that
|
||||
jurisdiction, without reference to its conflict-of-law provisions.
|
||||
Nothing in this Section shall prevent a party's ability to bring
|
||||
cross-claims or counter-claims.
|
||||
Under no circumstances and under no legal theory, whether tort (including
|
||||
negligence), contract, or otherwise, shall any Contributor, or anyone who
|
||||
distributes Covered Software as permitted above, be liable to You for any
|
||||
direct, indirect, special, incidental, or consequential damages of any character
|
||||
including, without limitation, damages for lost profits, loss of goodwill,
|
||||
work stoppage, computer failure or malfunction, or any and all other commercial
|
||||
damages or losses, even if such party shall have been informed of the possibility
|
||||
of such damages. This limitation of liability shall not apply to liability
|
||||
for death or personal injury resulting from such party's negligence to the
|
||||
extent applicable law prohibits such limitation. Some jurisdictions do not
|
||||
allow the exclusion or limitation of incidental or consequential damages,
|
||||
so this exclusion and limitation may not apply to You.
|
||||
|
||||
9. Miscellaneous
|
||||
----------------
|
||||
8. Litigation
|
||||
|
||||
This License represents the complete agreement concerning the subject
|
||||
matter hereof. If any provision of this License is held to be
|
||||
unenforceable, such provision shall be reformed only to the extent
|
||||
necessary to make it enforceable. Any law or regulation which provides
|
||||
that the language of a contract shall be construed against the drafter
|
||||
shall not be used to construe this License against a Contributor.
|
||||
Any litigation relating to this License may be brought only in the courts
|
||||
of a jurisdiction where the defendant maintains its principal place of business
|
||||
and such litigation shall be governed by laws of that jurisdiction, without
|
||||
reference to its conflict-of-law provisions. Nothing in this Section shall
|
||||
prevent a party's ability to bring cross-claims or counter-claims.
|
||||
|
||||
10. Versions of the License
|
||||
---------------------------
|
||||
9. Miscellaneous
|
||||
|
||||
10.1. New Versions
|
||||
This License represents the complete agreement concerning the subject matter
|
||||
hereof. If any provision of this License is held to be unenforceable, such
|
||||
provision shall be reformed only to the extent necessary to make it enforceable.
|
||||
Any law or regulation which provides that the language of a contract shall
|
||||
be construed against the drafter shall not be used to construe this License
|
||||
against a Contributor.
|
||||
|
||||
Mozilla Foundation is the license steward. Except as provided in Section
|
||||
10.3, no one other than the license steward has the right to modify or
|
||||
publish new versions of this License. Each version will be given a
|
||||
distinguishing version number.
|
||||
10. Versions of the License
|
||||
|
||||
10.2. Effect of New Versions
|
||||
10.1. New Versions
|
||||
|
||||
You may distribute the Covered Software under the terms of the version
|
||||
of the License under which You originally received the Covered Software,
|
||||
or under the terms of any subsequent version published by the license
|
||||
steward.
|
||||
Mozilla Foundation is the license steward. Except as provided in Section 10.3,
|
||||
no one other than the license steward has the right to modify or publish new
|
||||
versions of this License. Each version will be given a distinguishing version
|
||||
number.
|
||||
|
||||
10.3. Modified Versions
|
||||
10.2. Effect of New Versions
|
||||
|
||||
If you create software not governed by this License, and you want to
|
||||
create a new license for such software, you may create and use a
|
||||
modified version of this License if you rename the license and remove
|
||||
any references to the name of the license steward (except to note that
|
||||
such modified license differs from this License).
|
||||
You may distribute the Covered Software under the terms of the version of
|
||||
the License under which You originally received the Covered Software, or under
|
||||
the terms of any subsequent version published by the license steward.
|
||||
|
||||
10.4. Distributing Source Code Form that is Incompatible With Secondary
|
||||
Licenses
|
||||
10.3. Modified Versions
|
||||
|
||||
If You choose to distribute Source Code Form that is Incompatible With
|
||||
Secondary Licenses under the terms of this version of the License, the
|
||||
notice described in Exhibit B of this License must be attached.
|
||||
If you create software not governed by this License, and you want to create
|
||||
a new license for such software, you may create and use a modified version
|
||||
of this License if you rename the license and remove any references to the
|
||||
name of the license steward (except to note that such modified license differs
|
||||
from this License).
|
||||
|
||||
Exhibit A - Source Code Form License Notice
|
||||
-------------------------------------------
|
||||
10.4. Distributing Source Code Form that is Incompatible With Secondary Licenses
|
||||
|
||||
This Source Code Form is subject to the terms of the Mozilla Public
|
||||
License, v. 2.0. If a copy of the MPL was not distributed with this
|
||||
file, You can obtain one at http://mozilla.org/MPL/2.0/.
