greenlock.js/index.js

444 lines
15 KiB
JavaScript
Raw Normal View History

2015-12-11 14:22:46 +00:00
'use strict';
var DAY = 24 * 60 * 60 * 1000;
//var MIN = 60 * 1000;
2018-04-16 01:28:05 +00:00
var ACME = require('acme-v2/compat').ACME;
2015-12-12 15:05:45 +00:00
2018-05-15 22:01:09 +00:00
var Greenlock = module.exports;
Greenlock.Greenlock = Greenlock;
Greenlock.LE = Greenlock;
2016-08-05 22:50:42 +00:00
// in-process cache, shared between all instances
var ipc = {};
2016-08-04 22:49:35 +00:00
function _log(debug) {
if (debug) {
var args = Array.prototype.slice.call(arguments);
args.shift();
2018-05-15 22:01:09 +00:00
args.unshift("[gl/index.js]");
console.log.apply(console, args);
}
}
2018-05-15 22:01:09 +00:00
Greenlock.defaults = {
2018-05-15 21:42:04 +00:00
productionServerUrl: 'https://acme-v01.api.letsencrypt.org/directory'
, stagingServerUrl: 'https://acme-staging.api.letsencrypt.org/directory'
2016-08-04 22:49:35 +00:00
2016-08-08 19:17:09 +00:00
, rsaKeySize: ACME.rsaKeySize || 2048
, challengeType: ACME.challengeType || 'http-01'
2018-04-16 01:28:05 +00:00
, challengeTypes: ACME.challengeTypes || [ 'http-01', 'dns-01' ]
2016-08-05 22:21:10 +00:00
2016-08-08 19:17:09 +00:00
, acmeChallengePrefix: ACME.acmeChallengePrefix
2016-02-13 02:33:50 +00:00
};
2015-12-20 10:41:17 +00:00
2015-12-16 09:11:31 +00:00
// backwards compat
2018-05-15 22:01:09 +00:00
Object.keys(Greenlock.defaults).forEach(function (key) {
Greenlock[key] = Greenlock.defaults[key];
2016-08-04 22:49:35 +00:00
});
2015-12-13 01:04:12 +00:00
2016-08-05 22:21:10 +00:00
// show all possible options
2016-08-05 22:16:29 +00:00
var u; // undefined
2018-05-15 22:01:09 +00:00
Greenlock._undefined = {
2016-08-08 15:21:33 +00:00
acme: u
, store: u
2016-08-09 18:05:47 +00:00
, challenge: u
2016-08-15 21:33:26 +00:00
, challenges: u
, sni: u
, tlsOptions: u
2016-08-08 23:14:53 +00:00
2016-08-05 22:16:29 +00:00
, register: u
, check: u
2016-08-08 23:14:53 +00:00
, renewWithin: u // le-auto-sni and core
//, renewBy: u // le-auto-sni
2016-08-05 22:16:29 +00:00
, acmeChallengePrefix: u
2016-08-05 22:21:10 +00:00
, rsaKeySize: u
, challengeType: u
, server: u
2018-04-16 01:28:05 +00:00
, version: u
2016-08-06 05:33:19 +00:00
, agreeToTerms: u
2016-08-05 22:50:42 +00:00
, _ipc: u
2016-08-09 18:05:47 +00:00
, duplicate: u
, _acmeUrls: u
2016-08-05 22:16:29 +00:00
};
2018-05-15 22:01:09 +00:00
Greenlock._undefine = function (gl) {
Object.keys(Greenlock._undefined).forEach(function (key) {
if (!(key in gl)) {
gl[key] = u;
2016-08-05 22:16:29 +00:00
}
});
2018-05-15 22:01:09 +00:00
return gl;
2016-08-05 22:16:29 +00:00
};
2018-05-15 22:01:09 +00:00
Greenlock.create = function (gl) {
2016-08-05 22:50:42 +00:00
var PromiseA = require('bluebird');
2018-05-15 22:01:09 +00:00
gl.store = gl.store || require('le-store-certbot').create({ debug: gl.debug });
gl.core = require('./lib/core');
var log = gl.log || _log;
2016-08-05 22:16:29 +00:00
2018-05-15 22:01:09 +00:00
if (!gl.challenges) {
gl.challenges = {};
2016-08-15 21:33:26 +00:00
}
2018-05-15 22:01:09 +00:00
if (!gl.challenges['http-01']) {
gl.challenges['http-01'] = require('le-challenge-fs').create({ debug: gl.debug });
2016-08-15 21:33:26 +00:00
}
2018-05-15 22:01:09 +00:00
if (!gl.challenges['dns-01']) {
2016-08-15 21:33:26 +00:00
try {
2018-05-15 22:01:09 +00:00
gl.challenges['dns-01'] = require('le-challenge-ddns').create({ debug: gl.debug });
2016-08-15 21:33:26 +00:00
} catch(e) {
try {
2018-05-15 22:01:09 +00:00
gl.challenges['dns-01'] = require('le-challenge-dns').create({ debug: gl.debug });
2016-08-15 21:33:26 +00:00
} catch(e) {
// not yet implemented
}
}
}
2018-05-15 22:01:09 +00:00
gl = Greenlock._undefine(gl);
gl.acmeChallengePrefix = Greenlock.acmeChallengePrefix;
