2024-11-16 17:29:00 +00:00
6 changed files with 178 additions and 199 deletions
--- a/index.js
+++ b/index.js
@ -14,7 +14,7 @@ var util = require('util');
 function promisifyAllSelf(obj) {
  if (obj.__promisified) { return obj; }
  Object.keys(obj).forEach(function (key) {
-    if ('function' === typeof obj[key] && !/Async$/.test(key)) {
+    if ('function' === typeof obj[key]) {
      obj[key + 'Async'] = util.promisify(obj[key]);
    }
  });
@ -271,19 +271,13 @@ Greenlock.create = function (gl) {
    }
  });
-  try {
+  if (gl.store.create) {
-    if (gl.store.create) { gl.store = gl.store.create(gl); }
+    gl.store = gl.store.create(gl);
  }
  gl.store = promisifyAllSelf(gl.store);
  gl.store.accounts = promisifyAllSelf(gl.store.accounts);
  gl.store.certificates = promisifyAllSelf(gl.store.certificates);
-    gl._storeOpts = gl.store.options || gl.store.getOptions();
+  gl._storeOpts = gl.store.getOptions();
  } catch(e) {
    console.error(e);
    console.error("\nPROBABLE CAUSE:\n"
      + "\tYour le-store module should have a create function and return { options, accounts, certificates }\n");
    process.exit(18);
    return;
  }
  Object.keys(gl._storeOpts).forEach(function (key) {
    if (!(key in gl)) {
      gl[key] = gl._storeOpts[key];
--- a/lib/core.js
+++ b/lib/core.js
@ -45,7 +45,6 @@ module.exports.create = function (gl) {
        return PromiseA.resolve(gl._ipc.acmeUrls);
      }
      // TODO acme-v2/nocompat
      return gl.acme.getAcmeUrlsAsync(args.server).then(function (data) {
        gl._ipc.acmeUrlsUpdatedAt = Date.now();
        gl._ipc.acmeUrls = data;
@ -69,8 +68,6 @@ module.exports.create = function (gl) {
        var copy = utils.merge(args, gl);
        var disagreeTos;
        args = utils.tplCopy(copy);
        if (!args.account) { args.account = {}; }
        if ('object' === typeof args.account && !args.account.id) { args.account.id = args.accountId || args.email || ''; }
        disagreeTos = (!args.agreeTos && 'undefined' !== typeof args.agreeTos);
        if (!args.email || disagreeTos || (parseInt(args.rsaKeySize, 10) < 2048)) {
@ -83,45 +80,30 @@ module.exports.create = function (gl) {
        }
        return utils.testEmail(args.email).then(function () {
          if (args.account && args.account.privkey && (args.account.privkey.jwk || args.account.privkey.pem)) {
            // TODO import jwk or pem and return it here
            console.warn("TODO: implement accounts.checkKeypairAsync skipping");
          }
          var newKeypair = true;
          var accountKeypair;
          var promise = gl.store.accounts.checkKeypairAsync(args).then(function (keypair) {
            if (keypair) {
-              // TODO keypairs
+              return RSA.import(keypair);
              newKeypair = false;
              accountKeypair = RSA.import(keypair);
              return;
            }
            if (args.accountKeypair) {
-              // TODO keypairs
+              return gl.store.accounts.setKeypairAsync(args, RSA.import(args.accountKeypair));
              accountKeypair = RSA.import(args.accountKeypair);
              return;
            }
            var keypairOpts = { bitlen: args.rsaKeySize, exp: 65537, public: true, pem: true };
-            // TODO keypairs
+            return RSA.generateKeypairAsync(keypairOpts).then(function (keypair) {
            return (args.generateKeypair||RSA.generateKeypairAsync)(keypairOpts).then(function (keypair) {
              keypair.privateKeyPem = RSA.exportPrivatePem(keypair);
              keypair.publicKeyPem = RSA.exportPublicPem(keypair);
              keypair.privateKeyJwk = RSA.exportPrivateJwk(keypair);
-              accountKeypair = keypair;
+              return gl.store.accounts.setKeypairAsync(args, keypair);
            });
          }).then(function () {
            return accountKeypair;
          });
          return promise.then(function (keypair) {
            // Note: the ACME urls are always fetched fresh on purpose
-            // TODO acme-v2/nocompat
+            // TODO is this the right place for this?
