4.0.5

.gitignore

@@ -1,5 +1,5 @@
 greenlock.json*
-TODO.txt
+TODO*
 link.sh
 .env
 .greenlockrc

MIGRATION_GUIDE.md

@@ -1,4 +1,36 @@
-# Migrating from Greenlock v2 to v3
+# Migrating Guide
+
+Greenlock v4 is the current version.
+
+# v3 to v4
+
+v4 is a very minor, but breaking, change from v3
+
+### `configFile` is replaced with `configDir`
+
+The default config file `./greenlock.json` is now `./greenlock.d/config.json`.
+
+This was change was mode to eliminate unnecessary configuration that was inadvertantly introduced in v3.
+
+### `.greenlockrc` is auto-generated
+
+`.greenlockrc` exists for the sake of tooling - so that the CLI, Web API, and your code naturally stay in sync.
+
+It looks like this:
+
+```json
+{
+    "manager": {
+        "module": "@greenlock/manager"
+    },
+    "configDir": "./greenlock.d"
+}
+```
+
+If you deploy to a read-only filesystem, it is best that you create the `.greenlockrc` file as part
+of your image and use that rather than including any configuration in your code.
+
+# v2 to v4
 
 **Greenlock Express** uses Greenlock directly, the same as before.
 
@@ -195,11 +227,11 @@ as well as a set of callbacks for easy configurability.
 
 ### Default Manager
 
-The default manager is `greenlock-manager-fs` and the default `configFile` is `~/.config/greenlock/manager.json`.
+The default manager is `@greenlock/manager` and the default `configDir` is `./.greenlock.d`.
 
 The config file should look something like this:
 
-`~/.config/greenlock/manager.json`:
+`./greenlock.d/config.json`:
 
 ```json
 {
@@ -256,29 +288,20 @@ The same is true with `greenlock-store-*` plugins:
 
 ### Customer Manager, the lazy way
 
-At the very least you have to implement `find({ servername })`.
+At the very least you have to implement `get({ servername, wildname })`.
-
-Since this is a very common use case, it's supported out of the box as part of the default manager plugin:
 
 ```js
 var greenlock = Greenlock.create({
     packageAgent: pkg.name + '/' + pkg.version,
     maintainerEmail: 'jon@example.com',
     notify: notify,
-    find: find
+
+    packageRoot: __dirname,
+    manager: {
+        module: './manager.js'
+    }
 });
 
-// In the simplest case you can ignore all incoming options
-// and return a single site config in the same format as the config file
-
-function find(options) {
-    var servername = options.servername; // www.example.com
-    var wildname = options.wildname; // *.example.com
-    return Promise.resolve([
-        { subject: 'example.com', altnames: ['example.com', 'www.example.com'] }
-    ]);
-}
-
 function notify(ev, args) {
     if ('error' === ev || 'warning' === ev) {
         console.error(ev, args);
@@ -288,102 +311,61 @@ function notify(ev, args) {
 }
 ```
 
-If you want to use wildcards or local domains, you must specify the `dns-01` challenge plugin to use:
+In the simplest case you can ignore all incoming options
+and return a single site config in the same format as the config file
 
-```js
+`./manager.js`:
-function find(options) {
-    var subject = options.subject;
-    // may include wildcard
-    var altnames = options.altnames;
-    var wildname = options.wildname; // *.example.com
-    return Promise.resolve([
-        {
-            subject: 'example.com',
-            altnames: ['example.com', 'www.example.com'],
-            challenges: {
-                'dns-01': { module: 'acme-dns-01-namedotcom', apikey: 'xxxx' }
-            }
-        }
-    ]);
-}
-```
-
-### Customer Manager, complete
-
-To use a fully custom manager, you give the npm package name, or absolute path to the file to load
-
-```js
-Greenlock.create({
-    // Greenlock Options
-    maintainerEmail: 'jon@example.com',
-    packageAgent: 'my-package/v2.1.1',
-    notify: notify,
-
-    // file path or npm package name
-    manager: '/path/to/manager.js',
-    // options that get passed to the manager
-    myFooOption: 'whatever'
-});
-```
-
-The manager itself is, again relatively simple:
-
--   find(options)
--   set(siteConfig)
--   remove(options)
--   defaults(globalOptions) (as setter)
-    -   defaults() => globalOptions (as getter)
-
-`/path/to/manager.js`:
 
 ```js
 'use strict';
 
 module.exports.create = function() {
-    var manager = {};
+    return {
-
+        get: async function({ servername }) {
-    manager.find = async function({ subject, altnames, renewBefore }) {
+            // do something to fetch the site
-        if (subject) {
+            var site = {
-            return getSiteConfigBySubject(subject);
+                subject: 'example.com',
-        }
+                altnames: ['example.com', 'www.example.com']
-
-        if (altnames) {
-            // may include wildcards
-            return getSiteConfigByAnyAltname(altnames);
-        }
-
-        if (renewBefore) {
-            return getSiteConfigsWhereRenewAtIsLessThan(renewBefore);
-        }
-
-        return [];
             };
 
-    manage.set = function(opts) {
+            return site;
-        // this is called by greenlock.add({ subject, altnames })
-        // it's also called by greenlock._update({ subject, renewAt })
-
-        return mergSiteConfig(subject, opts);
-    };
-
-    manage.remove = function({ subject, altname }) {
-        if (subject) {
-            return removeSiteConfig(subject);
         }
-
-        return removeFromSiteConfigAndResetRenewAtToZero(altname);
-    };
-
-    // set the global config
-    manage.defaults = function(options) {
-        if (!options) {
-            return getGlobalConfig();
-        }
-        return mergeGlobalConfig(options);
     };
 };
 ```
 
+If you want to use wildcards or local domains for a specific domain, you must specify the `dns-01` challenge plugin to use:
+
+```js
+'use strict';
+
+module.exports.create = function() {
+    return {
+        get: async function({ servername }) {
+            // do something to fetch the site
+            var site = {
+                subject: 'example.com',
+                altnames: ['example.com', 'www.example.com'],
+
+                // dns-01 challenge
+                challenges: {
+                    'dns-01': {
+                        module: 'acme-dns-01-namedotcom',
+                        apikey: 'xxxx'
+                    }
+                }
+            };
+
+            return site;
+        }
+    };
+};
+```
+
+### Customer Manager, Complete
+
+See <https://git.rootprojects.org/root/greenlock-manager-test.js#quick-start>
+
 # ACME Challenge Plugins
 
 The ACME challenge plugins are just a few simple callbacks:
@@ -419,99 +401,3 @@ They are described here:
 -   [greenlock store documentation](https://git.rootprojects.org/root/greenlock-store-test.js)
 
 If you are just implenting in-house and are not going to publish a module, you can also do some hack things like this:
-
-### Custome Store, The hacky / lazy way
-
-`/path/to/project/my-hacky-store.js`:
-
-```js
-'use strict';
-
-module.exports.create = function(options) {
-    // ex: /path/to/account.ecdsa.jwk.json
-    var accountJwk = require(options.accountJwkPath);
-    // ex: /path/to/privkey.rsa.pem
-    var serverPem = fs.readFileSync(options.serverPemPath, 'ascii');
-    var accounts = {};
-    var certificates = {};
-    var store = { accounts, certificates };
-
-    // bare essential account callbacks
-    accounts.checkKeypair = function() {
-        // ignore all options and just return a single, global keypair
-
-        return Promise.resolve({
-            privateKeyJwk: accountJwk
-        });
-    };
-    accounts.setKeypair = function() {
-        // this will never get called if checkKeypair always returns
-
-        return Promise.resolve({});
-    };
-
-    // bare essential cert and key callbacks
-    certificates.checkKeypair = function() {
-        // ignore all options and just return a global server keypair
-
-        return {
-            privateKeyPem: serverPem
-        };
-    };
-    certificates.setKeypair = function() {
-        // never gets called if checkKeypair always returns an existing key
-
-        return Promise.resolve(null);
-    };
-
-    certificates.check = function(args) {
-        var subject = args.subject;
-        // make a database call or whatever to get a certificate
-        return goGetCertBySubject(subject).then(function() {
-            return {
-                pems: {
-                    chain: '<PEM>',
-                    cert: '<PEM>'
-                }
-            };
-        });
-    };
-    certificates.set = function(args) {
-        var subject = args.subject;
-        var cert = args.pems.cert;
-        var chain = args.pems.chain;
-
-        // make a database call or whatever to get a certificate
-        return goSaveCert({
-            subject,
-            cert,
-            chain
-        });
-    };
-};
-```
-
-### Using the hacky / lazy store plugin
-
-That sort of implementation won't pass the test suite, but it'll work just fine a use case where you only have one subscriber email (most of the time),
-you only have one server key (not recommended, but works), and you only really want to worry about storing cetificates.
-
-Then you could assign it as the default for all of your sites:
-
-```json
-{
-    "subscriberEmail": "jon@example.com",
-    "agreeToTerms": true,
-    "sites": {
-        "example.com": {
-            "subject": "example.com",
-            "altnames": ["example.com", "www.example.com"]
-        }
-    },
-    "store": {
-        "module": "/path/to/project/my-hacky-store.js",
-        "accountJwkPath": "/path/to/account.ecdsa.jwk.json",
-        "serverPemPath": "/path/to/privkey.rsa.pem"
-    }
-}
-```

README.md

@@ -1,12 +1,10 @@
-# New Documentation & [v2/v3 Migration Guide](https://git.rootprojects.org/root/greenlock.js/src/branch/v3/MIGRATION_GUIDE_V2_V3.md)
+# New Documentation & [v4 Migration Guide](https://git.rootprojects.org/root/greenlock.js/src/branch/master/MIGRATION_GUIDE.md)
-
-Greenlock v3 was just released from private beta **today** (Nov 1st, 2019).
 
 We're still working on the full documentation for this new version,
 so please be patient.
 
 To start, check out the
-[Migration Guide](https://git.rootprojects.org/root/greenlock.js/src/branch/v3/MIGRATION_GUIDE_V2_V3.md).
+[Migration Guide](https://git.rootprojects.org/root/greenlock.js/src/branch/master/MIGRATION_GUIDE.md).
 
 !["Greenlock Logo"](https://git.rootprojects.org/root/greenlock.js/raw/branch/master/logo/greenlock-1063x250.png 'Greenlock lock logo and work mark')
 
@@ -85,12 +83,11 @@ Certificates are renewed every 45 days by default, and renewal checks will happe
 var pkg = require('./package.json');
 var Greenlock = require('greenlock');
 var greenlock = Greenlock.create({
+    packageRoot: __dirname,
+    configDir: "./greenlock.d/",
     packageAgent: pkg.name + '/' + pkg.version,
     maintainerEmail: pkg.author,
     staging: true,
-    manager: require('greenlock-manager-fs').create({
-        configFile: '~/.config/greenlock/manager.json'
-    }),
     notify: function(event, details) {
         if ('error' === event) {
             // `details` is an error object in this case
@@ -171,7 +168,7 @@ greenlock
 -->
 
 <details>
-<summary>Greenlock.create({ packageAgent, maintainerEmail, staging })</summary>
+<summary>Greenlock.create({ configDir, packageAgent, maintainerEmail, staging })</summary>
 
 ## Greenlock.create()
 
@@ -181,12 +178,15 @@ Creates an instance of greenlock with _environment_-level values.
 
 var pkg = require('./package.json');
 var gl = Greenlock.create({
+    configDir: './greenlock.d/',
+
     // Staging for testing environments
     staging: true,
 
     // This should be the contact who receives critical bug and security notifications
     // Optionally, you may receive other (very few) updates, such as important new features
     maintainerEmail: 'jon@example.com',
+
     // for an RFC 8555 / RFC 7231 ACME client user agent
     packageAgent: pkg.name + '/' pkg.version
 });
@@ -194,6 +194,7 @@ var gl = Greenlock.create({
 
 | Parameter       | Description                                                                          |
 | --------------- | ------------------------------------------------------------------------------------ |
+| configDir       | the directory to use for file-based plugins                                          |
 | maintainerEmail | the developer contact for critical bug and security notifications                    |
 | packageAgent    | if you publish your package for others to use, `require('./package.json').name` here |
 | staging         | use the Let's Encrypt staging URL instead of the production URL                      |
@@ -402,8 +403,8 @@ Greenlock comes with reasonable defaults but when you install it,
 you should also install any plugins that you need.
 
