support tls-sni-01 challenge

Previously the http-01 challenge was simply served over SSL.
2025-11-04 02:52:48 +00:00 · 2016-10-08 15:16:26 +11:00 · 2016-10-08 15:16:26 +11:00 · 0e7c748fb1
commit 0e7c748fb1
parent 7d3702aa81
3 changed files with 26 additions and 6 deletions
--- a/index.js
+++ b/index.js
@ -15,6 +15,7 @@ module.exports.run = function (args) {
    args.standalone = USE_DNS;
  } else if (args.tlsSni01Port) {
    challengeType = 'tls-sni-01';
+    args.webrootPath = '';
  } else /*if (args.http01Port)*/ {
    challengeType = 'http-01';
  }
@ -27,12 +28,13 @@ module.exports.run = function (args) {
    // TODO rename le-challenge-fs to le-challenge-webroot
    leChallenge = require('./lib/webroot').create({ webrootPath: args.webrootPath });
  }
+  else if (args.tlsSni01Port) {
+    leChallenge = require('le-challenge-sni').create({});
+    servers = require('./lib/servers').create(leChallenge);
+  }
  else if (USE_DNS !== args.standalone) {
    leChallenge = require('le-challenge-standalone').create({});
-    servers = require('./lib/servers').create(leChallenge).startServers(
-      args.http01Port || [80], args.tlsSni01Port || [443, 5001]
-    , { debug: args.debug }
-    );
+    servers = require('./lib/servers').create(leChallenge);
  }

  leStore = require('le-store-certbot').create({
@ -51,14 +53,31 @@ module.exports.run = function (args) {
  }

  // let LE know that we're handling standalone / webroot here
+  var leChallenges = {};
+  leChallenges[challengeType] = leChallenge;
  var le = LE.create({
    debug: args.debug
  , server: args.server
  , store: leStore
-  , challenges: { 'http-01': leChallenge, 'tls-sni-01': leChallenge }
+  , challenges: leChallenges
  , duplicate: args.duplicate
  });

+  if (servers) {
+    if (args.tlsSni01Port) {
+      servers = servers.startServers(
+        [], args.tlsSni01Port
+      , { debug: args.debug, httpsOptions: le.httpsOptions }
+      );
+    }
+    else {
+      servers = servers.startServers(
+        args.http01Port || [80], []
+      , { debug: args.debug }
+      );
+    }
+  }
+
  // Note: can't use args directly as null values will overwrite template values
  le.register({
    domains: args.domains
--- a/lib/servers.js
+++ b/lib/servers.js
@ -25,7 +25,7 @@ module.exports.create = function (challenge) {
  , startServers: function (plainPorts, tlsPorts, opts) {
      opts = opts || {};

-      var httpsOptions = require('localhost.daplie.com-certificates');
+      var httpsOptions = opts.httpsOptions || require('localhost.daplie.com-certificates');
      var https = require('https');
      var http = require('http');

--- a/package.json
+++ b/package.json
@ -37,6 +37,7 @@
    "homedir": "^0.6.0",
    "le-acme-core": "^2.0.5",
    "le-challenge-manual": "^2.0.0",
+    "le-challenge-sni": "^2.0.0",
    "le-challenge-standalone": "^2.0.0",
    "le-store-certbot": "^2.0.2",
    "letsencrypt": "^2.1.2",