v2.6.7: more reasonable defaults

This commit is contained in:
AJ ONeal 2018-12-22 07:35:54 -07:00
parent 7e08b4c157
commit c45fcdf150
3 changed files with 29 additions and 39 deletions

View File

@ -154,39 +154,15 @@ Great when
//////////////////// ////////////////////
var greenlock = require('greenlock').create({ var greenlock = require('greenlock').create({
email: 'user@example.com' // IMPORTANT: Change email and domains
version: 'draft-12'
, server: 'https://acme-v02.api.letsencrypt.org/directory'
, configDir: '~/.config/acme'
, email: 'user@example.com' // IMPORTANT: Change email and domains
, agreeTos: true // Accept Let's Encrypt v2 Agreement , agreeTos: true // Accept Let's Encrypt v2 Agreement
, configDir: '~/.config/acme' // A writable folder (a non-fs plugin)
, communityMember: true // Get (rare) non-mandatory updates about cool greenlock-related stuff (default false) , communityMember: true // Get (rare) non-mandatory updates about cool greenlock-related stuff (default false)
, securityUpdates: true // Important and mandatory notices related to security or breaking API changes (default true) , securityUpdates: true // Important and mandatory notices related to security or breaking API changes (default true)
, approveDomains: approveDomains
}); });
``` ```
```js
/////////////////////
// APPROVE DOMAINS //
/////////////////////
function approveDomains(opts, certs, cb) {
// check for domains you want to receive certificates for
if ('example.com' === opts.domain) {
cb(null, { options: opts, certs: certs });
return;
}
// return error otherwise
cb(new Error("bad domain"));
}
```
```js ```js
//////////////////// ////////////////////
// CREATE SERVERS // // CREATE SERVERS //
@ -225,9 +201,13 @@ var greenlock = Greenlock.create({
version: 'draft-12' version: 'draft-12'
, server: 'https://acme-v02.api.letsencrypt.org/directory' , server: 'https://acme-v02.api.letsencrypt.org/directory'
// approve a growing list of domains // Use the approveDomains callback to set per-domain config
// (default: approve any domain that passes self-test of built-in challenges)
, approveDomains: approveDomains , approveDomains: approveDomains
// the default servername to use when the client doesn't specify
, servername: 'example.com'
// If you wish to replace the default account and domain key storage plugin // If you wish to replace the default account and domain key storage plugin
, store: require('le-store-certbot').create({ , store: require('le-store-certbot').create({
configDir: path.join(os.homedir(), 'acme/etc') configDir: path.join(os.homedir(), 'acme/etc')
@ -253,13 +233,10 @@ function approveDomains(opts, certs, cb) {
// The domains being approved for the first time are listed in opts.domains // The domains being approved for the first time are listed in opts.domains
// Certs being renewed are listed in certs.altnames // Certs being renewed are listed in certs.altnames
if (certs) { // certs.domains;
opts.domains = certs.altnames; // certs.altnames;
}
else {
opts.email = 'john.doe@example.com'; opts.email = 'john.doe@example.com';
opts.agreeTos = true; opts.agreeTos = true;
}
// NOTE: you can also change other options such as `challengeType` and `challenge` // NOTE: you can also change other options such as `challengeType` and `challenge`
// opts.challengeType = 'http-01'; // opts.challengeType = 'http-01';
@ -530,6 +507,9 @@ See https://git.coolaj86.com/coolaj86/le-challenge-fs.js
# Change History # Change History
* v2.6
* better defaults, fewer explicit options
* better pre-flight self-tests, explicit domains not required
* v2.5 * v2.5
* bugfix JWK (update rsa-compat) * bugfix JWK (update rsa-compat)
* eliminate all external non-optional dependencies * eliminate all external non-optional dependencies

View File

@ -142,6 +142,8 @@ Greenlock.create = function (gl) {
// BEGIN VERSION MADNESS // // BEGIN VERSION MADNESS //
/////////////////////////// ///////////////////////////
gl.version = gl.version || 'draft-11';
gl.server = gl.server || 'https://acme-v02.api.letsencrypt.org/directory';
if (!gl.version) { if (!gl.version) {
//console.warn("Please specify version: 'v01' (Let's Encrypt v1) or 'draft-12' (Let's Encrypt v2 / ACME draft 12)"); //console.warn("Please specify version: 'v01' (Let's Encrypt v1) or 'draft-12' (Let's Encrypt v2 / ACME draft 12)");
console.warn(""); console.warn("");
@ -378,7 +380,6 @@ Greenlock.create = function (gl) {
gl.approveDomains = null; gl.approveDomains = null;
} }
if (!gl.approveDomains) { if (!gl.approveDomains) {
gl.approvedDomains = gl.approvedDomains || [];
gl.approveDomains = function (lexOpts, certs, cb) { gl.approveDomains = function (lexOpts, certs, cb) {
var err; var err;
var emsg; var emsg;
@ -389,9 +390,18 @@ Greenlock.create = function (gl) {
if (!gl.agreeTos) { if (!gl.agreeTos) {
throw new Error("le-sni-auto is not properly configured. Missing agreeTos"); throw new Error("le-sni-auto is not properly configured. Missing agreeTos");
} }
if (!gl.approvedDomains.length) { if (!/[a-z]/i.test(lexOpts.domain)) {
throw new Error("le-sni-auto is not properly configured. Missing approveDomains(domain, certs, callback)"); cb(new Error("le-sni-auto does not allow IP addresses in SNI"));
return;
} }
if (!Array.isArray(gl.approvedDomains)) {
// The acme-v2 package uses pre-flight test challenges to
// verify that each requested domain is hosted by the server
// these checks are sufficient for most use cases
return cb(null, { options: lexOpts, certs: certs });
}
if (lexOpts.domains.every(function (domain) { if (lexOpts.domains.every(function (domain) {
return -1 !== gl.approvedDomains.indexOf(domain); return -1 !== gl.approvedDomains.indexOf(domain);
})) { })) {

View File

@ -1,6 +1,6 @@
{ {
"name": "greenlock", "name": "greenlock",
"version": "2.6.1", "version": "2.6.7",
"description": "Let's Encrypt for node.js on npm", "description": "Let's Encrypt for node.js on npm",
"main": "index.js", "main": "index.js",
"files": [ "files": [