v2.1.9: ignore failed background refresh

Merge branch 'master' of layerssss/le-sni-auto.js into master
sniCallback: noop on async getCertificates error, fix #1
2019-04-15 11:37:41 -06:00 · 2019-04-15 17:36:25 +00:00 · 2019-04-15 16:50:55 +12:00 · 2019-03-30 13:26:24 -06:00 · 2018-11-10 02:46:58 -07:00 · 2018-05-12 16:50:36 -06:00
4 changed files with 40 additions and 24 deletions
--- a/README.md
+++ b/README.md
@ -31,8 +31,8 @@ With node-letsencrypt

 var leSni = require('le-sni-auto').create({

-  renewWithin: 10 * 24 * 60 * 60 1000       // do not renew more than 10 days before expiration
-, renewBy: 5 * 24 * 60 * 60 1000         // do not wait more than 5 days before expiration
+  renewWithin: 14 * 24 * 60 * 60 1000     // do not renew more than 14 days before expiration
+, renewBy: 10 * 24 * 60 * 60 1000         // do not wait more than 10 days before expiration

 , tlsOptions: {
    rejectUnauthorized: true              // These options will be used with tls.createSecureContext()
@ -78,8 +78,8 @@ Standalone


 var leSni = require('le-sni-auto').create({
-  renewWithin: 10 * 24 * 60 * 60 1000       // do not renew prior to 10 days before expiration
-, renewBy: 5 * 24 * 60 * 60 1000         // do not wait more than 5 days before expiration
+  renewWithin: 14 * 24 * 60 * 60 1000       // do not renew prior to 10 days before expiration
+, renewBy: 10 * 24 * 60 * 60 1000         // do not wait more than 5 days before expiration

  // key (privkey.pem) and cert (cert.pem + chain.pem) will be provided by letsencrypt
 , tlsOptions: { rejectUnauthorized: true, requestCert: false, ca: null, crl: null }
@ -92,11 +92,9 @@ var leSni = require('le-sni-auto').create({



-// some default certificates that work with localhost
-// (because default certificates are required as a fallback)
-var tlsOptions = require('localhost.daplie.me-certificates').merge({
+var tlsOptions = {
  SNICallback: leSni.sniCallback
-});
+};

 https.createServer(tlsOptions, app);
 ```
@ -145,12 +143,12 @@ This gets passed to `https.createServer(tlsOptions, app)` as `tlsOptions.SNICall

 ```javascript
 var leSni = require('le-sni-auto').create({
-  renewWithin: 10 * 24 * 60 * 60 1000
+  renewWithin: 14 * 24 * 60 * 60 1000
 });

-var tlsOptions = require('localhost.daplie.com-certificates').merge({
+var tlsOptions = {
  SNICallback: leSni.sniCallback
-});
+};

 function app(req, res) {
  res.end("Hello, World!");
--- a/index.js
+++ b/index.js
@ -1,29 +1,38 @@
 'use strict';

 var DAY = 24 * 60 * 60 * 1000;
+var HOUR = 60 * 60 * 1000;
 var MIN = 60 * 1000;
 var defaults = {
  // don't renew before the renewWithin period
-  renewWithin: 14 * DAY
-, _renewWithinMin: 10 * DAY
+  renewWithin: 30 * DAY
+, _renewWithinMin: 3 * DAY
  // renew before the renewBy period
-, renewBy: 2 * DAY
+, renewBy: 21 * DAY
 , _renewByMin: Math.floor(DAY / 2)
  // just to account for clock skew really
 , _dropDead: 5 * MIN
 };
+var promisify = require('util').promisify;
+if (!promisify) {
+  try {
+    promisify = require('bluebird').promisify;
+  } catch(e) {
+    console.error("You're running an older version of node that doesn't have 'promisify'. Please run 'npm install bluebird --save'.");
+  }
+}

 // autoSni = { renewWithin, renewBy, getCertificates, tlsOptions, _dbg_now }
 module.exports.create = function (autoSni) {

-  if (!autoSni.getCertificatesAsync) { autoSni.getCertificatesAsync = require('bluebird').promisify(autoSni.getCertificates); }
+  if (!autoSni.getCertificatesAsync) { autoSni.getCertificatesAsync = promisify(autoSni.getCertificates); }
  if (!autoSni.renewWithin) { autoSni.renewWithin = autoSni.notBefore || defaults.renewWithin; }
  if (autoSni.renewWithin < defaults._renewWithinMin) {
-    throw new Error("options.renewWithin should be at least 3 days");
+    throw new Error("options.renewWithin should be at least " + (defaults._renewWithinMin / DAY) + " days");
  }
  if (!autoSni.renewBy) { autoSni.renewBy = autoSni.notAfter || defaults.renewBy; }
  if (autoSni.renewBy < defaults._renewByMin) {
-    throw new Error("options.renewBy should be at least 12 hours");
+    throw new Error("options.renewBy should be at least " + (defaults._renewBy / HOUR) + " hours");
  }
  if (!autoSni.tlsOptions) { autoSni.tlsOptions = autoSni.httpsOptions || {}; }