            return core.getAcmeUrlsAsync(args).then(function (urls) {
              args._acmeUrls = urls;
              // TODO acme-v2/nocompat
              return gl.acme.registerNewAccountAsync({
                email: args.email
              , newRegUrl: args._acmeUrls.newReg
@ -149,39 +131,27 @@ module.exports.create = function (gl) {
                , newAuthzUrl: args._acmeUrls.newAuthz
                };
                return gl.store.accounts.setKeypairAsync(args, keypair).then(function () {
                // TODO move templating of arguments to right here?
                if (!gl.store.accounts.setAsync) { return PromiseA.resolve({ keypair: keypair }); }
                return gl.store.accounts.setAsync(args, reg).then(function (account) {
-                   if (account && 'object' !== typeof account) {
+                  // should now have account.id and account.accountId
-                      throw new Error("store.accounts.setAsync should either return 'null' or an object with at least a string 'id'");
+                  args.account = account;
-                   }
+                  args.accountId = account.id;
                    if (!account) { account = {}; }
                    account.keypair = keypair;
                  return account;
                });
              });
            });
          });
        });
        });
      }
      // Accounts
      // (only used for keypair)
    , getAsync: function (args) {
        return core.accounts.checkAsync(args).then(function (account) {
-          if (!account) { return core.accounts.registerAsync(args); }
+          if (account) {
-          if (account.keypair) { return account; }
+            return account;
-
+          } else {
          if (!args.account) { args.account = {}; }
          if ('object' === typeof args.account && !args.account.id) { args.account.id = args.accountId || args.email || ''; }
          var copy = utils.merge(args, gl);
          args = utils.tplCopy(copy);
          return gl.store.accounts.checkKeypairAsync(args).then(function (keypair) {
            if (keypair) { return { keypair: keypair }; }
            return core.accounts.registerAsync(args);
-          });
+          }
        });
      }
@ -196,12 +166,7 @@ module.exports.create = function (gl) {
        var copy = utils.merge(args, gl);
        args = utils.tplCopy(copy);
        if (!args.account) { args.account = {}; }
        if ('object' === typeof args.account && !args.account.id) { args.account.id = args.accountId || args.email || ''; }
        // we can re-register the same account until we're blue in the face and it's all the same
        // of course, we can also skip the lookup if we do store the account, but whatever
        if (!gl.store.accounts.checkAsync) { return null; }
        return gl.store.accounts.checkAsync(args).then(function (account) {
          if (!account) {
@ -278,35 +243,22 @@ module.exports.create = function (gl) {
        return core.accounts.getAsync(args).then(function (account) {
          args.account = account;
          if (args.certificate && args.certificate.privkey && (args.certificate.privkey.jwk || args.certificate.privkey.pem)) {
            // TODO import jwk or pem and return it here
            console.warn("TODO: implement certificates.checkKeypairAsync skipping");
          }
          var domainKeypair;