 ```bash
-npm install --save @root/greenlock
+npm install --save @root/greenlock@v4
-npm install --save greenlock-manager-fs
+npm install --save @greenlock/manager
 npm install --save greenlock-store-fs
 npm install --save acme-http-01-standalone
 ```

bin/add.js

@@ -8,7 +8,7 @@ var cli = require('./lib/cli.js');
 
 var Flags = require('./lib/flags.js');
 
-Flags.init().then(function({ flagOptions, rc, greenlock, mconf }) {
+Flags.init().then(function({ flagOptions, greenlock, mconf }) {
     var myFlags = {};
     [
         'subject',
@@ -34,11 +34,11 @@ Flags.init().then(function({ flagOptions, rc, greenlock, mconf }) {
     cli.parse(myFlags);
     cli.main(function(argList, flags) {
         Flags.mangleFlags(flags, mconf);
-        main(argList, flags, rc, greenlock);
+        main(argList, flags, greenlock);
     }, args);
 });
 
-async function main(_, flags, rc, greenlock) {
+async function main(_, flags, greenlock) {
     if (!flags.subject || !flags.altnames) {
         console.error(
             '--subject and --altnames must be provided and should be valid domains'

bin/config.js

@@ -8,7 +8,7 @@ var cli = require('./lib/cli.js');
 
 var Flags = require('./lib/flags.js');
 
-Flags.init().then(function({ flagOptions, rc, greenlock, mconf }) {
+Flags.init().then(function({ flagOptions, greenlock, mconf }) {
     var myFlags = {};
     ['all', 'subject', 'servername' /*, 'servernames', 'altnames'*/].forEach(
         function(k) {
@@ -19,11 +19,11 @@ Flags.init().then(function({ flagOptions, rc, greenlock, mconf }) {
     cli.parse(myFlags);
     cli.main(function(argList, flags) {
         Flags.mangleFlags(flags, mconf);
-        main(argList, flags, rc, greenlock);
+        main(argList, flags, greenlock);
     }, args);
 });
 
-async function main(_, flags, rc, greenlock) {
+async function main(_, flags, greenlock) {
     var servernames = [flags.subject]
         .concat([flags.servername])
         //.concat(flags.servernames)

bin/defaults.js

@@ -10,7 +10,6 @@ var Flags = require('./lib/flags.js');
 
 Flags.init({ forceSave: true }).then(function({
     flagOptions,
-    rc,
     greenlock,
     mconf
 }) {
@@ -38,11 +37,11 @@ Flags.init({ forceSave: true }).then(function({
     cli.parse(myFlags);
     cli.main(function(argList, flags) {
         Flags.mangleFlags(flags, mconf, null, { forceSave: true });
-        main(argList, flags, rc, greenlock);
+        main(argList, flags, greenlock);
     }, args);
 });
 
-async function main(_, flags, rc, greenlock) {
+async function main(_, flags, greenlock) {
     greenlock.manager
         .defaults(flags)
         .catch(function(err) {

bin/greenlock.js

@@ -5,14 +5,20 @@ var args = process.argv.slice(2);
 var arg0 = args[0];
 //console.log(args);
 
-var found = ['certonly', 'add', 'update', 'config', 'defaults', 'remove', 'init'].some(
+var found = [
-    function(k) {
+    'certonly',
+    'add',
+    'update',
+    'config',
+    'defaults',
+    'remove',
+    'init'
+].some(function(k) {
     if (k === arg0) {
         require('./' + k);
         return true;
     }
-    }
+});
-);
 
 if (!found) {
     console.error(arg0 + ': command not yet implemented');

bin/init.js

@@ -3,24 +3,25 @@
 var P = require('../plugins.js');
 var args = process.argv.slice(3);
 var cli = require('./lib/cli.js');
-//var path = require('path');
+var Greenlock = require('../');
-//var pkgpath = path.join(__dirname, '..', 'package.json');
-//var pkgpath = path.join(process.cwd(), 'package.json');
 
 var Flags = require('./lib/flags.js');
 
 var flagOptions = Flags.flags();
 var myFlags = {};
-['maintainer-email', 'cluster', 'manager', 'manager-xxxx'].forEach(function(k) {
+[
+    'config-dir',
+    'maintainer-email',
+    'cluster',
+    'manager',
+    'manager-xxxx'
+].forEach(function(k) {
     myFlags[k] = flagOptions[k];
 });
 
 cli.parse(myFlags);
 cli.main(async function(argList, flags) {
-    var path = require('path');
+    var pkgRoot = process.cwd();
-    var pkgpath = path.join(process.cwd(), 'package.json');
-    var pkgdir = path.dirname(pkgpath);
-    //var rcpath = path.join(pkgpath, '.greenlockrc');
     var manager = flags.manager;
 
     if (['fs', 'cloud'].includes(manager)) {
@@ -32,9 +33,12 @@ cli.main(async function(argList, flags) {
 
     flags.manager = flags.managerOpts;
     delete flags.managerOpts;
-    flags.manager.manager = manager;
+    flags.manager.module = manager;
 
     try {
+        if ('.' === String(manager)[0]) {
+            manager = require('path').resolve(pkgRoot, manager);
+        }
         P._loadSync(manager);
     } catch (e) {
         try {
@@ -49,12 +53,18 @@ cli.main(async function(argList, flags) {
         }
     }
 
-    var GreenlockRc = require('../greenlockrc.js');
+    var greenlock = Greenlock.create({
-    //var rc = await GreenlockRc(pkgpath, manager, flags.manager);
+        packageRoot: pkgRoot,
-    await GreenlockRc(pkgpath, manager, flags.manager);
+        manager: flags.manager,
-    writeGreenlockJs(pkgdir, flags);
+        configDir: flags.configDir,
-    writeServerJs(pkgdir, flags);
+        maintainerEmail: flags.maintainerEmail,
-    writeAppJs(pkgdir);
+        _mustPackage: true
+    });
+    await greenlock.manager.defaults();
+
+    //writeGreenlockJs(pkgdir, flags);
+    writeServerJs(pkgRoot, flags);
+    writeAppJs(pkgRoot);
 
     /*
     rc._bin_mode = true;
@@ -66,6 +76,7 @@ cli.main(async function(argList, flags) {
     */
 }, args);
 
+/*
 function writeGreenlockJs(pkgdir, flags) {
     var greenlockJs = 'greenlock.js';
     var fs = require('fs');
@@ -92,15 +103,13 @@ function writeGreenlockJs(pkgdir, flags) {
     fs.writeFileSync(path.join(pkgdir, greenlockJs), tmpl);
     console.info("created '%s'", greenlockJs);
 }
+*/
 
 function writeServerJs(pkgdir, flags) {
     var serverJs = 'server.js';
     var fs = require('fs');
     var path = require('path');
-    var tmpl = fs.readFileSync(
+    var tmpl;
-        path.join(__dirname, 'tmpl/server.tmpl.js'),
-        'utf8'
-    );
 
     try {
         fs.accessSync(path.join(pkgdir, serverJs));
@@ -111,7 +120,22 @@ function writeServerJs(pkgdir, flags) {
     }
 
     if (flags.cluster) {
+        tmpl = fs.readFileSync(
+            path.join(__dirname, 'tmpl/cluster.tmpl.js'),
+            'utf8'
+        );
         tmpl = tmpl.replace(/cluster: false/g, 'cluster: true');
+    } else {
+        tmpl = fs.readFileSync(
+            path.join(__dirname, 'tmpl/server.tmpl.js'),
+            'utf8'
+        );
+    }
+
+    if (flags.maintainerEmail) {
+        tmpl = tmpl
+            .replace(/pkg.author/g, JSON.stringify(flags.maintainerEmail))
+            .replace(/\/\/maintainerEmail/g, 'maintainerEmail');
     }
 
     fs.writeFileSync(path.join(pkgdir, serverJs), tmpl);

bin/lib/flags.js

@@ -2,10 +2,9 @@
 
 var Flags = module.exports;
 
-var path = require('path');
+//var path = require('path');
-//var pkgpath = path.join(__dirname, '..', 'package.json');
+var pkgRoot = process.cwd();
-var pkgpath = path.join(process.cwd(), 'package.json');
+//var Init = require('../../lib/init.js');
-var GreenlockRc = require('../../greenlockrc.js');
 
 // These are ALL options
 // The individual CLI files each select a subset of them
@@ -68,6 +67,11 @@ Flags.flags = function(mconf, myOpts) {
             "the email address of the Let's Encrypt or ACME Account subscriber (not necessarily the domain owner)",
             'string'
         ],
+        'config-dir': [
+            false,
+            'the directory in which config.json and other config and storage files should be written',
+            'string'
+        ],
         'maintainer-email': [
             false,
             'the maintainance contact for security and critical bug notices',
@@ -100,7 +104,7 @@ Flags.flags = function(mconf, myOpts) {
             false,
             'the module name or file path of the manager module to use',
             'string',
-            'greenlock-manager-fs'
+            '@greenlock/manager'
         ],
         'manager-xxxx': [
             false,
@@ -174,17 +178,19 @@ Flags.flags = function(mconf, myOpts) {
 };
 
 Flags.init = async function(myOpts) {
-    var rc = await GreenlockRc(pkgpath);
-    rc._bin_mode = true;
     var Greenlock = require('../../');
