v3.1.0: support zones test, made prettier

Fixing messages

.prettierrc

@@ -0,0 +1,8 @@
+{
+  "bracketSpacing": true,
+  "printWidth": 80,
+  "singleQuote": true,
+  "tabWidth": 2,
+  "trailingComma": "none",
+  "useTabs": false
+}

LICENSE

@@ -1,21 +1,375 @@
-MIT License
+Copyright 2016-2019 AJ ONeal
 
-Copyright (c) 2016 Daplie, Inc
+Mozilla Public License Version 2.0
+==================================
 
-Permission is hereby granted, free of charge, to any person obtaining a copy
-of this software and associated documentation files (the "Software"), to deal
-in the Software without restriction, including without limitation the rights
-to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-copies of the Software, and to permit persons to whom the Software is
-furnished to do so, subject to the following conditions:
+1. Definitions
+--------------
 
-The above copyright notice and this permission notice shall be included in all
-copies or substantial portions of the Software.
+1.1. "Contributor"
+    means each individual or legal entity that creates, contributes to
+    the creation of, or owns Covered Software.
 
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
-SOFTWARE.
+1.2. "Contributor Version"
+    means the combination of the Contributions of others (if any) used
+    by a Contributor and that particular Contributor's Contribution.
+
+1.3. "Contribution"
+    means Covered Software of a particular Contributor.
+
+1.4. "Covered Software"
+    means Source Code Form to which the initial Contributor has attached
+    the notice in Exhibit A, the Executable Form of such Source Code
+    Form, and Modifications of such Source Code Form, in each case
+    including portions thereof.
+
+1.5. "Incompatible With Secondary Licenses"
+    means
+
+    (a) that the initial Contributor has attached the notice described
+        in Exhibit B to the Covered Software; or
+
+    (b) that the Covered Software was made available under the terms of
+        version 1.1 or earlier of the License, but not also under the
+        terms of a Secondary License.
+
+1.6. "Executable Form"
+    means any form of the work other than Source Code Form.
+
+1.7. "Larger Work"
+    means a work that combines Covered Software with other material, in
+    a separate file or files, that is not Covered Software.
+
+1.8. "License"
+    means this document.
+
+1.9. "Licensable"
+    means having the right to grant, to the maximum extent possible,
+    whether at the time of the initial grant or subsequently, any and
+    all of the rights conveyed by this License.
+
+1.10. "Modifications"
+    means any of the following:
+
+    (a) any file in Source Code Form that results from an addition to,
+        deletion from, or modification of the contents of Covered
+        Software; or
+
+    (b) any new file in Source Code Form that contains any Covered
+        Software.
+
+1.11. "Patent Claims" of a Contributor
+    means any patent claim(s), including without limitation, method,
+    process, and apparatus claims, in any patent Licensable by such
+    Contributor that would be infringed, but for the grant of the
+    License, by the making, using, selling, offering for sale, having
+    made, import, or transfer of either its Contributions or its
+    Contributor Version.
+
+1.12. "Secondary License"
+    means either the GNU General Public License, Version 2.0, the GNU
+    Lesser General Public License, Version 2.1, the GNU Affero General
+    Public License, Version 3.0, or any later versions of those
+    licenses.
+
+1.13. "Source Code Form"
+    means the form of the work preferred for making modifications.
+
+1.14. "You" (or "Your")
+    means an individual or a legal entity exercising rights under this
+    License. For legal entities, "You" includes any entity that
+    controls, is controlled by, or is under common control with You. For
+    purposes of this definition, "control" means (a) the power, direct
+    or indirect, to cause the direction or management of such entity,
+    whether by contract or otherwise, or (b) ownership of more than
+    fifty percent (50%) of the outstanding shares or beneficial
+    ownership of such entity.
+
+2. License Grants and Conditions
+--------------------------------
+
+2.1. Grants
+
+Each Contributor hereby grants You a world-wide, royalty-free,
+non-exclusive license:
+
+(a) under intellectual property rights (other than patent or trademark)
+    Licensable by such Contributor to use, reproduce, make available,
+    modify, display, perform, distribute, and otherwise exploit its
+    Contributions, either on an unmodified basis, with Modifications, or
+    as part of a Larger Work; and
+
+(b) under Patent Claims of such Contributor to make, use, sell, offer
+    for sale, have made, import, and otherwise transfer either its
+    Contributions or its Contributor Version.
+
+2.2. Effective Date
+
+The licenses granted in Section 2.1 with respect to any Contribution
+become effective for each Contribution on the date the Contributor first
+distributes such Contribution.
+
+2.3. Limitations on Grant Scope
+
+The licenses granted in this Section 2 are the only rights granted under
+this License. No additional rights or licenses will be implied from the
+distribution or licensing of Covered Software under this License.
+Notwithstanding Section 2.1(b) above, no patent license is granted by a
+Contributor:
+
+(a) for any code that a Contributor has removed from Covered Software;
+    or
+
+(b) for infringements caused by: (i) Your and any other third party's
+    modifications of Covered Software, or (ii) the combination of its
+    Contributions with other software (except as part of its Contributor
+    Version); or
+
+(c) under Patent Claims infringed by Covered Software in the absence of
+    its Contributions.
+
+This License does not grant any rights in the trademarks, service marks,
+or logos of any Contributor (except as may be necessary to comply with
+the notice requirements in Section 3.4).
+
+2.4. Subsequent Licenses
+
+No Contributor makes additional grants as a result of Your choice to
+distribute the Covered Software under a subsequent version of this
+License (see Section 10.2) or under the terms of a Secondary License (if
+permitted under the terms of Section 3.3).
+
+2.5. Representation
+
+Each Contributor represents that the Contributor believes its
+Contributions are its original creation(s) or it has sufficient rights
+to grant the rights to its Contributions conveyed by this License.
+
+2.6. Fair Use
+
+This License is not intended to limit any rights You have under
+applicable copyright doctrines of fair use, fair dealing, or other
+equivalents.
+
+2.7. Conditions
+
+Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted
+in Section 2.1.
+
+3. Responsibilities
+-------------------
+
+3.1. Distribution of Source Form
+
+All distribution of Covered Software in Source Code Form, including any
+Modifications that You create or to which You contribute, must be under
+the terms of this License. You must inform recipients that the Source
+Code Form of the Covered Software is governed by the terms of this
+License, and how they can obtain a copy of this License. You may not
+attempt to alter or restrict the recipients' rights in the Source Code
+Form.
+
+3.2. Distribution of Executable Form
+
+If You distribute Covered Software in Executable Form then:
+
+(a) such Covered Software must also be made available in Source Code
+    Form, as described in Section 3.1, and You must inform recipients of
+    the Executable Form how they can obtain a copy of such Source Code
+    Form by reasonable means in a timely manner, at a charge no more
+    than the cost of distribution to the recipient; and
+
+(b) You may distribute such Executable Form under the terms of this
+    License, or sublicense it under different terms, provided that the
+    license for the Executable Form does not attempt to limit or alter
+    the recipients' rights in the Source Code Form under this License.
+
+3.3. Distribution of a Larger Work
+
+You may create and distribute a Larger Work under terms of Your choice,
+provided that You also comply with the requirements of this License for
+the Covered Software. If the Larger Work is a combination of Covered
+Software with a work governed by one or more Secondary Licenses, and the
+Covered Software is not Incompatible With Secondary Licenses, this
+License permits You to additionally distribute such Covered Software
+under the terms of such Secondary License(s), so that the recipient of
+the Larger Work may, at their option, further distribute the Covered
+Software under the terms of either this License or such Secondary
+License(s).
+
+3.4. Notices
+
+You may not remove or alter the substance of any license notices
+(including copyright notices, patent notices, disclaimers of warranty,
+or limitations of liability) contained within the Source Code Form of