          // This has been done in the getAsync already, so we skip it here
          // if approveDomains doesn't set subject, we set it here
          //args.subject = args.subject || args.domains[0];
          var promise = gl.store.certificates.checkKeypairAsync(args).then(function (keypair) {
            if (keypair) {
-              domainKeypair = RSA.import(keypair);
+              return RSA.import(keypair);
              return;
            }
            if (args.domainKeypair) {
-              domainKeypair = RSA.import(args.domainKeypair);
+              return gl.store.certificates.setKeypairAsync(args, RSA.import(args.domainKeypair));
              return;
            }
            var keypairOpts = { bitlen: args.rsaKeySize, exp: 65537, public: true, pem: true };
-            return (args.generateKeypair||RSA.generateKeypairAsync)(keypairOpts).then(function (keypair) {
+            return RSA.generateKeypairAsync(keypairOpts).then(function (keypair) {
              keypair.privateKeyPem = RSA.exportPrivatePem(keypair);
              keypair.publicKeyPem = RSA.exportPublicPem(keypair);
              keypair.privateKeyJwk = RSA.exportPrivateJwk(keypair);
-              domainKeypair = keypair;
+              return gl.store.certificates.setKeypairAsync(args, keypair);
            });
          }).then(function () {
            return domainKeypair;
          });
          return promise.then(function (domainKeypair) {
@ -360,28 +312,20 @@ module.exports.create = function (gl) {
              log(args.debug, 'calling greenlock.acme.getCertificateAsync', certReq.domains);
              // TODO acme-v2/nocompat
              return gl.acme.getCertificateAsync(certReq).then(utils.attachCertInfo);
            });
          }).then(function (results) {
            //var requested = {};
            //var issued = {};
            // { cert, chain, privkey /*TODO, subject, altnames, issuedAt, expiresAt */ }
            // args.certs.privkey = RSA.exportPrivatePem(options.domainKeypair);
            args.certs = results;
            // args.pems is deprecated
            args.pems = results;
            // This has been done in the getAsync already, so we skip it here
            // if approveDomains doesn't set subject, we set it here
            //args.subject = args.subject || args.domains[0];
            return gl.store.certificates.setKeypairAsync(args, domainKeypair).then(function () {
            return gl.store.certificates.setAsync(args).then(function () {
              return results;
            });
          });
        });
        });
      }
      // Certificates
    , renewAsync: function (args, certs) {
@ -433,19 +377,13 @@ module.exports.create = function (gl) {
      }
    , checkAsync: function (args) {
        var copy = utils.merge(args, gl);
-        // if approveDomains doesn't set subject, we set it here
+        utils.tplCopy(copy);
        copy.subject = copy.subject || copy.domains[0];
        args = utils.tplCopy(copy);
        // returns pems
-        return gl.store.certificates.checkAsync(args).then(function (cert) {
+        return gl.store.certificates.checkAsync(copy).then(function (cert) {
          if (cert) {
            cert = utils.attachCertInfo(cert);
            if (utils.certHasDomain(cert, args.domain)) {
            log(args.debug, 'checkAsync found existing certificates');
-              return cert;
