Compare commits
No commits in common. "6286883fc2a6ebfff711a540a2e4d92f3ac2907c" and "0abdb0b279fdce0a5772a17e3a58b0191834f84e" have entirely different histories.
6286883fc2
...
0abdb0b279
43
README.md
43
README.md
|
@ -1,16 +1,13 @@
|
|||
| Sponsored by [ppl](https://ppl.family)
|
||||
| [acme-v2.js](https://git.coolaj86.com/coolaj86/acme-v2.js)
|
||||
| **greenlock** ([npm](https://www.npmjs.com/package/greenlock))
|
||||
greenlock (node-letsencrypt)
|
||||
=========
|
||||
|
||||
| **greenlock**
|
||||
| [greenlock-cli](https://git.coolaj86.com/coolaj86/greenlock-cli.js)
|
||||
| [greenlock-express](https://git.coolaj86.com/coolaj86/greenlock-express.js)
|
||||
([koa](https://git.coolaj86.com/coolaj86/greenlock-koa.js))
|
||||
([hapi](https://git.coolaj86.com/coolaj86/greenlock-hapi.js))
|
||||
| [greenlock-cluster](https://git.coolaj86.com/coolaj86/greenlock-cluster.js)
|
||||
|
|
||||
|
||||
Greenlock™ for node.js
|
||||
=====
|
||||
(previously node-letsencrypt)
|
||||
| [greenlock-koa](https://git.coolaj86.com/coolaj86/greenlock-koa.js)
|
||||
| [greenlock-hapi](https://git.coolaj86.com/coolaj86/greenlock-hapi.js)
|
||||
| Sponsored by [Daplie](https://daplie.com)
|
||||
|
||||
Automatic [Let's Encrypt](https://letsencrypt.org) (ACME) HTTPS / TLS / SSL Certificates for node.js
|
||||
|
||||
|
@ -33,8 +30,6 @@ see [greenlock-koa (previously letsencrypt-koa)](https://git.coolaj86.com/coolaj
|
|||
For `bash`, `fish`, `zsh`, `cmd.exe`, `PowerShell`
|
||||
see [**greenlock-cli** (previously letsencrypt-cli)](https://git.coolaj86.com/coolaj86/greenlock-cli.js).
|
||||
|
||||
### Now supports **Let's Encrypt v2**!!
|
||||
|
||||
Install
|
||||
=======
|
||||
|
||||
|
@ -130,18 +125,7 @@ function leAgree(opts, agreeCb) {
|
|||
}
|
||||
|
||||
le = LE.create({
|
||||
version: 'draft-11' // 'draft-11' or 'v01'
|
||||
// 'draft-11' is for Let's Encrypt v2 otherwise known as ACME draft 11
|
||||
// 'v02' is an alias for 'draft-11'
|
||||
// 'v01' is for the pre-spec Let's Encrypt v1
|
||||
//
|
||||
// staging API
|
||||
server: 'https://acme-staging-v02.api.letsencrypt.org/directory'
|
||||
|
||||
//
|
||||
// production API
|
||||
//server: 'https://acme-v02.api.letsencrypt.org/directory'
|
||||
|
||||
server: LE.stagingServerUrl // or LE.productionServerUrl
|
||||
, store: leStore // handles saving of config, accounts, and certificates
|
||||
, challenges: {
|
||||
'http-01': leHttpChallenge // handles /.well-known/acme-challege keys and tokens
|
||||
|
@ -151,11 +135,6 @@ le = LE.create({
|
|||
, challengeType: 'http-01' // default to this challenge type
|
||||
, agreeToTerms: leAgree // hook to allow user to view and accept LE TOS
|
||||
//, sni: require('le-sni-auto').create({}) // handles sni callback
|
||||
|
||||
// renewals happen at a random time within this window
|
||||
, renewWithin: 14 * 24 * 60 * 60 * 1000 // certificate renewal may begin at this time
|
||||