+the Covered Software, except that You may alter any license notices to
+the extent required to remedy known factual inaccuracies.
+
+3.5. Application of Additional Terms
+
+You may choose to offer, and to charge a fee for, warranty, support,
+indemnity or liability obligations to one or more recipients of Covered
+Software. However, You may do so only on Your own behalf, and not on
+behalf of any Contributor. You must make it absolutely clear that any
+such warranty, support, indemnity, or liability obligation is offered by
+You alone, and You hereby agree to indemnify every Contributor for any
+liability incurred by such Contributor as a result of warranty, support,
+indemnity or liability terms You offer. You may include additional
+disclaimers of warranty and limitations of liability specific to any
+jurisdiction.
+
+4. Inability to Comply Due to Statute or Regulation
+---------------------------------------------------
+
+If it is impossible for You to comply with any of the terms of this
+License with respect to some or all of the Covered Software due to
+statute, judicial order, or regulation then You must: (a) comply with
+the terms of this License to the maximum extent possible; and (b)
+describe the limitations and the code they affect. Such description must
+be placed in a text file included with all distributions of the Covered
+Software under this License. Except to the extent prohibited by statute
+or regulation, such description must be sufficiently detailed for a
+recipient of ordinary skill to be able to understand it.
+
+5. Termination
+--------------
+
+5.1. The rights granted under this License will terminate automatically
+if You fail to comply with any of its terms. However, if You become
+compliant, then the rights granted under this License from a particular
+Contributor are reinstated (a) provisionally, unless and until such
+Contributor explicitly and finally terminates Your grants, and (b) on an
+ongoing basis, if such Contributor fails to notify You of the
+non-compliance by some reasonable means prior to 60 days after You have
+come back into compliance. Moreover, Your grants from a particular
+Contributor are reinstated on an ongoing basis if such Contributor
+notifies You of the non-compliance by some reasonable means, this is the
+first time You have received notice of non-compliance with this License
+from such Contributor, and You become compliant prior to 30 days after
+Your receipt of the notice.
+
+5.2. If You initiate litigation against any entity by asserting a patent
+infringement claim (excluding declaratory judgment actions,
+counter-claims, and cross-claims) alleging that a Contributor Version
+directly or indirectly infringes any patent, then the rights granted to
+You by any and all Contributors for the Covered Software under Section
+2.1 of this License shall terminate.
+
+5.3. In the event of termination under Sections 5.1 or 5.2 above, all
+end user license agreements (excluding distributors and resellers) which
+have been validly granted by You or Your distributors under this License
+prior to termination shall survive termination.
+
+************************************************************************
+*                                                                      *
+*  6. Disclaimer of Warranty                                           *
+*  -------------------------                                           *
+*                                                                      *
+*  Covered Software is provided under this License on an "as is"       *
+*  basis, without warranty of any kind, either expressed, implied, or  *
+*  statutory, including, without limitation, warranties that the       *
+*  Covered Software is free of defects, merchantable, fit for a        *
+*  particular purpose or non-infringing. The entire risk as to the     *
+*  quality and performance of the Covered Software is with You.        *
+*  Should any Covered Software prove defective in any respect, You     *
+*  (not any Contributor) assume the cost of any necessary servicing,   *
+*  repair, or correction. This disclaimer of warranty constitutes an   *
+*  essential part of this License. No use of any Covered Software is   *
+*  authorized under this License except under this disclaimer.         *
+*                                                                      *
+************************************************************************
+
+************************************************************************
+*                                                                      *
+*  7. Limitation of Liability                                          *
+*  --------------------------                                          *
+*                                                                      *
+*  Under no circumstances and under no legal theory, whether tort      *
+*  (including negligence), contract, or otherwise, shall any           *
+*  Contributor, or anyone who distributes Covered Software as          *
+*  permitted above, be liable to You for any direct, indirect,         *
+*  special, incidental, or consequential damages of any character      *
+*  including, without limitation, damages for lost profits, loss of    *
+*  goodwill, work stoppage, computer failure or malfunction, or any    *
+*  and all other commercial damages or losses, even if such party      *
+*  shall have been informed of the possibility of such damages. This   *
+*  limitation of liability shall not apply to liability for death or   *
+*  personal injury resulting from such party's negligence to the       *
+*  extent applicable law prohibits such limitation. Some               *
+*  jurisdictions do not allow the exclusion or limitation of           *
+*  incidental or consequential damages, so this exclusion and          *
+*  limitation may not apply to You.                                    *
+*                                                                      *
+************************************************************************
+
+8. Litigation
+-------------
+
+Any litigation relating to this License may be brought only in the
+courts of a jurisdiction where the defendant maintains its principal
+place of business and such litigation shall be governed by laws of that
+jurisdiction, without reference to its conflict-of-law provisions.
+Nothing in this Section shall prevent a party's ability to bring
+cross-claims or counter-claims.
+
+9. Miscellaneous
+----------------
+
+This License represents the complete agreement concerning the subject
+matter hereof. If any provision of this License is held to be
+unenforceable, such provision shall be reformed only to the extent
+necessary to make it enforceable. Any law or regulation which provides
+that the language of a contract shall be construed against the drafter
+shall not be used to construe this License against a Contributor.
+
+10. Versions of the License
+---------------------------
+
+10.1. New Versions
+
+Mozilla Foundation is the license steward. Except as provided in Section
+10.3, no one other than the license steward has the right to modify or
+publish new versions of this License. Each version will be given a
+distinguishing version number.
+
+10.2. Effect of New Versions
+
+You may distribute the Covered Software under the terms of the version
+of the License under which You originally received the Covered Software,
+or under the terms of any subsequent version published by the license
+steward.
+
+10.3. Modified Versions
+
+If you create software not governed by this License, and you want to
+create a new license for such software, you may create and use a
+modified version of this License if you rename the license and remove
+any references to the name of the license steward (except to note that
+such modified license differs from this License).
+
+10.4. Distributing Source Code Form that is Incompatible With Secondary
+Licenses
+
+If You choose to distribute Source Code Form that is Incompatible With
+Secondary Licenses under the terms of this version of the License, the
+notice described in Exhibit B of this License must be attached.
+
+Exhibit A - Source Code Form License Notice
+-------------------------------------------
+
+  This Source Code Form is subject to the terms of the Mozilla Public
+  License, v. 2.0. If a copy of the MPL was not distributed with this
+  file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+If it is not possible or desirable to put the notice in a particular
+file, then You may include the notice in a location (such as a LICENSE
+file in a relevant directory) where a recipient would be likely to look
+for such a notice.
+
+You may add additional accurate notices of copyright ownership.
+
+Exhibit B - "Incompatible With Secondary Licenses" Notice
+---------------------------------------------------------
+
+  This Source Code Form is "Incompatible With Secondary Licenses", as
+  defined by the Mozilla Public License, v. 2.0.