+            return utils.attachCertInfo(cert);
            }
            log(args.debug, 'checkAsync found mismatched / incomplete certificates');
          }
          log(args.debug, 'checkAsync failed to find certificates');
@ -455,17 +393,10 @@ module.exports.create = function (gl) {
      // Certificates
    , getAsync: function (args) {
        var copy = utils.merge(args, gl);
        // if approveDomains doesn't set subject, we set it here
        copy.subject = copy.subject || copy.domains[0];
        args = utils.tplCopy(copy);
        if (args.certificate && args.certificate.privkey && args.certificate.cert && args.certificate.chain) {
          // TODO skip fetching a certificate if it's fetched during approveDomains
          console.warn("TODO: implement certificates.checkAsync skipping");
        }
        return core.certificates.checkAsync(args).then(function (certs) {
-          if (certs) { certs = utils.attachCertInfo(certs); }
+          if (!certs) {
          if (!certs || !utils.certHasDomain(certs, args.domain)) {
            // There is no cert available
            if (false !== args.securityUpdates && !args._communityMemberAdded) {
              try {
--- a/lib/utils-test.js
+++ b/lib/utils-test.js
@ -1,24 +0,0 @@
 'use strict';
 var utils = require('./utils.js')
 var cert = { subject: 'example.com', altnames: ['*.bar.com','foo.net'] };
 if (utils.certHasDomain(cert, 'bad.com')) {
  throw new Error("allowed bad domain");
 }
 if (!utils.certHasDomain(cert, 'example.com')) {
  throw new Error("missed subject");
 }
 if (utils.certHasDomain(cert, 'bar.com')) {
  throw new Error("allowed bad (missing) sub");
 }
 if (!utils.certHasDomain(cert, 'foo.bar.com')) {
  throw new Error("didn't allow valid wildcarded-domain");
 }
 if (utils.certHasDomain(cert, 'dub.foo.bar.com')) {
  throw new Error("allowed sub-sub domain");
 }
 if (!utils.certHasDomain(cert, 'foo.net')) {
  throw new Error("missed altname");
 }
 console.info("PASSED");
--- a/lib/utils.js
+++ b/lib/utils.js
@ -9,7 +9,9 @@ var promisify = (require('util').promisify || require('bluebird').promisify);
 var dnsResolveMxAsync = promisify(require('dns').resolveMx);
 module.exports.attachCertInfo = function (results) {
-  var certInfo = require('cert-info').info(results.cert);
+  // XXX Note: Parsing the certificate info comes at a great cost (~500kb)
  var getCertInfo = require('cert-info').info;
  var certInfo = getCertInfo(results.cert);
  // subject, altnames, issuedAt, expiresAt
  Object.keys(certInfo).forEach(function (key) {
@ -19,20 +21,6 @@ module.exports.attachCertInfo = function (results) {
  return results;
 };
 module.exports.certHasDomain = function (certInfo, _domain) {
  var names = (certInfo.altnames || []).slice(0);
  names.push(certInfo.subject);
  return names.some(function (name) {
    var domain = _domain.toLowerCase();
    name = name.toLowerCase();
    if ('*.' === name.substr(0, 2)) {
      name = name.substr(2);
      domain = domain.split('.').slice(1).join('.');
    }
    return name === domain;
  });
 };
 module.exports.isValidDomain = function (domain) {
  if (re.test(domain)) {
    return domain;
@ -70,7 +58,7 @@ module.exports.tplCopy = function (copy) {
  var tplKeys;
  copy.hostnameGet = function (copy) {
-    return copy.subject || (copy.domains || [])[0] || copy.domain;
+    return (copy.domains || [])[0] || copy.domain;