, renewBy: 10 * 24 * 60 * 60 * 1000 // certificate renewal should happen by this time
|
||||
|
||||
, debug: false
|
||||
//, log: function (debug) {console.log.apply(console, args);} // handles debug outputs
|
||||
});
|
||||
|
@ -282,11 +261,7 @@ See https://git.coolaj86.com/coolaj86/le-challenge-fs.js
|
|||
|
||||
Change History
|
||||
==============
|
||||
* v2.2 - Let's Encrypt v2 Support
|
||||
* v2.2.4 - don't promisify all of `dns`
|
||||
* v2.2.3 - `renewWithin` default to 14 days
|
||||
* v2.2.2 - replace git dependency with npm
|
||||
* v2.2.1 - April 2018 **Let's Encrypt v2** support
|
||||
|
||||
* v2.1.17 - Nov 5th 2017 migrate back to personal repo
|
||||
* v2.1.9 - Jan 18th 2017 renamed to greenlock
|
||||
* v2.0.2 - Aug 9th 2016 update readme
|
||||
|
|
111
index.js
111
index.js
|
@ -2,7 +2,7 @@
|
|||
|
||||
var DAY = 24 * 60 * 60 * 1000;
|
||||
//var MIN = 60 * 1000;
|
||||
var ACME = require('acme-v2/compat').ACME;
|
||||
var ACME = require('le-acme-core').ACME;
|
||||
|
||||
var LE = module.exports;
|
||||
LE.LE = LE;
|
||||
|
@ -19,12 +19,12 @@ function _log(debug) {
|
|||
}
|
||||
|
||||
LE.defaults = {
|
||||
productionServerUrl: 'https://acme-v02.api.letsencrypt.org/directory'
|
||||
, stagingServerUrl: 'https://acme-staging-v02.api.letsencrypt.org/directory'
|
||||
productionServerUrl: ACME.productionServerUrl
|
||||
, stagingServerUrl: ACME.stagingServerUrl
|
||||
|
||||
, rsaKeySize: ACME.rsaKeySize || 2048
|
||||
, challengeType: ACME.challengeType || 'http-01'
|
||||
, challengeTypes: ACME.challengeTypes || [ 'http-01', 'dns-01' ]
|
||||
, challengeTypes: ACME.challengeTypes || [ 'http-01', 'tls-sni-01', 'dns-01' ]
|
||||
|
||||
, acmeChallengePrefix: ACME.acmeChallengePrefix
|
||||
};
|
||||
|
@ -53,7 +53,6 @@ LE._undefined = {
|
|||
, rsaKeySize: u
|
||||
, challengeType: u
|
||||
, server: u
|
||||
, version: u
|
||||
, agreeToTerms: u
|
||||
, _ipc: u
|
||||
, duplicate: u
|
||||
|
@ -71,6 +70,7 @@ LE._undefine = function (le) {
|
|||
LE.create = function (le) {
|
||||
var PromiseA = require('bluebird');
|
||||
|
||||
le.acme = le.acme || ACME.create({ debug: le.debug });
|
||||
le.store = le.store || require('le-store-certbot').create({ debug: le.debug });
|
||||
le.core = require('./lib/core');
|
||||
var log = le.log || _log;
|
||||
|
@ -81,11 +81,9 @@ LE.create = function (le) {
|
|||
if (!le.challenges['http-01']) {
|
||||
le.challenges['http-01'] = require('le-challenge-fs').create({ debug: le.debug });
|
||||
}
|
||||
/*
|
||||
if (!le.challenges['tls-sni-01']) {
|
||||
le.challenges['tls-sni-01'] = require('le-challenge-sni').create({ debug: le.debug });
|
||||
}
|
||||
*/
|
||||
if (!le.challenges['dns-01']) {
|
||||
try {
|
||||
le.challenges['dns-01'] = require('le-challenge-ddns').create({ debug: le.debug });
|
||||
|
@ -103,12 +101,11 @@ LE.create = function (le) {
|
|||
le.rsaKeySize = le.rsaKeySize || LE.rsaKeySize;
|
||||
le.challengeType = le.challengeType || LE.challengeType;
|
||||