README.md

@@ -1,76 +1,131 @@
-[![Join the chat at https://gitter.im/Daplie/letsencrypt-express](https://badges.gitter.im/Daplie/letsencrypt-express.svg)](https://gitter.im/Daplie/letsencrypt-express?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge)
+# [acme-dns-01-cli](https://git.rootprojects.org/root/acme-dns-01-cli.js) | a [Root](https://rootprojects.org) project
 
-| [letsencrypt](https://github.com/Daplie/node-letsencrypt) (library)
-| [letsencrypt-cli](https://github.com/Daplie/letsencrypt-cli)
-| [letsencrypt-express](https://github.com/Daplie/letsencrypt-express)
-| [letsencrypt-koa](https://github.com/Daplie/letsencrypt-koa)
-| [letsencrypt-hapi](https://github.com/Daplie/letsencrypt-hapi)
-|
+An extremely simple reference implementation
+of an ACME (Let's Encrypt) dns-01 challenge strategy.
 
-le-challenge-dns
-================
-
-A dns-based strategy for node-letsencrypt for setting, retrieving,
-and clearing ACME DNS-01 challenges issued by the ACME server
-
-It creates a subdomain record for `_acme-challenge` wich `challenge`
-to be tested by the ACME server.
+This generic implementation can be adapted to work with any node.js ACME client,
+although it was built for [Greenlock](https://git.rootprojects.org/root/greenlock-express.js)
+and [ACME.js](https://git.rootprojects.org/root/acme-v2.js).
 
 ```
 _acme-challenge.example.com   TXT   xxxxxxxxxxxxxxxx    TTL 60
 ```
 
-* Safe to use with node cluster
-* Safe to use with ephemeral services (Heroku, Joyent, etc)
+- Prints the ACME challenge DNS Host and DNS Key Authorization Digest to the terminal
+  - (waits for you to hit enter before continuing)
+- Let's you know when the challenge as succeeded or failed, and is safe to remove.
 
