From 0e7c748fb1d6401a7e0cb1267bde5fe8c759eed8 Mon Sep 17 00:00:00 2001 From: Ben Schmidt Date: Sat, 8 Oct 2016 15:16:26 +1100 Subject: [PATCH] support tls-sni-01 challenge Previously the http-01 challenge was simply served over SSL. --- index.js | 29 ++++++++++++++++++++++++----- lib/servers.js | 2 +- package.json | 1 + 3 files changed, 26 insertions(+), 6 deletions(-) diff --git a/index.js b/index.js index f69f989..1c40f1b 100644 --- a/index.js +++ b/index.js @@ -15,6 +15,7 @@ module.exports.run = function (args) { args.standalone = USE_DNS; } else if (args.tlsSni01Port) { challengeType = 'tls-sni-01'; + args.webrootPath = ''; } else /*if (args.http01Port)*/ { challengeType = 'http-01'; } @@ -27,12 +28,13 @@ module.exports.run = function (args) { // TODO rename le-challenge-fs to le-challenge-webroot leChallenge = require('./lib/webroot').create({ webrootPath: args.webrootPath }); } + else if (args.tlsSni01Port) { + leChallenge = require('le-challenge-sni').create({}); + servers = require('./lib/servers').create(leChallenge); + } else if (USE_DNS !== args.standalone) { leChallenge = require('le-challenge-standalone').create({}); - servers = require('./lib/servers').create(leChallenge).startServers( - args.http01Port || [80], args.tlsSni01Port || [443, 5001] - , { debug: args.debug } - ); + servers = require('./lib/servers').create(leChallenge); } leStore = require('le-store-certbot').create({ @@ -51,14 +53,31 @@ module.exports.run = function (args) { } // let LE know that we're handling standalone / webroot here + var leChallenges = {}; + leChallenges[challengeType] = leChallenge; var le = LE.create({ debug: args.debug , server: args.server , store: leStore - , challenges: { 'http-01': leChallenge, 'tls-sni-01': leChallenge } + , challenges: leChallenges , duplicate: args.duplicate }); + if (servers) { + if (args.tlsSni01Port) { + servers = servers.startServers( + [], args.tlsSni01Port + , { debug: args.debug, httpsOptions: le.httpsOptions } + ); + } + else { + servers = servers.startServers( + args.http01Port || [80], [] + , { debug: args.debug } + ); + } + } + // Note: can't use args directly as null values will overwrite template values le.register({ domains: args.domains diff --git a/lib/servers.js b/lib/servers.js index 1c2b7a1..fcae91f 100644 --- a/lib/servers.js +++ b/lib/servers.js @@ -25,7 +25,7 @@ module.exports.create = function (challenge) { , startServers: function (plainPorts, tlsPorts, opts) { opts = opts || {}; - var httpsOptions = require('localhost.daplie.com-certificates'); + var httpsOptions = opts.httpsOptions || require('localhost.daplie.com-certificates'); var https = require('https'); var http = require('http'); diff --git a/package.json b/package.json index f160371..d23dd87 100644 --- a/package.json +++ b/package.json @@ -37,6 +37,7 @@ "homedir": "^0.6.0", "le-acme-core": "^2.0.5", "le-challenge-manual": "^2.0.0", + "le-challenge-sni": "^2.0.0", "le-challenge-standalone": "^2.0.0", "le-store-certbot": "^2.0.2", "letsencrypt": "^2.1.2",