le._ipc = ipc;
|
||||
le._communityPackage = le._communityPackage || 'greenlock.js';
|
||||
le.agreeToTerms = le.agreeToTerms || function (args, agreeCb) {
|
||||
agreeCb(new Error("'agreeToTerms' was not supplied to LE and 'agreeTos' was not supplied to LE.register"));
|
||||
};
|
||||
|
||||
if (!le.renewWithin) { le.renewWithin = 14 * DAY; }
|
||||
if (!le.renewWithin) { le.renewWithin = 7 * DAY; }
|
||||
// renewBy has a default in le-sni-auto
|
||||
|
||||
if (!le.server) {
|
||||
|
@ -121,42 +118,6 @@ LE.create = function (le) {
|
|||
le.server = LE.productionServerUrl;
|
||||
}
|
||||
|
||||
if (-1 !== [ 'https://acme-v01.api.letsencrypt.org/directory'
|
||||
, 'https://acme-staging.api.letsencrypt.org/directory' ].indexOf(le.server)) {
|
||||
ACME = require('le-acme-core').ACME;
|
||||
console.warn("Let's Encrypt v1 is deprecated. Please update to Let's Encrypt v2 (ACME draft 11)");
|
||||
}
|
||||
else if (-1 !== [ 'https://acme-v02.api.letsencrypt.org/directory'
|
||||
, 'https://acme-staging-v02.api.letsencrypt.org/directory' ].indexOf(le.server)) {
|
||||
if ('v02' !== le.version && 'draft-11' !== le.version) {
|
||||
ACME = require('le-acme-core').ACME;
|
||||
if ('v01' !== le.version) {
|
||||
//console.warn("Please specify version: 'v01' (Let's Encrypt v1) or 'draft-11' (Let's Encrypt v2 / ACME draft 11)");
|
||||
console.warn("");
|
||||
console.warn("");
|
||||
console.warn("");
|
||||
console.warn("====================================================================");
|
||||
console.warn("== greenlock.js (v2.2.0+) ==");
|
||||
console.warn("====================================================================");
|
||||
console.warn("");
|
||||
console.warn("Please specify 'version' option:");
|
||||
console.warn("");
|
||||
console.warn(" 'v01' for Let's Encrypt v1");
|
||||
console.warn(" or");
|
||||
console.warn(" 'draft-11' for Let's Encrypt v2 and ACME draft 11");
|
||||
console.warn(" ('v02' is an alias of 'draft-11'");
|
||||
console.warn("");
|
||||
console.warn("====================================================================");
|
||||
console.warn("== this will be required from version v2.3 forward ==");
|
||||
console.warn("====================================================================");
|
||||
console.warn("");
|
||||
console.warn("");
|
||||
console.warn("");
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
le.acme = le.acme || ACME.create({ debug: le.debug });
|
||||
if (le.acme.create) {
|
||||
le.acme = le.acme.create(le);
|
||||
}
|
||||
|
@ -222,7 +183,6 @@ LE.create = function (le) {
|
|||
+ " You must define removeChallenge as function (opts, domain, token, cb) { }");
|
||||
}
|
||||
|
||||
/*
|
||||
if (!le._challengeWarn && (!challenger.loopback || 4 !== challenger.loopback.length)) {
|
||||
le._challengeWarn = true;
|
||||
console.warn("le.challenges[" + challengeType + "].loopback should be defined as function (opts, domain, token, cb) { ... } and should prove (by external means) that the ACME server challenge '" + challengeType + "' will succeed");
