greenlock.js/le-standalone.js

75 lines
2.0 KiB
JavaScript
Raw Normal View History

2015-12-11 11:23:47 +00:00
'use strict';
var letsencrypt = require('letsencrypt');
var networkInterfaces = require('os').networkInterfaces();
var ipify = require('ipify');
function getSecureContext(le, hostname, cb) {
hostname = hostname.replace(/^www\./, '');
function needsRegistration(hostnames, cb) {
//
// IMPORTANT
//
// Before attempting a dynamic registration you need to validate that
//
// * these are hostnames that you expected to exist on the system
// * their A records currently point to this ip
// * this system's ip hasn't changed
//
// If you do not check these things, then someone could attack you
// and cause you, in return, to have your ip be rate-limit blocked
//
le.validate(hostnames, {
networkInterfaces: networkInterfaces
, ipify: ipify
}, function (err) {
if (err) {
cb(null, null);
return;
}
// these hostnames need to be registered
//
cb(null, {
email: 'john.doe@gmail.com'
, agreeTos: true
, domains: ['www.' + hostname, hostname]
});
});
}
// secure contexts will be cached
// renewals will be checked in the background
le.get(hostname, needsRegistration, function (secureContext) {
// this will fallback to the localCerts if the domain cannot be registered
if (!secureContext) {
var localCerts = require('localhost.daplie.com-certificates');
secureContext = localCerts;
}
cb(null, secureContext);
}, function (err) {
cb(err);
});
}
letsencrypt.create(
'/home/user/.local/share/letsencrypt/bin/letsencrypt'
// set some defaults
, { configDir: '/etc/letsencrypt'
, workDir: '/var/lib/letsencrypt'
, logsDir: '/var/log/letsencrypt'
, standalone: true
//, webroot: true
//, webrootPath: '/srv/www/acme-challenges/'
}
, { cacheContextsFor: 1 * 60 * 60 * 1000 // 1 hour
, cacheRenewChecksFor: 3 * 24 * 60 * 60 * 1000 // 3 days
}
).then(function (le) {
getSecureContext(le, 'example.com', function (secureContext) {
console.log(secureContext);
});
});