-Install
--------
+Other ACME Challenge Reference Implementations:
+
+- [acme-http-01-cli](https://git.rootprojects.org/root/acme-http-01-cli.js.git)
+- [acme-http-01-fs](https://git.rootprojects.org/root/acme-http-01-webroot.js.git)
+- [**acme-dns-01-cli**](https://git.rootprojects.org/root/acme-dns-01-cli.js.git)
+
+## Install
 
 ```bash
-npm install --save le-challenge-dns@2.x
+npm install --save acme-dns-01-cli@3.x
 ```
 
-Usage
------
+If you have `greenlock@v2.6` or lower, you'll need the old `le-challenge-dns@2.x` instead.
 
-```bash
-var leChallengeDns = require('le-challenge-dns').create({
-  email: 'john.doe@example.com'
-, refreshToken: '...'
-, ttl: 60
+## Usage
 
-, debug: false
-});
+```js
+var Greenlock = require('greenlock');
 
-var LE = require('letsencrypt');
-
-LE.create({
-  server: LE.stagingServerUrl                               // Change to LE.productionServerUrl in production
-, challengeType: 'dns-01'
-, challenges: {
-    'dns-01': leChallengeDns
+Greenlock.create({
+  challenges: {
+    'http-01': require('acme-http-01-fs'),
+    'dns-01': require('acme-dns-01-cli').create({ debug: true }),
+    'tls-alpn-01': require('acme-tls-alpn-01-cli')
   }
-, approvedDomains: [ 'example.com' ]
+  // ...
 });
 ```
 
+You can also switch between different implementations by
+overwriting the default with the one that you want in `approveDomains()`:
+
+```js
+function approveDomains(opts) {
+  // ...
+  if (!opts.challenges) { opts.challenges = {}; }
+  opts.challenges['dns-01'] = acmeDns01Cli;
+
+  return Promise.resolve({ ... });
+}
+```
+
 NOTE: If you request a certificate with 6 domains listed,
 it will require 6 individual challenges.
 
-Exposed Methods
----------------
+## Exposed (Promise) Methods
 
 For ACME Challenge:
 
-* `set(opts, domain, challange, keyAuthorization, done)`
-* `get(defaults, domain, challenge, done)`
-* `remove(defaults, domain, challenge, done)`
+- `set(opts)`
+- `remove(opts)`
 
-Note: `get()` is a no-op for `dns-01` and although `dns-01` does not use `keyAuthorization`,
-it must be passed in as `null` to keep the correct method signature.
+The `dns-01` strategy supports wildcards (whereas `http-01` does not).
 
-For node-letsencrypt internals:
+The options object has whatever options were set in `approveDomains()`
+as well as the `challenge`, which looks like this:
 
-* `getOptions()` returns the internal defaults merged with the user-supplied options
-* `loopback(defaults, domain, challange, keyAuthorization, done)` should test, by external means, that the ACME server's challenge server will succeed
-* `test(opts, domain, challange, keyAuthorization, done)` runs set, loopback, remove, loopback
+```json
+{
+  "challenge": {
+    "identifier": { "type": "dns", "value": "example.com" },
+    "wildcard": true,
+    "altname": "*.example.com",
+    "type": "dns-01",
+    "token": "xxxxxx",
+    "keyAuthorization": "xxxxxx.abc123",
+    "dnsHost": "_acme-challenge.example.com",
+    "dnsAuthorization": "xyz567",
+    "expires": "1970-01-01T00:00:00Z"
+  }
+}
+```
+
+For greenlock.js internals:
+
+- `options` stores the internal defaults merged with the user-supplied options
+
+Optional:
+
+- `get(limitedOpts)`
+
+Note: Typically there wouldn't be a `get()` for DNS because the NameServer (not Greenlock) answers the requests.
+It could be used for testing implementations, but that's about it.
+(though I suppose you could implement it if you happen to run your DNS and webserver together... kinda weird though)
+
+If there were an implementation of Greenlock integrated directly into
+a NameServer (which currently there is not), it would probably look like this:
+
+```json
+{
+  "challenge": {
+    "type": "dns-01",
+    "identifier": { "type": "dns", "value": "example.com" },
+    "token": "abc123",
+    "dnsHost": "_acme-challenge.example.com"
+  }
+}
+```
+
+# Legal & Rules of the Road
+
+Greenlock™ and Bluecrypt™ are [trademarks](https://rootprojects.org/legal/#trademark) of AJ ONeal
+
+The rule of thumb is "attribute, but don't confuse". For example:
+
+> Built with [Greenlock](https://git.rootprojects.org/root/greenlock.js) (a [Root](https://rootprojects.org) project).
+
+Please [contact us](mailto:aj@therootcompany.com) if you have any questions in regards to our trademark,
+attribution, and/or visible source policies. We want to build great software and a great community.
+
+[Greenlock™](https://git.rootprojects.org/root/greenlock.js) |
+MPL-2.0 |
+[Terms of Use](https://therootcompany.com/legal/#terms) |
+[Privacy Policy](https://therootcompany.com/legal/#privacy)

index.js

@@ -1,200 +1,223 @@
 'use strict';
-
-// See https://tools.ietf.org/html/draft-ietf-acme-acme-01
-// also https://gitlab.com/pushrocks/cert/blob/master/ts/cert.hook.ts
-
-var PromiseA = require('bluebird');
-var dns = PromiseA.promisifyAll(require('dns'));
-var DDNS = require('ddns-cli');
-
-//var count = 0;
-var defaults = {
-  oauth3: 'oauth3.org'
-, debug: false
-, acmeChallengeDns: '_acme-challenge.' // _acme-challenge.example.com TXT xxxxxxxxxxxxxxxx
-, memstoreConfig: {
-    name: 'le-dns'
-  }
-};
-
+/*global Promise*/