|
||||
|
@ -231,7 +191,6 @@ LE.create = function (le) {
|
|||
le._challengeWarn = true;
|
||||
console.warn("le.challenges[" + challengeType + "].test should be defined as function (opts, domain, token, keyAuthorization, cb) { ... } and should prove (by external means) that the ACME server challenge '" + challengeType + "' will succeed");
|
||||
}
|
||||
*/
|
||||
});
|
||||
|
||||
le.sni = le.sni || null;
|
||||
|
@ -260,7 +219,6 @@ LE.create = function (le) {
|
|||
lexOpts.domains = le.approvedDomains.slice(0);
|
||||
lexOpts.email = le.email;
|
||||
lexOpts.agreeTos = le.agreeTos;
|
||||
lexOpts.communityMember = lexOpts.communityMember;
|
||||
return cb(null, { options: lexOpts, certs: certs });
|
||||
}
|
||||
log(le.debug, 'unapproved domain', lexOpts.domains, le.approvedDomains);
|
||||
|
@ -273,53 +231,36 @@ LE.create = function (le) {
|
|||
log(le.debug, 'le.getCertificates called for', domain, 'with certs for', certs && certs.altnames || 'NONE');
|
||||
var opts = { domain: domain, domains: certs && certs.altnames || [ domain ] };
|
||||
|
||||
try {
|
||||
le.approveDomains(opts, certs, function (_err, results) {
|
||||
if (_err) {
|
||||
log(le.debug, 'le.approveDomains called with error', _err);
|
||||
cb(_err);
|
||||
return;
|
||||
}
|
||||
le.approveDomains(opts, certs, function (_err, results) {
|
||||
if (_err) {
|
||||
log(le.debug, 'le.approveDomains called with error', _err);
|
||||
cb(_err);
|
||||
return;
|
||||
}
|
||||
|
||||
log(le.debug, 'le.approveDomains called with certs for', results.certs && results.certs.altnames || 'NONE', 'and options:');
|
||||
log(le.debug, results.options);
|
||||
log(le.debug, 'le.approveDomains called with certs for', results.certs && results.certs.altnames || 'NONE', 'and options:');
|
||||
log(le.debug, results.options);
|
||||
|
||||
var promise;
|
||||
var promise;
|
||||
|
||||
if (results.certs) {
|
||||
log(le.debug, 'le renewing');
|
||||
promise = le.core.certificates.renewAsync(results.options, results.certs);
|
||||
}
|
||||
else {
|
||||
log(le.debug, 'le getting from disk or registering new');
|
||||
promise = le.core.certificates.getAsync(results.options);
|
||||
}
|
||||
if (results.certs) {
|
||||
log(le.debug, 'le renewing');
|
||||
promise = le.core.certificates.renewAsync(results.options, results.certs);
|
||||
}
|
||||
else {
|
||||
log(le.debug, 'le getting from disk or registering new');
|
||||
promise = le.core.certificates.getAsync(results.options);
|
||||
}
|
||||
|
||||
return promise.then(function (certs) { cb(null, certs); }, function (e) {
|
||||
if (le.debug) { console.debug("Error"); console.debug(e); }
|
||||
cb(e);
|
||||
});
|
||||
});
|
||||
} catch(e) {
|
||||
console.error("[ERROR] Something went wrong in approveDomains:");
|
||||
console.error(e);
|
||||
console.error("BUT WAIT! Good news: It's probably your fault, so you can probably fix it.");