+
     // this is a copy, so it's safe to modify
-    rc.packageRoot = path.dirname(pkgpath);
+    var greenlock = Greenlock.create({
-    var greenlock = Greenlock.create(rc);
+        packageRoot: pkgRoot,
+        _mustPackage: true,
+        _init: true,
+        _bin_mode: true
+    });
     var mconf = await greenlock.manager.defaults();
     var flagOptions = Flags.flags(mconf, myOpts);
     return {
         flagOptions,
-        rc,
         greenlock,
         mconf
     };

bin/remove.js

@@ -8,7 +8,7 @@ var cli = require('./lib/cli.js');
 
 var Flags = require('./lib/flags.js');
 
-Flags.init().then(function({ flagOptions, rc, greenlock, mconf }) {
+Flags.init().then(function({ flagOptions, greenlock, mconf }) {
     var myFlags = {};
     ['subject'].forEach(function(k) {
         myFlags[k] = flagOptions[k];
@@ -17,11 +17,11 @@ Flags.init().then(function({ flagOptions, rc, greenlock, mconf }) {
     cli.parse(myFlags);
     cli.main(function(argList, flags) {
         Flags.mangleFlags(flags, mconf);
-        main(argList, flags, rc, greenlock);
+        main(argList, flags, greenlock);
     }, args);
 });
 
-async function main(_, flags, rc, greenlock) {
+async function main(_, flags, greenlock) {
     if (!flags.subject) {
         console.error('--subject must be provided as a valid domain');
         process.exit(1);

bin/tmpl/cluster.tmpl.js

@@ -0,0 +1,30 @@
+'use strict';
+
+require('greenlock-express')
+    .init(function() {
+        // var pkg = require('./package.json');
+
+        return {
+            // where to find .greenlockrc and set default paths
+            packageRoot: __dirname,
+
+            // name & version for ACME client user agent
+            //packageAgent: pkg.name + '/' + pkg.version,
+
+            // contact for security and critical bug notices
+            //maintainerEmail: pkg.author,
+
+            // where to look for configuration
+            configDir: './greenlock.d',
+
+            // whether or not to run at cloudscale
+            cluster: true
+        };
+    })
+    .ready(function(glx) {
+        var app = require('./app.js');
+
+        // Serves on 80 and 443
+        // Get's SSL certificates magically!
+        glx.serveApp(app);
+    });

bin/tmpl/greenlock.tmpl.js

@@ -6,7 +6,7 @@ module.exports = require('@root/greenlock').create({
     packageAgent: pkg.name + '/' + pkg.version,
 
     // contact for security and critical bug notices
-    maintainerEmail: pkg.author,
+    //maintainerEmail: pkg.author,
 
     // where to find .greenlockrc and set default paths
     packageRoot: __dirname

bin/tmpl/server.tmpl.js

@@ -1,18 +1,20 @@
 'use strict';
 
+var app = require('./app.js');
+
 require('greenlock-express')
-    .init(function() {
+    .init({
-        return {
+        packageRoot: __dirname,
-            greenlock: require('./greenlock.js'),
+
+        // contact for security and critical bug notices
+        //maintainerEmail: pkg.author,
+
+        // where to look for configuration
+        configDir: './greenlock.d',
 
         // whether or not to run at cloudscale
         cluster: false
-        };
     })
-    .ready(function(glx) {
-        var app = require('./app.js');
-
     // Serves on 80 and 443
     // Get's SSL certificates magically!
-        glx.serveApp(app);
+    .serve(app);
-    });

bin/update.js

@@ -4,7 +4,7 @@ var args = process.argv.slice(3);
 var cli = require('./lib/cli.js');
 var Flags = require('./lib/flags.js');
 
-Flags.init().then(function({ flagOptions, rc, greenlock, mconf }) {
+Flags.init().then(function({ flagOptions, greenlock, mconf }) {
     var myFlags = {};
     [
         'subject',
@@ -31,11 +31,11 @@ Flags.init().then(function({ flagOptions, rc, greenlock, mconf }) {
     cli.main(async function(argList, flags) {
         var sconf = await greenlock._config({ servername: flags.subject });
         Flags.mangleFlags(flags, mconf, sconf);
-        main(argList, flags, rc, greenlock);
+        main(argList, flags, greenlock);
     }, args);
 });
 
-async function main(_, flags, rc, greenlock) {
+async function main(_, flags, greenlock) {
     if (!flags.subject) {
         console.error('--subject must be provided as a valid domain');
         process.exit(1);

challenges-underlay.js

@@ -1,97 +0,0 @@
-'use strict';
-
-var Greenlock = require('./');
-
-module.exports.wrap = function(greenlock) {
-    greenlock.challenges = {};
-    greenlock.challenges.get = function(chall) {
-        // TODO pick one and warn on the others
-        // (just here due to some backwards compat issues with early v3 plugins)
-        var servername =
-            chall.servername ||
-            chall.altname ||
-            (chall.identifier && chall.identifier.value);
-
-        // TODO some sort of caching to prevent database hits?
-        return greenlock
-            ._config({ servername: servername })
-            .then(function(site) {
-                if (!site) {
-                    return null;
-                }
-
-                // Hmm... this _should_ be impossible
-                if (!site.challenges || !site.challenges['http-01']) {
-                    var copy = JSON.parse(JSON.stringify(site));
-                    sanitizeCopiedConf(copy);
-                    sanitizeCopiedConf(copy.store);
-                    if (site.challenges) {
-                        sanitizeCopiedConf(copy.challenges['http-01']);
-                        sanitizeCopiedConf(copy.challenges['dns-01']);
-                        sanitizeCopiedConf(copy.challenges['tls-alpn-01']);
-                    }
-                    console.warn('[Bug] Please report this error:');
-                    console.warn(
-                        '\terror: http-01 challenge requested, but not even a default http-01 config exists'
-                    );
-                    console.warn('\tservername:', JSON.stringify(servername));
-                    console.warn('\tsite:', JSON.stringify(copy));
-                    return null;
-                }
-
-                return Greenlock._loadChallenge(site.challenges, 'http-01');
-            })
-            .then(function(plugin) {
-                if (!plugin) {
-                    return null;
-                }
-                return plugin
-                    .get({
-                        challenge: {
-                            type: chall.type,
-                            //hostname: chall.servername,
-                            altname: chall.servername,
-                            identifier: { value: chall.servername },
-                            token: chall.token
-                        }
-                    })
-                    .then(function(result) {
-                        var keyAuth;
-                        var keyAuthDigest;
-                        if (result) {
-                            // backwards compat that shouldn't be dropped
-                            // because new v3 modules had to do this to be
-                            // backwards compatible with Greenlock v2.7 at
-                            // the time.
-                            if (result.challenge) {
-                                result = result.challenge;
-                            }
-                            keyAuth = result.keyAuthorization;
-                            keyAuthDigest = result.keyAuthorizationDigest;
-                        }
-                        if (/dns/.test(chall.type)) {
-                            return {
-                                keyAuthorizationDigest: keyAuthDigest
-                            };
-                        }
-                        return {
-                            keyAuthorization: keyAuth
-                        };
-                    });
-            });
-    };
-};
-
-function sanitizeCopiedConf(copy) {
-    if (!copy) {
-        return;
-    }
-
-    Object.keys(copy).forEach(function(k) {
-        if (/(api|key|token)/i.test(k) && 'string' === typeof copy[k]) {
-            copy[k] = '**redacted**';
-        }
-    });
-
-    return copy;
-}

greenlock.js

@@ -5,6 +5,7 @@ var pkg = require('./package.json');
 var ACME = require('@root/acme');
 var Greenlock = module.exports;
 var request = require('@root/request');