 var Challenge = module.exports;
 
-Challenge.create = function (options) {
-  // count += 1;
-  var store = require('cluster-store');
-  var results = {};
+// If your implementation needs config options, set them. Otherwise, don't bother (duh).
+Challenge.create = function(config) {
+  var challenger = {};
 
-  Object.keys(Challenge).forEach(function (key) {
-    results[key] = Challenge[key];
-  });
-  results.create = undefined;
+  // Note: normally you'd these right in the method body, but for the sake of
+  // "Table of Contents"-style documentation, I've pulled them out.
 
-  Object.keys(defaults).forEach(function (key) {
-    if (!(key in options)) {
-      options[key] = defaults[key];
-    }
-  });
-  results._options = options;
+  // Note: All of these methods can be synchronous, async, Promise, and callback-style
+  // (the calling functions check function.length and then Promisify accordingly)
 
-  results.getOptions = function () {
-    return results._options;
+  // Fetches an array of zone name strings
+  challenger.zones = function(opts, cb) {
+    return Challenge._getZones(opts, cb);
   };
 
-  // TODO fix race condition at startup
-  results._memstore = options.memstore;
+  // Called when it's time to set the challenge
+  challenger.set = function(opts, cb) {
+    return Challenge._setDns(opts, cb);
+  };
 
-  if (!results._memstore) {
-    store.create(options.memstoreConfig).then(function (store) {
-      // same api as new sqlite3.Database(options.filename)
+  // Called when it's time to remove the challenge
+  challenger.remove = function(opts, cb) {
+    return Challenge._removeDns(opts, cb);
+  };
 
-      results._memstore = store;
+  // Optional (only really useful for http and testing)
+  // Called when the challenge needs to be retrieved
+  challenger.get = function(opts) {
+    return Challenge._getDns(opts);
+  };
 
-      // app.use(expressSession({ secret: 'keyboard cat', store: store }));
-    });
+  // Whatever you assign to 'options' will be merged into the incoming 'opts' beforehand
+  // (for convenience, so you don't have to do the if (!x) { x = y; } dance)
+  // (also, some defaults are layered, so it's good to set it any that you have)
+  challenger.options = { debug: config.debug };
+
+  return challenger;
+};
+
+// Show the user the token and key and wait for them to be ready to continue
+Challenge._getZones = function(args, cb) {
+  // if you need per-run / per-domain options set them in approveDomains() and they'll be on 'args' here.
+  if (!Array.isArray(args.dnsHosts)) {
+    console.error(
+      'You must be using Greenlock v2.7+ to use acme-dns-01-cli v3+'
+    );
+    process.exit();
+  }
+  console.info();
+  console.info('############################');
+  console.info('# Step 1: Get Domain Zones #');
+  console.info('############################');
+  console.info();
+  console.info(
+    'Enter a comma or space delimited list of domain zones to which the following domain records belong.'
+  );
+  console.info();
+  console.info(
+    'Example:' +
+      '\n\tDOMAIN RECORD\t=>\tDOMAIN ZONE' +
+      '\n\texample.com\t=>\texample.com' +
+      '\n\tfoo.example.com\t=>\texample.com' +
+      '\n\tbar.example.com\t=>\texample.com' +
+      '\n\texample.co.uk\t=>\texample.co.uk' +
+      '\n\nYou would enter: example.com, example.co.uk'
+  );
+  console.info();
+  console.info('Domain RECORDS: ', args.dnsHosts.join(', '));
+  process.stdout.write('Domain ZONE list: ');
+  process.stdin.resume();
+  process.stdin.once('data', function(chunk) {
+    process.stdin.pause();
+    var zones = chunk
+      .toString('utf8')
+      .trim()
+      .split(/[,\s]+/);
+    console.info('Got Domain Zones:', zones);
+    setTimeout(function() {
+      cb(null, zones);
+    }, 1000);
+  });
+};
+
+// Show the user the token and key and wait for them to be ready to continue
+Challenge._setDns = function(args, cb) {
+  // if you need per-run / per-domain options set them in approveDomains() and they'll be on 'args' here.
+  if (!args.challenge) {
+    console.error(
+      'You must be using Greenlock v2.7+ to use acme-dns-01-cli v3+'
+    );
+    process.exit();
+  }
+  var ch = args.challenge;
+
+  console.info('\n\n\n\n\n');
+  console.info('#################################');
+  console.info('# Step 2: Set Domain TXT Record #');
+  console.info('#################################');
+  console.info('');
+  console.info("[ACME dns-01 '" + ch.altname + "' CHALLENGE]");
+  console.info("You're about to receive the following DNS query:");
+  console.info('');
+  console.info(
+    '\tTXT\t' + ch.dnsHost + '\t' + ch.dnsAuthorization + '\tTTL 60'
+  );
+  console.info('');
+  if (ch.debug) {
+    console.info('Debug Info:');
+    console.info('');
+    console.info(
+      JSON.stringify(dnsChallengeToJson(ch), null, '  ').replace(/^/gm, '\t')
+    );
+    console.info('');
+  }
+  console.info(
+    'Go set that DNS record, wait a few seconds for it to propagate, and then continue when ready'
+  );
+  console.info('[Press the ANY key to continue...]');
+  process.stdin.resume();
+  process.stdin.once('data', function() {