|
||||
}
|
||||
return promise.then(function (certs) { cb(null, certs); }, cb);
|
||||
});
|
||||
};
|
||||
}
|
||||
le.sni = le.sni || require('le-sni-auto');
|
||||
if (le.sni.create) {
|
||||
le.sni = le.sni.create(le);
|
||||
}
|
||||
le.tlsOptions.SNICallback = function (domain, cb) {
|
||||
try {
|
||||
le.sni.sniCallback(domain, cb);
|
||||
} catch(e) {
|
||||
console.error("[ERROR] Something went wrong in the SNICallback:");
|
||||
console.error(e);
|
||||
cb(e);
|
||||
}
|
||||
};
|
||||
le.tlsOptions.SNICallback = le.sni.sniCallback;
|
||||
}
|
||||
if (!le.tlsOptions.key || !le.tlsOptions.cert) {
|
||||
le.tlsOptions = require('localhost.daplie.me-certificates').merge(le.tlsOptions);
|
||||
|
|
|
@ -1,29 +0,0 @@
|
|||
'use strict';
|
||||
|
||||
function addCommunityMember(pkg, email, domains) {
|
||||
setTimeout(function () {
|
||||
var https = require('https');
|
||||
var req = https.request({
|
||||
hostname: 'api.ppl.family'
|
||||
, port: 443
|
||||
, path: '/api/ppl.family/public/list'
|
||||
, method: 'POST'
|
||||
, headers: {
|
||||
'Content-Type': 'application/json'
|
||||
}
|
||||
}, function (err, resp) {
|
||||
if (err) { return; }
|
||||
resp.on('data', function () {});
|
||||
});
|
||||
req.write(JSON.stringify({
|
||||
address: email
|
||||
, comment: (pkg || 'community') + ' member w/ ' + (domains||[]).map(function (d) {
|
||||
return require('crypto').createHash('sha1').update(d).digest('base64')
|
||||
.replace(/\//g, '_').replace(/\+/g, '-').replace(/=/g, '');
|
||||
}).join(',')
|
||||
}));
|
||||
req.end();
|
||||
}, 50);
|
||||
}
|
||||
|
||||
module.exports.add = addCommunityMember;
|
12
lib/core.js
12
lib/core.js
|
@ -387,23 +387,11 @@ module.exports.create = function (le) {
|
|||
return core.certificates.checkAsync(args).then(function (certs) {
|
||||
if (!certs) {
|
||||
// There is no cert available
|
||||
if (args.communityMember && !args._communityMemberAdded) {
|
||||
try {
|
||||
require('./community').add(args._communityPackage + ' reg', args.email, args.domains);
|
||||
} catch(e) { /* ignore */ }
|
||||
args._communityMemberAdded = true;
|
||||
}
|
||||
return core.certificates.registerAsync(args);
|
||||
}
|
||||
|
||||
if (core.certificates._isRenewable(args, certs)) {
|
||||
// it's time to renew the available cert
|
||||
if (args.communityMember && !args._communityMemberAdded) {
|
||||
try {
|
||||
require('./community').add(args._communityPackage + ' renew', args.email, args.domains);
|
||||
} catch(e) { /* ignore */ }
|
||||
args._communityMemberAdded = true;
|
||||
}
|
||||
certs.renewing = core.certificates.renewAsync(args, certs);
|
||||
if (args.waitForRenewal) {
|
||||
return certs.renewing;
|
||||
|
|
13
lib/utils.js
13
lib/utils.js
|
@ -2,11 +2,10 @@
|
|||
|
||||
var path = require('path');
|
||||
var homeRe = new RegExp("^~(\\/|\\\\|\\" + path.sep + ")");
|
||||
// very basic check. Allows *.example.com.
