75 lines
2.0 KiB
JavaScript
75 lines
2.0 KiB
JavaScript
'use strict';
|
|
|
|
var letsencrypt = require('letsencrypt');
|
|
var networkInterfaces = require('os').networkInterfaces();
|
|
var ipify = require('ipify');
|
|
|
|
function getSecureContext(le, hostname, cb) {
|
|
hostname = hostname.replace(/^www\./, '');
|
|
|
|
function needsRegistration(hostnames, cb) {
|
|
//
|
|
// IMPORTANT
|
|
//
|
|
// Before attempting a dynamic registration you need to validate that
|
|
//
|
|
// * these are hostnames that you expected to exist on the system
|
|
// * their A records currently point to this ip
|
|
// * this system's ip hasn't changed
|
|
//
|
|
// If you do not check these things, then someone could attack you
|
|
// and cause you, in return, to have your ip be rate-limit blocked
|
|
//
|
|
le.validate(hostnames, {
|
|
networkInterfaces: networkInterfaces
|
|
, ipify: ipify
|
|
}, function (err) {
|
|
if (err) {
|
|
cb(null, null);
|
|
return;
|
|
}
|
|
|
|
// these hostnames need to be registered
|
|
//
|
|
cb(null, {
|
|
email: 'john.doe@gmail.com'
|
|
, agreeTos: true
|
|
, domains: ['www.' + hostname, hostname]
|
|
});
|
|
});
|
|
}
|
|
|
|
// secure contexts will be cached
|
|
// renewals will be checked in the background
|
|
|
|
le.get(hostname, needsRegistration, function (secureContext) {
|
|
// this will fallback to the localCerts if the domain cannot be registered
|
|
if (!secureContext) {
|
|
var localCerts = require('localhost.daplie.com-certificates');
|
|
secureContext = localCerts;
|
|
}
|
|
cb(null, secureContext);
|
|
}, function (err) {
|
|
cb(err);
|
|
});
|
|
}
|
|
|
|
letsencrypt.create(
|
|
'/home/user/.local/share/letsencrypt/bin/letsencrypt'
|
|
// set some defaults
|
|
, { configDir: '/etc/letsencrypt'
|
|
, workDir: '/var/lib/letsencrypt'
|
|
, logsDir: '/var/log/letsencrypt'
|
|
, standalone: true
|
|
//, webroot: true
|
|
//, webrootPath: '/srv/www/acme-challenges/'
|
|
}
|
|
, { cacheContextsFor: 1 * 60 * 60 * 1000 // 1 hour
|
|
, cacheRenewChecksFor: 3 * 24 * 60 * 60 * 1000 // 3 days
|
|
}
|
|
).then(function (le) {
|
|
getSecureContext(le, 'example.com', function (secureContext) {
|
|
console.log(secureContext);
|
|
});
|
|
});
|