  };
  Object.keys(copy).forEach(function (key) {
--- a/package-lock.json
+++ b/package-lock.json
@ -1,6 +1,6 @@
 {
  "name": "greenlock",
-  "version": "2.6.9",
+  "version": "2.6.8",
  "lockfileVersion": 1,
  "requires": true,
  "dependencies": {
@ -10,39 +10,71 @@
      "integrity": "sha512-9rBXLFSb5D19opGeXdD/WuiFJsA4Pk2r8VUGEAeUZUxB1a2zB47K85BKAx3Gy9i4nZwg22ejlJA+q9DVrpQlbA=="
    },
    "acme": {
-      "version": "1.3.0",
+      "version": "1.2.0",
-      "resolved": "https://registry.npmjs.org/acme/-/acme-1.3.0.tgz",
+      "resolved": "https://registry.npmjs.org/acme/-/acme-1.2.0.tgz",
-      "integrity": "sha512-Ny8aXnGdtlEVBZLpzNyVp7gff/3zFYrbfbiY93lx5jdrG4BrraA6P8RkRFP7NbFwh1rBgQkdHEsMxTp3f2r8dA==",
+      "integrity": "sha512-lG9Wq0Ol2OLpVrusq5OQ+KCT06rXaGjbHcDhKtNO6Hr3J3swISaCYi0slwLpEA9DGV+QhDkAnZ6qsXAo86SM5Q==",
      "requires": {
-        "acme-v2": "^1.6.0"
+        "acme-v2": "^1.3.1"
      }
    },
    "acme-v2": {
-      "version": "1.6.0",
+      "version": "1.5.2",
-      "resolved": "https://registry.npmjs.org/acme-v2/-/acme-v2-1.6.0.tgz",
+      "resolved": "https://registry.npmjs.org/acme-v2/-/acme-v2-1.5.2.tgz",
-      "integrity": "sha512-+vCD+j87eEQhdiqSVA9KT97+EGYbkVTgSqxQ37y9aM/3uExi2U+UM4EQEAIRSV/DWZ6oqeRPe+dha8h+PtNdwQ==",
+      "integrity": "sha512-Ux0cFCxHeaGGeGyPGMLHBLIGF05OYaxuh4TvaVzwkVVRib/gPpioa50CGj2pnQimH/MRkg0VtWCEdfE45MV/0g==",
      "requires": {
        "@coolaj86/urequest": "^1.3.6",
-        "rsa-compat": "^2.0.6"
+        "rsa-compat": "^1.9.2"
      },
      "dependencies": {
        "rsa-compat": {
          "version": "1.9.2",
          "resolved": "https://registry.npmjs.org/rsa-compat/-/rsa-compat-1.9.2.tgz",
          "integrity": "sha512-XY4I/74W+QENMd99zVsyHQcxYxWTXd0EihVXsI4oeb1bz7DYxEKasQrjyzYPnR1tZT7fTPu5HP/vTKfs9lzdGA==",
          "requires": {
            "node-forge": "^0.7.6",
            "ursa-optional": "^0.9.10"
          }
        }
      }
    },
    "any-promise": {
      "version": "1.3.0",
      "resolved": "https://registry.npmjs.org/any-promise/-/any-promise-1.3.0.tgz",
      "integrity": "sha1-q8av7tzqUugJzcA3au0845Y10X8="
    },
    "bindings": {
      "version": "1.5.0",
      "resolved": "https://registry.npmjs.org/bindings/-/bindings-1.5.0.tgz",
      "integrity": "sha512-p2q/t/mhvuOj/UeLlV6566GD/guowlr0hHxClI0W9m7MWYkL1F0hLo+0Aexs9HSPCtR1SXQ0TD3MMKrXZajbiQ==",
      "optional": true,
      "requires": {
        "file-uri-to-path": "1.0.0"
      }
    },
    "bluebird": {
      "version": "3.5.1",
      "resolved": "https://registry.npmjs.org/bluebird/-/bluebird-3.5.1.tgz",
      "integrity": "sha512-MKiLiV+I1AA596t9w1sQJ8jkiSr5+ZKi0WKrYGUn6d1Fx+Ij4tIj+m2WMQSGczs5jZVxV339chE8iwk6F64wjA=="
    },
    "cert-info": {
      "version": "1.5.1",
      "resolved": "https://registry.npmjs.org/cert-info/-/cert-info-1.5.1.tgz",
      "integrity": "sha512-eoQC/yAgW3gKTKxjzyClvi+UzuY97YCjcl+lSqbsGIy7HeGaWxCPOQFivhUYm27hgsBMhsJJFya3kGvK6PMIcQ=="
    },
-    "eckles": {
+    "file-uri-to-path": {
-      "version": "1.4.1",
+      "version": "1.0.0",
-      "resolved": "https://registry.npmjs.org/eckles/-/eckles-1.4.1.tgz",
+      "resolved": "https://registry.npmjs.org/file-uri-to-path/-/file-uri-to-path-1.0.0.tgz",
-      "integrity": "sha512-auWyk/k8oSkVHaD4RxkPadKsLUcIwKgr/h8F7UZEueFDBO7BsE4y+H6IMUDbfqKIFPg/9MxV6KcBdJCmVVcxSA=="