|
||||
If You choose to distribute Source Code Form that is Incompatible With Secondary
|
||||
Licenses under the terms of this version of the License, the notice described
|
||||
in Exhibit B of this License must be attached. Exhibit A - Source Code Form
|
||||
License Notice
|
||||
|
||||
If it is not possible or desirable to put the notice in a particular
|
||||
file, then You may include the notice in a location (such as a LICENSE
|
||||
file in a relevant directory) where a recipient would be likely to look
|
||||
for such a notice.
|
||||
This Source Code Form is subject to the terms of the Mozilla Public License,
|
||||
v. 2.0. If a copy of the MPL was not distributed with this file, You can obtain
|
||||
one at http://mozilla.org/MPL/2.0/.
|
||||
|
||||
If it is not possible or desirable to put the notice in a particular file,
|
||||
then You may include the notice in a location (such as a LICENSE file in a
|
||||
relevant directory) where a recipient would be likely to look for such a notice.
|
||||
|
||||
You may add additional accurate notices of copyright ownership.
|
||||
|
||||
Exhibit B - "Incompatible With Secondary Licenses" Notice
|
||||
---------------------------------------------------------
|
||||
|
||||
This Source Code Form is "Incompatible With Secondary Licenses", as
|
||||
defined by the Mozilla Public License, v. 2.0.
|
||||
This Source Code Form is "Incompatible With Secondary Licenses", as defined
|
||||
by the Mozilla Public License, v. 2.0.
|
||||
|
|
|
@ -0,0 +1,403 @@
|
|||
# Migrating Guide
|
||||
|
||||
Greenlock v4 is the current version.
|
||||
|
||||
# v3 to v4
|
||||
|
||||
v4 is a very minor, but breaking, change from v3
|
||||
|
||||
### `configFile` is replaced with `configDir`
|
||||
|
||||
The default config file `./greenlock.json` is now `./greenlock.d/config.json`.
|
||||
|
||||
This was change was mode to eliminate unnecessary configuration that was inadvertantly introduced in v3.
|
||||
|
||||
### `.greenlockrc` is auto-generated
|
||||
|
||||
`.greenlockrc` exists for the sake of tooling - so that the CLI, Web API, and your code naturally stay in sync.
|
||||
|
||||
It looks like this:
|
||||
|
||||
```json
|
||||
{
|
||||
"manager": {
|
||||
"module": "@greenlock/manager"
|
||||
},
|
||||
"configDir": "./greenlock.d"
|
||||
}
|
||||
```
|
||||
|
||||
If you deploy to a read-only filesystem, it is best that you create the `.greenlockrc` file as part
|
||||
of your image and use that rather than including any configuration in your code.
|
||||
|
||||
# v2 to v4
|
||||
|
||||
**Greenlock Express** uses Greenlock directly, the same as before.
|
||||
|
||||
All options described for `Greenlock.create({...})` also apply to the Greenlock Express `init()` callback.
|
||||
|
||||
# Overview of Major Differences
|
||||
|
||||
- Reduced API
|
||||
- No code in the config
|
||||
- (config is completely serializable)
|
||||
- Manager callbacks replace `approveDomains`
|
||||
- Greenlock Express does more, with less config
|
||||
- cluster is supported out-of-the-box
|
||||
- high-performance
|
||||
- scalable
|
||||
- ACME challenges are simplified
|
||||
- init
|
||||
- zones (dns-01)
|
||||
- set
|
||||
- get
|
||||
- remove
|
||||
- Store callbacks are simplified
|
||||
- accounts
|
||||
- checkKeypairs
|
||||
- certificates
|
||||
- checkKeypairs
|
||||
- check
|
||||
- set
|
||||
|
||||
# Greenlock JavaScript API greatly reduced
|
||||
|
||||
Whereas before there were many different methods with nuance differences,
|
||||
now there's just `create`, `get`, `renew`, and sometimes `add` ().
|
||||
|
||||
- Greenlock.create({ maintainerEmail, packageAgent, notify })
|
||||
- Greenlock.get({ servername, wildname, duplicate, force })
|
||||
- (just a convenience wrapper around renew)
|
||||
- Greenlock.renew({ subject, altnames, issuedBefore, expiresAfter })
|
||||
- (retrieves, issues, renews, all-in-one)
|
||||
- _optional_ Greenlock.add({ subject, altnames, subscriberEmail })
|
||||
- (partially replaces `approveDomains`)
|
||||
|
||||
Also, some disambiguation on terms:
|
||||
|
||||
- `domains` was often ambiguous and confusing, it has been replaced by:
|
||||
- `subject` refers to the subject of a certificate - the primary domain
|
||||
- `altnames` refers to the domains in the SAN (Subject Alternative Names) section of the certificate
|
||||
- `servername` refers to the TLS (SSL) SNI (Server Name Indication) request for a cetificate
|
||||
- `wildname` refers to the wildcard version of the servername (ex: `www.example.com => *.example.com`)
|
||||
|
||||
When you create an instance of Greenlock, you only supply package and maintainer info.
