Compare commits
9 Commits
8ed6e3cdcc
...
cb5a079ea2
Author | SHA1 | Date |
---|---|---|
AJ ONeal | cb5a079ea2 | |
Andre Natal | 795e52a978 | |
Andre Natal | 6e44d2d5b1 | |
Andre Natal | d983158ec0 | |
Andre Natal | 3dcd2f4c43 | |
Tim Caswell | f6788d185a | |
AJ ONeal | dea11513a8 | |
AJ ONeal | d5a61df0e8 | |
AJ ONeal | b9883fe105 |
|
@ -8,8 +8,6 @@ le-challenge-dns
|
|||
| [acme-v2.js](https://git.coolaj86.com/coolaj86/acme-v2.js)
|
||||
|
|
||||
|
||||
**For production** use [`le-challenge-ddns`](https://git.coolaj86.com/coolaj86/le-challenge-ddns) (or a similar ddns tool)
|
||||
|
||||
A manual (interactive CLI) dns-based strategy for node-letsencrypt for setting, retrieving,
|
||||
and clearing ACME DNS-01 challenges issued by the ACME server
|
||||
|
||||
|
|
66
index.js
66
index.js
|
@ -4,6 +4,8 @@ var PromiseA = require('bluebird');
|
|||
var dns = PromiseA.promisifyAll(require('dns'));
|
||||
var Challenge = module.exports;
|
||||
|
||||
var leDnsResponse;
|
||||
|
||||
Challenge.create = function (defaults) {
|
||||
return {
|
||||
getOptions: function () {
|
||||
|
@ -24,32 +26,39 @@ Challenge.set = function (args, domain, challenge, keyAuthorization, cb) {
|
|||
.replace(/\//g, '_')
|
||||
.replace(/=+$/g, '')
|
||||
;
|
||||
var challengeDomain = (args.test || '') + args.acmeChallengeDns + domain;
|
||||
var challengeDomain = domain;
|
||||
|
||||
console.info("");
|
||||
console.info("Challenge for '" + domain + "'");
|
||||
console.info("");
|
||||
console.info("We now present (for you copy-and-paste pleasure) your ACME Challenge");
|
||||
console.info("public Challenge and secret KeyAuthorization and Digest, in that order, respectively:");
|
||||
console.info(challenge);
|
||||
console.info(keyAuthorization);
|
||||
console.info(keyAuthDigest);
|
||||
console.info("");
|
||||
console.info(challengeDomain + "\tTXT " + keyAuthDigest + "\tTTL 60");
|
||||
console.info("");
|
||||
console.info(JSON.stringify({
|
||||
domain: domain
|
||||
, challenge: challenge
|
||||
, keyAuthorization: keyAuthorization
|
||||
, keyAuthDigest: keyAuthDigest
|
||||
}, null, ' ').replace(/^/gm, '\t'));
|
||||
console.info("");
|
||||
console.info("hit enter to continue...");
|
||||
process.stdin.resume();
|
||||
process.stdin.on('data', function () {
|
||||
process.stdin.pause();
|
||||
cb(null);
|
||||
});
|
||||
if (this.leDnsResponse) {
|
||||
this.leDnsResponse(challenge, keyAuthorization, keyAuthDigest, challengeDomain, domain)
|
||||
.then((successMessage) => {
|
||||
cb(null);
|
||||
});
|
||||
} else {
|
||||
console.info("");
|
||||
console.info("Challenge for '" + domain + "'");
|
||||
console.info("");
|
||||
console.info("We now present (for you copy-and-paste pleasure) your ACME Challenge");
|
||||
console.info("public Challenge and secret KeyAuthorization and Digest, in that order, respectively:");
|
||||
console.info(challenge);
|
||||
console.info(keyAuthorization);
|
||||
console.info(keyAuthDigest);
|
||||
console.info("");
|
||||
console.info(challengeDomain + "\tTXT " + keyAuthDigest + "\tTTL 60");
|
||||
console.info("");
|
||||
console.info(JSON.stringify({
|
||||
domain: domain
|
||||
, challenge: challenge
|
||||
, keyAuthorization: keyAuthorization
|
||||
, keyAuthDigest: keyAuthDigest
|
||||
}, null, ' ').replace(/^/gm, '\t'));
|
||||
console.info("");
|
||||
console.info("hit enter to continue...");
|
||||
process.stdin.resume();
|
||||
process.stdin.on('data', function () {
|
||||
process.stdin.pause();
|
||||
cb(null);
|
||||
});
|
||||
}
|
||||
};
|
||||
|
||||
// nothing to do here, that's why it's manual
|
||||
|
@ -59,12 +68,7 @@ Challenge.get = function (defaults, domain, challenge, cb) {
|
|||
|
||||
// might as well tell the user that whatever they were setting up has been checked
|
||||
Challenge.remove = function (args, domain, challenge, cb) {
|
||||
console.info("Challenge for '" + domain + "' complete. You may remove it.");
|
||||
console.info("");
|
||||
//console.info("hit enter to continue...");
|
||||
//process.stdin.resume();
|
||||
//process.stdin.on('data', function () {
|
||||
// process.stdin.pause();
|
||||
console.info("Challenge for '" + domain + "' complete. You may remove it.");
|
||||
cb(null);
|
||||
//});
|
||||
};
|
||||
|
|
|
@ -0,0 +1,102 @@
|
|||
// This Source Code Form is subject to the terms of the Mozilla Public
|
||||
// License, v. 2.0. If a copy of the MPL was not distributed with this
|
||||
// file, You can obtain one at http://mozilla.org/MPL/2.0/.
