added checklist for 'example doesn't work'

This commit is contained in:
AJ ONeal 2018-04-20 04:35:39 +00:00
parent 2aef5f838d
commit 06c9ec31b9
1 changed files with 33 additions and 9 deletions

View File

@ -51,29 +51,53 @@ Here's a completely working example that will get you started:
require('greenlock-express').create({ require('greenlock-express').create({
version: 'draft-11' // Let's Encrypt v2 // Let's Encrypt v2 is ACME draft 11
, server: 'https://acme-staging-v02.api.letsencrypt.org/directory' // staging version: 'draft-11'
//, server: 'https://acme-v02.api.letsencrypt.org/directory' // production
// You MUST change 'acme-staging-v02' to 'acme-v02' in production
, server: 'https://acme-staging-v02.api.letsencrypt.org/directory' // staging
// You MUST change this to a valid email address
, email: 'john.doe@example.com' , email: 'john.doe@example.com'
// You MUST NOT build clients that accept the ToS without asking the user
, agreeTos: true , agreeTos: true
, approveDomains: [ 'example.com' ] // You MUST change these to valid domains
// NOTE: all domains will validated and listed on the certificate
, approveDomains: [ 'example.com', 'www.example.com' ]
// You MUST have access to write to directory where certs are saved
// ex: /home/foouser/acme/etc
, configDir: require('path').join(require('os').homedir(), 'acme', 'etc')
, app: require('express')().use('/', function (req, res) { , app: require('express')().use('/', function (req, res) {
res.end('Hello, World!'); res.setHeader('Content-Type', 'text/html; charset=utf-8')
res.end('Hello, World!\n\n💚 🔒.js');
}) })
//, debug: true
}).listen(80, 443); }).listen(80, 443);
``` ```
Certificates will be stored in `~/acme`. ### What if the example didn't work?
**Important**: Double check each of the following:
You must set `server` to `https://acme-v02.api.letsencrypt.org/directory` **after** * Let's Encrypt **v2** uses `version: 'draft-11'`, but v1 uses `version: 'v01'`
you have tested that your setup works. * You MUST set `email` to a **valid address** with **valid MX** records (`dig MX example.com` for `'john@example.com'`)
* You MUST set `approveDomains` to domains with **valid DNS records** (test with `dig +trace A example.com; dig +trace www.example.com` for `[ 'example.com', 'www.example.com' ]`)
* You MUST have **write access** to `configDir` so that certs can be saved (test with `touch ~/acme/etc/tmp.tmp`)
* You MUST have **bind privileges** to ports 80 and 44 via `sudo` or [`setcap`](https://gist.github.com/firstdoit/6389682)
If you get a **red** lock instead of a green lock:
* You MUST change the `server` value **in production**. Just shorten the 'acme-staging-v02' part to 'acme-v02'
Other:
* You MUST NOT exceed the API [**usage limits**](https://letsencrypt.org/docs/staging-environment/) per domain, certificate, IP address, etc
Why You Must Use 'staging' First Why You Must Use 'staging' First
-------------------------------- --------------------------------