|
||||
|
||||
All other configuration is A) optional and B) handled by the _Manager_.
|
||||
|
||||
```js
|
||||
'use strict';
|
||||
|
||||
var pkg = require('./package.json');
|
||||
|
||||
var Greenlock = require('greenlock');
|
||||
var greenlock = Greenlock.create({
|
||||
// used for the ACME client User-Agent string as per RFC 8555 and RFC 7231
|
||||
packageAgent: pkg.name + '/' + pkg.version,
|
||||
|
||||
// used as the contact for critical bug and security notices
|
||||
// should be the same as pkg.author.email
|
||||
maintainerEmail: 'jon@example.com',
|
||||
|
||||
// used for logging background events and errors
|
||||
notify: function(ev, args) {
|
||||
if ('error' === ev || 'warning' === ev) {
|
||||
console.error(ev, args);
|
||||
return;
|
||||
}
|
||||
console.info(ev, args);
|
||||
}
|
||||
});
|
||||
```
|
||||
|
||||
By default **no certificates will be issued**. See the _manager_ section.
|
||||
|
||||
When you want to get a single certificate, you use `get`, which will:
|
||||
|
||||
- will return null if neither the `servername` or its `wildname` (wildcard) variant can be found
|
||||
- retrieve a non-expired certificate, if possible
|
||||
- will renew the certificate in the background, if stale
|
||||
- will wait for the certificate to be issued if new
|
||||
|
||||
```js
|
||||
greenlock
|
||||
.get({ servername: 'www.example.com' })
|
||||
.then(function(result) {
|
||||
if (!result) {
|
||||
// certificate is not on the approved list
|
||||
return null;
|
||||
}
|
||||
|
||||
var fullchain = result.pems.cert + '\n' + result.pems.chain + '\n';
|
||||
var privkey = result.pems.privkey;
|
||||
|
||||
return {
|
||||
fullchain: fullchain,
|
||||
privkey: privkey
|
||||
};
|
||||
})
|
||||
.catch(function(e) {
|
||||
// something went wrong in the renew process
|
||||
console.error(e);
|
||||
});
|
||||
```
|
||||
|
||||
By default **no certificates will be issued**. See the _manager_ section.
|
||||
|
||||
When you want to renew certificates, _en masse_, you use `renew`, which will:
|
||||
|
||||
- check all certificates matching the given criteria
|
||||
- only renew stale certificates by default
|
||||
- return error objects (will NOT throw exception for failed renewals)
|
||||
|
||||
```js
|
||||
greenlock
|
||||
.renew({})
|
||||
.then(function(results) {
|
||||
if (!result.length) {
|
||||
// no certificates found
|
||||
return null;
|
||||
}
|
||||
|
||||
// [{ site, error }]
|
||||
return results;
|
||||
})
|
||||
.catch(function(e) {
|
||||
// an unexpected error, not related to renewal
|
||||
console.error(e);
|
||||
});
|
||||
```
|
||||
|
||||
Options:
|
||||
|
||||
| Option | Description |
|
||||
| ------------- | -------------------------------------------------------------------------- |
|
||||
| `altnames` | only check and renew certs matching these altnames (including wildcards) |
|
||||
| `renewBefore` | only check and renew certs marked for renewal before the given date, in ms |
|
||||
| `duplicate` | renew certificates regardless of timing |
|
||||
| `force` | allow silly things, like tiny `renewOffset`s |
|
||||
|
||||
By default **no certificates will be issued**. See the _manager_ section.
|
||||
|
||||
# Greenlock Express Example
|
||||
|
||||
The options that must be returned from `init()` are the same that are used in `Greenlock.create()`,
|
||||
with a few extra that are specific to Greenlock Express:
|
||||
|
||||
```js
|
||||
require('@root/greenlock-express')
|
||||
.init(function() {
|
||||
// This object will be passed to Greenlock.create()
|
||||
|
||||
var options = {
|
||||
// some options, like cluster, are special to Greenlock Express
|
||||
|
||||
cluster: false,
|
||||
|
||||
// The rest are the same as for Greenlock
|
||||
|
||||
packageAgent: pkg.name + '/' + pkg.version,
|
||||
maintainerEmail: 'jon@example.com',
|
||||
notify: function(ev, args) {
|
||||
console.info(ev, args);
|
||||
}
|
||||
};
|
||||
|
||||
return options;
|
||||
})
|
||||
.serve(function(glx) {
|
||||
// will start servers on port 80 and 443
|
||||
|
||||
glx.serveApp(function(req, res) {
|
||||
res.end('Hello, Encrypted World!');
|
||||
});
|
||||
|
||||
// you can get access to the raw server (i.e. for websockets)
|
||||
|
||||
glx.httpsServer(); // returns raw server object
|
||||
});
|
||||
```
|
||||
|
||||
# _Manager_ replaces `approveDomains`
|
||||
|
||||
`approveDomains` was always a little confusing. Most people didn't need it.