|
||||
|
||||
'use strict';
|
||||
|
||||
var le;
|
||||
var fetch = require('node-fetch');
|
||||
var LE = require('greenlock');
|
||||
var leChallengeDns = require('./index.js').create({ debug: false })
|
||||
// Storage Backend
|
||||
var leStore = require('le-store-certbot').create({
|
||||
configDir: '~/letsencrypt/etc' // or /etc/letsencrypt or wherever
|
||||
, debug: true
|
||||
, logsDir: '~/letsencrypt/var/log'
|
||||
});
|
||||
|
||||
function leAgree(opts, agreeCb) {
|
||||
// opts = { email, domains, tosUrl }
|
||||
agreeCb(null, opts.tosUrl);
|
||||
}
|
||||
|
||||
let subdomain = String(Math.random()).replace('.','');
|
||||
|
||||
le = LE.create({
|
||||
server: LE.productionServerUrl // Change to LE.productionServerUrl in production
|
||||
, challengeType: 'dns-01'
|
||||
, challenges: {
|
||||
'dns-01': leChallengeDns
|
||||
}
|
||||
, approveDomains: [ subdomain + '.box.knilxof.org' ]
|
||||
, agreeToTerms: leAgree // hook to allow user to view and accept LE TOS
|
||||
, debug: true
|
||||
, store: leStore
|
||||
});
|
||||
|
||||
|
||||
|
||||
// Check in-memory cache of certificates for the named domain
|
||||
le.check({ domains: [ subdomain + '.box.knilxof.org' ] }).then(function (results) {
|
||||
|
||||
if (results) {
|
||||
// we already have certificates
|
||||
return;
|
||||
}
|
||||
|
||||
let token;
|
||||
let challenge;
|
||||
|
||||
// promise to be called when LE has the dns challenge ready for us
|
||||
leChallengeDns.leDnsResponse = function(challenge, keyAuthorization, keyAuthDigest, challengeDomain, domain){
|
||||
|
||||
console.info("");
|
||||
console.info("Challenge for '" + domain + "'");
|
||||
console.info("");
|
||||
console.info("We now present (for you copy-and-paste pleasure) your ACME Challenge");
|
||||
console.info("public Challenge and secret KeyAuthorization and Digest, in that order, respectively:");
|
||||
console.info(challenge);
|
||||
console.info(keyAuthorization);
|
||||
console.info(keyAuthDigest);
|
||||
console.info("");
|
||||
console.info(challengeDomain + "\tTXT " + keyAuthDigest + "\tTTL 60");
|
||||
console.info("");
|
||||
console.info(JSON.stringify({
|
||||
domain: domain
|
||||
, challenge: challenge
|
||||
, keyAuthorization: keyAuthorization
|
||||
, keyAuthDigest: keyAuthDigest
|
||||
}, null, ' ').replace(/^/gm, '\t'));
|
||||
console.info("");
|
||||
|
||||
return new Promise((resolve, reject) => {
|
||||
// ok now that we have a challenge, we call our gateway to setup the TXT record
|
||||
fetch('http://knilxof.org//dnsconfig?token=' + token + '&challenge=' + keyAuthDigest)
|
||||
.then(function(res) { return res.text(); }).then(function(body) {
|
||||
console.log(body);
|
||||
resolve("Success!");
|
||||
});
|
||||
});
|
||||
}
|
||||
|
||||
fetch('http://knilxof.org/subscribe?name=' + subdomain)
|
||||
.then(function (res) { return res.text(); })
|
||||
.then(function (body) {
|
||||
const jsonBody = JSON.parse(body);
|
||||
token = jsonBody.token;
|
||||
// Register Let's Encrypt
|
||||
le.register({
|
||||
domains: [subdomain + '.box.knilxof.org'] // CHANGE TO YOUR DOMAIN (list for SANS)
|
||||
, email: 'john.doe@example.com' // CHANGE TO YOUR EMAIL
|
||||
, agreeTos: true // set to tosUrl string (or true) to pre-approve (and skip agreeToTerms)
|
||||
, rsaKeySize: 2048 // 2048 or higher
|
||||
, challengeType: 'dns-01' // http-01, tls-sni-01, or dns-01
|
||||
}).then(function (results) {
|
||||
console.log('success');
|
||||
}, function (err) {
|
||||
console.error('[Error]: node-greenlock/examples/standalone');
|
||||
console.error(err.stack);
|
||||
});
|
||||
});
|
||||
});
|
||||
|
Loading…
Reference in New Issue