103 lines
2.6 KiB
Markdown
103 lines
2.6 KiB
Markdown
le-sni-auto
|
|
===========
|
|
|
|
**DRAFT** this is not yet published to npm
|
|
|
|
An auto-sni strategy for registering and renewing letsencrypt certificates using SNICallback.
|
|
|
|
This does a couple of rather simple things:
|
|
|
|
* caches certificates in memory
|
|
* calls `getCertificatesAsync(domain, null)` when a certificate is not in memory
|
|
* calls `getCertificatesASync(domain, certs)` when a certificate is up for renewal or expired
|
|
|
|
Install
|
|
=======
|
|
|
|
```bash
|
|
npm install --save le-sni-auto@2.x
|
|
```
|
|
|
|
Usage
|
|
=====
|
|
|
|
With node-letsencrypt
|
|
---------------------
|
|
|
|
```javascript
|
|
'use strict';
|
|
|
|
|
|
|
|
var leSni = require('le-sni-auto').create({
|
|
|
|
notBefore: 10 * 24 * 60 * 60 1000 // do not renew more than 10 days before expiration
|
|
, notAfter: 5 * 24 * 60 * 60 1000 // do not wait more than 5 days before expiration
|
|
|
|
, httpsOptions: {
|
|
rejectUnauthorized: true // These options will be used with tls.createSecureContext()
|
|
, requestCert: false // in addition to key (privkey.pem) and cert (cert.pem + chain.pem),
|
|
, ca: null // which are provided by letsencrypt
|
|
, crl: null
|
|
}
|
|
|
|
});
|
|
|
|
|
|
|
|
var le = require('letsencrypt').create({
|
|
server: 'staging'
|
|
|
|
, sni: leSni
|
|
|
|
, approveDomains: function (domain, cb) {
|
|
// here you would lookup details such as email address in your db
|
|
cb(null, { email: 'john.doe@gmail.com.', domains: [domain, 'www.' + domain], agreeTos: true }}
|
|
}
|
|
});
|
|
|
|
|
|
|
|
var app = require('express')();
|
|
var httpsOptions = { SNICallback: le.sni.callback };
|
|
|
|
httpsOptions = require('localhost.daplie.com-certificates').merge(httpsOptions);
|
|
|
|
|
|
http.createServer(le.handleAcmeOrRedirectToHttps());
|
|
https.createServer(dummyCerts, le.handleAcmeOrUse(app)).listen(443);
|
|
```
|
|
|
|
You can also provide a thunk-style `getCertificates(domain, certs, cb)`.
|
|
|
|
Standalone
|
|
----------
|
|
|
|
```javascript
|
|
'use strict';
|
|
|
|
|
|
var le = require('letsencrypt').create({
|
|
notBefore: 10 * 24 * 60 * 60 1000 // do not renew prior to 10 days before expiration
|
|
, notAfter: 5 * 24 * 60 * 60 1000 // do not wait more than 5 days before expiration
|
|
|
|
// key (privkey.pem) and cert (cert.pem + chain.pem) will be provided by letsencrypt
|
|
, httpsOptions: { rejectUnauthorized: true, requestCert: false, ca: null, crl: null }
|
|
|
|
, getCertificatesAsync: function (domain, certs) {
|
|
// return a promise with an object with the following keys:
|
|
// { privkey, cert, chain, expiresAt, issuedAt, subject, altnames }
|
|
}
|
|
});
|
|
|
|
|
|
|
|
|
|
var dummyCerts = require('localhost.daplie.com-certificates');
|
|
dummyCerts.SNICallback = le.sni.sniCallback;
|
|
|
|
https.createServer(dummyCerts, );
|
|
```
|
|
|
|
You can also provide a thunk-style `getCertificates(domain, certs, cb)`.
|