+      "integrity": "sha512-0Zt+s3L7Vf1biwWZ29aARiVYLx7iMGnEUl9x33fbB/j3jR81u/O2LbqK+Bm1CDSNDKVtJ/YjwY7TUd5SkeLQLw==",
      "optional": true
    },
-    "keypairs": {
+    "fs-symlink": {
-      "version": "1.2.14",
+      "version": "1.2.1",
-      "resolved": "https://registry.npmjs.org/keypairs/-/keypairs-1.2.14.tgz",
+      "resolved": "https://registry.npmjs.org/fs-symlink/-/fs-symlink-1.2.1.tgz",
-      "integrity": "sha512-ZoZfZMygyB0QcjSlz7Rh6wT2CJasYEHBPETtmHZEfxuJd7bnsOG5AdtPZqHZBT+hoHvuWCp/4y8VmvTvH0Y9uA==",
+      "integrity": "sha1-G+uoPqncqBI2AOPwuaUbGGQLvEA=",
      "requires": {
-        "eckles": "^1.4.1",
+        "mkdirp": "^0.5.0",
-        "rasha": "^1.2.4"
+        "mkdirp-then": "1",
        "mz": "^2.0.0"
      }
    },
    "le-challenge-fs": {
@ -54,18 +86,22 @@
      }
    },
    "le-sni-auto": {
-      "version": "2.1.8",
+      "version": "2.1.3",
-      "resolved": "https://registry.npmjs.org/le-sni-auto/-/le-sni-auto-2.1.8.tgz",
+      "resolved": "https://registry.npmjs.org/le-sni-auto/-/le-sni-auto-2.1.3.tgz",
-      "integrity": "sha512-aEUP+DB5mfHi4kHY37nJdtVr+DIF5vxiXKdiZBPOLNgF7pK3iD0wJU6fiwDRtZRz2KOahX+VBxlgTN2r24nKhw=="
+      "integrity": "sha512-ojGwizoh2o6OM2dQFzryd8YCS7wITaw5LBoSo1qi/Tzj3D54aB9M9QUqy26t2K4M78t+Ctlw0x+L5GhIJkRlVg==",
      "requires": {
        "bluebird": "^3.4.1"
      }
    },
    "le-store-certbot": {
-      "version": "2.2.1",
+      "version": "2.1.7",
-      "resolved": "https://registry.npmjs.org/le-store-certbot/-/le-store-certbot-2.2.1.tgz",
+      "resolved": "https://registry.npmjs.org/le-store-certbot/-/le-store-certbot-2.1.7.tgz",
-      "integrity": "sha512-BhljZjTULhbNBAT6RBiv4TeZegFraMxURYEvh3WRUI048zmXf4ZfC8gwbdu5fnD2tTCsS9fbsCOAQyrFBl4jlA==",
+      "integrity": "sha512-grw74qysH+MfpIEyF41vh0vxvirMBkpEEITB9Wv6QM0O/11Pwk3ZZ9C8p2tx4yXkdbLEQ+7viTgU8XmWl3t27Q==",
      "requires": {
        "fs-symlink": "^1.2.1",
        "mkdirp": "^0.5.1",
-        "pyconf": "^1.1.5",
+        "pyconf": "^1.1.2",
-        "safe-replace": "^1.0.3"
+        "safe-replace": "^1.0.2"
      }
    },
    "minimist": {
@ -81,31 +117,85 @@
        "minimist": "0.0.8"
      }
    },
    "mkdirp-then": {
      "version": "1.2.0",
      "resolved": "https://registry.npmjs.org/mkdirp-then/-/mkdirp-then-1.2.0.tgz",
      "integrity": "sha1-pJLIecpNhz9e5FAI+PVf0BUN48U=",
      "requires": {
        "any-promise": "^1.1.0",
        "mkdirp": "^0.5.0"
      }
    },
    "mz": {
      "version": "2.7.0",
      "resolved": "https://registry.npmjs.org/mz/-/mz-2.7.0.tgz",
      "integrity": "sha512-z81GNO7nnYMEhrGh9LeymoE4+Yr0Wn5McHIZMK5cfQCl+NDX08sCZgUc9/6MHni9IWuFLm1Z3HTCXu2z9fN62Q==",
      "requires": {
        "any-promise": "^1.0.0",
        "object-assign": "^4.0.1",
        "thenify-all": "^1.0.0"
      }
    },
    "nan": {
      "version": "2.12.1",
      "resolved": "https://registry.npmjs.org/nan/-/nan-2.12.1.tgz",
      "integrity": "sha512-JY7V6lRkStKcKTvHO5NVSQRv+RV+FIL5pvDoLiAtSL9pKlC5x9PKQcZDsq7m4FO4d57mkhC6Z+QhAh3Jdk5JFw==",
      "optional": true
    },
    "node-forge": {
      "version": "0.7.6",
      "resolved": "https://registry.npmjs.org/node-forge/-/node-forge-0.7.6.tgz",
      "integrity": "sha512-sol30LUpz1jQFBjOKwbjxijiE3b6pjd74YwfD0fJOKPjF+fONKb2Yg8rYgS6+bK6VDl+/wfr4IYpC7jDzLUIfw==",
      "optional": true
    },
    "object-assign": {
      "version": "4.1.1",
