acme.js/examples/get-certificate-full.js

async function main() {
	'use strict';

	require('dotenv').config();

	var fs = require('fs');
	// just to trigger the warning message out of the way
	await fs.promises.readFile().catch(function() {});
	console.warn('\n');
	var MY_DOMAINS = process.env.DOMAINS.split(/[,\s]+/);

	// In many cases all three of these are the same (your email)
	// However, this is what they may look like when different:

	var maintainerEmail = process.env.MAINTAINER_EMAIL;
	var subscriberEmail = process.env.SUBSCRIBER_EMAIL;
	//var customerEmail = 'jane.doe@gmail.com';

	var pkg = require('../package.json');
	var packageAgent = 'test-' + pkg.name + '/' + pkg.version;

	// Choose either the production or staging URL

	var directoryUrl = 'https://acme-staging-v02.api.letsencrypt.org/directory';
	//var directoryUrl = 'https://acme-v02.api.letsencrypt.org/directory'

	// This is intended to get at important messages without
	// having to use even lower-level APIs in the code

	var errors = [];
	function notify(ev, msg) {
		if ('error' === ev || 'warning' === ev) {
			errors.push(ev.toUpperCase() + ' ' + msg.message);
			return;
		}
		// ignore all for now
		console.log(ev, msg.altname || '', msg.status || '');
	}

	var Keypairs = require('@root/keypairs');

	var ACME = require('../');
	var acme = ACME.create({ maintainerEmail, packageAgent, notify });
	await acme.init(directoryUrl);

	// You only need ONE account key, ever, in most cases
	// save this and keep it safe. ECDSA is preferred.

	var accountKeypair = await Keypairs.generate({ kty: 'EC', format: 'jwk' });
	var accountKey = accountKeypair.private;

	// This can be `true` or an async function which presents the terms of use

	var agreeToTerms = true;

	// If you are multi-tenanted or white-labled and need to present the terms of
	// use to the Subscriber running the service, you can do so with a function.
	var agreeToTerms = async function() {
		return true;
	};

	console.info('registering new ACME account...');
	var account = await acme.accounts.create({
		subscriberEmail,
		agreeToTerms,
		accountKey
	});
	console.info('created account with id', account.key.kid);

	// This is the key used by your WEBSERVER, typically named `privkey.pem`,
	// `key.crt`, or `bundle.pem`. RSA may be preferrable for legacy compatibility.

	// You can generate it fresh
	var serverKeypair = await Keypairs.generate({ kty: 'RSA', format: 'jwk' });
	var serverKey = serverKeypair.private;
	var serverPem = await Keypairs.export({ jwk: serverKey });
	await fs.promises.writeFile('./privkey.pem', serverPem, 'ascii');
	console.info('wrote ./privkey.pem');

	// Or you can load it from a file
	var serverPem = await fs.promises.readFile('./privkey.pem', 'ascii');

	var serverKey = await Keypairs.import({ pem: serverPem });

	var CSR = require('@root/csr');
	var PEM = require('@root/pem');
	var Enc = require('@root/encoding/base64');

	var encoding = 'der';
	var typ = 'CERTIFICATE REQUEST';

	var domains = MY_DOMAINS;
	var csrDer = await CSR.csr({ jwk: serverKey, domains, encoding });
	//var csr64 = Enc.bufToBase64(csrDer);
	var csr = PEM.packBlock({ type: typ, bytes: csrDer });

	// You can pick from existing challenge modules
	// which integrate with a variety of popular services
	// or you can create your own.
	//
	// The order of priority will be http-01, tls-alpn-01, dns-01
	// dns-01 will always be used for wildcards
	// dns-01 should be the only option given for local/private domains

	var challenges = {
		'dns-01': loadDns01()
	};

	console.info('validating domain authorization for ' + domains.join(' '));
	var pems = await acme.certificates.create({
		account,
		accountKey,
		csr,
		domains,
		challenges
	});
	var fullchain = pems.cert + '\n' + pems.chain + '\n';

	await fs.promises.writeFile('fullchain.pem', fullchain, 'ascii');
	console.info('wrote ./fullchain.pem');
	if (errors.length) {
		console.warn();
		console.warn('[Warning]');
		console.warn('The following warnings and/or errors were encountered:');
		console.warn(errors.join('\n'));
	}
}

main().catch(function(e) {
	console.error(e.stack);
});

function loadDns01() {
	var pluginName = process.env.CHALLENGE_PLUGIN;
	var pluginOptions = process.env.CHALLENGE_OPTIONS;
	var plugin;
	if (!pluginOptions) {
		console.error(
			'Please create a .env in the format of examples/example.env to run the tests'
		);
		process.exit(1);
	}
	try {
		plugin = require(pluginName);
	} catch (err) {
		console.error("Couldn't find '" + pluginName + "'. Is it installed?");
		console.error("\tnpm install --save-dev '" + pluginName + "'");
		process.exit(1);
	}
	return plugin.create(JSON.parse(pluginOptions));
}
v3.0.1: documented + examples 2019-10-26 00:03:43 -06:00			`async function main() {`
			`'use strict';`

			`require('dotenv').config();`

			`var fs = require('fs');`
			`// just to trigger the warning message out of the way`
			`await fs.promises.readFile().catch(function() {});`
			`console.warn('\n');`
			`var MY_DOMAINS = process.env.DOMAINS.split(/[,\s]+/);`