+var process = require('process');
 
 var G = Greenlock;
 var U = require('./utils.js');
@@ -12,8 +13,13 @@ var E = require('./errors.js');
 var P = require('./plugins.js');
 var A = require('./accounts.js');
 var C = require('./certificates.js');
+
+var DIR = require('./lib/directory-url.js');
+var ChWrapper = require('./lib/challenges-wrapper.js');
+var MngWrapper = require('./lib/manager-wrapper.js');
+
 var UserEvents = require('./user-events.js');
-var GreenlockRc = require('./greenlockrc.js');
+var Init = require('./lib/init.js');
 
 var caches = {};
 
@@ -43,21 +49,28 @@ G.create = function(gconf) {
             });
         }
 
-        if (!gconf.packageRoot) {
-            gconf.packageRoot = process.cwd();
-            console.warn(
-                '`packageRoot` not defined, trying ' + gconf.packageRoot
-            );
-        }
-
         if ('function' === typeof gconf.notify) {
             gdefaults.notify = gconf.notify;
         } else {
             gdefaults.notify = _notify;
         }
 
-        var rc = GreenlockRc.resolve(gconf);
+        gconf = Init._init(gconf);
-        gconf = Object.assign(rc, gconf);
+
+        // OK: /path/to/blah
+        // OK: npm-name-blah
+        // NOT OK: ./rel/path/to/blah
+        // Error: .blah
+        if ('.' === (gconf.manager.module || '')[0]) {
+            if (!gconf.packageRoot) {
+                gconf.packageRoot = process.cwd();
+                console.warn(
+                    '`packageRoot` not defined, trying ' + gconf.packageRoot
+                );
+            }
+            gconf.manager.module =
+                gconf.packageRoot + '/' + gconf.manager.module.slice(2);
+        }
 
         // Wraps each of the following with appropriate error checking
         // greenlock.manager.defaults
@@ -66,7 +79,7 @@ G.create = function(gconf) {
         // greenlock.sites.remove
         // greenlock.sites.find
         // greenlock.sites.get
-        require('./manager-underlay.js').wrap(greenlock, gconf);
+        MngWrapper.wrap(greenlock, gconf);
         // The goal here is to reduce boilerplate, such as error checking
         // and duration parsing, that a manager must implement
         greenlock.sites.add = greenlock.add = greenlock.manager.add;
@@ -76,27 +89,11 @@ G.create = function(gconf) {
         // Exports challenges.get for Greenlock Express HTTP-01,
         // and whatever odd use case pops up, I suppose
         // greenlock.challenges.get
-        require('./challenges-underlay.js').wrap(greenlock);
+        ChWrapper.wrap(greenlock);
 
+        DIR._getDefaultDirectoryUrl('', gconf.staging, '');
         if (gconf.directoryUrl) {
             gdefaults.directoryUrl = gconf.directoryUrl;
-            if (gconf.staging) {
-                throw new Error(
-                    'supply `directoryUrl` or `staging`, but not both'
-                );
-            }
-        } else if (
-            gconf.staging ||
-            process.argv.includes('--staging') ||
-            /DEV|STAG/i.test(process.env.ENV)
-        ) {
-            greenlock.staging = true;
-            gdefaults.directoryUrl =
-                'https://acme-staging-v02.api.letsencrypt.org/directory';
-        } else {
-            greenlock.live = true;
-            gdefaults.directoryUrl =
-                'https://acme-v02.api.letsencrypt.org/directory';
         }
 
         greenlock._defaults = gdefaults;
@@ -127,16 +124,16 @@ G.create = function(gconf) {
                 request: request
                 //punycode: require('punycode')
             })
-            .then(function() {
+            .then(async function() {
-                return greenlock.manager._defaults().then(function(MCONF) {
+                var MCONF = await greenlock.manager._defaults();
                 mergeDefaults(MCONF, gconf);
                 if (true === MCONF.agreeToTerms) {
                     gdefaults.agreeToTerms = function(tos) {
                         return Promise.resolve(tos);
                     };
                 }
+
                 return greenlock.manager._defaults(MCONF);
-                });
             })
             .catch(function(err) {
                 if ('load_plugin' !== err.context) {
@@ -209,14 +206,10 @@ G.create = function(gconf) {
     };
 
     // certs.get
-    greenlock.get = function(args) {
+    greenlock.get = async function(args) {
-        return greenlock
+        greenlock._single(args);
-            ._single(args)
-            .then(function() {
         args._includePems = true;
-                return greenlock.renew(args);
+        var results = await greenlock.renew(args);
-            })
-            .then(function(results) {
         if (!results || !results.length) {
             // TODO throw an error here?
             return null;
@@ -248,12 +241,12 @@ G.create = function(gconf) {
         // site for plugin options, such as http-01 challenge
         // pems for the obvious reasons
         return result;
-            });
     };
 
-    greenlock._single = function(args) {
+    // TODO remove async here, it doesn't matter
+    greenlock._single = async function(args) {
         if ('string' !== typeof args.servername) {
-            return Promise.reject(new Error('no `servername` given'));
+            throw new Error('no `servername` given');
         }
         // www.example.com => *.example.com
         args.wildname =
@@ -275,34 +268,31 @@ G.create = function(gconf) {
             args.issueBefore ||
             args.expiresBefore
         ) {
-            return Promise.reject(
+            throw new Error(
-                new Error(
                 'bad arguments, did you mean to call greenlock.renew()?'
-                )
             );
         }
         // duplicate, force, and others still allowed
-        return Promise.resolve(args);
+        return args;
     };
 
-    greenlock._config = function(args) {
+    greenlock._config = async function(args) {
-        return greenlock._single(args).then(function() {
+        greenlock._single(args);
-            return greenlock._configAll(args).then(function(sites) {
+        var sites = await greenlock._configAll(args);
         return sites[0];
-            });
-        });
     };
-    greenlock._configAll = function(args) {
+    greenlock._configAll = async function(args) {
-        return greenlock._find(args).then(function(sites) {
+        var sites = await greenlock._find(args);
         if (!sites || !sites.length) {
             return [];
         }
         sites = JSON.parse(JSON.stringify(sites));
-            return greenlock.manager._defaults().then(function(mconf) {
+        var mconf = await greenlock.manager._defaults();
         return sites.map(function(site) {
             if (site.store && site.challenges) {
                 return site;
             }
+
             var dconf = site;
             // TODO make cli and api mode the same
             if (gconf._bin_mode) {
@@ -316,26 +306,22 @@ G.create = function(gconf) {
             }
             return site;
         });
-            });
-        });
     };
 
     // needs to get info about the renewal, such as which store and challenge(s) to use
-    greenlock.renew = function(args) {
+    greenlock.renew = async function(args) {
-        return greenlock._init().then(function() {
+        await greenlock._init();
-            return greenlock.manager._defaults().then(function(mconf) {
+        var mconf = await greenlock.manager._defaults();
         return greenlock._renew(mconf, args);
-            });
-        });
     };
-    greenlock._renew = function(mconf, args) {
+    greenlock._renew = async function(mconf, args) {
         if (!args) {
             args = {};
         }
 
         var renewedOrFailed = [];
         //console.log('greenlock._renew find', args);
-        return greenlock._find(args).then(function(sites) {
+        var sites = await greenlock._find(args);
         // Note: the manager must guaranteed that these are mutable copies
         //console.log('greenlock._renew found', sites);;
 
@@ -345,10 +331,11 @@ G.create = function(gconf) {
                     JSON.stringify(sites)
             );
         }
-            function next() {
+