      "resolved": "https://registry.npmjs.org/object-assign/-/object-assign-4.1.1.tgz",
      "integrity": "sha1-IQmtx5ZYh8/AXLvUQsrIv7s2CGM="
    },
    "pyconf": {
-      "version": "1.1.6",
+      "version": "1.1.5",
-      "resolved": "https://registry.npmjs.org/pyconf/-/pyconf-1.1.6.tgz",
+      "resolved": "https://registry.npmjs.org/pyconf/-/pyconf-1.1.5.tgz",
-      "integrity": "sha512-4ujjwqch6nViWduSLc3/QFrDdJJAvAE7NRBarSGLANwh0tNW0MbXeJE8ZziJZvzRnUEN5scYwsS+ItYU1uj6dQ==",
+      "integrity": "sha512-zXEg0oUJ4mY6azqVvRy6rePTIHZGhDQG3z9PVkE60uUabS9uILiIkHobU2Jzcs3tBltMBqyEATZZezRR/UFjkg==",
      "requires": {
        "safe-replace": "^1.0.2"
      }
    },
    "rasha": {
      "version": "1.2.5",
      "resolved": "https://registry.npmjs.org/rasha/-/rasha-1.2.5.tgz",
      "integrity": "sha512-KxtX+/fBk+wM7O3CNgwjSh5elwFilLvqWajhr6wFr2Hd63JnKTTi43Tw+Jb1hxJQWOwoya+NZWR2xztn3hCrTw=="
    },
    "rsa-compat": {
-      "version": "2.0.6",
+      "version": "2.0.3",
-      "resolved": "https://registry.npmjs.org/rsa-compat/-/rsa-compat-2.0.6.tgz",
+      "resolved": "https://registry.npmjs.org/rsa-compat/-/rsa-compat-2.0.3.tgz",
-      "integrity": "sha512-bQmpscAQec9442RaghDybrHMy1twQ3nUZOgTlqntio1yru+rMnDV64uGRzKp7dJ4VVhNv3mLh3X4MNON+YM0dA==",
+      "integrity": "sha512-oMEiSfk8KTKleNO7OEahZtrZTcjV+fzBm8jpt2bXBgyhbgO3bJdwawm4BkJe+2LfdK8kaKqMIO8pHZ/UmybQ7w=="
      "requires": {
        "keypairs": "^1.2.14"
      }
    },
    "safe-replace": {
-      "version": "1.1.0",
+      "version": "1.0.2",
-      "resolved": "https://registry.npmjs.org/safe-replace/-/safe-replace-1.1.0.tgz",
+      "resolved": "https://registry.npmjs.org/safe-replace/-/safe-replace-1.0.2.tgz",
-      "integrity": "sha512-9/V2E0CDsKs9DWOOwJH7jYpSl9S3N05uyevNjvsnDauBqRowBPOyot1fIvV5N2IuZAbYyvrTXrYFVG0RZInfFw=="
+      "integrity": "sha1-sYGrQJWs32qwqPhAUXSRyoqZIro="
    },
    "thenify": {
      "version": "3.3.0",
      "resolved": "https://registry.npmjs.org/thenify/-/thenify-3.3.0.tgz",
      "integrity": "sha1-5p44obq+lpsBCCB5eLn2K4hgSDk=",
      "requires": {
        "any-promise": "^1.0.0"
      }
    },
    "thenify-all": {
      "version": "1.6.0",
      "resolved": "https://registry.npmjs.org/thenify-all/-/thenify-all-1.6.0.tgz",
      "integrity": "sha1-GhkY1ALY/D+Y+/I02wvMjMEOlyY=",
      "requires": {
        "thenify": ">= 3.1.0 < 4"
      }
    },
    "ursa-optional": {
      "version": "0.9.10",
      "resolved": "https://registry.npmjs.org/ursa-optional/-/ursa-optional-0.9.10.tgz",
      "integrity": "sha512-RvEbhnxlggX4MXon7KQulTFiJQtLJZpSb9ZSa7ZTkOW0AzqiVTaLjI4vxaSzJBDH9dwZ3ltZadFiBaZslp6haA==",
      "optional": true,
      "requires": {
        "bindings": "^1.3.0",
        "nan": "^2.11.1"
      }
    }
  }
 }
--- a/package.json
+++ b/package.json
@ -1,6 +1,6 @@
 {
  "name": "greenlock",
-  "version": "2.6.10",
+  "version": "2.6.8",
  "description": "Let's Encrypt for node.js on npm",
  "main": "index.js",
  "files": [
@ -38,13 +38,13 @@
    "le-acme-core": "^2.1.3"
  },
  "dependencies": {
-    "acme": "^1.3.0",
+    "acme": "^1.2.0",
    "acme-v2": "^1.5.0",
    "cert-info": "^1.5.1",
    "keypairs": "^1.2.14",
    "le-challenge-fs": "^2.0.2",
-    "le-sni-auto": "^2.1.8",
+    "le-sni-auto": "^2.1.3",
-    "le-store-certbot": "^2.2.1",
+    "le-store-certbot": "^2.1.7",
-    "rsa-compat": "^2.0.6"
+    "rsa-compat": "^2.0.3"
  },
  "engines": {
    "node": ">=4.5"