gl.rsaKeySize = gl.rsaKeySize || Greenlock.rsaKeySize;
gl.challengeType = gl.challengeType || Greenlock.challengeType;
gl._ipc = ipc;
gl._communityPackage = gl._communityPackage || 'greenlock.js';
gl.agreeToTerms = gl.agreeToTerms || function (args, agreeCb) {
agreeCb(new Error("'agreeToTerms' was not supplied to Greenlock and 'agreeTos' was not supplied to Greenlock.register"));
2016-08-08 23:14:53 +00:00
};
2016-08-05 22:16:29 +00:00
2018-05-15 22:01:09 +00:00
if (!gl.renewWithin) { gl.renewWithin = 14 * DAY; }
// renewBy has a default in le-sni-auto
2016-08-05 22:16:29 +00:00
2018-05-15 21:42:04 +00:00
///////////////////////////
// BEGIN VERSION MADNESS //
///////////////////////////
2018-05-15 22:01:09 +00:00
if (!gl.version) {
2018-05-15 21:42:04 +00:00
//console.warn("Please specify version: 'v01' (Let's Encrypt v1) or 'draft-11' (Let's Encrypt v2 / ACME draft 11)");
console.warn("");
console.warn("");
console.warn("");
console.warn("====================================================================");
console.warn("== greenlock.js (v2.2.0+) ==");
console.warn("====================================================================");
console.warn("");
console.warn("Please specify 'version' option:");
console.warn("");
console.warn(" 'draft-11' for Let's Encrypt v2 and ACME draft 11");
console.warn(" ('v02' is an alias of 'draft-11'");
console.warn("");
console.warn("or");
console.warn("");
console.warn(" 'v01' for Let's Encrypt v1 (deprecated)");
console.warn("");
console.warn("====================================================================");
console.warn("== this will be required from version v2.3 forward ==");
console.warn("====================================================================");
console.warn("");
console.warn("");
console.warn("");
2018-05-15 22:01:09 +00:00
} else if ('v02' === gl.version) {
gl.version = 'draft-11';
} else if ('v01' !== gl.version && 'draft-11' !== gl.version) {
throw new Error("Unrecognized version '" + gl.version + "'");
2018-05-15 21:42:04 +00:00
}
2018-05-15 22:01:09 +00:00
if (!gl.server) {
2018-05-15 21:42:04 +00:00
throw new Error("opts.server must specify an ACME directory URL, such as 'https://acme-staging-v02.api.letsencrypt.org/directory'");
2016-08-05 22:16:29 +00:00
}
2018-05-15 22:01:09 +00:00
if ('staging' === gl.server) {
gl.server = 'https://acme-staging.api.letsencrypt.org/directory';
gl.version = 'v01';
2018-05-15 21:42:04 +00:00
console.warn("");
console.warn("");
console.warn("=== WARNING ===");
console.warn("");
console.warn("Due to versioning issues the 'staging' option is deprecated. Please specify the full url and version.");
console.warn("");
2018-05-15 22:01:09 +00:00
console.warn("\t--acme-url '" + gl.server + "' \\");
console.warn("\t--acme-version '" + gl.version + "' \\");
2018-05-15 21:42:04 +00:00
console.warn("");
console.warn("");
2016-08-05 22:16:29 +00:00
}
2018-05-15 22:01:09 +00:00
else if ('production' === gl.server) {
gl.server = 'https://acme-v01.api.letsencrypt.org/directory';
gl.version = 'v01';
2018-05-15 21:42:04 +00:00
console.warn("");
console.warn("");
console.warn("=== WARNING ===");
console.warn("");
console.warn("Due to versioning issues the 'production' option is deprecated. Please specify the full url and version.");
console.warn("");
2018-05-15 22:01:09 +00:00
console.warn("\t--acme-url '" + gl.server + "' \\");
console.warn("\t--acme-version '" + gl.version + "' \\");
2018-05-15 21:42:04 +00:00
console.warn("");
console.warn("");
2015-12-13 05:03:48 +00:00
}
2015-12-17 08:46:40 +00:00
2018-05-15 21:42:04 +00:00
function loadLeV01() {
console.warn("");
console.warn("=== WARNING ===");
console.warn("");
2018-04-16 01:28:05 +00:00
