greenlock-express.js/examples/wildcard.js

#!/usr/bin/env node
'use strict';
/*global Promise*/

///////////////////////
// wildcard example //
//////////////////////

//
// wildcard example
//

//var glx = require('greenlock-express')
var glx = require('../').create({

  version: 'draft-11'                                       // Let's Encrypt v2 is ACME draft 11

, server: 'https://acme-staging-v02.api.letsencrypt.org/directory'
//, server: 'https://acme-v02.api.letsencrypt.org/directory'  // If at first you don't succeed, stop and switch to staging
                                                            // https://acme-staging-v02.api.letsencrypt.org/directory

, configDir: '~/acme/'                                      // You MUST have access to write to directory where certs
                                                            // are saved. ex: /home/foouser/.config/acme

, approveDomains: myApproveDomains                          // Greenlock's wraps around tls.SNICallback. Check the
                                                            // domain name here and reject invalid ones

, app: require('./my-express-app.js')                       // Any node-style http app (i.e. express, koa, hapi, rill)

  /* CHANGE TO A VALID EMAIL */
, email: 'jon.doe@example.com'                              // Email for Let's Encrypt account and Greenlock Security
, agreeTos: true                                            // Accept Let's Encrypt ToS
, communityMember: true                                     // Join Greenlock to (very rarely) get important updates

//, debug: true
, store: require('le-store-fs')
});

var server = glx.listen(80, 443);
server.on('listening', function () {
  console.info(server.type + " listening on", server.address());
});

function myApproveDomains(opts) {
  console.log('sni:', opts.domain);

  // must be 'example.com' or start with 'example.com'
  if ('example.com' !== opts.domain
    && 'example.com' !== opts.domain.split('.').slice(1).join('.')) {
    return Promise.reject(new Error("we don't serve your kind here: " + opts.domain));
  }

  // the primary domain for the cert
  opts.subject = 'example.com';
  // the altnames (including the primary)
  opts.domains = [ opts.subject, '*.example.com' ];

  if (!opts.challenges) { opts.challenges = {}; }
  opts.challenges['http-01'] = require('le-challenge-fs').create({});
  // Note: When implementing a dns-01 plugin you should make it check in a loop
  // until it can positively confirm that the DNS changes have propagated.
  // That could take several seconds to a few minutes.
  opts.challenges['dns-01'] = require('le-challenge-dns').create({});

  // explicitly set account id and certificate.id
  opts.account = { id: opts.email };
  opts.certificate = { id: opts.subject };

  return Promise.resolve(opts);
}
add wildcard example 2019-04-02 22:48:57 -06:00			`#!/usr/bin/env node`
			`'use strict';`
			`/global Promise/`

			`///////////////////////`
			`// wildcard example //`
			`//////////////////////`

			`//`
			`// wildcard example`
			`//`

			`//var glx = require('greenlock-express')`
fix require path 2019-04-02 23:26:58 -06:00			`var glx = require('../').create({`
add wildcard example 2019-04-02 22:48:57 -06:00
			`version: 'draft-11' // Let's Encrypt v2 is ACME draft 11`

			`, server: 'https://acme-staging-v02.api.letsencrypt.org/directory'`
			`//, server: 'https://acme-v02.api.letsencrypt.org/directory' // If at first you don't succeed, stop and switch to staging`
			`// https://acme-staging-v02.api.letsencrypt.org/directory`

			`, configDir: '~/acme/' // You MUST have access to write to directory where certs`
			`// are saved. ex: /home/foouser/.config/acme`

			`, approveDomains: myApproveDomains // Greenlock's wraps around tls.SNICallback. Check the`
			`// domain name here and reject invalid ones`

			`, app: require('./my-express-app.js') // Any node-style http app (i.e. express, koa, hapi, rill)`

			`/* CHANGE TO A VALID EMAIL */`
			`, email: 'jon.doe@example.com' // Email for Let's Encrypt account and Greenlock Security`
			`, agreeTos: true // Accept Let's Encrypt ToS`
			`, communityMember: true // Join Greenlock to (very rarely) get important updates`

			`//, debug: true`
			`, store: require('le-store-fs')`
			`});`

			`var server = glx.listen(80, 443);`
			`server.on('listening', function () {`
			`console.info(server.type + " listening on", server.address());`
			`});`

			`function myApproveDomains(opts) {`
update example 2019-04-02 22:51:03 -06:00			`console.log('sni:', opts.domain);`
add wildcard example 2019-04-02 22:48:57 -06:00
			`// must be 'example.com' or start with 'example.com'`
update example 2019-04-02 22:51:03 -06:00			`if ('example.com' !== opts.domain`
			`&& 'example.com' !== opts.domain.split('.').slice(1).join('.')) {`
			`return Promise.reject(new Error("we don't serve your kind here: " + opts.domain));`
add wildcard example 2019-04-02 22:48:57 -06:00			`}`

			`// the primary domain for the cert`
			`opts.subject = 'example.com';`
			`// the altnames (including the primary)`
			`opts.domains = [ opts.subject, '*.example.com' ];`

			`if (!opts.challenges) { opts.challenges = {}; }`
			`opts.challenges['http-01'] = require('le-challenge-fs').create({});`
warn about DNS challenges 2019-04-02 23:01:57 -06:00			`// Note: When implementing a dns-01 plugin you should make it check in a loop`
			`// until it can positively confirm that the DNS changes have propagated.`
			`// That could take several seconds to a few minutes.`
add wildcard example 2019-04-02 22:48:57 -06:00			`opts.challenges['dns-01'] = require('le-challenge-dns').create({});`

			`// explicitly set account id and certificate.id`
			`opts.account = { id: opts.email };`
			`opts.certificate = { id: opts.subject };`

			`return Promise.resolve(opts);`
			`}`