+        await (async function next() {
             var site = sites.shift();
             if (!site) {
-                    return Promise.resolve(null);
+                return null;
             }
 
             var order = { site: site };
@@ -379,15 +366,12 @@ G.create = function(gconf) {
                 .then(function() {
                     return next();
                 });
-            }
+        })();
 
-            return next().then(function() {
         return renewedOrFailed;
-            });
-        });
     };
 
-    greenlock._acme = function(mconf, args) {
+    greenlock._acme = async function(mconf, args, dirUrl) {
         var packageAgent = gconf.packageAgent || '';
         // because Greenlock_Express/v3.x Greenlock/v3 is redundant
         if (!/greenlock/i.test(packageAgent)) {
@@ -400,88 +384,83 @@ G.create = function(gconf) {
             debug: greenlock._defaults.debug || args.debug
         });
 
-        // The user has explicitly set the directoryUrl, great!
-        var dirUrl = args.directoryUrl || mconf.directoryUrl;
-
-        // The directoryUrl is implicit
-        var showDir = false;
-        if (!dirUrl) {
-            showDir = true;
-            dirUrl = greenlock._defaults.directoryUrl;
-        }
-
-        // Show the directory if implicit
-        if (showDir && !gdefaults.shownDirectory) {
-            gdefaults.shownDirectory = true;
-            console.info('ACME Directory URL:', dirUrl);
-        }
-
         var dir = caches[dirUrl];
-
         // don't cache more than an hour
         if (dir && Date.now() - dir.ts < 1 * 60 * 60 * 1000) {
             return dir.promise;
         }
 
-        return acme
+        await acme.init(dirUrl).catch(function(err) {
-            .init(dirUrl)
+            // TODO this is a special kind of failure mode. What should we do?
-            .then(function(/*meta*/) {
+            console.error(
+                "[debug] Let's Encrypt may be down for maintenance or `directoryUrl` may be wrong"
+            );
+            throw err;
+        });
+
         caches[dirUrl] = {
             promise: Promise.resolve(acme),
             ts: Date.now()
         };
         return acme;
-            })
-            .catch(function(err) {
-                // TODO
-                // let's encrypt is possibly down for maintenaince...
-                // this is a special kind of failure mode
-                throw err;
-            });
     };
 
-    greenlock.order = function(siteConf) {
+    greenlock.order = async function(siteConf) {
-        return greenlock._init().then(function() {
+        await greenlock._init();
-            return greenlock.manager._defaults().then(function(mconf) {
+        var mconf = await greenlock.manager._defaults();
         return greenlock._order(mconf, siteConf);
-            });
-        });
     };
-    greenlock._order = function(mconf, siteConf) {
+    greenlock._order = async function(mconf, siteConf) {
         // packageAgent, maintainerEmail
-        return greenlock._acme(mconf, siteConf).then(function(acme) {
+
+        var dirUrl = DIR._getDirectoryUrl(
+            siteConf.directoryUrl || mconf.directoryUrl,
+            siteConf.subject
+        );
+
+        var acme = await greenlock._acme(mconf, siteConf, dirUrl);
         var storeConf = siteConf.store || mconf.store;
         storeConf = JSON.parse(JSON.stringify(storeConf));
         storeConf.packageRoot = gconf.packageRoot;
 
-            var path = require('path');
         if (!storeConf.basePath) {
-                storeConf.basePath = 'greenlock';
+            storeConf.basePath = gconf.configDir;
         }
-            storeConf.basePath = path.resolve(
+
-                gconf.packageRoot || process.cwd(),
+        if ('.' === (storeConf.basePath || '')[0]) {
+            if (!gconf.packageRoot) {
+                gconf.packageRoot = process.cwd();
+                console.warn(
+                    '`packageRoot` not defined, trying ' + gconf.packageRoot
+                );
+            }
+            storeConf.basePath = require('path').resolve(
+                gconf.packageRoot || '',
                 storeConf.basePath
             );
-            return P._loadStore(storeConf).then(function(store) {
+        }
-                return A._getOrCreate(
+
+        storeConf.directoryUrl = dirUrl;
+        var store = await P._loadStore(storeConf);
+        var account = await A._getOrCreate(
             greenlock,
             mconf,
             store.accounts,
             acme,
             siteConf
-                ).then(function(account) {
+        );
-                    var challengeConfs =
+        var challengeConfs = siteConf.challenges || mconf.challenges;
-                        siteConf.challenges || mconf.challenges;
+        var challenges = {};
-                    return Promise.all(
+        var arr = await Promise.all(
             Object.keys(challengeConfs).map(function(typ01) {
                 return P._loadChallenge(challengeConfs, typ01);
             })
-                    ).then(function(arr) {
+        );
-                        var challenges = {};
         arr.forEach(function(el) {
             challenges[el._type] = el;
         });
-                        return C._getOrOrder(
+
+        var pems = await C._getOrOrder(
             greenlock,
             mconf,
             store.certificates,
@@ -489,21 +468,15 @@ G.create = function(gconf) {
             challenges,
             account,
             siteConf
-                        ).then(function(pems) {
+        );
         if (!pems) {
             throw new Error('no order result');
         }
         if (!pems.privkey) {
-                                throw new Error(
+            throw new Error('missing private key, which is kinda important');
-                                    'missing private key, which is kinda important'
-                                );
         }
+
         return pems;
-                        });
-                    });
-                });
-            });
-        });
     };
 
     greenlock._create();
@@ -544,9 +517,11 @@ function mergeDefaults(MCONF, gconf) {
             MCONF.store = {
                 module: 'greenlock-store-fs'
             };
+            console.info('[default] store.module: ' + MCONF.store.module);
         }
     }
 
+    /*
     if ('greenlock-store-fs' === MCONF.store.module && !MCONF.store.basePath) {
         //homedir = require('os').homedir();
         if (gconf.configFile) {
@@ -555,6 +530,7 @@ function mergeDefaults(MCONF, gconf) {
             MCONF.store.basePath = './greenlock.d';
         }
     }
+    */
 
     // just to test that it loads
     P._loadSync(MCONF.store.module);
@@ -566,6 +542,10 @@ function mergeDefaults(MCONF, gconf) {
     }
     if (!challenges['http-01'] && !challenges['dns-01']) {
         challenges['http-01'] = { module: 'acme-http-01-standalone' };
+        console.info(
+            '[default] challenges.http-01.module: ' +
+                challenges['http-01'].module
+        );
     }
     if (challenges['http-01']) {
         if ('string' !== typeof challenges['http-01'].module) {
@@ -589,16 +569,40 @@ function mergeDefaults(MCONF, gconf) {
 
     if (!MCONF.renewOffset) {
         MCONF.renewOffset = gconf.renewOffset || '-45d';
+        console.info('[default] renewOffset: ' + MCONF.renewOffset);
     }
     if (!MCONF.renewStagger) {
         MCONF.renewStagger = gconf.renewStagger || '3d';
+        console.info('[default] renewStagger: ' + MCONF.renewStagger);
     }
 
+    var vers = process.versions.node.split('.');
+    var defaultKeyType = 'EC-P256';
+    if (vers[0] < 10 || (vers[0] === '10' && vers[1] < '12')) {
+        defaultKeyType = 'RSA-2048';
+    }
     if (!MCONF.accountKeyType) {
-        MCONF.accountKeyType = gconf.accountKeyType || 'EC-P256';
+        MCONF.accountKeyType = gconf.accountKeyType || defaultKeyType;
+        console.info('[default] accountKeyType: ' + MCONF.accountKeyType);
     }
     if (!MCONF.serverKeyType) {
         MCONF.serverKeyType = gconf.serverKeyType || 'RSA-2048';
+        console.info('[default] serverKeyType: ' + MCONF.serverKeyType);
+    }
+
+    if (!MCONF.subscriberEmail && false !== MCONF.subscriberEmail) {