console.warn("Let's Encrypt v1 is deprecated. Please update to Let's Encrypt v2 (ACME draft 11)");
2018-05-15 21:42:04 +00:00
console.warn("");
try {
return require('le-acme-core').ACME;
} catch(e) {
console.error(e);
console.info("");
console.info("");
console.info("If you require v01 API support (which is deprecated), you must install it:");
console.info("");
console.info("\tnpm install le-acme-core");
console.info("");
console.info("");
process.exit(e.code || 13);
}
2018-04-16 01:28:05 +00:00
}
2018-05-15 21:42:04 +00:00
if (-1 !== [
'https://acme-v02.api.letsencrypt.org/directory'
2018-05-15 22:01:09 +00:00
, 'https://acme-staging-v02.api.letsencrypt.org/directory' ].indexOf(gl.server)
2018-05-15 21:42:04 +00:00
) {
2018-05-15 22:01:09 +00:00
if ('draft-11' !== gl.version) {
2018-05-15 21:42:04 +00:00
console.warn("Detected Let's Encrypt v02 URL. Changing version to draft-11.");
2018-05-15 22:01:09 +00:00
gl.version = 'draft-11';
2018-05-15 21:42:04 +00:00
}
} else if (-1 !== [
'https://acme-v01.api.letsencrypt.org/directory'
2018-05-15 22:01:09 +00:00
, 'https://acme-staging.api.letsencrypt.org/directory' ].indexOf(gl.server)
|| 'v01' === gl.version
2018-05-15 21:42:04 +00:00
) {
2018-05-15 22:01:09 +00:00
if ('v01' !== gl.version) {
2018-05-15 21:42:04 +00:00
console.warn("Detected Let's Encrypt v01 URL (deprecated). Changing version to v01.");
2018-05-15 22:01:09 +00:00
gl.version = 'v01';
2018-04-16 01:28:05 +00:00
}
}
2018-05-15 22:01:09 +00:00
if ('v01' === gl.version) {
2018-05-15 21:42:04 +00:00
ACME = loadLeV01();
}
/////////////////////////
// END VERSION MADNESS //
/////////////////////////
2018-04-16 01:28:05 +00:00
2018-05-15 22:01:09 +00:00
gl.acme = gl.acme || ACME.create({ debug: gl.debug });
if (gl.acme.create) {
gl.acme = gl.acme.create(gl);
2016-08-08 15:21:33 +00:00
}
2018-05-15 22:01:09 +00:00
gl.acme = PromiseA.promisifyAll(gl.acme);
gl._acmeOpts = gl.acme.getOptions();
Object.keys(gl._acmeOpts).forEach(function (key) {
if (!(key in gl)) {
gl[key] = gl._acmeOpts[key];
2016-08-08 15:21:33 +00:00
}
});
2018-05-15 22:01:09 +00:00
if (gl.store.create) {
gl.store = gl.store.create(gl);
}
2018-05-15 22:01:09 +00:00
gl.store = PromiseA.promisifyAll(gl.store);
gl.store.accounts = PromiseA.promisifyAll(gl.store.accounts);
gl.store.certificates = PromiseA.promisifyAll(gl.store.certificates);
gl._storeOpts = gl.store.getOptions();
Object.keys(gl._storeOpts).forEach(function (key) {
if (!(key in gl)) {
gl[key] = gl._storeOpts[key];
2015-12-12 14:20:12 +00:00
}
2016-08-05 22:16:29 +00:00
});
//
// Backwards compat for <= v2.1.7
//
2018-05-15 22:01:09 +00:00
if (gl.challenge) {
console.warn("Deprecated use of gl.challenge. Use gl.challenges['" + Greenlock.challengeType + "'] instead.");
gl.challenges[gl.challengeType] = gl.challenge;
}
2018-05-15 22:01:09 +00:00
Greenlock.challengeTypes.forEach(function (challengeType) {
var challenger = gl.challenges[challengeType];
if (!challenger) {
2016-08-16 16:35:18 +00:00
return;
}
if (challenger.create) {
2018-05-15 22:01:09 +00:00
challenger = gl.challenges[challengeType] = challenger.create(gl);
2015-12-20 10:41:17 +00:00
}
2018-05-15 22:01:09 +00:00
challenger = gl.challenges[challengeType] = PromiseA.promisifyAll(challenger);
gl['_challengeOpts_' + challengeType] = challenger.getOptions();
Object.keys(gl['_challengeOpts_' + challengeType]).forEach(function (key) {
if (!(key in gl)) {
gl[key] = gl['_challengeOpts_' + challengeType][key];
2016-08-15 21:33:26 +00:00
}
});
2016-08-12 21:24:28 +00:00
// TODO wrap these here and now with tplCopy?
if (!challenger.set || 5 !== challenger.set.length) {
2018-05-15 22:01:09 +00:00
throw new Error("gl.challenges[" + challengeType + "].set receives the wrong number of arguments."