|
||||
|
||||
Instead, now there is a simple config file that will work for most people,
|
||||
as well as a set of callbacks for easy configurability.
|
||||
|
||||
### Default Manager
|
||||
|
||||
The default manager is `@greenlock/manager` and the default `configDir` is `./.greenlock.d`.
|
||||
|
||||
The config file should look something like this:
|
||||
|
||||
`./greenlock.d/config.json`:
|
||||
|
||||
```json
|
||||
{
|
||||
"subscriberEmail": "jon@example.com",
|
||||
"agreeToTerms": true,
|
||||
"sites": {
|
||||
"example.com": {
|
||||
"subject": "example.com",
|
||||
"altnames": ["example.com", "www.example.com"]
|
||||
}
|
||||
}
|
||||
}
|
||||
```
|
||||
|
||||
You can specify a `acme-dns-01-*` or `acme-http-01-*` challenge plugin globally, or per-site.
|
||||
|
||||
```json
|
||||
{
|
||||
"subscriberEmail": "jon@example.com",
|
||||
"agreeToTerms": true,
|
||||
"sites": {
|
||||
"example.com": {
|
||||
"subject": "example.com",
|
||||
"altnames": ["example.com", "www.example.com"],
|
||||
"challenges": {
|
||||
"dns-01": {
|
||||
"module": "acme-dns-01-digitalocean",
|
||||
"token": "apikey-xxxxx"
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
```
|
||||
|
||||
The same is true with `greenlock-store-*` plugins:
|
||||
|
||||
```json
|
||||
{
|
||||
"subscriberEmail": "jon@example.com",
|
||||
"agreeToTerms": true,
|
||||
"sites": {
|
||||
"example.com": {
|
||||
"subject": "example.com",
|
||||
"altnames": ["example.com", "www.example.com"]
|
||||
}
|
||||
},
|
||||
"store": {
|
||||
"module": "greenlock-store-fs",
|
||||
"basePath": "~/.config/greenlock"
|
||||
}
|
||||
}
|
||||
```
|
||||
|
||||
### Customer Manager, the lazy way
|
||||
|
||||
At the very least you have to implement `get({ servername, wildname })`.
|
||||
|
||||
```js
|
||||
var greenlock = Greenlock.create({
|
||||
packageAgent: pkg.name + '/' + pkg.version,
|
||||
maintainerEmail: 'jon@example.com',
|
||||
notify: notify,
|
||||
|
||||
packageRoot: __dirname,
|
||||
manager: {
|
||||
module: './manager.js'
|
||||
}
|
||||
});
|
||||
|
||||
function notify(ev, args) {
|
||||
if ('error' === ev || 'warning' === ev) {
|
||||
console.error(ev, args);
|
||||
return;
|
||||
}
|
||||
console.info(ev, args);
|
||||
}
|
||||
```
|
||||
|
||||
In the simplest case you can ignore all incoming options
|
||||
and return a single site config in the same format as the config file
|
||||
|
||||
`./manager.js`:
|
||||
|
||||
```js
|
||||
'use strict';
|
||||
|
||||
module.exports.create = function() {
|
||||
return {
|
||||
get: async function({ servername }) {
|
||||
// do something to fetch the site
|
||||
var site = {
|
||||
subject: 'example.com',
|
||||
altnames: ['example.com', 'www.example.com']
|
||||
};
|
||||
|
||||
return site;
|
||||
}
|
||||
};
|
||||
};
|
||||
```
|
||||
|
||||
If you want to use wildcards or local domains for a specific domain, you must specify the `dns-01` challenge plugin to use:
|
||||
|
||||
```js
|
||||
'use strict';
|
||||
|
||||
module.exports.create = function() {
|
||||
return {
|
||||
get: async function({ servername }) {
|
||||
// do something to fetch the site
|
||||
var site = {
|
||||
subject: 'example.com',
|
||||
altnames: ['example.com', 'www.example.com'],
|
||||
|
||||
// dns-01 challenge
|
||||
challenges: {
|
||||
'dns-01': {
|
||||
module: 'acme-dns-01-namedotcom',
|
||||
apikey: 'xxxx'
|
||||
}
|
||||
}
|
||||
};
|
||||
|
||||
return site;
|
||||
}
|
||||
};
|
||||
};
|
||||
```
|
||||
|
||||
### Customer Manager, Complete
|
||||
|
||||
See <https://git.rootprojects.org/root/greenlock-manager-test.js#quick-start>
|
||||
|
||||
# ACME Challenge Plugins
|
||||
|
||||
The ACME challenge plugins are just a few simple callbacks:
|
||||
|
||||
- `init`
|
||||
- `zones` (dns-01 only)
|
||||
- `set`
|
||||
- `get`
|
||||
- `remove`
|
||||
|
||||
They are described here:
|
||||
|
||||
- [dns-01 documentation](https://git.rootprojects.org/root/acme-dns-01-test.js)
|
||||
- [http-01 documentation](https://git.rootprojects.org/root/acme-http-01-test.js)
|
||||
|
||||
# Key and Cert Store Plugins
|
||||
|
||||
Again, these are just a few simple callbacks:
|
||||
|
||||
- `certificates.checkKeypair`
|
||||
- `certificates.check`
|
||||
- `certificates.setKeypair`
|
||||
- `certificates.set`
|
||||
- `accounts.checkKeypair`
|
||||
- `accounts.check` (optional)
|
||||
- `accounts.setKeypair`
|
||||
- `accounts.set` (optional)
|
||||
|
||||
The name `check` is used instead of `get` because they only need to return something if it exists. They do not need to fail, nor do they need to generate anything.