+        MCONF.subscriberEmail =
+            gconf.subscriberEmail || gconf.maintainerEmail || undefined;
+        MCONF.agreeToTerms = gconf.agreeToTerms || undefined;
+        console.info('');
+        console.info('[default] subscriberEmail: ' + MCONF.subscriberEmail);
+        console.info(
+            '[default] agreeToTerms: ' +
+                (MCONF.agreeToTerms ||
+                    gconf.agreeToTerms ||
+                    '(show notice on use)')
+        );
+        console.info('');
     }
 }
 

lib/challenges-wrapper.js

@@ -0,0 +1,88 @@
+'use strict';
+
+var Greenlock = require('../');
+
+module.exports.wrap = function(greenlock) {
+    greenlock.challenges = {};
+    greenlock.challenges.get = async function(chall) {
+        // TODO pick one and warn on the others
+        // (just here due to some backwards compat issues with early v3 plugins)
+        var servername =
+            chall.servername ||
+            chall.altname ||
+            (chall.identifier && chall.identifier.value);
+
+        // TODO some sort of caching to prevent database hits?
+        var site = await greenlock._config({ servername: servername });
+        if (!site) {
+            return null;
+        }
+
+        // Hmm... this _should_ be impossible
+        if (!site.challenges || !site.challenges['http-01']) {
+            var copy = JSON.parse(JSON.stringify(site));
+            sanitizeCopiedConf(copy);
+            sanitizeCopiedConf(copy.store);
+            if (site.challenges) {
+                sanitizeCopiedConf(copy.challenges['http-01']);
+                sanitizeCopiedConf(copy.challenges['dns-01']);
+                sanitizeCopiedConf(copy.challenges['tls-alpn-01']);
+            }
+            console.warn('[Bug] Please report this error:');
+            console.warn(
+                '\terror: http-01 challenge requested, but not even a default http-01 config exists'
+            );
+            console.warn('\tservername:', JSON.stringify(servername));
+            console.warn('\tsite:', JSON.stringify(copy));
+            return null;
+        }
+
+        var plugin = await Greenlock._loadChallenge(site.challenges, 'http-01');
+        if (!plugin) {
+            return null;
+        }
+
+        var keyAuth;
+        var keyAuthDigest;
+        var result = await plugin.get({
+            challenge: {
+                type: chall.type,
+                //hostname: chall.servername,
+                altname: chall.servername,
+                identifier: { value: chall.servername },
+                token: chall.token
+            }
+        });
+        if (result) {
+            // backwards compat that shouldn't be dropped
+            // because new v3 modules had to do this to be
+            // backwards compatible with Greenlock v2.7 at
+            // the time.
+            if (result.challenge) {
+                result = result.challenge;
+            }
+            keyAuth = result.keyAuthorization;
+            keyAuthDigest = result.keyAuthorizationDigest;
+        }
+
+        if (/dns/.test(chall.type)) {
+            return { keyAuthorizationDigest: keyAuthDigest };
+        }
+
+        return { keyAuthorization: keyAuth };
+    };
+};
+
+function sanitizeCopiedConf(copy) {
+    if (!copy) {
+        return;
+    }
+
+    Object.keys(copy).forEach(function(k) {
+        if (/(api|key|token)/i.test(k) && 'string' === typeof copy[k]) {
+            copy[k] = '**redacted**';
+        }
+    });
+
+    return copy;
+}

lib/directory-url.js

@@ -0,0 +1,46 @@
+var DIR = module.exports;
+
+// This will ALWAYS print out a notice if the URL is clearly a staging URL
+DIR._getDirectoryUrl = function(dirUrl, domain) {
+    var liveUrl = 'https://acme-v02.api.letsencrypt.org/directory';
+    dirUrl = DIR._getDefaultDirectoryUrl(dirUrl, '', domain);
+    if (!dirUrl) {
+        dirUrl = liveUrl;
+        // This will print out a notice (just once) if no directoryUrl has been supplied
+        if (!DIR._shownDirectoryUrl) {
+            DIR._shownDirectoryUrl = true;
+            console.info('ACME Directory URL:', dirUrl);
+        }
+    }
+    return dirUrl;
+};
+
+// Handle staging URLs, pebble test server, etc
+DIR._getDefaultDirectoryUrl = function(dirUrl, staging, domain) {
+    var stagingUrl = 'https://acme-staging-v02.api.letsencrypt.org/directory';
+    var stagingRe = /(^http:|staging|^127\.0\.|^::|localhost)/;
+    var env = '';
+    var args = [];
+    if ('undefined' !== typeof process) {
+        env = (process.env && process.env.ENV) || '';
+        args = (process.argv && process.argv.slice(1)) || [];
+    }
+
+    if (
+        staging ||
+        stagingRe.test(dirUrl) ||
+        args.includes('--staging') ||
+        /DEV|STAG/i.test(env)
+    ) {
+        if (!stagingRe.test(dirUrl)) {
+            dirUrl = stagingUrl;
+        }
+        console.info('[staging] ACME Staging Directory URL:', dirUrl, env);
+        console.warn('FAKE CERTIFICATES (for testing) only', env, domain);
+        console.warn('');
+    }
+
+    return dirUrl;
+};
+
+DIR._shownDirectoryUrl = false;

lib/init.js

@@ -0,0 +1,194 @@
+'use strict';
+
+var Init = module.exports;
+
+var fs = require('fs');
+var path = require('path');
+//var promisify = require("util").promisify;
+
+Init._init = function(opts) {
+    //var Rc = require("@root/greenlock/rc");
+    var Rc = require('./rc.js');
+    var pkgText;
+    var pkgErr;
+    var msgErr;
+    //var emailErr;
+    var realPkg;
+    var userPkg;
+    var myPkg = {};
+    // we want to be SUPER transparent that we're reading from package.json
+    // we don't want anything unexpected
+    var implicitConfig = [];
+    var rc;
+
+    if (opts.packageRoot) {
+        try {
+            pkgText = fs.readFileSync(
+                path.resolve(opts.packageRoot, 'package.json'),
+                'utf8'
+            );
+            opts._hasPackage = true;
+        } catch (e) {
+            pkgErr = e;
+            if (opts._mustPackage) {
+                console.error(
+                    'Should be run from package root (the same directory as `package.json`)'
+                );
+                process.exit(1);
+                return;
+            }
+            console.warn(
+                '`packageRoot` should be the root of the package (probably `__dirname`)'
+            );
+        }
+    }
+
+    if (pkgText) {
+        try {
+            realPkg = JSON.parse(pkgText);
+        } catch (e) {
+            pkgErr = e;
+        }
+    }
+
+    userPkg = opts.package;
+
+    if (realPkg || userPkg) {
+        userPkg = userPkg || {};
+        realPkg = realPkg || {};
+
+        // build package agent
+        if (!opts.packageAgent) {
+            // name
+            myPkg.name = userPkg.name;
+            if (!myPkg.name) {
+                myPkg.name = realPkg.name;
+                implicitConfig.push('name');
+            }
+
+            // version
+            myPkg.version = userPkg.version;
+            if (!myPkg.version) {
+                myPkg.version = realPkg.version;
+                implicitConfig.push('version');
+            }
+            if (myPkg.name && myPkg.version) {
+                opts.packageAgent = myPkg.name + '/' + myPkg.version;
+            }
+        }
+
+        // build author
+        myPkg.author = opts.maintainerEmail;
+        if (!myPkg.author) {
+            myPkg.author =
+                (userPkg.author && userPkg.author.email) || userPkg.author;
+        }
+        if (!myPkg.author) {
+            implicitConfig.push('author');
+            myPkg.author =
+                (realPkg.author && realPkg.author.email) || realPkg.author;
+        }
+        if (!opts._init) {
+            opts.maintainerEmail = myPkg.author;
+        }
+    }
+
+    if (!opts.packageAgent) {
+        msgErr =
+            'missing `packageAgent` and also failed to read `name` and/or `version` from `package.json`';
+        if (pkgErr) {
+            msgErr += ': ' + pkgErr.message;
+        }
+        throw new Error(msgErr);
+    }
+
+    if (!opts._init) {
+        opts.maintainerEmail = parseMaintainer(opts.maintainerEmail);
+        if (!opts.maintainerEmail) {
+            msgErr =
