greenlock-challenge-manual.js/README.md

# [le-challenge-manual](https://git.coolaj86.com/coolaj86/le-challenge-manual.js)

| A [Root](https://rootprojects.org) Project |

An extremely simple reference implementation
of an ACME (Let's Encrypt) challenge strategy
for [Greenlock](https://git.coolaj86.com/coolaj86/greenlock-express.js) v2.7+ (and v3).

* Prints the ACME challenge details to the terminal
  * (waits for you to hit enter before continuing)
* Asks you to enter the challenge response.
* Let's you know it's safe to remove the challenge.

Other ACME Challenge Reference Implementations:

* [**le-challenge-manual**](https://git.coolaj86.com/coolaj86/le-challenge-manual.js)
* [le-challenge-http](https://git.coolaj86.com/coolaj86/le-challenge-http.js)
* [le-challenge-dns](https://git.coolaj86.com/coolaj86/le-challenge-dns.js)

Install
-------

```bash
npm install --save le-challenge-manual@3.x
```

Usage
-----

```bash
var Greenlock = require('greenlock');

Greenlock.create({
  ...
, challenges: { 'http-01': require('le-challenge-manual')
              , 'dns-01': require('le-challenge-manual')
              , 'tls-alpn-01': require('le-challenge-manual')
              }
  ...
});
```

Note: If you request a certificate with 6 domains listed,
it will require 6 individual challenges.

Exposed (Promise) Methods
---------------

For ACME Challenge:

* `set(opts)`
* `remove(opts)`

The options will look like this for normal domains:

```js
{ challenge: {
    type: 'http-01'
  , identifier: { type: 'dns', value: 'example.com' }
  , wildcard: false
  , expires: '2012-01-01T12:00:00.000Z'
  , token: 'abc123'
  , thumbprint: '<<account key thumbprint>>'
  , keyAuthorization: 'abc123.xxxx'
  , dnsHost: '_acme-challenge.example.com'
  , dnsAuthorization: 'yyyy'
  , altname: 'example.com'
  }
}
```

And they'll look like this for wildcard domains:

```js
{ challenge: {
    type: 'http-01'
  , identifier: { type: 'dns', value: 'example.com' }
  , wildcard: true
  , expires: '2012-01-01T12:00:00.000Z'
  , token: 'abc123'
  , thumbprint: '<<account key thumbprint>>'
  , keyAuthorization: 'abc123.xxxx'
  , dnsHost: '_acme-challenge.example.com'
  , dnsAuthorization: 'yyyy'
  , altname: '*.example.com'
  }
}
```

The only difference is that `altname` will have the `*.` prefix (which you would expect
but, of course, can't work as a specific a DNS record) and the `wildcard` property is `true`.

Optional

* `get(limitedOpts)`

Because the get method is apart from the main flow (such as a DNS query),
it's not always implemented and the options are much more limited in scope:

```js
{ challenge: {
    type: 'http-01'
  , identifier: { type: 'dns', value: 'example.com' }
  , wildcard: false
  , token: 'abc123'
  , altname: 'example.com'
  }
}
```

If there were an implementation of Greenlock integrated directly into
a NameServer (which currently there is not), it would probably look like this:

```js
{ challenge: {
    type: 'dns-01'
  , identifier: { type: 'dns', value: 'example.com' }
  , token: 'abc123'
  , dnsHost: '_acme-challenge.example.com'
  }
}
```
v3.0.2: include other reference implementations, typo fixes 2019-04-06 01:43:39 -06:00			`# [le-challenge-manual](https://git.coolaj86.com/coolaj86/le-challenge-manual.js)`
v2.0.0 2016-08-09 23:20:19 -04:00
v3.0.1: Doc and code updates 2019-04-06 00:19:12 -06:00			`\| A [Root](https://rootprojects.org) Project \|`
v2.0.0 2016-08-09 23:20:19 -04:00
v3.0.1: Doc and code updates 2019-04-06 00:19:12 -06:00			`An extremely simple reference implementation`
			`of an ACME (Let's Encrypt) challenge strategy`
			`for [Greenlock](https://git.coolaj86.com/coolaj86/greenlock-express.js) v2.7+ (and v3).`
v2.1.1: update links and license 2019-04-05 19:02:11 -06:00
v3.0.2: include other reference implementations, typo fixes 2019-04-06 01:43:39 -06:00			`* Prints the ACME challenge details to the terminal`
			`* (waits for you to hit enter before continuing)`
			`* Asks you to enter the challenge response.`
			`* Let's you know it's safe to remove the challenge.`
v2.0.0 2016-08-09 23:20:19 -04:00
v3.0.1: Doc and code updates 2019-04-06 00:19:12 -06:00			`Other ACME Challenge Reference Implementations:`

v3.0.2: include other reference implementations, typo fixes 2019-04-06 01:43:39 -06:00			`* [le-challenge-manual](https://git.coolaj86.com/coolaj86/le-challenge-manual.js)`
			`* [le-challenge-http](https://git.coolaj86.com/coolaj86/le-challenge-http.js)`
			`* [le-challenge-dns](https://git.coolaj86.com/coolaj86/le-challenge-dns.js)`
v2.0.0 2016-08-09 23:20:19 -04:00
			`Install`
			`-------`

