From f088d0326dbe948e5283ec656d4285a758876eab Mon Sep 17 00:00:00 2001 From: AJ ONeal Date: Tue, 2 Apr 2019 22:48:57 -0600 Subject: [PATCH] add wildcard example --- examples/wildcard.js | 67 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 67 insertions(+) create mode 100644 examples/wildcard.js diff --git a/examples/wildcard.js b/examples/wildcard.js new file mode 100644 index 0000000..119f00e --- /dev/null +++ b/examples/wildcard.js @@ -0,0 +1,67 @@ +#!/usr/bin/env node +'use strict'; +/*global Promise*/ + +/////////////////////// +// wildcard example // +////////////////////// + +// +// wildcard example +// + +//var glx = require('greenlock-express') +var glx = require('./').create({ + + version: 'draft-11' // Let's Encrypt v2 is ACME draft 11 + +, server: 'https://acme-staging-v02.api.letsencrypt.org/directory' +//, server: 'https://acme-v02.api.letsencrypt.org/directory' // If at first you don't succeed, stop and switch to staging + // https://acme-staging-v02.api.letsencrypt.org/directory + +, configDir: '~/acme/' // You MUST have access to write to directory where certs + // are saved. ex: /home/foouser/.config/acme + +, approveDomains: myApproveDomains // Greenlock's wraps around tls.SNICallback. Check the + // domain name here and reject invalid ones + +, app: require('./my-express-app.js') // Any node-style http app (i.e. express, koa, hapi, rill) + + /* CHANGE TO A VALID EMAIL */ +, email: 'jon.doe@example.com' // Email for Let's Encrypt account and Greenlock Security +, agreeTos: true // Accept Let's Encrypt ToS +, communityMember: true // Join Greenlock to (very rarely) get important updates + +//, debug: true +, store: require('le-store-fs') +}); + +var server = glx.listen(80, 443); +server.on('listening', function () { + console.info(server.type + " listening on", server.address()); +}); + +function myApproveDomains(opts) { + console.log('sni:', opts.domains[0]); + + // must be 'example.com' or start with 'example.com' + if ('example.com' !== opts.domains[0] + && 'example.com' !== opts.domains[0].split('.').slice(1).join('.')) { + return Promise.reject(new Error("we don't serve your kind here: " + opts.domains[0])); + } + + // the primary domain for the cert + opts.subject = 'example.com'; + // the altnames (including the primary) + opts.domains = [ opts.subject, '*.example.com' ]; + + if (!opts.challenges) { opts.challenges = {}; } + opts.challenges['http-01'] = require('le-challenge-fs').create({}); + opts.challenges['dns-01'] = require('le-challenge-dns').create({}); + + // explicitly set account id and certificate.id + opts.account = { id: opts.email }; + opts.certificate = { id: opts.subject }; + + return Promise.resolve(opts); +}