|
||||
|
||||
They are described here:
|
||||
|
||||
- [greenlock store documentation](https://git.rootprojects.org/root/greenlock-store-test.js)
|
||||
|
||||
If you are just implenting in-house and are not going to publish a module, you can also do some hack things like this:
|
|
@ -0,0 +1,219 @@
|
|||
'use strict';
|
||||
|
||||
var A = module.exports;
|
||||
var U = require('./utils.js');
|
||||
var E = require('./errors.js');
|
||||
|
||||
var pending = {};
|
||||
|
||||
A._getOrCreate = function(gnlck, mconf, db, acme, args) {
|
||||
var email = args.subscriberEmail || mconf.subscriberEmail;
|
||||
|
||||
if (!email) {
|
||||
throw E.NO_SUBSCRIBER('get account', args.subject);
|
||||
}
|
||||
|
||||
// TODO send welcome message with benefit info
|
||||
return U._validMx(email)
|
||||
.catch(function() {
|
||||
throw E.NO_SUBSCRIBER('get account', args.subcriberEmail);
|
||||
})
|
||||
.then(function() {
|
||||
if (pending[email]) {
|
||||
return pending[email];
|
||||
}
|
||||
|
||||
pending[email] = A._rawGetOrCreate(
|
||||
gnlck,
|
||||
mconf,
|
||||
db,
|
||||
acme,
|
||||
args,
|
||||
email
|
||||
)
|
||||
.catch(function(e) {
|
||||
delete pending[email];
|
||||
throw e;
|
||||
})
|
||||
.then(function(result) {
|
||||
delete pending[email];
|
||||
return result;
|
||||
});
|
||||
|
||||
return pending[email];
|
||||
});
|
||||
};
|
||||
|
||||
// What we really need out of this is the private key and the ACME "key" id
|
||||
A._rawGetOrCreate = function(gnlck, mconf, db, acme, args, email) {
|
||||
var p;
|
||||
if (db.check) {
|
||||
p = A._checkStore(gnlck, mconf, db, acme, args, email);
|
||||
} else {
|
||||
p = Promise.resolve(null);
|
||||
}
|
||||
|
||||
return p.then(function(fullAccount) {
|
||||
if (!fullAccount) {
|
||||
return A._newAccount(gnlck, mconf, db, acme, args, email, null);
|
||||
}
|
||||
|
||||
if (fullAccount.keypair && fullAccount.key && fullAccount.key.kid) {
|
||||
return fullAccount;
|
||||
}
|
||||
|
||||
return A._newAccount(gnlck, mconf, db, acme, args, email, fullAccount);
|
||||
});
|
||||
};
|
||||
|
||||
A._newAccount = function(gnlck, mconf, db, acme, args, email, fullAccount) {
|
||||
var keyType = args.accountKeyType || mconf.accountKeyType;
|
||||
var query = {
|
||||
subject: args.subject,
|
||||
email: email,
|
||||
subscriberEmail: email,
|
||||
customerEmail: args.customerEmail,
|
||||
account: fullAccount || {},
|
||||
directoryUrl:
|
||||
args.directoryUrl ||
|
||||
mconf.directoryUrl ||
|
||||
gnlck._defaults.directoryUrl
|
||||
};
|
||||
|
||||
return U._getOrCreateKeypair(db, args.subject, query, keyType).then(
|
||||
function(kresult) {
|
||||
var keypair = kresult.keypair;
|
||||
var accReg = {
|
||||
subscriberEmail: email,
|
||||
agreeToTerms:
|
||||
args.agreeToTerms ||
|
||||
mconf.agreeToTerms ||
|
||||
gnlck._defaults.agreeToTerms,
|
||||
accountKey: keypair.privateKeyJwk || keypair.private,
|
||||
debug: args.debug
|
||||
};
|
||||
return acme.accounts.create(accReg).then(function(receipt) {
|
||||
var reg = {
|
||||
keypair: keypair,
|
||||
receipt: receipt,
|
||||
// shudder... not actually a KeyID... but so it is called anyway...
