acme-dns-01-cli.js/README.md

132 lines
4.0 KiB
Markdown
Raw Normal View History

2019-05-16 05:08:24 +00:00
# [acme-http-01-dns](https://git.rootprojects.org/root/acme-http-01-dns.js) | a [Root](https://rootprojects.org) project
2018-05-01 20:14:15 +00:00
An extremely simple reference implementation
2019-05-16 05:08:24 +00:00
of an ACME (Let's Encrypt) dns-01 challenge strategy.
This generic implementation can be adapted to work with any node.js ACME client,
although it was built for [Greenlock](https://git.rootprojects.org/root/greenlock-express.js)
and [ACME.js](https://git.rootprojects.org/root/acme-v2.js).
2016-10-14 19:39:54 +00:00
```
_acme-challenge.example.com TXT xxxxxxxxxxxxxxxx TTL 60
```
* Prints the ACME challenge DNS Host and DNS Key Authorization Digest to the terminal
* (waits for you to hit enter before continuing)
* Let's you know when the challenge as succeeded or failed, and is safe to remove.
Other ACME Challenge Reference Implementations:
2019-05-16 05:08:24 +00:00
* [acme-http-01-cli](https://git.rootprojects.org/root/acme-http-01-cli.js.git)
* [acme-http-01-fs](https://git.rootprojects.org/root/acme-http-01-webroot.js.git)
* [**acme-dns-01-cli**](https://git.rootprojects.org/root/acme-dns-01-cli.js.git)
2019-04-03 02:59:11 +00:00
## Install
2016-10-14 19:39:54 +00:00
```bash
2019-05-16 05:08:24 +00:00
npm install --save acme-http-01-dns@3.x
2016-10-14 19:39:54 +00:00
```
2019-05-16 05:08:24 +00:00
If you have `greenlock@v2.6` or lower, you'll need the old `le-challenge-dns@2.x` instead.
2019-04-03 02:59:11 +00:00
## Usage
2016-10-14 19:39:54 +00:00
```bash
2018-05-13 01:22:09 +00:00
var Greenlock = require('greenlock');
2016-10-14 19:39:54 +00:00
2018-05-13 01:22:09 +00:00
Greenlock.create({
2019-04-03 02:59:11 +00:00
...
2019-05-16 05:08:24 +00:00
, challenges: { 'http-01': require('acme-http-01-fs')
, 'dns-01': require('acme-dns-01-cli').create({ debug: true })
, 'tls-alpn-01': require('acme-tls-alpn-01-cli')
}
2019-04-03 02:59:11 +00:00
...
});
2018-05-13 01:22:09 +00:00
```
2019-04-03 02:59:11 +00:00
You can also switch between different implementations by
overwriting the default with the one that you want in `approveDomains()`:
2019-04-03 02:59:11 +00:00
```js
2019-05-16 05:08:24 +00:00
function approveDomains(opts) {
2018-05-13 01:22:09 +00:00
...
2019-04-03 02:59:11 +00:00
if (!opts.challenges) { opts.challenges = {}; }
2019-05-16 05:08:24 +00:00
opts.challenges['dns-01'] = acmeDns01Cli;
2019-04-03 02:59:11 +00:00
opts.challenges['http-01'] = ...
2019-05-16 05:08:24 +00:00
return Promise.resolve({ ... });
2018-05-13 01:22:09 +00:00
}
```
2016-10-14 19:39:54 +00:00
NOTE: If you request a certificate with 6 domains listed,
it will require 6 individual challenges.
## Exposed (Promise) Methods
2016-10-14 19:39:54 +00:00
For ACME Challenge:
* `set(opts)`
* `remove(opts)`
2019-04-03 02:59:11 +00:00
The `dns-01` strategy supports wildcards (whereas `http-01` does not).
The options object has whatever options were set in `approveDomains()`
as well as the `challenge`, which looks like this:
2019-04-03 02:59:11 +00:00
```js
{ challenge: {
identifier: { type: 'dns', value: 'example.com'
, wildcard: true
, altname: '*.example.com'
, type: 'dns-01'
, token: 'xxxxxx'
, keyAuthorization: 'xxxxxx.abc123'
, dnsHost: '_acme-challenge.example.com'
, dnsAuthorization: 'xyz567'
2019-04-03 02:59:11 +00:00
, expires: '1970-01-01T00:00:00Z'
}
}
```
2016-10-14 19:39:54 +00:00
2018-05-13 01:22:09 +00:00
For greenlock.js internals:
2016-10-14 19:39:54 +00:00
2019-04-03 02:59:11 +00:00
* `options` stores the internal defaults merged with the user-supplied options
Optional:
* `get(limitedOpts)`
Note: Typically there wouldn't be a `get()` for DNS because the NameServer (not Greenlock) answers the requests.
It could be used for testing implementations, but that's about it.
(though I suppose you could implement it if you happen to run your DNS and webserver together... kinda weird though)
If there were an implementation of Greenlock integrated directly into
a NameServer (which currently there is not), it would probably look like this:
```js
{ challenge: {
type: 'dns-01'
, identifier: { type: 'dns', value: 'example.com' }
, token: 'abc123'
, dnsHost: '_acme-challenge.example.com'
}
}
```
2019-05-16 05:08:24 +00:00
# Legal & Rules of the Road
Greenlock™ and Bluecrypt™ are [trademarks](https://rootprojects.org/legal/#trademark) of AJ ONeal
The rule of thumb is "attribute, but don't confuse". For example:
> Built with [Greenlock](https://git.rootprojects.org/root/greenlock.js) (a [Root](https://rootprojects.org) project).
Please [contact us](mailto:aj@therootcompany.com) if you have any questions in regards to our trademark,
attribution, and/or visible source policies. We want to build great software and a great community.
[Greenlock™](https://git.rootprojects.org/root/greenlock.js) |
MPL-2.0 |
[Terms of Use](https://therootcompany.com/legal/#terms) |
[Privacy Policy](https://therootcompany.com/legal/#privacy)