var accountKeypair = await Keypairs.generate({ kty: accKty }); if (config.debug) { console.info('Account Key Created'); console.info(JSON.stringify(accountKeypair, null, 2)); console.info(); console.info(); } var account = await acme.accounts.create({ agreeToTerms: agree, // TODO detect jwk/pem/der? accountKeypair: { privateKeyJwk: accountKeypair.private }, subscriberEmail: config.email }); // TODO top-level agree function agree(tos) { if (config.debug) { console.info('Agreeing to Terms of Service:'); console.info(tos); console.info(); console.info(); } agreed = true; return Promise.resolve(tos); } if (config.debug) { console.info('New Subscriber Account'); console.info(JSON.stringify(account, null, 2)); console.info(); console.info(); } if (!agreed) { throw new Error('Failed to ask the user to agree to terms'); } var certKeypair = await Keypairs.generate({ kty: srvKty }); var pem = await Keypairs.export({ jwk: certKeypair.private, encoding: 'pem' }); if (config.debug) { console.info('Server Key Created'); console.info('privkey.jwk.json'); console.info(JSON.stringify(certKeypair, null, 2)); // This should be saved as `privkey.pem` console.info(); console.info('privkey.' + srvKty.toLowerCase() + '.pem:'); console.info(pem); console.info(); } // 'subject' should be first in list var domains = randomDomains(rnd); if (config.debug) { console.info('Get certificates for random domains:'); console.info( domains .map(function(puny) { var uni = punycode.toUnicode(puny); if (puny !== uni) { return puny + ' (' + uni + ')'; } return puny; }) .join('\n') ); console.info(); } // Create CSR var csrDer = await CSR.csr({ jwk: certKeypair.private, domains: domains, encoding: 'der' }); var csr = Enc.bufToUrlBase64(csrDer); var csrPem = PEM.packBlock({ type: 'CERTIFICATE REQUEST', bytes: csrDer /* { jwk: jwk, domains: opts.domains } */ }); if (config.debug) { console.info('Certificate Signing Request'); console.info(csrPem); console.info(); } var results = await acme.certificates.create({ account: account, accountKeypair: { privateKeyJwk: accountKeypair.private }, csr: csr, domains: domains, challenges: challenges, // must be implemented customerEmail: null });