+    process.stdin.pause();
+    setTimeout(function() {
+      cb(null, null);
+    }, 1000);
+  });
+};
+
+// might as well tell the user that whatever they were setting up has been checked
+Challenge._removeDns = function(args, cb) {
+  var ch = args.challenge;
+  console.info('\n\n\n\n\n');
+  console.info('####################################');
+  console.info('# Step 4: Remove Domain TXT Record #');
+  console.info('####################################');
+  console.info('');
+  console.info("[ACME dns-01 '" + ch.altname + "' COMPLETE]: " + ch.status);
+  console.info(
+    'Challenge complete. You may now remove the DNS-01 challenge record:'
+  );
+  console.info('');
+  console.info('\tTXT\t' + ch.altname + '\t' + ch.dnsAuthorization);
+  console.info('');
+  console.info('NOTE: the next get should be EMPTY');
+  console.info('');
+
+  setTimeout(function() {
+    cb(null, null);
+  }, 1000);
+};
+
+// This is implemented here for completeness (and perhaps some possible use in testing),
+// but it's not something you would implement because the Greenlock server isn't the NameServer.
+Challenge._getDns = function(args) {
+  var ch = args.challenge;
+  // because the way to mock a DNS challenge is weird
+  var altname = ch.altname || ch.dnsHost || ch.identifier.value;
+  var dnsHost = ch.dnsHost || ch.identifier.value;
+
+  if (ch._test || !Challenge._getCache[ch.token]) {
+    console.info('\n\n\n\n\n');
+    console.info('#################################');
+    console.info('# Step 3: Get Domain TXT Record #');
+    console.info('#################################');
+    Challenge._getCache[ch.token] = true;
+    console.info('');
+    console.info(
+      '[ACME ' + ch.type + " '" + altname + "' REQUEST]: " + ch.status
+    );
+    console.info("The '" + ch.type + "' challenge request has arrived!");
+    console.info('dig TXT ' + dnsHost);
+    console.info(
+      '(paste in the "DNS Authorization" you received a moment ago to respond)'
+    );
+    process.stdout.write('> ');
   }
 
-  return results;
-};
+  return new Promise(function(resolve, reject) {
+    process.stdin.resume();
+    process.stdin.once('error', reject);
+    process.stdin.once('data', function(chunk) {
+      process.stdin.pause();
 
-//
-// NOTE: the "args" here in `set()` are NOT accessible to `get()` and `remove()`
-// They are provided so that you can store them in an implementation-specific way
-// if you need access to them.
-//
-Challenge.set = function (args, domain, challenge, keyAuthorization, done) {
-  var me = this;
-  // TODO use base64url module
-  var keyAuthDigest = require('crypto').createHash('sha256').update(keyAuthorization||'').digest('base64')
-    .replace(/\+/g, '-')
-    .replace(/\//g, '_')
-    .replace(/=+$/g, '')
-    ;
-
-  if (!challenge || !keyAuthorization) {
-    console.warn("SANITY FAIL: missing challenge or keyAuthorization", domain, challenge, keyAuthorization);
-  }
-
-  return me._memstore.set(domain, {
-    email: args.email
-  , refreshToken: args.refreshToken
-  , keyAuthDigest: keyAuthDigest
-  }, function (err) {
-    if (err) { done(err); return; }
-
-    var challengeDomain = (args.test || '') + args.acmeChallengeDns + domain;
-    var update = {
-      email: args.email
-    , refreshToken: args.refreshToken
-    , silent: true
-
-    , name: challengeDomain
-    , type: "TXT"
-    , value: keyAuthDigest || challenge
-    , ttl: args.ttl || 0
-    };
-
-    return DDNS.update(update, {
-      //debug: true
-    }).then(function () {
-      if (args.debug) {
-        console.log("Test DNS Record:");
-        console.log("dig TXT +noall +answer @ns1.redirect-www.org '" + challengeDomain + "' # " + challenge);
+      var result = chunk.toString('utf8').trim();
+      try {
+        result = JSON.parse(result);
+      } catch (e) {
+        args.challenge.dnsAuthorization = result;
+        result = args.challenge;
       }
-      done(null, keyAuthDigest);
-    }, function (err) {
-      console.error(err);
-      done(err);
-      return PromiseA.reject(err);
-    });
-  });
-};
-
-
-//
-// NOTE: the "defaults" here are still merged and templated, just like "args" would be,
-// but if you specifically need "args" you must retrieve them from some storage mechanism
-// based on domain and key
-//
-Challenge.get = function (defaults, domain, challenge, done) {
-  done = null; // nix linter error for unused vars
-  throw new Error("Challenge.get() does not need an implementation for dns-01. (did you mean Challenge.loopback?)");
-};
-
-Challenge.remove = function (defaults, domain, challenge, done) {
-  var me = this;
-
-  return me._memstore.get(domain, function (err, data) {
-    if (err) { done(err); return; }
-    if (!data) {
-      console.warn("[warning] could not remove '" + domain + "': already removed");
-      done(null);
-      return;
-    }
-
-    var challengeDomain = (defaults.test || '') + defaults.acmeChallengeDns + domain;
-
-    return DDNS.update({
-      email: data.email
-    , refreshToken: data.refreshToken
-    , silent: true
-
-    , name: challengeDomain
-    , type: "TXT"
-    , value: data.keyAuthDigest || challenge