|
||||
kid:
|
||||
receipt &&
|
||||
receipt.key &&
|
||||
(receipt.key.kid || receipt.kid),
|
||||
email: args.email,
|
||||
subscriberEmail: email,
|
||||
customerEmail: args.customerEmail
|
||||
};
|
||||
|
||||
var keyP;
|
||||
if (kresult.exists) {
|
||||
keyP = Promise.resolve();
|
||||
} else {
|
||||
query.keypair = keypair;
|
||||
query.receipt = receipt;
|
||||
/*
|
||||
query.server = gnlck._defaults.directoryUrl.replace(
|
||||
/^https?:\/\//i,
|
||||
''
|
||||
);
|
||||
*/
|
||||
keyP = db.setKeypair(query, keypair);
|
||||
}
|
||||
|
||||
return keyP
|
||||
.then(function() {
|
||||
if (!db.set) {
|
||||
return Promise.resolve({
|
||||
keypair: keypair
|
||||
});
|
||||
}
|
||||
return db.set(
|
||||
{
|
||||
// id to be set by Store
|
||||
email: email,
|
||||
subscriberEmail: email,
|
||||
customerEmail: args.customerEmail,
|
||||
agreeTos: true,
|
||||
agreeToTerms: true,
|
||||
directoryUrl:
|
||||
args.directoryUrl ||
|
||||
mconf.directoryUrl ||
|
||||
gnlck._defaults.directoryUrl
|
||||
/*
|
||||
server: gnlck._defaults.directoryUrl.replace(
|
||||
/^https?:\/\//i,
|
||||
''
|
||||
)
|
||||
*/
|
||||
},
|
||||
reg
|
||||
);
|
||||
})
|
||||
.then(function(fullAccount) {
|
||||
if (fullAccount && 'object' !== typeof fullAccount) {
|
||||
throw new Error(
|
||||
"accounts.set should either return 'null' or an object with an 'id' string"
|
||||
);
|
||||
}
|
||||
|
||||
if (!fullAccount) {
|
||||
fullAccount = {};
|
||||
}
|
||||
fullAccount.keypair = keypair;
|
||||
if (!fullAccount.key) {
|
||||
fullAccount.key = {};
|
||||
}
|
||||
fullAccount.key.kid = reg.kid;
|
||||
|
||||
return fullAccount;
|
||||
});
|
||||
});
|
||||
}
|
||||
);
|
||||
};
|
||||
|
||||
A._checkStore = function(gnlck, mconf, db, acme, args, email) {
|
||||
if ((args.domain || args.domains) && !args.subject) {
|
||||
console.warn("use 'subject' instead of 'domain'");
|
||||
args.subject = args.domain;
|
||||
}
|
||||
|
||||
var account = args.account;
|
||||
if (!account) {
|
||||
account = {};
|
||||
}
|
||||
|
||||
if (args.accountKey) {
|
||||
console.warn(
|
||||
'rather than passing accountKey, put it directly into your account key store'
|
||||
);
|
||||
// TODO we probably don't need this
|
||||
return U._importKeypair(args.accountKey);
|
||||
}
|
||||
|
||||
if (!db.check) {
|
||||
return Promise.resolve(null);
|
||||
}
|
||||
|
||||
return db
|
||||
.check({
|
||||
//keypair: undefined,
|
||||
//receipt: undefined,
|
||||
email: email,
|
||||
subscriberEmail: email,
|
||||
customerEmail: args.customerEmail || mconf.customerEmail,
|
||||
account: account,
|
||||
directoryUrl:
|
||||
args.directoryUrl ||
|
||||
mconf.directoryUrl ||
|
||||
gnlck._defaults.directoryUrl
|
||||
})
|
||||
.then(function(fullAccount) {
|
||||
if (!fullAccount) {
|
||||
return null;
|
||||
}
|
||||
|
||||
return fullAccount;
|
||||
});
|
||||
};
|
|
@ -0,0 +1,91 @@
|
|||
'use strict';
|
||||
|
||||
var args = process.argv.slice(3);
|
||||
var cli = require('./lib/cli.js');
|
||||
//var path = require('path');
|
||||
//var pkgpath = path.join(__dirname, '..', 'package.json');
|
||||
//var pkgpath = path.join(process.cwd(), 'package.json');
|
||||
|
||||
var Flags = require('./lib/flags.js');
|
||||
|
||||
Flags.init().then(function({ flagOptions, greenlock, mconf }) {
|
||||
var myFlags = {};
|
||||
[
|
||||
'subject',
|
||||
'altnames',
|
||||
'renew-offset',
|
||||
'subscriber-email',
|
||||
'customer-email',
|
||||
'server-key-type',
|
||||
'challenge-http-01',
|
||||
'challenge-http-01-xxxx',
|
||||
'challenge-dns-01',
|
||||