+ " You must define setChallenge as function (opts, domain, token, keyAuthorization, cb) { }");
2016-08-15 21:33:26 +00:00
}
if (challenger.get && 4 !== challenger.get.length) {
2018-05-15 22:01:09 +00:00
throw new Error("gl.challenges[" + challengeType + "].get receives the wrong number of arguments."
+ " You must define getChallenge as function (opts, domain, token, cb) { }");
}
if (!challenger.remove || 4 !== challenger.remove.length) {
2018-05-15 22:01:09 +00:00
throw new Error("gl.challenges[" + challengeType + "].remove receives the wrong number of arguments."
+ " You must define removeChallenge as function (opts, domain, token, cb) { }");
}
2018-04-16 01:28:05 +00:00
/*
2018-05-15 22:01:09 +00:00
if (!gl._challengeWarn && (!challenger.loopback || 4 !== challenger.loopback.length)) {
gl._challengeWarn = true;
console.warn("gl.challenges[" + challengeType + "].loopback should be defined as function (opts, domain, token, cb) { ... } and should prove (by external means) that the ACME server challenge '" + challengeType + "' will succeed");
}
2018-05-15 22:01:09 +00:00
else if (!gl._challengeWarn && (!challenger.test || 5 !== challenger.test.length)) {
gl._challengeWarn = true;
console.warn("gl.challenges[" + challengeType + "].test should be defined as function (opts, domain, token, keyAuthorization, cb) { ... } and should prove (by external means) that the ACME server challenge '" + challengeType + "' will succeed");
}
2018-04-16 01:28:05 +00:00
*/
});
2016-08-15 21:33:26 +00:00
2018-05-15 22:01:09 +00:00
gl.sni = gl.sni || null;
gl.tlsOptions = gl.tlsOptions || gl.httpsOptions || {};
if (!gl.tlsOptions.SNICallback) {
if (!gl.getCertificatesAsync && !gl.getCertificates) {
if (Array.isArray(gl.approveDomains)) {
gl.approvedDomains = gl.approveDomains;
gl.approveDomains = null;
}
2018-05-15 22:01:09 +00:00
if (!gl.approveDomains) {
gl.approvedDomains = gl.approvedDomains || [];
gl.approveDomains = function (lexOpts, certs, cb) {
2018-05-18 00:51:44 +00:00
var err;
var emsg;
2018-05-15 22:01:09 +00:00
if (!gl.email) {
throw new Error("le-sni-auto is not properly configured. Missing email");
}
2018-05-15 22:01:09 +00:00
if (!gl.agreeTos) {
throw new Error("le-sni-auto is not properly configured. Missing agreeTos");
}
2018-05-15 22:01:09 +00:00
if (!gl.approvedDomains.length) {
throw new Error("le-sni-auto is not properly configured. Missing approveDomains(domain, certs, callback)");
}
2016-08-16 00:42:11 +00:00
if (lexOpts.domains.every(function (domain) {
2018-05-15 22:01:09 +00:00
return -1 !== gl.approvedDomains.indexOf(domain);
2016-08-16 00:42:11 +00:00
})) {
2018-05-15 22:01:09 +00:00
lexOpts.domains = gl.approvedDomains.slice(0);
lexOpts.email = gl.email;
lexOpts.agreeTos = gl.agreeTos;
2018-05-10 08:08:20 +00:00
lexOpts.communityMember = lexOpts.communityMember;
2016-08-16 16:35:18 +00:00
return cb(null, { options: lexOpts, certs: certs });
}
2018-05-18 00:51:44 +00:00
emsg = "tls SNI for '" + lexOpts.domains.join(',') + "' rejected: not in list '" + gl.approvedDomains + "'";
log(gl.debug, emsg, lexOpts.domains, gl.approvedDomains);
err = new Error(emsg);
err.code = 'E_REJECT_SNI';
cb(err);
2016-08-16 00:42:11 +00:00
};
}
2018-05-15 22:01:09 +00:00
gl.getCertificates = function (domain, certs, cb) {
// certs come from current in-memory cache, not lookup
2018-05-15 22:01:09 +00:00
log(gl.debug, 'gl.getCertificates called for', domain, 'with certs for', certs && certs.altnames || 'NONE');
2016-08-16 00:42:11 +00:00