+                'missing or malformed `maintainerEmail` (or `author` from `package.json`), which is used as the contact for support notices';
+            throw new Error(msgErr);
+        }
+    }
+
+    if (opts.packageRoot) {
+        // Place the rc file in the packageroot
+        rc = Rc._initSync(opts.packageRoot, opts.manager, opts.configDir);
+        opts.configDir = rc.configDir;
+        opts.manager = rc.manager;
+    }
+
+    if (!opts.configDir && !opts.manager) {
+        throw new Error(
+            'missing `packageRoot` and `configDir`, but no `manager` was supplied'
+        );
+    }
+
+    opts.configFile = path.join(
+        path.resolve(opts.packageRoot, opts.configDir),
+        'config.json'
+    );
+    var config;
+    try {
+        config = JSON.parse(fs.readFileSync(opts.configFile));
+    } catch (e) {
+        if ('ENOENT' !== e.code) {
+            throw e;
+        }
+        config = { defaults: {} };
+    }
+
+    opts.manager =
+        rc.manager ||
+        (config.defaults && config.defaults.manager) ||
+        config.manager;
+    if (!opts.manager) {
+        opts.manager = '@greenlock/manager';
+    }
+    if ('string' === typeof opts.manager) {
+        opts.manager = {
+            module: opts.manager
+        };
+    }
+    opts.manager = JSON.parse(JSON.stringify(opts.manager));
+
+    var confconf = ['configDir', 'configFile', 'staging', 'directoryUrl'];
+    Object.keys(opts).forEach(function(k) {
+        if (!confconf.includes(k)) {
+            return;
+        }
+        if ('undefined' !== typeof opts.manager[k]) {
+            return;
+        }
+        opts.manager[k] = opts[k];
+    });
+
+    /*
+    var ignore = ["packageRoot", "maintainerEmail", "packageAgent", "staging", "directoryUrl", "manager"];
+    Object.keys(opts).forEach(function(k) {
+        if (ignore.includes(k)) {
+            return;
+        }
+        opts.manager[k] = opts[k];
+    });
+    */
+
+    // Place the rc file in the configDir itself
+    //Rc._initSync(opts.configDir, opts.configDir);
+    return opts;
+};
+
+// ex: "John Doe <john@example.com> (https://john.doe)"
+// ex: "John Doe <john@example.com>"
+// ex: "<john@example.com>"
+// ex: "john@example.com"
+var looseEmailRe = /(^|[\s<])([^'" <>:;`]+@[^'" <>:;`]+\.[^'" <>:;`]+)/;
+function parseMaintainer(maintainerEmail) {
+    try {
+        maintainerEmail = maintainerEmail.match(looseEmailRe)[2];
+    } catch (e) {
+        maintainerEmail = null;
+    }
+
+    return maintainerEmail;
+}

lib/manager-wrapper.js

@@ -1,7 +1,7 @@
 'use strict';
 
-var U = require('./utils.js');
+var U = require('../utils.js');
-var E = require('./errors.js');
+var E = require('../errors.js');
 
 var warned = {};
 
@@ -12,13 +12,25 @@ module.exports.wrap = function(greenlock, gconf) {
     var myFind = gconf.find;
     delete gconf.find;
 
-    var mega = mergeManager(gconf);
+    var mega = mergeManager(greenlock, gconf);
 
     greenlock.manager = {};
     greenlock.sites = {};
     //greenlock.accounts = {};
     //greenlock.certs = {};
 
+    greenlock.manager._modulename = gconf.manager.module;
+    if ('/' === String(gconf.manager.module)[0]) {
+        greenlock.manager._modulename = require('path').relative(
+            gconf.packageRoot,
+            greenlock.manager._modulename
+        );
+        if ('.' !== String(greenlock.manager._modulename)[0]) {
+            greenlock.manager._modulename =
+                './' + greenlock.manager._modulename;
+        }
+    }
+
     var allowed = [
         'accountKeyType', //: ["P-256", "RSA-2048"],
         'serverKeyType', //: ["RSA-2048", "P-256"],
@@ -398,6 +410,7 @@ function loadManager(gconf) {
     // 1. Get the manager
     // 2. Figure out if we need to wrap it
 
+    /*
     if (!gconf.manager) {
         gconf.manager = '@greenlock/manager';
     }
@@ -407,9 +420,11 @@ function loadManager(gconf) {
             '`manager` should be a string representing the npm name or file path of the module'
         );
     }
+    */
+
     try {
         // wrap this to be safe for @greenlock/manager
-        m = require(gconf.manager).create(gconf);
+        m = require(gconf.manager.module).create(gconf.manager);
     } catch (e) {
         console.error('Error loading manager:');
         console.error(e.code);
@@ -429,7 +444,7 @@ function loadManager(gconf) {
     return m;
 }
 
-function mergeManager(gconf) {
+function mergeManager(greenlock, gconf) {
     var mng;
     function m() {
         if (mng) {
@@ -490,8 +505,46 @@ function mergeManager(gconf) {
     }
 
     if (mini.get) {
-        mega.get = function(opts) {
+        mega.get = async function(opts) {
+            if (mini.set) {
                 return mini.get(opts);
+            }
+
+            if (!mega._get) {
+                mega._get = m().get;
+            }
+
+            var existing = await mega._get(opts);
+            var site = await mini.get(opts);
+            if (!existing) {
+                // Add
+                if (!site) {
+                    return;
+                }
+                site.renewAt = 1;
+                site.deletedAt = 0;
+                await mega.set(site);
+                existing = await mega._get(opts);
+            } else if (!site) {
+                // Delete
+                existing.deletedAt = site.deletedAt || Date.now();
+                await mega.set(existing);
+                existing = null;
+            } else if (
+                site.subject !== existing.subject ||
+                site.altnames.join(' ') !== existing.altnames.join(' ')
+            ) {
+                // Update
+                site.renewAt = 1;
+                site.deletedAt = 0;
+                await mega.set(site);
+                existing = await mega._get(opts);
+                if (!existing) {
+                    throw new Error('failed to `get` after `set`');
+                }
+            }
+
+            return existing;
         };
     } else if (mini.find) {
         mega.get = function(opts) {
@@ -506,13 +559,29 @@ function mergeManager(gconf) {
         };
     } else if (mini.set) {
         throw new Error(
-            gconf.manager + ' implements `set()`, but not `get()` or `find()`'
+            gconf.manager.module +
+                ' implements `set()`, but not `get()` or `find()`'
         );
     } else {
         mega.find = m().find;
         mega.get = m().get;
     }
 
+    if (!mega.find) {
+        mega._nofind = false;
+        mega.find = async function(opts) {
+            if (!mega._nofind) {
+                console.warn(
+                    'Warning: manager `' +
+                        greenlock.manager._modulename +
+                        '` does not implement `find({})`\n'
+                );
+                mega._nofind = true;
+            }
+            return [];
+        };
+    }
+
     if (!mega.get) {
         mega.get = function(opts) {
             var servername = opts.servername;

lib/rc.js

@@ -0,0 +1,77 @@
+'use strict';
+
+var Rc = module.exports;
+var fs = require('fs');
+var path = require('path');
+
+// This is only called if packageRoot is specified
+// (which it should be most of the time)
+Rc._initSync = function(dirname, manager, configDir) {
+    if (!dirname) {
+        return {};
+    }
+
+    // dirname / opts.packageRoot
+    var rcpath = path.resolve(dirname, '.greenlockrc');
+    var rc;
+
+    try {
+        rc = JSON.parse(fs.readFileSync(rcpath));
+    } catch (e) {
+        if ('ENOENT' !== e.code) {
+            throw e;
+        }
+        rc = {};
+    }
+
+    var changed = true;
+
+    // In the general case the manager should be specified in the
+    // config file, which is in the config dir, but for the specific
+    // case in which all custom plugins are being used and no config
+    // dir is needed, we allow the manager to be read from the rc.
+    // ex: manager: { module: 'name', xxxx: 'xxxx' }
+    if (manager) {
+        if (rc.manager) {
+            if (
+                ('string' === typeof rc.manager && rc.manager !== manager) ||
+                ('string' !== typeof rc.manager &&
+                    rc.manager.module !== manager.module)
+            ) {
+                changed = true;
+                console.info(