-    , ttl: defaults.ttl || 0
-
-    , remove: true
-    }, {
-      //debug: true
-    }).then(function () {
-
-      done(null);
-    }, done).then(function () {
-      me._memstore.destroy(domain);
-    });
-  });
-};
-
-// same as get, but external
-Challenge.loopback = function (defaults, domain, challenge, done) {
-  var challengeDomain = (defaults.test || '') + defaults.acmeChallengeDns + domain;
-  dns.resolveTxtAsync(challengeDomain).then(function (x) { done(null, x); }, done);
-};
-
-Challenge.test = function (args, domain, challenge, keyAuthorization, done) {
-  var me = this;
-
-  args.test = args.test || '_test.';
-  defaults.test = args.test;
-
-  me.set(args, domain, challenge, keyAuthorization || challenge, function (err, k) {
-    if (err) { done(err); return; }
-
-    me.loopback(defaults, domain, challenge, function (err, arr) {
-      if (err) { done(err); return; }
-
-      if (!arr.some(function (a) {
-        return a.some(function (keyAuthDigest) {
-          return keyAuthDigest === k;
-        });
-      })) {
-        err = new Error("txt record '" + challenge + "' doesn't match '" + k + "'");
+      if (result.dnsAuthorization) {
+        setTimeout(function() {
+          resolve(result);
+        }, 1000);
+        return;
       }
 
-      me.remove(defaults, domain, challenge, function (_err) {
-        if (_err) { done(_err); return; }
-
-        // TODO needs to use native-dns so that specific nameservers can be used
-        // (otherwise the cache will still have the old answer)
-        done(err || null);
-        /*
-        me.loopback(defaults, domain, challenge, function (err) {
-          if (err) { done(err); return; }
-
-          done();
-        });
-        */
-      });
+      // The return value will checked. It must not be 'undefined'.
+      setTimeout(function() {
+        resolve(null);
+      }, 1000);
     });
   });
 };
+Challenge._getCache = {};
+
+function dnsChallengeToJson(ch) {
+  return {
+    type: ch.type,
+    altname: ch.altname,
+    identifier: ch.identifier,
+    wildcard: ch.wildcard,
+    expires: ch.expires,
+    token: ch.token,
+    thumbprint: ch.thumbprint,
+    keyAuthorization: ch.keyAuthorization,
+    dnsHost: ch.dnsHost,
+    dnsAuthorization: ch.dnsAuthorization
+  };
+}

moz_test.js

@@ -0,0 +1,102 @@
+// This Source Code Form is subject to the terms of the Mozilla Public
+// License, v. 2.0. If a copy of the MPL was not distributed with this
+// file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+'use strict';
+
+var le;
+var fetch = require('node-fetch');
+var LE = require('greenlock');
+var leChallengeDns = require('./index.js').create({ debug: false })
+// Storage Backend
+var leStore = require('le-store-certbot').create({
+  configDir: '~/letsencrypt/etc'   // or /etc/letsencrypt or wherever
+, debug: true
+, logsDir: '~/letsencrypt/var/log'
+});
+
+function leAgree(opts, agreeCb) {
+  // opts = { email, domains, tosUrl }
+  agreeCb(null, opts.tosUrl);
+}
+
+let subdomain = String(Math.random()).replace('.','');
+
+le = LE.create({
+  server: LE.productionServerUrl                               // Change to LE.productionServerUrl in production
+, challengeType: 'dns-01'
+, challenges: {
+    'dns-01': leChallengeDns
+  }
+, approveDomains: [  subdomain + '.box.knilxof.org' ]
+, agreeToTerms: leAgree                                   // hook to allow user to view and accept LE TOS
+, debug: true
+, store: leStore
+});
+
+
+
+// Check in-memory cache of certificates for the named domain
+le.check({ domains: [ subdomain + '.box.knilxof.org' ] }).then(function (results) {
+
+    if (results) {
+        // we already have certificates
+        return;
+    }
+
+    let token;
+    let challenge;
+
+    // promise to be called when LE has the dns challenge ready for us
+    leChallengeDns.leDnsResponse = function(challenge, keyAuthorization, keyAuthDigest, challengeDomain, domain){
+
+        console.info("");
+        console.info("Challenge for '" + domain + "'");
+        console.info("");
+        console.info("We now present (for you copy-and-paste pleasure) your ACME Challenge");
+        console.info("public Challenge and secret KeyAuthorization and Digest, in that order, respectively:");
+        console.info(challenge);
+        console.info(keyAuthorization);
+        console.info(keyAuthDigest);
+        console.info("");
+        console.info(challengeDomain + "\tTXT " + keyAuthDigest + "\tTTL 60");
+        console.info("");
+        console.info(JSON.stringify({
+          domain: domain
+        , challenge: challenge
+        , keyAuthorization: keyAuthorization
+        , keyAuthDigest: keyAuthDigest
+        }, null, '  ').replace(/^/gm, '\t'));
+        console.info("");
+
+        return new Promise((resolve, reject) => {
+            // ok now that we have a challenge, we call our gateway to setup the TXT record
+            fetch('http://knilxof.org//dnsconfig?token=' + token + '&challenge=' + keyAuthDigest)
+            .then(function(res) { return res.text(); }).then(function(body) {
+                console.log(body);