'challenge-dns-01-xxxx',
|
||||
'challenge-tls-alpn-01',
|
||||
'challenge-tls-alpn-01-xxxx',
|
||||
'challenge',
|
||||
'challenge-xxxx',
|
||||
'challenge-json',
|
||||
'force-save'
|
||||
].forEach(function(k) {
|
||||
myFlags[k] = flagOptions[k];
|
||||
});
|
||||
|
||||
cli.parse(myFlags);
|
||||
cli.main(function(argList, flags) {
|
||||
Flags.mangleFlags(flags, mconf);
|
||||
main(argList, flags, greenlock);
|
||||
}, args);
|
||||
});
|
||||
|
||||
async function main(_, flags, greenlock) {
|
||||
if (!flags.subject || !flags.altnames) {
|
||||
console.error(
|
||||
'--subject and --altnames must be provided and should be valid domains'
|
||||
);
|
||||
process.exit(1);
|
||||
return;
|
||||
}
|
||||
|
||||
greenlock
|
||||
.add(flags)
|
||||
.catch(function(err) {
|
||||
console.error();
|
||||
console.error('error:', err.message);
|
||||
console.error();
|
||||
process.exit(1);
|
||||
})
|
||||
.then(function() {
|
||||
return greenlock
|
||||
._config({
|
||||
servername:
|
||||
flags.altnames[
|
||||
Math.floor(Math.random() * flags.altnames.length)
|
||||
]
|
||||
})
|
||||
.then(function(site) {
|
||||
if (!site) {
|
||||
console.info();
|
||||
console.info(
|
||||
'Internal bug or configuration mismatch: No config found.'
|
||||
);
|
||||
console.info();
|
||||
process.exit(1);
|
||||
return;
|
||||
}
|
||||
|
||||
console.info();
|
||||
Object.keys(site).forEach(function(k) {
|
||||
if ('defaults' === k) {
|
||||
console.info(k + ':');
|
||||
Object.keys(site.defaults).forEach(function(key) {
|
||||
var value = JSON.stringify(site.defaults[key]);
|
||||
console.info('\t' + key + ':' + value);
|
||||
});
|
||||
} else {
|
||||
console.info(k + ': ' + JSON.stringify(site[k]));
|
||||
}
|
||||
});
|
||||
});
|
||||
});
|
||||
}
|
|
@ -0,0 +1,378 @@
|
|||
'use strict';
|
||||
|
||||
var mkdirp = require('@root/mkdirp');
|
||||
var cli = require('./cli.js');
|
||||
|
||||
cli.parse({
|
||||
'directory-url': [
|
||||
false,
|
||||
' ACME Directory Resource URL',
|
||||
'string',
|
||||
'https://acme-v02.api.letsencrypt.org/directory',
|
||||
'server,acme-url'
|
||||
],
|
||||
email: [
|
||||
false,
|
||||
' Email used for registration and recovery contact. (default: null)',
|
||||
'email'
|
||||
],
|
||||
'agree-tos': [
|
||||
false,
|
||||
" Agree to the Greenlock and Let's Encrypt Subscriber Agreements",
|
||||
'boolean',
|
||||
false
|
||||
],
|
||||
'community-member': [
|
||||
false,
|
||||
' Submit stats to and get updates from Greenlock',
|
||||
'boolean',
|
||||
false
|
||||
],
|
||||
domains: [
|
||||
false,
|
||||
' Domain names to apply. For multiple domains you can enter a comma separated list of domains as a parameter. (default: [])',
|
||||
'string'
|
||||
],
|
||||
'renew-offset': [
|
||||
false,
|
||||
' Positive (time after issue) or negative (time before expiry) offset, such as 30d or -45d',
|
||||
'string',
|
||||
'45d'
|
||||
],
|
||||
'renew-within': [
|
||||
false,
|
||||
' (ignored) use renew-offset instead',
|
||||
'ignore',
|
||||
undefined
|
||||
],
|
||||
'cert-path': [
|
||||
false,
|
||||
' Path to where new cert.pem is saved',
|
||||
'string',
|
||||
':configDir/live/:hostname/cert.pem'
|
||||
],
|
||||
'fullchain-path': [
|
||||
false,
|
||||
' Path to where new fullchain.pem (cert + chain) is saved',
|
||||
'string',
|
||||
':configDir/live/:hostname/fullchain.pem'
|
||||
],
|
||||
'bundle-path': [
|
||||
false,
|
||||
' Path to where new bundle.pem (fullchain + privkey) is saved',
|
||||
'string',
|
||||
':configDir/live/:hostname/bundle.pem'
|
||||
],
|
||||
