2016-04-22 18:13:50 +00:00
[](https://gitter.im/Daplie/letsencrypt-express?utm_source=badge& utm_medium=badge& utm_campaign=pr-badge& utm_content=badge)
2016-08-16 20:41:18 +00:00
| [letsencrypt (lib) ](https://github.com/Daplie/node-letsencrypt )
2016-04-22 18:20:43 +00:00
| [letsencrypt-cli ](https://github.com/Daplie/letsencrypt-cli )
| [letsencrypt-express ](https://github.com/Daplie/letsencrypt-express )
2016-08-16 20:41:18 +00:00
| [letsencrypt-cluster ](https://github.com/Daplie/letsencrypt-cluster )
2016-04-22 18:20:43 +00:00
| [letsencrypt-koa ](https://github.com/Daplie/letsencrypt-koa )
| **letsencrypt-hapi**
|
2016-04-19 04:29:03 +00:00
# letsencrypt-hapi
Free SSL and Automatic HTTPS for node.js with hapi.js and other middleware systems via Let's Encrypt
* Automatic Registration via SNI (`httpsOptions.SNICallback`)
* **registrations** require an **approval callback** in *production*
* Automatic Renewal (around 80 days)
* **renewals** are *fully automatic* and happen in the *background* , with **no downtime**
* Automatic vhost / virtual hosting
All you have to do is start the webserver and then visit it at it's domain name.
## Install
```
2016-08-16 20:41:18 +00:00
npm install --save letsencrypt-express@2.x
2016-04-19 04:29:03 +00:00
```
*Pay no attention to the man behind the curtain.* (just ignore that the name of the module is letsencrypt-express)
### Part 1: Configure LetsEncrypt
```javascript
'use strict';
2016-08-16 20:41:18 +00:00
var le = require('letsencrypt-express').create({
server: 'staging' // in production use https://acme-v01.api.letsencrypt.org/directory
, configDir: require('os').homedir() + '/letsencrypt/etc'
, approveDomains: function (opts, certs, cb) {
opts.domains = certs & & certs.altnames || opts.domains;
opts.email = 'john.doe@example.com' // CHANGE ME
opts.agreeTos = true;
cb(null, { options: opts, certs: certs });
2016-04-19 04:29:03 +00:00
}
2016-08-16 20:41:18 +00:00
, debug: true
2016-04-19 04:29:03 +00:00
});
```
2016-08-16 20:41:18 +00:00
WARNING: If you don't do any checks and simply complete `approveDomains` callback,
2016-04-19 04:29:03 +00:00
an attacker will spoof SNI packets with bad hostnames and that will cause you to be rate-limited
and/or blocked from the ACME server.
Alternatively, You can run registration *manually* :
```bash
npm install -g letsencrypt-cli
letsencrypt certonly --standalone \
2016-08-16 20:41:18 +00:00
--server 'https://acme-v01.api.letsencrypt.org/directory' \
2016-04-19 04:29:03 +00:00
--config-dir ~/letsencrypt/etc \
--agree-tos --domains example.com --email user@example.com
# Note: the '--webrootPath' option is also available if you don't want to shut down your webserver to get the cert.
```
### Part 2: Just add Hapi
```javascript
var hapi = require('hapi');
var https = require('spdy');
var server = new hapi.Server();
2016-08-16 20:41:18 +00:00
var acmeResponder = le.middleware();
var httpsServer = https.createServer(le.httpsOptions).listen(443);
2016-04-19 04:29:03 +00:00
server.connection({ listener: httpsServer, autoListen: false, tls: true });
server.route({
method: 'GET'
, path: '/.well-known/acme-challenge'
, handler: function (request, reply) {
var req = request.raw.req;
var res = request.raw.res;
reply.close(false);
acmeResponder(req, res);
}
});
server.route({
method: 'GET'
, path: '/'
, handler: function (request, reply) {
reply("Hello, I'm so Hapi!");
}
});
```
### Part 3: Redirect http to https
```javascript
var http = require('http');
2016-08-16 20:41:18 +00:00
var redirectHttps = require('redirect-https')();
2016-04-19 04:29:03 +00:00
2016-08-16 20:41:18 +00:00
http.createServer(le.middleware(redirectHttps)).listen(80, function () {
console.log('handle ACME http-01 challenge and redirect to https');
});
2016-04-19 04:29:03 +00:00
```