			```bash
v3.0.0: update for greenlock v2.7+ 2019-04-05 23:11:00 -06:00			`npm install --save le-challenge-manual@3.x`
v2.0.0 2016-08-09 23:20:19 -04:00			```

			`Usage`
			`-----`

			```bash
v3.0.0: update for greenlock v2.7+ 2019-04-05 23:11:00 -06:00			`var Greenlock = require('greenlock');`

			`Greenlock.create({`
			`...`
			`, challenges: { 'http-01': require('le-challenge-manual')`
			`, 'dns-01': require('le-challenge-manual')`
			`, 'tls-alpn-01': require('le-challenge-manual')`
			`}`
			`...`
v2.0.0 2016-08-09 23:20:19 -04:00			`});`
			```

v3.0.0: update for greenlock v2.7+ 2019-04-05 23:11:00 -06:00			`Note: If you request a certificate with 6 domains listed,`
v2.0.0 2016-08-09 23:20:19 -04:00			`it will require 6 individual challenges.`

v3.0.0: update for greenlock v2.7+ 2019-04-05 23:11:00 -06:00			`Exposed (Promise) Methods`
v2.0.0 2016-08-09 23:20:19 -04:00			`---------------`

			`For ACME Challenge:`

v3.0.0: update for greenlock v2.7+ 2019-04-05 23:11:00 -06:00			* `set(opts)`
			* `remove(opts)`

			`The options will look like this for normal domains:`

			```js
			`{ challenge: {`
			`type: 'http-01'`
			`, identifier: { type: 'dns', value: 'example.com' }`
			`, wildcard: false`
			`, expires: '2012-01-01T12:00:00.000Z'`
			`, token: 'abc123'`
			`, thumbprint: '<<account key thumbprint>>'`
			`, keyAuthorization: 'abc123.xxxx'`
			`, dnsHost: '_acme-challenge.example.com'`
			`, dnsAuthorization: 'yyyy'`
			`, altname: 'example.com'`
			`}`
			`}`
			```

			`And they'll look like this for wildcard domains:`

			```js
			`{ challenge: {`
			`type: 'http-01'`
			`, identifier: { type: 'dns', value: 'example.com' }`
			`, wildcard: true`
			`, expires: '2012-01-01T12:00:00.000Z'`
			`, token: 'abc123'`
			`, thumbprint: '<<account key thumbprint>>'`
			`, keyAuthorization: 'abc123.xxxx'`
			`, dnsHost: '_acme-challenge.example.com'`
			`, dnsAuthorization: 'yyyy'`
			`, altname: '*.example.com'`
			`}`
			`}`
			```

			The only difference is that `altname` will have the `*.` prefix (which you would expect
			but, of course, can't work as a specific a DNS record) and the `wildcard` property is `true`.

			`Optional`

			* `get(limitedOpts)`
v2.0.0 2016-08-09 23:20:19 -04:00
v3.0.0: update for greenlock v2.7+ 2019-04-05 23:11:00 -06:00			`Because the get method is apart from the main flow (such as a DNS query),`
			`it's not always implemented and the options are much more limited in scope:`
v2.0.0 2016-08-09 23:20:19 -04:00
v3.0.0: update for greenlock v2.7+ 2019-04-05 23:11:00 -06:00			```js
			`{ challenge: {`
			`type: 'http-01'`
			`, identifier: { type: 'dns', value: 'example.com' }`
			`, wildcard: false`
			`, token: 'abc123'`
			`, altname: 'example.com'`
			`}`
			`}`
			```

			`If there were an implementation of Greenlock integrated directly into`
			`a NameServer (which currently there is not), it would probably look like this:`

			```js
			`{ challenge: {`
			`type: 'dns-01'`
			`, identifier: { type: 'dns', value: 'example.com' }`
			`, token: 'abc123'`
			`, dnsHost: '_acme-challenge.example.com'`
			`}`
			`}`
			```