+                    "changing `manager` from '%s' to '%s'",
+                    rc.manager.module || rc.manager,
+                    manager.module || manager
+                );
+            }
+        }
+        rc.manager = manager;
+    }
+
+    if (!configDir) {
+        configDir = rc.configDir;
+    }
+
+    if (configDir && configDir !== rc.configDir) {
+        if (rc.configDir) {
+            console.info(
+                "changing `configDir` from '%s' to '%s'",
+                rc.configDir,
+                configDir
+            );
+        }
+        changed = true;
+        rc.configDir = configDir;
+    } else if (!rc.configDir) {
+        changed = true;
+        configDir = './greenlock.d';
+        rc.configDir = configDir;
+    }
+
+    if (changed) {
+        fs.writeFileSync(rcpath, JSON.stringify(rc));
+    }
+
+    return rc;
+};

package-lock.json

@@ -1,21 +1,21 @@
 {
     "name": "@root/greenlock",
-    "version": "3.1.5",
+    "version": "4.0.5",
     "lockfileVersion": 1,
     "requires": true,
     "dependencies": {
         "@greenlock/manager": {
-            "version": "3.0.0",
+            "version": "3.1.0",
-            "resolved": "https://registry.npmjs.org/@greenlock/manager/-/manager-3.0.0.tgz",
+            "resolved": "https://registry.npmjs.org/@greenlock/manager/-/manager-3.1.0.tgz",
-            "integrity": "sha512-ijgJrFdzJPmzrDk8aKXYoYR8LNfG3hXd9/s54ZY7IgxTulyPQ/qOPgl7sWgCxxLhZBzSY1xI6eC/6Y5TQ01agg==",
+            "integrity": "sha512-PBy5CMK+j4oD7sj7hF5qE+xKEOSiiuL2hHd5X5ttEbtnTSDKjNeqbrR5k2ZddwVNdjOVeBIeuqlm81IFZ+Ftew==",
             "requires": {
-                "greenlock-manager-fs": "^3.0.5"
+                "greenlock-manager-fs": "^3.1.0"
             },
             "dependencies": {
                 "greenlock-manager-fs": {
-                    "version": "3.0.5",
+                    "version": "3.1.1",
-                    "resolved": "https://registry.npmjs.org/greenlock-manager-fs/-/greenlock-manager-fs-3.0.5.tgz",
+                    "resolved": "https://registry.npmjs.org/greenlock-manager-fs/-/greenlock-manager-fs-3.1.1.tgz",
-                    "integrity": "sha512-r/q+tEFuDwklfzPfiGhcIrHuJxMrppC+EseESpu5f0DMokh+1iZVm9nGC/VE7/7GETdOYfEYhhQkmspsi8Gr/A==",
+                    "integrity": "sha512-np6qdnPIOZx40PAcSQcqK1eMPWjTKxsxcgRd/OVg0ai49WC1Ds74CTrwmB84pq2n53ikbnDBQFmKEQ4AC0DK8w==",
                     "requires": {
                         "@root/mkdirp": "^1.0.0",
                         "safe-replace": "^1.1.0"
@@ -24,15 +24,23 @@
             }
         },
         "@root/acme": {
-            "version": "3.0.8",
+            "version": "3.1.0",
-            "resolved": "https://registry.npmjs.org/@root/acme/-/acme-3.0.8.tgz",
+            "resolved": "https://registry.npmjs.org/@root/acme/-/acme-3.1.0.tgz",
-            "integrity": "sha512-VmBvLvWdCDkolkanI9Dzm1ouSWPaAa2eCCwcDZcVQbWoNiUIOqbbd57fcMA/gZxLyuJPStD2WXFuEuSMPDxcww==",
+            "integrity": "sha512-GAyaW63cpSYd2KvVp5lHLbCWeEhJPKZK9nsJvZJOKsD9Uv88KEttn4FpDZEJ+2q3Jsey0DWpuQ2I4ft0JV9p2w==",
             "requires": {
+                "@root/csr": "^0.8.1",
                 "@root/encoding": "^1.0.1",
-                "@root/keypairs": "^0.9.0",
+                "@root/keypairs": "^0.10.0",
                 "@root/pem": "^1.0.4",
-                "@root/request": "^1.3.11",
+                "@root/request": "^1.6.1",
                 "@root/x509": "^0.7.2"
+            },
+            "dependencies": {
+                "@root/request": {
+                    "version": "1.6.1",
+                    "resolved": "https://registry.npmjs.org/@root/request/-/request-1.6.1.tgz",
+                    "integrity": "sha512-8wrWyeBLRp7T8J36GkT3RODJ6zYmL0/maWlAUD5LOXT28D3TDquUepyYDKYANNA3Gc8R5ZCgf+AXvSTYpJEWwQ=="
+                }
             }
         },
         "@root/asn1": {
@@ -59,9 +67,9 @@
             "integrity": "sha512-OaEub02ufoU038gy6bsNHQOjIn8nUjGiLcaRmJ40IUykneJkIW5fxDqKxQx48cszuNflYldsJLPPXCrGfHs8yQ=="
         },
         "@root/keypairs": {
-            "version": "0.9.0",
+            "version": "0.10.0",
-            "resolved": "https://registry.npmjs.org/@root/keypairs/-/keypairs-0.9.0.tgz",
+            "resolved": "https://registry.npmjs.org/@root/keypairs/-/keypairs-0.10.0.tgz",
-            "integrity": "sha512-NXE2L9Gv7r3iC4kB/gTPZE1vO9Ox/p14zDzAJ5cGpTpytbWOlWF7QoHSJbtVX4H7mRG/Hp7HR3jWdWdb2xaaXg==",
+            "integrity": "sha512-t8VocY46Mtb0NTsxzyLLf5tsgfw0BXLYVADAyiRdEdqHcvPFGJdjkXNtHVQuSV/FMaC65iTOHVP4E6X8iT3Ikg==",
             "requires": {
                 "@root/encoding": "^1.0.1",
                 "@root/pem": "^1.0.4",
@@ -79,9 +87,9 @@
             "integrity": "sha512-rEUDiUsHtild8GfIjFE9wXtcVxeS+ehCJQBwbQQ3IVfORKHK93CFnRtkr69R75lZFjcmKYVc+AXDB+AeRFOULA=="
         },
         "@root/request": {
-            "version": "1.3.11",
+            "version": "1.6.1",
-            "resolved": "https://registry.npmjs.org/@root/request/-/request-1.3.11.tgz",
+            "resolved": "https://registry.npmjs.org/@root/request/-/request-1.6.1.tgz",
-            "integrity": "sha512-3a4Eeghcjsfe6zh7EJ+ni1l8OK9Fz2wL1OjP4UCa0YdvtH39kdXB9RGWuzyNv7dZi0+Ffkc83KfH0WbPMiuJFw=="
+            "integrity": "sha512-8wrWyeBLRp7T8J36GkT3RODJ6zYmL0/maWlAUD5LOXT28D3TDquUepyYDKYANNA3Gc8R5ZCgf+AXvSTYpJEWwQ=="
         },
         "@root/x509": {
             "version": "0.7.2",
@@ -108,19 +116,10 @@
             "integrity": "sha512-8sJ78ElpbDJBHNeBzUbUVLsqKdccaa/BXF1uPTw3GrvQTBgrQrtObr2mUrE38vzYd8cEv+m/JBfDLioYcfXoaw==",
             "dev": true
         },
-        "greenlock-manager-fs": {
-            "version": "3.0.5",
-            "resolved": "https://registry.npmjs.org/greenlock-manager-fs/-/greenlock-manager-fs-3.0.5.tgz",
-            "integrity": "sha512-r/q+tEFuDwklfzPfiGhcIrHuJxMrppC+EseESpu5f0DMokh+1iZVm9nGC/VE7/7GETdOYfEYhhQkmspsi8Gr/A==",
-            "requires": {
-                "@root/mkdirp": "^1.0.0",
-                "safe-replace": "^1.1.0"
-            }
-        },
         "greenlock-store-fs": {
-            "version": "3.2.0",
+            "version": "3.2.2",
-            "resolved": "https://registry.npmjs.org/greenlock-store-fs/-/greenlock-store-fs-3.2.0.tgz",
+            "resolved": "https://registry.npmjs.org/greenlock-store-fs/-/greenlock-store-fs-3.2.2.tgz",
-            "integrity": "sha512-zqcPnF+173oYq5qU7FoGtuqeG8dmmvAiSnz98kEHAHyvgRF9pE1T0MM0AuqDdj45I3kXlCj2gZBwutnRi37J3g==",
+            "integrity": "sha512-92ejLB4DyV4qv/2b6VLGF2nKfYQeIfg3o+e/1cIoYLjlIaUFdbBXkzLTRozFlHsQPZt2ALi5qYrpC9IwH7GK8A==",
             "requires": {
                 "@root/mkdirp": "^1.0.0",
                 "safe-replace": "^1.1.0"

package.json

@@ -1,6 +1,6 @@
 {
     "name": "@root/greenlock",
-    "version": "3.1.5",
+    "version": "4.0.5",
     "description": "The easiest Let's Encrypt client for Node.js and Browsers",
     "homepage": "https://rootprojects.org/greenlock/",
     "main": "greenlock.js",
@@ -38,16 +38,15 @@
     "author": "AJ ONeal <coolaj86@gmail.com> (https://coolaj86.com/)",
     "license": "MPL-2.0",
     "dependencies": {
-        "@greenlock/manager": "^3.0.0",
+        "@greenlock/manager": "^3.1.0",
-        "@root/acme": "^3.0.8",
+        "@root/acme": "^3.1.0",
         "@root/csr": "^0.8.1",
-        "@root/keypairs": "^0.9.0",
+        "@root/keypairs": "^0.10.0",
         "@root/mkdirp": "^1.0.0",
-        "@root/request": "^1.3.10",
+        "@root/request": "^1.6.1",
         "acme-http-01-standalone": "^3.0.5",
         "cert-info": "^1.5.1",
-        "greenlock-manager-fs": "^3.0.5",
+        "greenlock-store-fs": "^3.2.2",
-        "greenlock-store-fs": "^3.2.0",
         "safe-replace": "^1.1.0"
     },
     "devDependencies": {

plugins.js

@@ -146,7 +146,7 @@ P._normalizeChallenge = function(name, ch) {
         };
     }
 
-    // init, zones, set, get, remove
+    // init, zones, set, get, remove, propagationDelay
     if (ch.init) {
         if (2 === ch.init.length) {
             warn();
@@ -183,6 +183,9 @@ P._normalizeChallenge = function(name, ch) {
         }
         gch.get = wrappy(ch.get);
     }
+    if("number" === typeof ch.propagationDelay) {
+        gch.propagationDelay = ch.propagationDelay;
+    }
 
     return gch;
 };