'chain-path': [
|
||||
false,
|
||||
' Path to where new chain.pem is saved',
|
||||
'string',
|
||||
':configDir/live/:hostname/chain.pem'
|
||||
],
|
||||
'privkey-path': [
|
||||
false,
|
||||
' Path to where privkey.pem is saved',
|
||||
'string',
|
||||
':configDir/live/:hostname/privkey.pem'
|
||||
],
|
||||
'config-dir': [
|
||||
false,
|
||||
' Configuration directory.',
|
||||
'string',
|
||||
'~/letsencrypt/etc/'
|
||||
],
|
||||
store: [
|
||||
false,
|
||||
' The name of the storage module to use',
|
||||
'string',
|
||||
'greenlock-store-fs'
|
||||
],
|
||||
'store-xxxx': [
|
||||
false,
|
||||
' An option for the chosen storage module, such as --store-apikey or --store-bucket',
|
||||
'bag'
|
||||
],
|
||||
'store-json': [
|
||||
false,
|
||||
' A JSON string containing all option for the chosen store module (instead of --store-xxxx)',
|
||||
'json',
|
||||
'{}'
|
||||
],
|
||||
challenge: [
|
||||
false,
|
||||
' The name of the HTTP-01, DNS-01, or TLS-ALPN-01 challenge module to use',
|
||||
'string',
|
||||
'@greenlock/acme-http-01-fs'
|
||||
],
|
||||
'challenge-xxxx': [
|
||||
false,
|
||||
' An option for the chosen challenge module, such as --challenge-apikey or --challenge-bucket',
|
||||
'bag'
|
||||
],
|
||||
'challenge-json': [
|
||||
false,
|
||||
' A JSON string containing all option for the chosen challenge module (instead of --challenge-xxxx)',
|
||||
'json',
|
||||
'{}'
|
||||
],
|
||||
'skip-dry-run': [
|
||||
false,
|
||||
' Use with caution (and test with the staging url first). Creates an Order on the ACME server without a self-test.',
|
||||
'boolean'
|
||||
],
|
||||
'skip-challenge-tests': [
|
||||
false,
|
||||
' Use with caution (and with the staging url first). Presents challenges to the ACME server without first testing locally.',
|
||||
'boolean'
|
||||
],
|
||||
'http-01-port': [
|
||||
false,
|
||||
' Required to be 80 for live servers. Do not use. For special test environments only.',
|
||||
'int'
|
||||
],
|
||||
'dns-01': [false, ' Use DNS-01 challange type', 'boolean', false],
|
||||
standalone: [
|
||||
false,
|
||||
' Obtain certs using a "standalone" webserver.',
|
||||
'boolean',
|
||||
false
|
||||
],
|
||||
manual: [
|
||||
false,
|
||||
' Print the token and key to the screen and wait for you to hit enter, giving you time to copy it somewhere before continuing (uses acme-http-01-cli or acme-dns-01-cli)',
|
||||
'boolean',
|
||||
false
|
||||
],
|
||||
debug: [false, ' show traces and logs', 'boolean', false],
|
||||
root: [
|
||||
false,
|
||||
' public_html / webroot path (may use the :hostname template such as /srv/www/:hostname)',
|
||||
'string',
|
||||
undefined,
|
||||
'webroot-path'
|
||||
],
|
||||
|
||||
//
|
||||
// backwards compat
|
||||
//
|
||||
duplicate: [
|
||||
false,
|
||||
' Allow getting a certificate that duplicates an existing one/is an early renewal',
|
||||
'boolean',
|
||||
false
|
||||
],
|
||||
'rsa-key-size': [
|
||||
false,
|
||||
' (ignored) use server-key-type or account-key-type instead',
|
||||
'ignore',
|
||||
2048
|
||||
],
|
||||
'server-key-path': [
|
||||
false,
|
||||
' Path to privkey.pem to use for certificate (default: generate new)',
|
||||
'string',
|
||||
undefined,
|
||||
'domain-key-path'
|
||||
],
|
||||
'server-key-type': [
|
||||
false,
|
||||
" One of 'RSA' (2048), 'RSA-3084', 'RSA-4096', 'ECDSA' (P-256), or 'P-384'. For best compatibility, security, and efficiency use the default (More bits != More security)",
|
||||
'string',
|
||||
'RSA'
|
||||
],
|
||||
'account-key-path': [
|
||||
false,
|
||||