From c45fcdf1509245367956ea469afbfe046ead72a8 Mon Sep 17 00:00:00 2001 From: AJ ONeal Date: Sat, 22 Dec 2018 07:35:54 -0700 Subject: [PATCH] v2.6.7: more reasonable defaults --- README.md | 50 +++++++++++++++----------------------------------- index.js | 16 +++++++++++++--- package.json | 2 +- 3 files changed, 29 insertions(+), 39 deletions(-) diff --git a/README.md b/README.md index 564cb42..9826416 100644 --- a/README.md +++ b/README.md @@ -154,39 +154,15 @@ Great when //////////////////// var greenlock = require('greenlock').create({ - - version: 'draft-12' -, server: 'https://acme-v02.api.letsencrypt.org/directory' -, configDir: '~/.config/acme' - -, email: 'user@example.com' // IMPORTANT: Change email and domains + email: 'user@example.com' // IMPORTANT: Change email and domains , agreeTos: true // Accept Let's Encrypt v2 Agreement +, configDir: '~/.config/acme' // A writable folder (a non-fs plugin) + , communityMember: true // Get (rare) non-mandatory updates about cool greenlock-related stuff (default false) , securityUpdates: true // Important and mandatory notices related to security or breaking API changes (default true) - -, approveDomains: approveDomains }); ``` -```js -///////////////////// -// APPROVE DOMAINS // -///////////////////// - - -function approveDomains(opts, certs, cb) { - - // check for domains you want to receive certificates for - if ('example.com' === opts.domain) { - cb(null, { options: opts, certs: certs }); - return; - } - - // return error otherwise - cb(new Error("bad domain")); -} -``` - ```js //////////////////// // CREATE SERVERS // @@ -225,9 +201,13 @@ var greenlock = Greenlock.create({ version: 'draft-12' , server: 'https://acme-v02.api.letsencrypt.org/directory' - // approve a growing list of domains + // Use the approveDomains callback to set per-domain config + // (default: approve any domain that passes self-test of built-in challenges) , approveDomains: approveDomains + // the default servername to use when the client doesn't specify +, servername: 'example.com' + // If you wish to replace the default account and domain key storage plugin , store: require('le-store-certbot').create({ configDir: path.join(os.homedir(), 'acme/etc') @@ -253,13 +233,10 @@ function approveDomains(opts, certs, cb) { // The domains being approved for the first time are listed in opts.domains // Certs being renewed are listed in certs.altnames - if (certs) { - opts.domains = certs.altnames; - } - else { - opts.email = 'john.doe@example.com'; - opts.agreeTos = true; - } + // certs.domains; + // certs.altnames; + opts.email = 'john.doe@example.com'; + opts.agreeTos = true; // NOTE: you can also change other options such as `challengeType` and `challenge` // opts.challengeType = 'http-01'; @@ -530,6 +507,9 @@ See https://git.coolaj86.com/coolaj86/le-challenge-fs.js # Change History +* v2.6 + * better defaults, fewer explicit options + * better pre-flight self-tests, explicit domains not required * v2.5 * bugfix JWK (update rsa-compat) * eliminate all external non-optional dependencies diff --git a/index.js b/index.js index ce481e9..fa8bfb4 100644 --- a/index.js +++ b/index.js @@ -142,6 +142,8 @@ Greenlock.create = function (gl) { // BEGIN VERSION MADNESS // /////////////////////////// + gl.version = gl.version || 'draft-11'; + gl.server = gl.server || 'https://acme-v02.api.letsencrypt.org/directory'; if (!gl.version) { //console.warn("Please specify version: 'v01' (Let's Encrypt v1) or 'draft-12' (Let's Encrypt v2 / ACME draft 12)"); console.warn(""); @@ -378,7 +380,6 @@ Greenlock.create = function (gl) { gl.approveDomains = null; } if (!gl.approveDomains) { - gl.approvedDomains = gl.approvedDomains || []; gl.approveDomains = function (lexOpts, certs, cb) { var err; var emsg; @@ -389,9 +390,18 @@ Greenlock.create = function (gl) { if (!gl.agreeTos) { throw new Error("le-sni-auto is not properly configured. Missing agreeTos"); } - if (!gl.approvedDomains.length) { - throw new Error("le-sni-auto is not properly configured. Missing approveDomains(domain, certs, callback)"); + if (!/[a-z]/i.test(lexOpts.domain)) { + cb(new Error("le-sni-auto does not allow IP addresses in SNI")); + return; } + + if (!Array.isArray(gl.approvedDomains)) { + // The acme-v2 package uses pre-flight test challenges to + // verify that each requested domain is hosted by the server + // these checks are sufficient for most use cases + return cb(null, { options: lexOpts, certs: certs }); + } + if (lexOpts.domains.every(function (domain) { return -1 !== gl.approvedDomains.indexOf(domain); })) { diff --git a/package.json b/package.json index b49fc80..403729b 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "greenlock", - "version": "2.6.1", + "version": "2.6.7", "description": "Let's Encrypt for node.js on npm", "main": "index.js", "files": [