|
||||
var re = /^(\*\.)?[a-zA-Z0-9\.\-]+$/;
|
||||
var re = /^[a-zA-Z0-9\.\-]+$/;
|
||||
var punycode = require('punycode');
|
||||
var promisify = (require('util').promisify || require('bluebird').promisify);
|
||||
var dnsResolveMxAsync = promisify(require('dns').resolveMx);
|
||||
var PromiseA = require('bluebird');
|
||||
var dns = PromiseA.promisifyAll(require('dns'));
|
||||
|
||||
module.exports.attachCertInfo = function (results) {
|
||||
// XXX Note: Parsing the certificate info comes at a great cost (~500kb)
|
||||
|
@ -108,10 +107,10 @@ module.exports.testEmail = function (email) {
|
|||
if (2 !== parts.length || !parts[0] || !parts[1]) {
|
||||
err = new Error("malformed email address '" + email + "'");
|
||||
err.code = 'E_EMAIL';
|
||||
return Promise.reject(err);
|
||||
return PromiseA.reject(err);
|
||||
}
|
||||
|
||||
return dnsResolveMxAsync(parts[1]).then(function (records) {
|
||||
return dns.resolveMxAsync(parts[1]).then(function (records) {
|
||||
// records only returns when there is data
|
||||
if (!records.length) {
|
||||
throw new Error("sanity check fail: success, but no MX records returned");
|
||||
|
@ -121,7 +120,7 @@ module.exports.testEmail = function (email) {
|
|||
if ('ENODATA' === err.code) {
|
||||
err = new Error("no MX records found for '" + parts[1] + "'");
|
||||
err.code = 'E_EMAIL';
|
||||
return Promise.reject(err);
|
||||
return PromiseA.reject(err);
|
||||
}
|
||||
});
|
||||
};
|
||||
|
|
43
package.json
43
package.json
|
@ -1,6 +1,6 @@
|
|||
{
|
||||
"name": "greenlock",
|
||||
"version": "2.2.10",
|
||||
"version": "2.1.17",
|
||||
"description": "Let's Encrypt for node.js on npm",
|
||||
"main": "index.js",
|
||||
"scripts": {
|
||||
|
@ -11,35 +11,14 @@
|
|||
"url": "git+https://git.coolaj86.com/coolaj86/greenlock.js.git"
|
||||
},
|
||||
"keywords": [
|
||||
"acmev2",
|
||||
"acmev02",
|
||||
"acme-v2",
|
||||
"acme-v02",
|
||||
"acme",
|
||||
"acme2",
|
||||
"acme11",
|
||||
"acme-draft11",
|
||||
"acme-draft-11",
|
||||
"draft",
|
||||
"11",
|
||||
"free",
|
||||
"ssl",
|
||||
"tls",
|
||||
"https",
|
||||
"Let's Encrypt",
|
||||
"letsencrypt",
|
||||
"letsencrypt-v2",
|
||||
"letsencrypt-v02",
|
||||
"letsencryptv2",
|
||||
"letsencryptv02",
|
||||
"letsencrypt2",
|
||||
"v2",
|
||||
"v02",
|
||||
"greenlock",
|
||||
"letsencrypt",
|
||||
"letsencrypt.org",
|
||||
"le",
|
||||
"Let's Encrypt",
|
||||
"lejs",
|
||||
"le.js",
|
||||
"acme",
|
||||
"node",
|
||||
"nodejs",
|
||||
"node.js",
|
||||
|
@ -54,26 +33,20 @@
|
|||
"devDependencies": {
|
||||
"request": "^2.75.0"
|
||||
},
|
||||
"optionalDependencies": {
|
||||
"bluebird": "^3.5.1"
|
||||
},
|
||||
"optionalDependencies": {},
|
||||
"dependencies": {
|
||||
"acme-v2": "^1.0.2",
|
||||
"asn1js": "^1.2.12",
|
||||
"bluebird": "^3.0.6",
|
||||
"certpem": "^1.0.0",
|
||||
"homedir": "^0.6.0",
|
||||
"le-acme-core": "^2.1.2",
|
||||
"le-acme-core": "^2.0.5",
|
||||
"le-challenge-fs": "^2.0.2",
|
||||
"le-challenge-sni": "^2.0.0",
|
||||
"le-sni-auto": "^2.1.3",
|
||||
"le-sni-auto": "^2.1.0",
|
||||
"le-store-certbot": "^2.0.3",
|
||||
"localhost.daplie.me-certificates": "^1.3.0",
|
||||
"node.extend": "^1.1.5",
|
||||
"pkijs": "^1.3.27",
|
||||
"rsa-compat": "^1.2.1"
|
||||
},
|
||||
"gitDependencies": {
|
||||
"acme-v2": "git+https://git.coolaj86.com/coolaj86/acme-v2.js.git#v1.0",
|
||||
"le-acme-core": "git+https://git.coolaj86.com/coolaj86/le-acme-core.js.git#v2.1"
|
||||
}
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue