diff --git a/bin/lex.js b/bin/lex.js index 913f06f..888ba3b 100755 --- a/bin/lex.js +++ b/bin/lex.js @@ -135,6 +135,7 @@ cli.main(function(_, options) { configure(le, data, function (err, configs) { if (err) { + console.error("[LEX/bin] configure"); console.error(err.stack); next(err); return; diff --git a/lib/sni-callback.js b/lib/sni-callback.js index 02eb07e..7aea857 100644 --- a/lib/sni-callback.js +++ b/lib/sni-callback.js @@ -18,6 +18,7 @@ module.exports.create = function (opts) { if (!opts.memorizeFor) { opts.memorizeFor = 1 * 24 * 60 * 60 * 1000; } if (!opts.approveRegistration) { opts.approveRegistration = function (hostname, cb) { cb(null, null); }; } + //opts.approveRegistration = function (hostname, cb) { cb(null, null); }; if (!opts.handleRenewFailure) { opts.handleRenewFailure = function (/*err, hostname, certInfo*/) {}; } function assignBestByDates(now, certInfo) { @@ -85,7 +86,7 @@ module.exports.create = function (opts) { certInfo.tlsContext = tls.createSecureContext({ key: certInfo.privkey || certInfo.key // privkey.pem , cert: certInfo.fullchain || certInfo.cert // fullchain.pem (cert.pem + '\n' + chain.pem) - }); + }); } catch(e) { console.warn("[Sanity Check Fail]: a weird object was passed back through le.fetch to lex.fetch"); console.warn("(either missing or malformed certInfo.key and / or certInfo.fullchain)"); @@ -129,6 +130,9 @@ module.exports.create = function (opts) { opts.letsencrypt.register(args, function (err, certInfo) { if (opts.debug) { console.debug("[LEX] '" + hostname + "' register completed", err && err.stack || null, certInfo); + if ((!err || !err.stack) && !certInfo) { + console.error((new Error("[LEX] SANITY FAIL: no error and yet no certs either")).stack); + } } cacheResult(err, hostname, certInfo, sniCb); @@ -186,7 +190,7 @@ module.exports.create = function (opts) { // See if it's old enough that // we should refresh it from disk // (in the background) - // + // // TODO once ECDSA is available, wait for cert renewal if its due (maybe?) if (certInfo.tlsContext) { cb(null, certInfo.tlsContext); diff --git a/lib/standalone.js b/lib/standalone.js index e8b7635..1fa2373 100644 --- a/lib/standalone.js +++ b/lib/standalone.js @@ -5,9 +5,7 @@ var challengeStore = require('./challenge-handlers'); var createSniCallback = require('./sni-callback').create; var LE = require('letsencrypt'); -function LEX(obj, app) { - var https = require('https'); - var http = require('http'); +function lexHelper(obj, app) { var defaultPems = require('localhost.daplie.com-certificates'); if (!obj) { @@ -76,33 +74,6 @@ function LEX(obj, app) { }); } - function acmeResponder(req, res) { - if (LEX.debug) { - console.debug('[LEX] ', req.method, req.headers.host, req.url); - } - var acmeChallengePrefix = '/.well-known/acme-challenge/'; - - if (0 !== req.url.indexOf(acmeChallengePrefix)) { - obj.onRequest(req, res); - return; - } - - var key = req.url.slice(acmeChallengePrefix.length); - - obj.getChallenge(obj, req.headers.host, key, function (err, val) { - if (LEX.debug) { - console.debug('[LEX] GET challenge, response:'); - console.debug('challenge:', key); - console.debug('response:', val); - if (err) { - console.debug(err.stack); - } - } - res.end(val || '_'); - }); - } - - var httpsOptions = obj.httpsOptions || {}; var sniCallback = httpsOptions.SNICallback; @@ -161,6 +132,48 @@ function LEX(obj, app) { httpsOptions.SNICallback = createSniCallback(obj); } + function createAcmeResponder(onRequest) { + + function httpAcmeResponder(req, res) { + if (LEX.debug) { + console.debug('[LEX] ', req.method, req.headers.host, req.url); + } + var acmeChallengePrefix = '/.well-known/acme-challenge/'; + + if (0 !== req.url.indexOf(acmeChallengePrefix)) { + onRequest(req, res); + return; + } + + var key = req.url.slice(acmeChallengePrefix.length); + + obj.getChallenge(obj, req.headers.host, key, function (err, val) { + if (LEX.debug) { + console.debug('[LEX] GET challenge, response:'); + console.debug('challenge:', key); + console.debug('response:', val); + if (err) { + console.debug(err.stack); + } + } + res.end(val || '_'); + }); + } + + return httpAcmeResponder; + } + + obj.httpAcmeResponder = createAcmeResponder(obj.onHttpRequest||obj.onRequest); + obj.httpsAcmeResponder = createAcmeResponder(obj.onHttpsRequest||obj.onRequest); + obj.httpsOptions = httpsOptions; + + return obj; +} + +function LEX(obj, app) { + var https = require('https'); + var http = require('http'); + function listen(plainPorts, tlsPorts, onListening) { if (plainPorts && (!Array.isArray(plainPorts) || !Array.isArray(tlsPorts))) { throw new Error(".listen() must be used with plain and tls port arrays, like this: `.listen([80], [443, 5001], function () {})`"); @@ -192,7 +205,7 @@ function LEX(obj, app) { plainPorts.forEach(function (addr) { var port = addr.port || addr; var address = addr.address || ''; - var server = http.createServer(acmeResponder); + var server = http.createServer(obj.httpAcmeResponder); server.__le_onListening = addr.onListen; server.__le_port = port; @@ -204,8 +217,8 @@ function LEX(obj, app) { tlsPorts.forEach(function (addr) { var port = addr.port || addr; var address = addr.address || ''; - var options = addr.httpsOptions || httpsOptions; - var server = https.createServer(options, acmeResponder); + var options = addr.httpsOptions || obj.httpsOptions; + var server = https.createServer(options, obj.httpsAcmeResponder); server.__le_onListen = addr.onListen; server.__le_port = port; @@ -228,9 +241,10 @@ function LEX(obj, app) { return results; } - return { - listen: listen - }; + obj = lexHelper(obj, app); + obj.listen = listen; + + return obj; } module.exports = LEX;