Compare commits
8 Commits
Author | SHA1 | Date |
---|---|---|
AJ ONeal | 32030b9d80 | |
AJ ONeal | 202ba6b787 | |
AJ ONeal | bf0a37a33c | |
AJ ONeal | c65ffe54af | |
AJ ONeal | 8a12a86761 | |
AJ ONeal | e98e53e0a7 | |
AJ ONeal | b9015b8952 | |
AJ ONeal | 1b8495cdd2 |
394
LICENSE
394
LICENSE
|
@ -1,41 +1,375 @@
|
|||
Copyright 2016-2019 AJ ONeal
|
||||
|
||||
This is open source software; you can redistribute it and/or modify it under the
|
||||
terms of either:
|
||||
Mozilla Public License Version 2.0
|
||||
==================================
|
||||
|
||||
a) the "MIT License"
|
||||
b) the "Apache-2.0 License"
|
||||
1. Definitions
|
||||
--------------
|
||||
|
||||
MIT License
|
||||
1.1. "Contributor"
|
||||
means each individual or legal entity that creates, contributes to
|
||||
the creation of, or owns Covered Software.
|
||||
|
||||
Permission is hereby granted, free of charge, to any person obtaining a copy
|
||||
of this software and associated documentation files (the "Software"), to deal
|
||||
in the Software without restriction, including without limitation the rights
|
||||
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
||||
copies of the Software, and to permit persons to whom the Software is
|
||||
furnished to do so, subject to the following conditions:
|
||||
1.2. "Contributor Version"
|
||||
means the combination of the Contributions of others (if any) used
|
||||
by a Contributor and that particular Contributor's Contribution.
|
||||
|
||||
The above copyright notice and this permission notice shall be included in all
|
||||
copies or substantial portions of the Software.
|
||||
1.3. "Contribution"
|
||||
means Covered Software of a particular Contributor.
|
||||
|
||||
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
||||
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
||||
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
||||
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
||||
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
||||
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
|
||||
SOFTWARE.
|
||||
1.4. "Covered Software"
|
||||
means Source Code Form to which the initial Contributor has attached
|
||||
the notice in Exhibit A, the Executable Form of such Source Code
|
||||
Form, and Modifications of such Source Code Form, in each case
|
||||
including portions thereof.
|
||||
|
||||
Apache-2.0 License Summary
|
||||
1.5. "Incompatible With Secondary Licenses"
|
||||
means
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
you may not use this file except in compliance with the License.
|
||||
You may obtain a copy of the License at
|
||||
(a) that the initial Contributor has attached the notice described
|
||||
in Exhibit B to the Covered Software; or
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
(b) that the Covered Software was made available under the terms of
|
||||
version 1.1 or earlier of the License, but not also under the
|
||||
terms of a Secondary License.
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
1.6. "Executable Form"
|
||||
means any form of the work other than Source Code Form.
|
||||
|
||||
1.7. "Larger Work"
|
||||
means a work that combines Covered Software with other material, in
|
||||
a separate file or files, that is not Covered Software.
|
||||
|
||||
1.8. "License"
|
||||
means this document.
|
||||
|
||||
1.9. "Licensable"
|
||||
means having the right to grant, to the maximum extent possible,
|
||||
whether at the time of the initial grant or subsequently, any and
|
||||
all of the rights conveyed by this License.
|
||||
|
||||
1.10. "Modifications"
|
||||
means any of the following:
|
||||
|
||||
(a) any file in Source Code Form that results from an addition to,
|
||||
deletion from, or modification of the contents of Covered
|
||||
Software; or
|
||||
|
||||
(b) any new file in Source Code Form that contains any Covered
|
||||
Software.
|
||||
|
||||
1.11. "Patent Claims" of a Contributor
|
||||
means any patent claim(s), including without limitation, method,
|
||||
process, and apparatus claims, in any patent Licensable by such
|
||||
Contributor that would be infringed, but for the grant of the
|
||||
License, by the making, using, selling, offering for sale, having
|
||||
made, import, or transfer of either its Contributions or its
|
||||
Contributor Version.
|
||||
|
||||
1.12. "Secondary License"
|
||||
means either the GNU General Public License, Version 2.0, the GNU
|
||||
Lesser General Public License, Version 2.1, the GNU Affero General
|
||||
Public License, Version 3.0, or any later versions of those
|
||||
licenses.
|
||||
|
||||
1.13. "Source Code Form"
|
||||
means the form of the work preferred for making modifications.
|
||||
|
||||
1.14. "You" (or "Your")
|
||||
means an individual or a legal entity exercising rights under this
|
||||
License. For legal entities, "You" includes any entity that
|
||||
controls, is controlled by, or is under common control with You. For
|
||||
purposes of this definition, "control" means (a) the power, direct
|
||||
or indirect, to cause the direction or management of such entity,
|
||||
whether by contract or otherwise, or (b) ownership of more than
|
||||
fifty percent (50%) of the outstanding shares or beneficial
|
||||
ownership of such entity.
|
||||
|
||||
2. License Grants and Conditions
|
||||
--------------------------------
|
||||
|
||||
2.1. Grants
|
||||
|
||||
Each Contributor hereby grants You a world-wide, royalty-free,
|
||||
non-exclusive license:
|
||||
|
||||
(a) under intellectual property rights (other than patent or trademark)
|
||||
Licensable by such Contributor to use, reproduce, make available,
|
||||
modify, display, perform, distribute, and otherwise exploit its
|
||||
Contributions, either on an unmodified basis, with Modifications, or
|
||||
as part of a Larger Work; and
|
||||
|
||||
(b) under Patent Claims of such Contributor to make, use, sell, offer
|
||||
for sale, have made, import, and otherwise transfer either its
|
||||
Contributions or its Contributor Version.
|
||||
|
||||
2.2. Effective Date
|
||||
|
||||
The licenses granted in Section 2.1 with respect to any Contribution
|
||||
become effective for each Contribution on the date the Contributor first
|
||||
distributes such Contribution.
|
||||
|
||||
2.3. Limitations on Grant Scope
|
||||
|
||||
The licenses granted in this Section 2 are the only rights granted under
|
||||
this License. No additional rights or licenses will be implied from the
|
||||
distribution or licensing of Covered Software under this License.
|
||||
Notwithstanding Section 2.1(b) above, no patent license is granted by a
|
||||
Contributor:
|
||||
|
||||
(a) for any code that a Contributor has removed from Covered Software;
|
||||
or
|
||||
|
||||
(b) for infringements caused by: (i) Your and any other third party's
|
||||
modifications of Covered Software, or (ii) the combination of its
|
||||
Contributions with other software (except as part of its Contributor
|
||||
Version); or
|
||||
|
||||
(c) under Patent Claims infringed by Covered Software in the absence of
|
||||
its Contributions.
|
||||
|
||||
This License does not grant any rights in the trademarks, service marks,
|
||||
or logos of any Contributor (except as may be necessary to comply with
|
||||
the notice requirements in Section 3.4).
|
||||
|
||||
2.4. Subsequent Licenses
|
||||
|
||||
No Contributor makes additional grants as a result of Your choice to
|
||||
distribute the Covered Software under a subsequent version of this
|
||||
License (see Section 10.2) or under the terms of a Secondary License (if
|
||||
permitted under the terms of Section 3.3).
|
||||
|
||||
2.5. Representation
|
||||
|
||||
Each Contributor represents that the Contributor believes its
|
||||
Contributions are its original creation(s) or it has sufficient rights
|
||||
to grant the rights to its Contributions conveyed by this License.
|
||||
|
||||
2.6. Fair Use
|
||||
|
||||
This License is not intended to limit any rights You have under
|
||||
applicable copyright doctrines of fair use, fair dealing, or other
|
||||
equivalents.
|
||||
|
||||
2.7. Conditions
|
||||
|
||||
Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted
|
||||
in Section 2.1.
|
||||
|
||||
3. Responsibilities
|
||||
-------------------
|
||||
|
||||
3.1. Distribution of Source Form
|
||||
|
||||
All distribution of Covered Software in Source Code Form, including any
|
||||
Modifications that You create or to which You contribute, must be under
|
||||
the terms of this License. You must inform recipients that the Source
|
||||
Code Form of the Covered Software is governed by the terms of this
|
||||
License, and how they can obtain a copy of this License. You may not
|
||||
attempt to alter or restrict the recipients' rights in the Source Code
|
||||
Form.
|
||||
|
||||
3.2. Distribution of Executable Form
|
||||
|
||||
If You distribute Covered Software in Executable Form then:
|
||||
|
||||
(a) such Covered Software must also be made available in Source Code
|
||||
Form, as described in Section 3.1, and You must inform recipients of
|
||||
the Executable Form how they can obtain a copy of such Source Code
|
||||
Form by reasonable means in a timely manner, at a charge no more
|
||||
than the cost of distribution to the recipient; and
|
||||
|
||||
(b) You may distribute such Executable Form under the terms of this
|
||||
License, or sublicense it under different terms, provided that the
|
||||
license for the Executable Form does not attempt to limit or alter
|
||||
the recipients' rights in the Source Code Form under this License.
|
||||
|
||||
3.3. Distribution of a Larger Work
|
||||
|
||||
You may create and distribute a Larger Work under terms of Your choice,
|
||||
provided that You also comply with the requirements of this License for
|
||||
the Covered Software. If the Larger Work is a combination of Covered
|
||||
Software with a work governed by one or more Secondary Licenses, and the
|
||||
Covered Software is not Incompatible With Secondary Licenses, this
|
||||
License permits You to additionally distribute such Covered Software
|
||||
under the terms of such Secondary License(s), so that the recipient of
|
||||
the Larger Work may, at their option, further distribute the Covered
|
||||
Software under the terms of either this License or such Secondary
|
||||
License(s).
|
||||
|
||||
3.4. Notices
|
||||
|
||||
You may not remove or alter the substance of any license notices
|
||||
(including copyright notices, patent notices, disclaimers of warranty,
|
||||
or limitations of liability) contained within the Source Code Form of
|
||||
the Covered Software, except that You may alter any license notices to
|
||||
the extent required to remedy known factual inaccuracies.
|
||||
|
||||
3.5. Application of Additional Terms
|
||||
|
||||
You may choose to offer, and to charge a fee for, warranty, support,
|
||||
indemnity or liability obligations to one or more recipients of Covered
|
||||
Software. However, You may do so only on Your own behalf, and not on
|
||||
behalf of any Contributor. You must make it absolutely clear that any
|
||||
such warranty, support, indemnity, or liability obligation is offered by
|
||||
You alone, and You hereby agree to indemnify every Contributor for any
|
||||
liability incurred by such Contributor as a result of warranty, support,
|
||||
indemnity or liability terms You offer. You may include additional
|
||||
disclaimers of warranty and limitations of liability specific to any
|
||||
jurisdiction.
|
||||
|
||||
4. Inability to Comply Due to Statute or Regulation
|
||||
---------------------------------------------------
|
||||
|
||||
If it is impossible for You to comply with any of the terms of this
|
||||
License with respect to some or all of the Covered Software due to
|
||||
statute, judicial order, or regulation then You must: (a) comply with
|
||||
the terms of this License to the maximum extent possible; and (b)
|
||||
describe the limitations and the code they affect. Such description must
|
||||
be placed in a text file included with all distributions of the Covered
|
||||
Software under this License. Except to the extent prohibited by statute
|
||||
or regulation, such description must be sufficiently detailed for a
|
||||
recipient of ordinary skill to be able to understand it.
|
||||
|
||||
5. Termination
|
||||
--------------
|
||||
|
||||
5.1. The rights granted under this License will terminate automatically
|
||||
if You fail to comply with any of its terms. However, if You become
|
||||
compliant, then the rights granted under this License from a particular
|
||||
Contributor are reinstated (a) provisionally, unless and until such
|
||||
Contributor explicitly and finally terminates Your grants, and (b) on an
|
||||
ongoing basis, if such Contributor fails to notify You of the
|
||||
non-compliance by some reasonable means prior to 60 days after You have
|
||||
come back into compliance. Moreover, Your grants from a particular
|
||||
Contributor are reinstated on an ongoing basis if such Contributor
|
||||
notifies You of the non-compliance by some reasonable means, this is the
|
||||
first time You have received notice of non-compliance with this License
|
||||
from such Contributor, and You become compliant prior to 30 days after
|
||||
Your receipt of the notice.
|
||||
|
||||
5.2. If You initiate litigation against any entity by asserting a patent
|
||||
infringement claim (excluding declaratory judgment actions,
|
||||
counter-claims, and cross-claims) alleging that a Contributor Version
|
||||
directly or indirectly infringes any patent, then the rights granted to
|
||||
You by any and all Contributors for the Covered Software under Section
|
||||
2.1 of this License shall terminate.
|
||||
|
||||
5.3. In the event of termination under Sections 5.1 or 5.2 above, all
|
||||
end user license agreements (excluding distributors and resellers) which
|
||||
have been validly granted by You or Your distributors under this License
|
||||
prior to termination shall survive termination.
|
||||
|
||||
************************************************************************
|
||||
* *
|
||||
* 6. Disclaimer of Warranty *
|
||||
* ------------------------- *
|
||||
* *
|
||||
* Covered Software is provided under this License on an "as is" *
|
||||
* basis, without warranty of any kind, either expressed, implied, or *
|
||||
* statutory, including, without limitation, warranties that the *
|
||||
* Covered Software is free of defects, merchantable, fit for a *
|
||||
* particular purpose or non-infringing. The entire risk as to the *
|
||||
* quality and performance of the Covered Software is with You. *
|
||||
* Should any Covered Software prove defective in any respect, You *
|
||||
* (not any Contributor) assume the cost of any necessary servicing, *
|
||||
* repair, or correction. This disclaimer of warranty constitutes an *
|
||||
* essential part of this License. No use of any Covered Software is *
|
||||
* authorized under this License except under this disclaimer. *
|
||||
* *
|
||||
************************************************************************
|
||||
|
||||
************************************************************************
|
||||
* *
|
||||
* 7. Limitation of Liability *
|
||||
* -------------------------- *
|
||||
* *
|
||||
* Under no circumstances and under no legal theory, whether tort *
|
||||
* (including negligence), contract, or otherwise, shall any *
|
||||
* Contributor, or anyone who distributes Covered Software as *
|
||||
* permitted above, be liable to You for any direct, indirect, *
|
||||
* special, incidental, or consequential damages of any character *
|
||||
* including, without limitation, damages for lost profits, loss of *
|
||||
* goodwill, work stoppage, computer failure or malfunction, or any *
|
||||
* and all other commercial damages or losses, even if such party *
|
||||
* shall have been informed of the possibility of such damages. This *
|
||||
* limitation of liability shall not apply to liability for death or *
|
||||
* personal injury resulting from such party's negligence to the *
|
||||
* extent applicable law prohibits such limitation. Some *
|
||||
* jurisdictions do not allow the exclusion or limitation of *
|
||||
* incidental or consequential damages, so this exclusion and *
|
||||
* limitation may not apply to You. *
|
||||
* *
|
||||
************************************************************************
|
||||
|
||||
8. Litigation
|
||||
-------------
|
||||
|
||||
Any litigation relating to this License may be brought only in the
|
||||
courts of a jurisdiction where the defendant maintains its principal
|
||||
place of business and such litigation shall be governed by laws of that
|
||||
jurisdiction, without reference to its conflict-of-law provisions.
|
||||
Nothing in this Section shall prevent a party's ability to bring
|
||||
cross-claims or counter-claims.
|
||||
|
||||
9. Miscellaneous
|
||||
----------------
|
||||
|
||||
This License represents the complete agreement concerning the subject
|
||||
matter hereof. If any provision of this License is held to be
|
||||
unenforceable, such provision shall be reformed only to the extent
|
||||
necessary to make it enforceable. Any law or regulation which provides
|
||||
that the language of a contract shall be construed against the drafter
|
||||
shall not be used to construe this License against a Contributor.
|
||||
|
||||
10. Versions of the License
|
||||
---------------------------
|
||||
|
||||
10.1. New Versions
|
||||
|
||||
Mozilla Foundation is the license steward. Except as provided in Section
|
||||
10.3, no one other than the license steward has the right to modify or
|
||||
publish new versions of this License. Each version will be given a
|
||||
distinguishing version number.
|
||||
|
||||
10.2. Effect of New Versions
|
||||
|
||||
You may distribute the Covered Software under the terms of the version
|
||||
of the License under which You originally received the Covered Software,
|
||||
or under the terms of any subsequent version published by the license
|
||||
steward.
|
||||
|
||||
10.3. Modified Versions
|
||||
|
||||
If you create software not governed by this License, and you want to
|
||||
create a new license for such software, you may create and use a
|
||||
modified version of this License if you rename the license and remove
|
||||
any references to the name of the license steward (except to note that
|
||||
such modified license differs from this License).
|
||||
|
||||
10.4. Distributing Source Code Form that is Incompatible With Secondary
|
||||
Licenses
|
||||
|
||||
If You choose to distribute Source Code Form that is Incompatible With
|
||||
Secondary Licenses under the terms of this version of the License, the
|
||||
notice described in Exhibit B of this License must be attached.
|
||||
|
||||
Exhibit A - Source Code Form License Notice
|
||||
-------------------------------------------
|
||||
|
||||
This Source Code Form is subject to the terms of the Mozilla Public
|
||||
License, v. 2.0. If a copy of the MPL was not distributed with this
|
||||
file, You can obtain one at http://mozilla.org/MPL/2.0/.
|
||||
|
||||
If it is not possible or desirable to put the notice in a particular
|
||||
file, then You may include the notice in a location (such as a LICENSE
|
||||
file in a relevant directory) where a recipient would be likely to look
|
||||
for such a notice.
|
||||
|
||||
You may add additional accurate notices of copyright ownership.
|
||||
|
||||
Exhibit B - "Incompatible With Secondary Licenses" Notice
|
||||
---------------------------------------------------------
|
||||
|
||||
This Source Code Form is "Incompatible With Secondary Licenses", as
|
||||
defined by the Mozilla Public License, v. 2.0.
|
||||
|
|
127
README.md
127
README.md
|
@ -1,91 +1,78 @@
|
|||
# le-challenge-dns
|
||||
# [acme-dns-01-cli](https://git.rootprojects.org/root/acme-dns-01-cli.js) | a [Root](https://rootprojects.org) project
|
||||
|
||||
| A [Root](https://rootprojects.org) Project
|
||||
| [greenlock.js](https://git.coolaj86.com/coolaj86/greenlock.js) (library)
|
||||
| [greenlock-express.js](https://git.coolaj86.com/coolaj86/greenlock-express.js)
|
||||
| [greenlock-cli.js](https://git.coolaj86.com/coolaj86/greenlock-cli.js)
|
||||
| [acme-v2.js](https://git.coolaj86.com/coolaj86/acme-v2.js)
|
||||
|
|
||||
An extremely simple reference implementation
|
||||
of an ACME (Let's Encrypt) dns-01 challenge strategy.
|
||||
|
||||
A manual (interactive CLI) dns-based strategy for greenlock.js for setting, retrieving,
|
||||
and clearing ACME DNS-01 challenges issued by the ACME server
|
||||
|
||||
Prints out a subdomain record for `_acme-challenge` with `keyAuthDigest`
|
||||
to be tested by the ACME server.
|
||||
|
||||
You can then update your DNS manually by whichever method you use and then
|
||||
press [enter] to continue the process.
|
||||
This generic implementation can be adapted to work with any node.js ACME client,
|
||||
although it was built for [Greenlock](https://git.rootprojects.org/root/greenlock-express.js)
|
||||
and [ACME.js](https://git.rootprojects.org/root/acme-v2.js).
|
||||
|
||||
```
|
||||
_acme-challenge.example.com TXT xxxxxxxxxxxxxxxx TTL 60
|
||||
```
|
||||
|
||||
* Prints the ACME challenge DNS Host and DNS Key Authorization Digest to the terminal
|
||||
* (waits for you to hit enter before continuing)
|
||||
* Let's you know when the challenge as succeeded or failed, and is safe to remove.
|
||||
|
||||
Other ACME Challenge Reference Implementations:
|
||||
|
||||
* [acme-http-01-cli](https://git.rootprojects.org/root/acme-http-01-cli.js.git)
|
||||
* [acme-http-01-fs](https://git.rootprojects.org/root/acme-http-01-webroot.js.git)
|
||||
* [**acme-dns-01-cli**](https://git.rootprojects.org/root/acme-dns-01-cli.js.git)
|
||||
|
||||
## Install
|
||||
|
||||
```bash
|
||||
npm install --save le-challenge-dns@3.x
|
||||
npm install --save acme-dns-01-cli@3.x
|
||||
```
|
||||
|
||||
If you have `greenlock@v2.6` or lower, you'll need the old `le-challenge-dns@3.x` instead.
|
||||
If you have `greenlock@v2.6` or lower, you'll need the old `le-challenge-dns@2.x` instead.
|
||||
|
||||
## Usage
|
||||
|
||||
The challenge can be set globally like this:
|
||||
|
||||
```js
|
||||
var leChallengeDns = require('le-challenge-dns').create({
|
||||
debug: false
|
||||
});
|
||||
|
||||
```bash
|
||||
var Greenlock = require('greenlock');
|
||||
|
||||
Greenlock.create({
|
||||
...
|
||||
, challenges: {
|
||||
'dns-01': leChallengeDns
|
||||
}
|
||||
, approveDomains: [ 'example.com', '*.example.com' ]
|
||||
, challenges: { 'http-01': require('acme-http-01-fs')
|
||||
, 'dns-01': require('acme-dns-01-cli').create({ debug: true })
|
||||
, 'tls-alpn-01': require('acme-tls-alpn-01-cli')
|
||||
}
|
||||
...
|
||||
});
|
||||
```
|
||||
|
||||
In can also be set in the `approveDomains` callback instead, like this:
|
||||
You can also switch between different implementations by
|
||||
overwriting the default with the one that you want in `approveDomains()`:
|
||||
|
||||
```js
|
||||
function approveDomains(opts, certs, cb) {
|
||||
...
|
||||
opts.subject = 'example.com'
|
||||
opts.domains = [ 'example.com', '*.example.com' ];
|
||||
|
||||
cb(null, { options: opts, certs: certs });
|
||||
}
|
||||
```
|
||||
|
||||
If you didn't make the dns challenge globally available in the main greenlock config,
|
||||
you can make it locally available here:
|
||||
|
||||
```js
|
||||
function approveDomains(opts, certs, cb) {
|
||||
function approveDomains(opts) {
|
||||
...
|
||||
|
||||
if (!opts.challenges) { opts.challenges = {}; }
|
||||
opts.challenges['dns-01'] = leChallengeDns;
|
||||
opts.challenges['dns-01'] = acmeDns01Cli;
|
||||
opts.challenges['http-01'] = ...
|
||||
|
||||
cb(null, { options: opts, certs: certs });
|
||||
return Promise.resolve({ ... });
|
||||
}
|
||||
```
|
||||
|
||||
NOTE: If you request a certificate with 6 domains listed,
|
||||
it will require 6 individual challenges.
|
||||
|
||||
## Exposed Methods
|
||||
## Exposed (Promise) Methods
|
||||
|
||||
For ACME Challenge:
|
||||
|
||||
* `set(opts, done)`
|
||||
* `remove(opts, done)`
|
||||
* `set(opts)`
|
||||
* `remove(opts)`
|
||||
|
||||
The options object has whatever options were set in `approveDomains()` as well as the `challenge`:
|
||||
The `dns-01` strategy supports wildcards (whereas `http-01` does not).
|
||||
|
||||
The options object has whatever options were set in `approveDomains()`
|
||||
as well as the `challenge`, which looks like this:
|
||||
|
||||
```js
|
||||
{ challenge: {
|
||||
|
@ -96,15 +83,49 @@ The options object has whatever options were set in `approveDomains()` as well a
|
|||
, token: 'xxxxxx'
|
||||
, keyAuthorization: 'xxxxxx.abc123'
|
||||
, dnsHost: '_acme-challenge.example.com'
|
||||
, dnsAuthorization: 'abc123'
|
||||
, dnsAuthorization: 'xyz567'
|
||||
, expires: '1970-01-01T00:00:00Z'
|
||||
}
|
||||
}
|
||||
```
|
||||
|
||||
Note: There's no `get()` because it's the DNS server, not the Greenlock server, that answers the requests.
|
||||
(though I suppose you could implement it if you happen to run your DNS and webserver together... kinda weird though)
|
||||
|
||||
For greenlock.js internals:
|
||||
|
||||
* `options` stores the internal defaults merged with the user-supplied options
|
||||
|
||||
Optional:
|
||||
|
||||
* `get(limitedOpts)`
|
||||
|
||||
Note: Typically there wouldn't be a `get()` for DNS because the NameServer (not Greenlock) answers the requests.
|
||||
It could be used for testing implementations, but that's about it.
|
||||
(though I suppose you could implement it if you happen to run your DNS and webserver together... kinda weird though)
|
||||
|
||||
If there were an implementation of Greenlock integrated directly into
|
||||
a NameServer (which currently there is not), it would probably look like this:
|
||||
|
||||
```js
|
||||
{ challenge: {
|
||||
type: 'dns-01'
|
||||
, identifier: { type: 'dns', value: 'example.com' }
|
||||
, token: 'abc123'
|
||||
, dnsHost: '_acme-challenge.example.com'
|
||||
}
|
||||
}
|
||||
```
|
||||
|
||||
# Legal & Rules of the Road
|
||||
|
||||
Greenlock™ and Bluecrypt™ are [trademarks](https://rootprojects.org/legal/#trademark) of AJ ONeal
|
||||
|
||||
The rule of thumb is "attribute, but don't confuse". For example:
|
||||
|
||||
> Built with [Greenlock](https://git.rootprojects.org/root/greenlock.js) (a [Root](https://rootprojects.org) project).
|
||||
|
||||
Please [contact us](mailto:aj@therootcompany.com) if you have any questions in regards to our trademark,
|
||||
attribution, and/or visible source policies. We want to build great software and a great community.
|
||||
|
||||
[Greenlock™](https://git.rootprojects.org/root/greenlock.js) |
|
||||
MPL-2.0 |
|
||||
[Terms of Use](https://therootcompany.com/legal/#terms) |
|
||||
[Privacy Policy](https://therootcompany.com/legal/#privacy)
|
||||
|
|
170
index.js
170
index.js
|
@ -1,67 +1,141 @@
|
|||
'use strict';
|
||||
/*global Promise*/
|
||||
|
||||
var Challenge = module.exports;
|
||||
|
||||
Challenge.create = function (defaults) {
|
||||
return {
|
||||
options: defaults
|
||||
, set: Challenge.set
|
||||
, get: Challenge.get
|
||||
, remove: Challenge.remove
|
||||
// If your implementation needs config options, set them. Otherwise, don't bother (duh).
|
||||
Challenge.create = function (config) {
|
||||
|
||||
var challenger = {};
|
||||
|
||||
// Note: normally you'd these right in the method body, but for the sake of
|
||||
// "Table of Contents"-style documentation, I've pulled them out.
|
||||
|
||||
// Note: All of these methods can be synchronous, async, Promise, and callback-style
|
||||
// (the calling functions check function.length and then Promisify accordingly)
|
||||
|
||||
// Called when it's tiem to set the challenge
|
||||
challenger.set = function (opts, cb) {
|
||||
return Challenge._setDns(opts, cb);
|
||||
};
|
||||
|
||||
// Called when it's time to remove the challenge
|
||||
challenger.remove = function (opts) {
|
||||
return Challenge._removeDns(opts);
|
||||
};
|
||||
|
||||
// Optional (only really useful for http and testing)
|
||||
// Called when the challenge needs to be retrieved
|
||||
challenger.get = function (opts) {
|
||||
return Challenge._getDns(opts);
|
||||
};
|
||||
|
||||
// Whatever you assign to 'options' will be merged into the incoming 'opts' beforehand
|
||||
// (for convenience, so you don't have to do the if (!x) { x = y; } dance)
|
||||
// (also, some defaults are layered, so it's good to set it any that you have)
|
||||
challenger.options = { debug: config.debug };
|
||||
|
||||
return challenger;
|
||||
};
|
||||
|
||||
|
||||
// Show the user the token and key and wait for them to be ready to continue
|
||||
Challenge.set = function (args, cb) {
|
||||
Challenge._setDns = function (args, cb) {
|
||||
// if you need per-run / per-domain options set them in approveDomains() and they'll be on 'args' here.
|
||||
if (!args.challenge) {
|
||||
console.error("please update to greenlock v2.7+");
|
||||
console.error("You must be using Greenlock v2.7+ to use greenlock-challenge-dns v3+");
|
||||
process.exit();
|
||||
}
|
||||
var opts = args.challenge;
|
||||
var ch = args.challenge;
|
||||
|
||||
if (this.leDnsResponse) {
|
||||
this.leDnsResponse(opts.token, opts.keyAuthorization, opts.dnsAuthorization, opts.dnsHost, opts.altname)
|
||||
.then(function (/*successMessage*/) {
|
||||
cb(null);
|
||||
});
|
||||
} else {
|
||||
console.info("");
|
||||
console.info("[ACME dns-01 '" + ch.altname + "' CHALLENGE]");
|
||||
console.info("You're about to receive the following DNS query:");
