async function main() {
	'use strict';

	require('dotenv').config();

	var fs = require('fs');
	// just to trigger the warning message out of the way
	await fs.promises.readFile().catch(function () {});
	console.warn('\n');
	var MY_DOMAINS = process.env.DOMAINS.split(/[,\s]+/);

	// In many cases all three of these are the same (your email)
	// However, this is what they may look like when different:

	var maintainerEmail = process.env.MAINTAINER_EMAIL;
	var subscriberEmail = process.env.SUBSCRIBER_EMAIL;
	//var customerEmail = 'jane.doe@gmail.com';

	var pkg = require('../package.json');
	var packageAgent = 'test-' + pkg.name + '/' + pkg.version;

	// Choose either the production or staging URL

	var directoryUrl = 'https://acme-staging-v02.api.letsencrypt.org/directory';
	//var directoryUrl = 'https://acme-v02.api.letsencrypt.org/directory'

	// This is intended to get at important messages without
	// having to use even lower-level APIs in the code

	var errors = [];
	function notify(ev, msg) {
		if ('error' === ev || 'warning' === ev) {
			errors.push(ev.toUpperCase() + ' ' + msg.message);
			return;
		}
		// ignore all for now
		console.log(ev, msg.altname || '', msg.status || '');
	}

	var Keypairs = require('@root/keypairs');

	var ACME = require('../');
	var acme = ACME.create({ maintainerEmail, packageAgent, notify });
	await acme.init(directoryUrl);

	// You only need ONE account key, ever, in most cases
	// save this and keep it safe. ECDSA is preferred.

	var accountKeypair = await Keypairs.generate({ kty: 'EC', format: 'jwk' });
	var accountKey = accountKeypair.private;

	// This can be `true` or an async function which presents the terms of use

	var agreeToTerms = true;

	// If you are multi-tenanted or white-labled and need to present the terms of
	// use to the Subscriber running the service, you can do so with a function.
	var agreeToTerms = async function () {
		return true;
	};

	console.info('registering new ACME account...');
	var account = await acme.accounts.create({
		subscriberEmail,
		agreeToTerms,
		accountKey
	});
	console.info('created account with id', account.key.kid);

	// This is the key used by your WEBSERVER, typically named `privkey.pem`,
	// `key.crt`, or `bundle.pem`. RSA may be preferrable for legacy compatibility.

	// You can generate it fresh
	var serverKeypair = await Keypairs.generate({ kty: 'RSA', format: 'jwk' });
	var serverKey = serverKeypair.private;
	var serverPem = await Keypairs.export({ jwk: serverKey });
	await fs.promises.writeFile('./privkey.pem', serverPem, 'ascii');
	console.info('wrote ./privkey.pem');

	// Or you can load it from a file
	var serverPem = await fs.promises.readFile('./privkey.pem', 'ascii');

	var serverKey = await Keypairs.import({ pem: serverPem });

	var CSR = require('@root/csr');
	var PEM = require('@root/pem');
	var Enc = require('@root/encoding/base64');

	var encoding = 'der';
	var typ = 'CERTIFICATE REQUEST';

	var domains = MY_DOMAINS;
	var csrDer = await CSR.csr({ jwk: serverKey, domains, encoding });
	//var csr64 = Enc.bufToBase64(csrDer);
	var csr = PEM.packBlock({ type: typ, bytes: csrDer });

	// You can pick from existing challenge modules
	// which integrate with a variety of popular services
	// or you can create your own.
	//
	// The order of priority will be http-01, tls-alpn-01, dns-01
	// dns-01 will always be used for wildcards
	// dns-01 should be the only option given for local/private domains

	var challenges = {
		'dns-01': loadDns01()
	};

	console.info('validating domain authorization for ' + domains.join(' '));
	var pems = await acme.certificates.create({
		account,
		accountKey,
		csr,
		domains,
		challenges
	});
	var fullchain = pems.cert + '\n' + pems.chain + '\n';

	await fs.promises.writeFile('fullchain.pem', fullchain, 'ascii');
	console.info('wrote ./fullchain.pem');
	if (errors.length) {
		console.warn();
		console.warn('[Warning]');
		console.warn('The following warnings and/or errors were encountered:');
		console.warn(errors.join('\n'));
	}
}

main().catch(function (e) {
	console.error(e.stack);
});

function loadDns01() {
	var pluginName = process.env.CHALLENGE_PLUGIN;
	var pluginOptions = process.env.CHALLENGE_OPTIONS;
	var plugin;
	if (!pluginOptions) {
		console.error(
			'Please create a .env in the format of examples/example.env to run the tests'
		);
		process.exit(1);
	}
	try {
		plugin = require(pluginName);
	} catch (err) {
		console.error("Couldn't find '" + pluginName + "'. Is it installed?");
		console.error("\tnpm install --save-dev '" + pluginName + "'");
		process.exit(1);
	}
	return plugin.create(JSON.parse(pluginOptions));
}