+                resolve("Success!");
+            });
+        });
+    }
+
+    fetch('http://knilxof.org/subscribe?name=' + subdomain)
+        .then(function (res) { return res.text(); })
+        .then(function (body) {
+        const jsonBody = JSON.parse(body);
+        token = jsonBody.token;
+        // Register Let's Encrypt
+        le.register({
+            domains: [subdomain + '.box.knilxof.org']                           // CHANGE TO YOUR DOMAIN (list for SANS)
+            , email: 'john.doe@example.com'                                    // CHANGE TO YOUR EMAIL
+            , agreeTos: true                                              // set to tosUrl string (or true) to pre-approve (and skip agreeToTerms)
+            , rsaKeySize: 2048                                           // 2048 or higher
+            , challengeType: 'dns-01'                                   // http-01, tls-sni-01, or dns-01
+        }).then(function (results) {
+            console.log('success');
+        }, function (err) {
+            console.error('[Error]: node-greenlock/examples/standalone');
+            console.error(err.stack);
+        });
+    });
+});
+

package-lock.json

@@ -0,0 +1,5 @@
+{
+  "name": "le-challenge-dns",
+  "version": "3.0.3",
+  "lockfileVersion": 1
+}

package.json

@@ -1,38 +1,36 @@
 {
-  "name": "le-challenge-dns",
-  "version": "2.0.2",
-  "description": "A dns-based strategy for node-letsencrypt for setting, retrieving, and clearing ACME DNS-01 challenges issued by the ACME server",
+  "name": "acme-dns-01-cli",
+  "version": "3.1.0",
+  "description": "A manual (interactive CLI) dns-based strategy for Greenlock / Let's Encrypt / ACME DNS-01 challenges",
+  "homepage": "https://greenlock.domains/",
   "main": "index.js",
+  "files": [],
   "scripts": {
     "test": "node test.js"
   },
   "repository": {
     "type": "git",
-    "url": "git+https://github.com/Daplie/le-challenge-dns.git"
+    "url": "https://git.rootprojects.org/root/acme-dns-01-cli.js.git"
   },
   "keywords": [
-    "le",
-    "letsencrypt",
-    "le-challenge",
-    "le-challenge-",
-    "le-challenge-dns",
-    "acme",
-    "challenge",
+    "Let's Encrypt",
+    "Greenlock",
+    "ACME",
+    "dns-01",
+    "wildcard",
+    "wildcards",
+    "manual",
+    "cli",
     "dns",
-    "cluster",
-    "ephemeral"
+    "challenge"
   ],
-  "author": "AJ ONeal <coolaj86@gmail.com> (https://coolaj86.com/)",
-  "license": "(MIT OR Apache-2.0)",
+  "author": "AJ ONeal <solderjs@gmail.com> (https://solderjs.com/)",
+  "license": "MPL-2.0",
   "bugs": {
-    "url": "https://github.com/Daplie/le-challenge-dns/issues"
+    "url": "https://git.rootprojects.org/root/acme-dns-01-cli.js/issues"
   },
-  "homepage": "https://github.com/Daplie/le-challenge-dns#readme",
-  "dependencies": {
-    "cluster-store": "^2.0.4",
-    "daplie-dns": "git+https://github.com/Daplie/daplie-cli-dns.git#master",
-    "daplie-domains": "git+https://github.com/Daplie/daplie-cli-domains.git#master",
-    "ddns-cli": "git+https://github.com/Daplie/node-ddns-client.git#master",
-    "oauth3-cli": "git+https://github.com/OAuth3/oauth3-cli.git#master"
+  "dependencies": {},
+  "devDependencies": {
+    "acme-dns-01-test": "^3.1.0"
   }
 }

test.js

@@ -1,24 +1,22 @@
 'use strict';
 
-var leChallengeDns = require('./').create({
+var tester = require('acme-dns-01-test');
 
-  test: '_test_01'
-, email: 'test@daplie.com'
-, refreshToken: 'eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJqdGkiOiJjY2VmMjNlMGNjYWE1MDRlNDY0ZGEwZWQ4YTI3NmRjNSIsImlhdCI6MTQ3MzI3NTQwOSwiaXNzIjoib2F1dGgzLm9yZyIsImF1ZCI6Im9hdXRoMy5vcmciLCJhenAiOiJvYXV0aDMub3JnIiwic3ViIjoiIiwia2lkIjoib2F1dGgzLm9yZyIsInNjcCI6IiIsImFzIjoibG9naW4iLCJncnQiOiJwYXNzd29yZCIsInNydiI6ZmFsc2UsImsiOiJvYXV0aDMub3JnIiwiYXBwIjoib2F1dGgzLm9yZyIsImF4cyI6W10sInVzciI6IjFlMzAxOTBjZGJiMWM4Yjg4MmJiNTg0OTQ1OGNlZWEzYTk1NTI4ZjIiLCJhY3MiOltdLCJpZHgiOiJxTFNOVHYwTG11YkFnSTc4eEo3d2FlOHVNc1FORFhWVDFsVWRGdHdVbHNpN1hiRnY3OTFVSFlhNE81RkNaeGtDIiwicmVmcmVzaCI6dHJ1ZX0.q2AgyzclADm8LBIbkazbr9Ji_6lj0dS-OhOwHBKimbc6gNlJUpSAlUEKMhEPswYkIIw9oIzOdf2-13FRpk6ZSa7NxRcZ37B6TBMpVzmHojnyXa025uht3CX7UdBtXMsxOSNSEv-m2CLLfq89j2Zr0kwdiUvpb9oo2IwxWPJMgmc'
+var type = 'dns-01';
+var challenger = require('./index.js').create({});
 
-//, debug: true
-});
+// The dry-run tests can pass on, literally, 'example.com'
+// but the integration tests require that you have control over the domain
+var zone = 'example.com';
 
-var opts = leChallengeDns.getOptions();
-var domain = 'test.daplie.me';
-var challenge = 'xxx-acme-challenge-xxx';
-var keyAuthorization = 'xxx-acme-challenge-xxx.xxx-acme-authorization-xxx';
-
-setTimeout(function () {
-  leChallengeDns.test(opts, domain, challenge, null, function (err) {
-    // if there's an error, there's a problem
-    if (err) { throw err; }
-
-    console.log('test passed');
+tester
+  // will test example.com, foo.example.com, *.foo.example.com
+  .testZone(type, zone, challenger)
+  .then(function() {
+    console.info('PASS');
+  })
+  .catch(function(err) {
+    console.error('FAIL');
+    console.error(err);
+    process.exit(20);
   });
-}, 300);