|
||||
console.info("");
|
||||
console.info("\tTXT\t" + ch.dnsHost + "\t" + ch.dnsAuthorization + "\tTTL 60");
|
||||
console.info("");
|
||||
if (ch.debug) {
|
||||
console.info("Debug Info:");
|
||||
console.info("");
|
||||
console.info("Challenge for '" + opts.altname + "'");
|
||||
console.info(JSON.stringify(dnsChallengeToJson(ch), null, ' ').replace(/^/gm, '\t'));
|
||||
console.info("");
|
||||
console.info("We now present (for you copy-and-paste pleasure) your ACME Challenge");
|
||||
console.info("");
|
||||
console.info(opts.dnsHost + "\tTXT " + opts.dnsAuthorization + "\tTTL 60");
|
||||
console.info("");
|
||||
console.info(JSON.stringify({
|
||||
identifier: opts.identifier
|
||||
, wildcard: opts.wildcard
|
||||
, altname: opts.altname
|
||||
, type: opts.type
|
||||
, token: opts.token
|
||||
, keyAuthorization: opts.keyAuthorization
|
||||
, dnsHost: opts.dnsHost
|
||||
, dnsAuthorization: opts.dnsAuthorization
|
||||
, expires: opts.expires
|
||||
}, null, ' ').replace(/^/gm, '\t'));
|
||||
console.info("");
|
||||
console.info("hit enter to continue...");
|
||||
process.stdin.resume();
|
||||
process.stdin.on('data', function () {
|
||||
process.stdin.pause();
|
||||
cb(null);
|
||||
});
|
||||
}
|
||||
};
|
||||
|
||||
// nothing to do here, that's why it's manual
|
||||
Challenge.get = function (defaults, cb) {
|
||||
// defaults.challenge
|
||||
cb(null);
|
||||
console.info("Go set that DNS record, wait a few seconds for it to propagate, and then continue when ready");
|
||||
console.info("[Press the ANY key to continue...]");
|
||||
process.stdin.resume();
|
||||
process.stdin.once('data', function () {
|
||||
process.stdin.pause();
|
||||
cb(null, null);
|
||||
});
|
||||
};
|
||||
|
||||
// might as well tell the user that whatever they were setting up has been checked
|
||||
Challenge.remove = function (args, cb) {
|
||||
console.info("Challenge complete. You may remove the DNS-01 challenge record:");
|
||||
console.info("\t" + args.challenge.altname + "\tTXT\t" + args.challenge.dnsAuthorization);
|
||||
cb(null);
|
||||
Challenge._removeDns = function (args) {
|
||||
var ch = args.challenge;
|
||||
console.info("");
|
||||
console.info("[ACME dns-01 '" + ch.altname + "' COMPLETE]: " + ch.status);
|
||||
console.info("Challenge complete. You may now remove the DNS-01 challenge record:");
|
||||
console.info("");
|
||||
console.info("\tTXT\t" + ch.altname + "\t" + ch.dnsAuthorization);
|
||||
console.info("");
|
||||
|
||||
return null;
|
||||
};
|
||||
|
||||
// This is implemented here for completeness (and perhaps some possible use in testing),
|
||||
// but it's not something you would implement because the Greenlock server isn't the NameServer.
|
||||
Challenge._getDns = function (args) {
|
||||
var ch = args.challenge;
|
||||
// because the way to mock a DNS challenge is weird
|
||||
var altname = (ch.altname || ch.dnsHost || ch.identifier.value);
|
||||
var dnsHost = (ch.dnsHost || ch.identifier.value);
|
||||
|
||||
if (ch._test || !Challenge._getCache[ch.token]) {
|
||||
Challenge._getCache[ch.token] = true;
|
||||
console.info("");
|
||||
console.info("[ACME " + ch.type + " '" + altname + "' REQUEST]: " + ch.status);
|
||||
console.info("The '" + ch.type + "' challenge request has arrived!");
|
||||
console.info('dig TXT ' + dnsHost);
|
||||
console.info("(paste in the \"DNS Authorization\" you received a moment ago to respond)");
|
||||
process.stdout.write("> ");
|
||||
}
|
||||
|
||||
return new Promise(function (resolve, reject) {
|
||||
process.stdin.resume();
|
||||
process.stdin.once('error', reject);
|
||||
process.stdin.once('data', function (chunk) {
|
||||
process.stdin.pause();
|
||||
|
||||
var result = chunk.toString('utf8').trim();
|
||||
try {
|
||||
result = JSON.parse(result);
|
||||
} catch(e) {
|
||||
args.challenge.dnsAuthorization = result;
|
||||
result = args.challenge;
|
||||
}
|
||||
if (result.dnsAuthorization) {
|
||||
resolve(result);
|
||||
return;
|
||||
}
|
||||
|
||||
// The return value will checked. It must not be 'undefined'.