var opts = { domain: domain, domains: certs && certs.altnames || [ domain ] };
try {
2018-05-15 22:01:09 +00:00
gl.approveDomains(opts, certs, function (_err, results) {
if (_err) {
2018-05-17 21:35:03 +00:00
if (false !== gl.logRejectedDomains) {
2018-05-18 00:51:44 +00:00
console.error("[Error] approveDomains rejected tls sni '" + domain + "'");
console.error("[Error] (see https://git.coolaj86.com/coolaj86/greenlock.js/issues/11)");
if ('E_REJECT_SNI' !== _err.code) {
console.error("[Error] This is the rejection message:");
console.error(_err.message);
}
console.error("");
2018-05-17 21:35:03 +00:00
}
cb(_err);
return;
}
2018-05-15 22:01:09 +00:00
log(gl.debug, 'gl.approveDomains called with certs for', results.certs && results.certs.altnames || 'NONE', 'and options:');
log(gl.debug, results.options);
if (results.certs) {
2018-05-15 22:01:09 +00:00
log(gl.debug, 'gl renewing');
2018-05-17 21:35:03 +00:00
return gl.core.certificates.renewAsync(results.options, results.certs).then(
function (certs) { cb(null, certs); }
, function (e) {
console.debug("Error renewing certificate for '" + domain + "':");
console.debug(e);
2018-05-18 00:51:44 +00:00
console.error("");
2018-05-17 21:35:03 +00:00
cb(e);
}
);;
}
else {
2018-05-15 22:01:09 +00:00
log(gl.debug, 'gl getting from disk or registering new');
2018-05-17 21:35:03 +00:00
return gl.core.certificates.getAsync(results.options).then(
function (certs) { cb(null, certs); }
, function (e) {
console.debug("Error loading/registering certificate for '" + domain + "':");
console.debug(e);
2018-05-18 00:51:44 +00:00
console.error("");
2018-05-17 21:35:03 +00:00
cb(e);
}
);
}
});
} catch(e) {
console.error("[ERROR] Something went wrong in approveDomains:");
console.error(e);
console.error("BUT WAIT! Good news: It's probably your fault, so you can probably fix it.");
}
2016-08-16 00:42:11 +00:00
};
}
2018-05-15 22:01:09 +00:00
gl.sni = gl.sni || require('le-sni-auto');
if (gl.sni.create) {
gl.sni = gl.sni.create(gl);
}
2018-05-15 22:01:09 +00:00
gl.tlsOptions.SNICallback = function (domain, cb) {
try {
2018-05-15 22:01:09 +00:00
gl.sni.sniCallback(domain, cb);
} catch(e) {
console.error("[ERROR] Something went wrong in the SNICallback:");
console.error(e);
cb(e);
}
};
}
2018-05-12 22:48:21 +00:00
// We want to move to using tlsOptions instead of httpsOptions, but we also need to make
// sure anything that uses this object will still work if looking for httpsOptions.
2018-05-15 22:01:09 +00:00
gl.httpsOptions = gl.tlsOptions;
2016-08-12 21:24:28 +00:00
2018-05-15 22:01:09 +00:00
if (gl.core.create) {
gl.core = gl.core.create(gl);
2016-08-05 22:50:42 +00:00
}
2016-08-05 22:16:29 +00:00
2018-05-15 22:01:09 +00:00
gl.renew = function (args, certs) {
return gl.core.certificates.renewAsync(args, certs);
2016-08-16 16:35:18 +00:00
};
2018-05-15 22:01:09 +00:00
gl.register = function (args) {
return gl.core.certificates.getAsync(args);
2015-12-12 14:20:12 +00:00
};
2015-12-11 14:22:46 +00:00
2018-05-15 22:01:09 +00:00
gl.check = function (args) {
2016-08-05 22:16:29 +00:00
// TODO must return email, domains, tos, pems
2018-05-15 22:01:09 +00:00
return gl.core.certificates.checkAsync(args);
2016-08-05 22:16:29 +00:00
};
2018-05-15 22:01:09 +00:00
gl.middleware = gl.middleware || require('./lib/middleware');
if (gl.middleware.create) {
gl.middleware = gl.middleware.create(gl);
2016-08-09 18:05:47 +00:00
}
2016-08-05 08:14:40 +00:00
2018-05-15 22:01:09 +00:00
return gl;
2015-12-11 14:22:46 +00:00
};