root
/
greenlock-express.js
mirror of https://github.com/therootcompany/greenlock-express.js.git
2
1
Fork 0
Code Issues 43 Releases Wiki Activity

Update README.md

This commit is contained in:
AJ ONeal 2016-08-17 09:25:07 -06:00 committed by GitHub
parent 103e4ae419
commit 505d4b02ce
1 changed files with 17 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
README.md
View File

@ -60,7 +60,7 @@ require('letsencrypt-express').create({
, agreeTos: true , agreeTos: true
, approvedDomains: [ 'example.com' ] , approveDomains: [ 'example.com' ]
, app: require('express')().use('/', function (req, res) { , app: require('express')().use('/', function (req, res) {
res.end('Hello, World!'); res.end('Hello, World!');
@ -76,12 +76,6 @@ Certificates will be stored in `~/letsencrypt`.
You must set `server` to `https://acme-v01.api.letsencrypt.org/directory` **after** You must set `server` to `https://acme-v01.api.letsencrypt.org/directory` **after**
you have tested that your setup works. you have tested that your setup works.
**Security Warning**:
If you don't do proper checks in `approveDomains(opts, certs, cb)`
an attacker will spoof SNI packets with bad hostnames and that will
cause you to be rate-limited and or blocked from the ACME server.
Why You Must Use 'staging' First Why You Must Use 'staging' First
-------------------------------- --------------------------------
@ -93,6 +87,12 @@ In order to avoid being blocked by hitting rate limits with bad requests,
you should always test against the `'staging'` server you should always test against the `'staging'` server
(`https://acme-staging.api.letsencrypt.org/directory`) first. (`https://acme-staging.api.letsencrypt.org/directory`) first.
Migrating from v1.x
===================
Whereas v1.x had a few hundred lines of code, v2.x is a single small file of about 50 lines.
Now All of the behavior has moved to the various plugins, which each have their own options, respectively.
Usage Usage
===== =====
@ -159,6 +159,13 @@ require('https').createServer(lex.httpsOptions, lex.middleware(app)).listen(443,
}); });
``` ```
**Security Warning**:
If you don't do proper checks in `approveDomains(opts, certs, cb)`
an attacker will spoof SNI packets with bad hostnames and that will
cause you to be rate-limited and or blocked from the ACME server.
API API
=== ===
@ -177,7 +184,8 @@ Brief overview of some simple options for `node-letsencrypt`:
* `opts.server` set to https://acme-v01.api.letsencrypt.org/directory in production * `opts.server` set to https://acme-v01.api.letsencrypt.org/directory in production
* `opts.email` The default email to use to accept agreements. * `opts.email` The default email to use to accept agreements.
* `opts.agreeTos` When set to `true`, this always accepts the LetsEncrypt TOS. When a string it checks the agreement url first. * `opts.agreeTos` When set to `true`, this always accepts the LetsEncrypt TOS. When a string it checks the agreement url first.
* `opts.approvedDomains` An explicit array of The allowed domains (can be used instead of `approveDomains`). * `opts.approveDomains` can be either of:
* `opts.approveDomains` A callback for checking your database before allowing a domain `function (opts, certs, cb) { }` * An explicit array of allowed domains such as `[ 'example.com', 'www.example.com' ]`
* A callback `function (opts, certs, cb) { cb(null, { options: opts, certs: certs }); }` for setting `email`, `agreeTos`, `domains`, etc (as shown in usage example above)
* `opts.renewWithin` is the **maximum** number of days (in ms) before expiration to renew a certificate. * `opts.renewWithin` is the **maximum** number of days (in ms) before expiration to renew a certificate.
* `opts.renewBy` is the **minimum** number of days (in ms) before expiration to renew a certificate. * `opts.renewBy` is the **minimum** number of days (in ms) before expiration to renew a certificate.