|
||||
resolve(null);
|
||||
});
|
||||
});
|
||||
};
|
||||
Challenge._getCache = {};
|
||||
|
||||
function dnsChallengeToJson(ch) {
|
||||
return {
|
||||
type: ch.type
|
||||
, altname: ch.altname
|
||||
, identifier: ch.identifier
|
||||
, wildcard: ch.wildcard
|
||||
, expires: ch.expires
|
||||
, token: ch.token
|
||||
, thumbprint: ch.thumbprint
|
||||
, keyAuthorization: ch.keyAuthorization
|
||||
, dnsHost: ch.dnsHost
|
||||
, dnsAuthorization: ch.dnsAuthorization
|
||||
};
|
||||
}
|
||||
|
|
|
@ -0,0 +1,5 @@
|
|||
{
|
||||
"name": "le-challenge-dns",
|
||||
"version": "3.0.3",
|
||||
"lockfileVersion": 1
|
||||
}
|
20
package.json
20
package.json
|
@ -1,14 +1,16 @@
|
|||
{
|
||||
"name": "le-challenge-dns",
|
||||
"version": "3.0.0",
|
||||
"name": "acme-dns-01-cli",
|
||||
"version": "3.0.7",
|
||||
"description": "A manual (interactive CLI) dns-based strategy for Greenlock / Let's Encrypt / ACME DNS-01 challenges",
|
||||
"homepage": "https://greenlock.domains/",
|
||||
"main": "index.js",
|
||||
"files": [],
|
||||
"scripts": {
|
||||
"test": "node test.js"
|
||||
},
|
||||
"repository": {
|
||||
"type": "git",
|
||||
"url": "git+https://git.coolaj86.com/coolaj86/le-challenge-dns.js.git"
|
||||
"url": "https://git.rootprojects.org/root/acme-dns-01-cli.js.git"
|
||||
},
|
||||
"keywords": [
|
||||
"Let's Encrypt",
|
||||
|
@ -17,19 +19,15 @@
|
|||
"dns-01",
|
||||
"wildcard",
|
||||
"wildcards",
|
||||
"letsencrypt",
|
||||
"manual",
|
||||
"interactive",
|
||||
"cli",
|
||||
"dns",
|
||||
"challenge"
|
||||
],
|
||||
"author": "AJ ONeal <coolaj86@gmail.com> (https://coolaj86.com/)",
|
||||
"license": "(MIT OR Apache-2.0)",
|
||||
"author": "AJ ONeal <solderjs@gmail.com> (https://solderjs.com/)",
|
||||
"license": "MPL-2.0",
|
||||
"bugs": {
|
||||
"url": "https://git.coolaj86.com/coolaj86/le-challenge-dns.js/issues"
|
||||
"url": "https://git.rootprojects.org/root/acme-dns-01-cli.js/issues"
|
||||
},
|
||||
"homepage": "https://git.coolaj86.com/coolaj86/le-challenge-dns.js",
|
||||
"dependencies": {
|
||||
}
|
||||
"dependencies": {}
|
||||
}
|
||||
|
|
71
test.js
71
test.js
|
@ -1,63 +1,18 @@
|
|||
'use strict';
|
||||
|
||||
var PromiseA = require('bluebird');
|
||||
var resolveTxtAsync = PromiseA.promisify(require('dns').resolveTxt);
|
||||
var Challenge = require('./');
|
||||
var leChallengeDns = Challenge.create({ });
|
||||
var opts = leChallengeDns.getOptions();
|
||||
var domain = 'test.example.com';
|
||||
var challenge = 'xxx-acme-challenge-xxx';
|
||||
var keyAuthorization = 'xxx-acme-challenge-xxx.xxx-acme-authorization-xxx';
|
||||
var tester = require('greenlock-challenge-test');
|
||||
|
||||
Challenge.loopback = function (defaults, domain, challenge, done) {
|
||||
var challengeDomain = (defaults.test || '') + defaults.acmeChallengeDns + domain;
|
||||
console.log("dig TXT +noall +answer @8.8.8.8 '" + challengeDomain + "' # " + challenge);
|
||||
resolveTxtAsync(challengeDomain).then(function (x) { done(null, x); }, done);
|
||||
};
|
||||
var type = 'dns-01';
|
||||
var challenger = require('greenlock-challenge-dns').create({});
|
||||
|
||||
Challenge.test = function (args, domain, challenge, keyAuthorization, done) {
|
||||
var me = this;
|
||||
// The dry-run tests can pass on, literally, 'example.com'
|
||||
// but the integration tests require that you have control over the domain
|
||||
var domain = '*.example.com';
|
||||
|
||||
args.test = args.test || '_test.';
|
||||
//defaults.test = args.test;
|
||||
|
||||
me.set(args, domain, challenge, keyAuthorization || challenge, function (err, k) {
|
||||
if (err) { done(err); return; }
|
||||
|
||||
me.loopback(/*defaults*/args, domain, challenge, function (err, arr) {
|
||||
if (err) { done(err); return; }
|
||||
|
||||
if (!arr.some(function (a) {
|
||||
return a.some(function (keyAuthDigest) {
|
||||
return keyAuthDigest === k;
|
||||
});
|
||||
})) {
|
||||
err = new Error("txt record '" + challenge + "' doesn't match '" + k + "'");
|
||||
}
|
||||
|
||||
me.remove(/*defaults*/args, domain, challenge, function (_err) {
|
||||
if (_err) { done(_err); return; }
|
||||
|
||||
// TODO needs to use native-dns so that specific nameservers can be used
|
||||
// (otherwise the cache will still have the old answer)
|
||||
done(err || null);
|
||||
/*
|
||||
me.loopback(defaults, domain, challenge, function (err) {
|
||||
if (err) { done(err); return; }
|
||||
|
||||
done();
|
||||
});
|
||||
*/
|
||||
});
|
||||
});
|
||||
});
|
||||
};
|
||||
|
||||
setTimeout(function () {
|
||||
leChallengeDns.test(opts, domain, challenge, keyAuthorization, function (err) {
|
||||
// if there's an error, there's a problem
|
||||
if (err) { throw err; }
|
||||
|
||||
console.log('test passed');
|
||||
});
|
||||
}, 300);
|
||||
tester.test(type, domain, challenger).then(function () {
|
||||
console.info("PASS");
|
||||
}).catch(function (err) {
|
||||
console.error("FAIL");
|
||||
console.error(err);
|
||||
process.exit(20);
|
||||
});
|
||||
|
|
Loading…
Reference in New Issue