@ -63,7 +72,8 @@ module.exports.create = function (autoSni) {
        certs: certs
      , tlsContext: 'string' === typeof certs.cert && tls.createSecureContext({
          key: certs.privkey
-        , cert: certs.cert + certs.chain
+          // backwards/forwards compat
+        , cert: (certs.cert||'').replace(/[\r\n]+$/, '') + '\r\n' + certs.chain
        , rejectUnauthorized: autoSni.tlsOptions.rejectUnauthorized

        , requestCert: autoSni.tlsOptions.requestCert  // request peer verification
@ -121,7 +131,7 @@ module.exports.create = function (autoSni) {
      else if (certMeta.then) {
        //log(autoSni.debug, "PROMISED CERT", domain);
        // we are already getting a cert
-        promise = certMeta
+        promise = certMeta;
      }
      else if (now >= certMeta.expiresNear) {
        //log(autoSni.debug, "EXPIRED CERT");
@ -136,7 +146,10 @@ module.exports.create = function (autoSni) {
          // give the cert some time (2-5 min) to be validated and replaced before trying again
          certMeta.renewAt = (autoSni._dbg_now || Date.now()) + (2 * MIN) + (3 * MIN * Math.random());
          // let the update happen in the background
-          autoSni.getCertificatesAsync(domain, certMeta.certs).then(autoSni.cacheCerts);
+          autoSni.getCertificatesAsync(domain, certMeta.certs).then(autoSni.cacheCerts, function (error) {
+            // console.error('ERROR in le-sni-auto:');
+            // console.error(err.stack || err);
+          })
        }

        // return the valid cert right away
--- a/package-lock.json
+++ b/package-lock.json
@ -0,0 +1,5 @@
+{
+  "name": "le-sni-auto",
+  "version": "2.1.9",
+  "lockfileVersion": 1
+}
--- a/package.json
+++ b/package.json
@ -1,11 +1,11 @@
 {
  "name": "le-sni-auto",
-  "version": "2.1.2",
+  "version": "2.1.9",
  "description": "An auto-sni strategy for registering and renewing letsencrypt certificates using SNICallback",
  "homepage": "https://git.coolaj86.com/coolaj86/le-sni-auto.js",
  "main": "index.js",
-  "dependencies": {
-    "bluebird": "^3.4.1"
+  "trulyOptionalDependencies": {
+    "bluebird": "^3.5.1"
  },
  "devDependencies": {},
  "scripts": {
@ -13,7 +13,7 @@
  },
  "repository": {
    "type": "git",
-    "url": "git+https://git.coolaj86.com/coolaj86/le-sni-auto.git"
+    "url": "https://git.coolaj86.com/coolaj86/le-sni-auto.js.git"
  },
  "keywords": [
    "le-sni",
Author	SHA1	Message	Date
AJ ONeal	e0912d0f76	v2.1.9: ignore failed background refresh	2019-04-15 11:37:41 -06:00
AJ ONeal	1f3e2670b9	Merge branch 'master' of layerssss/le-sni-auto.js into master	2019-04-15 17:36:25 +00:00
Michael Yin	6c8de20090	sniCallback: noop on async getCertificates error, fix #1	2019-04-15 16:50:55 +12:00
AJ ONeal	fd06582813	v2.1.8: make bluebird truly optional	2019-03-30 13:26:24 -06:00
AJ ONeal	14458181bf	v2.1.6: update with new 30-21 day renewal defaults	2018-11-10 02:46:58 -07:00
AJ ONeal	65f0989b44	remove unused package	2018-05-12 16:50:36 -06:00
AJ ONeal	c92dde1b87	v2.1.5 fix CRLF issue with fullchain	2018-04-25 23:01:14 -06:00
AJ ONeal	19dd9a95f4	update renewWithin defaults	2018-04-19 15:02:28 -06:00
AJ ONeal	894b687ff7	update docs with new within/by defaults	2018-04-19 13:36:34 -06:00
AJ ONeal	7cebf47125	v2.1.3	2018-04-19 13:30:16 -06:00
AJ ONeal	ff39ea58c7	revert mandatory minimum hours	2018-04-19 13:29:55 -06:00