The "certbot" storage strategy for Greenlock.js
Go to file
AJ ONeal 16637c4f67
fix: skip (instead of fail) when pems.bundle is unavailable
2024-05-13 13:03:08 -06:00
.gitignore Initial commit 2016-08-04 22:55:31 -06:00
LICENSE Initial commit 2016-08-04 22:55:31 -06:00
README.md v2.2.2: Deprecated 2019-04-04 23:02:41 -06:00
index.js fix: skip (instead of fail) when pems.bundle is unavailable 2024-05-13 13:03:08 -06:00
package-lock.json v2.2.3: node v6 promisify fix, eliminate external deps 2019-04-16 00:29:18 -06:00
package.json v2.2.3: node v6 promisify fix, eliminate external deps 2019-04-16 00:29:18 -06:00
renewal.conf.tpl Disable OCSP stapling by default. 2018-05-15 09:02:44 -06:00

README.md

Deprecated

le-store-certbot has been replaced with le-store-fs.

The new storage strategy keeps file system compatibility, but drops support for Python config files.

Unless you're running certbot and Greenlock side-by-side, or interchangeably, you switch to le-store-fs.

Migrating to le-store-fs

It's painless and all of your existing certificates will be preserved (assuming you use the same configDir as before).

Greenlock.create({

  // Leave configDir as it, if you've been setting it yourself.
  // Otherwise you should explicitly set it to the previous default:
  configDir: '~/letsencrypt/etc'

  // le-store-fs takes the same options as le-store-certbot,
  // but ignores some of the ones that aren't important.
, store: require('le-store-fs').create({})

  ...
})

Alternatives

  • Search npm for "le-store-" to find many alternatives.

le-store-certbot

The "certbot" storage strategy for Greenlock.js.

This le storage strategy aims to maintain compatibility with the configuration files and file structure of the official certbot client.

Note: You cannot use this strategy on ephemeral instances (heroku, aws elastic).

Usage

npm install --save le-store-certbot@2.x
var leStore = require('le-store-certbot').create({
  configDir: require('homedir')() + '/acme/etc'          // or /etc/acme or wherever
, privkeyPath: ':configDir/live/:hostname/privkey.pem'          //
, fullchainPath: ':configDir/live/:hostname/fullchain.pem'      // Note: both that :configDir and :hostname
, certPath: ':configDir/live/:hostname/cert.pem'                //       will be templated as expected by
, chainPath: ':configDir/live/:hostname/chain.pem'              //       greenlock.js

, logsDir: require('homedir')() + '/tmp/acme/log'

, webrootPath: '~/acme/srv/www/:hostname/.well-known/acme-challenge'

, debug: false
});

The store module can be used globally with Greenlock like this:

var Greenlock = require('greenlock');

Greenlock.create({
  ...
, store: leStore
});

Example File Structure

~/acme/
└── etc
    ├── accounts
    │   └── acme-staging.api.letsencrypt.org
    │       └── directory
    │           └── cd96ac4889ddfa47bfc66300ab223342
    │               ├── meta.json
    │               ├── private_key.json
    │               └── regr.json
    ├── archive
    │   └── example.com
    │       ├── cert0.pem
    │       ├── chain0.pem
    │       ├── fullchain0.pem
    │       └── privkey0.pem
    ├── live
    │   └── example.com
    │       ├── cert.pem
    │       ├── chain.pem
    │       ├── fullchain.pem
    │       ├── privkey.pem
    │       └── privkey.pem.bak
    └── renewal
        ├── example.com.conf
        └── example.com.conf.bak