			`// In many cases all three of these are the same (your email)`
			`// However, this is what they may look like when different:`

			`var maintainerEmail = process.env.MAINTAINER_EMAIL;`
			`var subscriberEmail = process.env.SUBSCRIBER_EMAIL;`
			`//var customerEmail = 'jane.doe@gmail.com';`

			`var pkg = require('../package.json');`
			`var packageAgent = 'test-' + pkg.name + '/' + pkg.version;`

			`// Choose either the production or staging URL`

			`var directoryUrl = 'https://acme-staging-v02.api.letsencrypt.org/directory';`
			`//var directoryUrl = 'https://acme-v02.api.letsencrypt.org/directory'`

			`// This is intended to get at important messages without`
			`// having to use even lower-level APIs in the code`

			`var errors = [];`
			`function notify(ev, msg) {`
			`if ('error' === ev \|\| 'warning' === ev) {`
			`errors.push(ev.toUpperCase() + ' ' + msg.message);`
			`return;`
			`}`
			`// ignore all for now`
			`console.log(ev, msg.altname \|\| '', msg.status \|\| '');`
			`}`

			`var Keypairs = require('@root/keypairs');`

			`var ACME = require('../');`
			`var acme = ACME.create({ maintainerEmail, packageAgent, notify });`
			`await acme.init(directoryUrl);`

			`// You only need ONE account key, ever, in most cases`
			`// save this and keep it safe. ECDSA is preferred.`

			`var accountKeypair = await Keypairs.generate({ kty: 'EC', format: 'jwk' });`
			`var accountKey = accountKeypair.private;`

			// This can be `true` or an async function which presents the terms of use

			`var agreeToTerms = true;`

			`// If you are multi-tenanted or white-labled and need to present the terms of`
			`// use to the Subscriber running the service, you can do so with a function.`
			`var agreeToTerms = async function() {`
			`return true;`
			`};`

			`console.info('registering new ACME account...');`
			`var account = await acme.accounts.create({`
			`subscriberEmail,`
			`agreeToTerms,`
			`accountKey`
			`});`
			`console.info('created account with id', account.key.kid);`

			// This is the key used by your WEBSERVER, typically named `privkey.pem`,
			// `key.crt`, or `bundle.pem`. RSA may be preferrable for legacy compatibility.

			`// You can generate it fresh`
			`var serverKeypair = await Keypairs.generate({ kty: 'RSA', format: 'jwk' });`
			`var serverKey = serverKeypair.private;`
			`var serverPem = await Keypairs.export({ jwk: serverKey });`
			`await fs.promises.writeFile('./privkey.pem', serverPem, 'ascii');`
			`console.info('wrote ./privkey.pem');`

			`// Or you can load it from a file`
			`var serverPem = await fs.promises.readFile('./privkey.pem', 'ascii');`

			`var serverKey = await Keypairs.import({ pem: serverPem });`

			`var CSR = require('@root/csr');`
			`var PEM = require('@root/pem');`
			`var Enc = require('@root/encoding/base64');`

			`var encoding = 'der';`
			`var typ = 'CERTIFICATE REQUEST';`

			`var domains = MY_DOMAINS;`
			`var csrDer = await CSR.csr({ jwk: serverKey, domains, encoding });`
			`//var csr64 = Enc.bufToBase64(csrDer);`
			`var csr = PEM.packBlock({ type: typ, bytes: csrDer });`

			`// You can pick from existing challenge modules`
			`// which integrate with a variety of popular services`
			`// or you can create your own.`
			`//`
			`// The order of priority will be http-01, tls-alpn-01, dns-01`
			`// dns-01 will always be used for wildcards`
			`// dns-01 should be the only option given for local/private domains`

			`var challenges = {`
			`'dns-01': loadDns01()`
			`};`

			`console.info('validating domain authorization for ' + domains.join(' '));`
			`var pems = await acme.certificates.create({`
			`account,`
			`accountKey,`
			`csr,`
			`domains,`
			`challenges`
			`});`
			`var fullchain = pems.cert + '\n' + pems.chain + '\n';`

			`await fs.promises.writeFile('fullchain.pem', fullchain, 'ascii');`
			`console.info('wrote ./fullchain.pem');`
			`if (errors.length) {`
			`console.warn();`
			`console.warn('[Warning]');`
			`console.warn('The following warnings and/or errors were encountered:');`
			`console.warn(errors.join('\n'));`
			`}`
			`}`

			`main().catch(function(e) {`
			`console.error(e.stack);`
			`});`

			`function loadDns01() {`
			`var pluginName = process.env.CHALLENGE_PLUGIN;`
			`var pluginOptions = process.env.CHALLENGE_OPTIONS;`
			`var plugin;`
			`if (!pluginOptions) {`
			`console.error(`
			`'Please create a .env in the format of examples/example.env to run the tests'`
			`);`
			`process.exit(1);`
			`}`
			`try {`
			`plugin = require(pluginName);`
			`} catch (err) {`
			`console.error("Couldn't find '" + pluginName + "'. Is it installed?");`
			`console.error("\tnpm install --save-dev '" + pluginName + "'");`
			`process.exit(1);`
			`}`
			`return plugin.create(JSON.parse(pluginOptions));`
			`}`