acme-dns-01-cli | a Root project
An extremely simple reference implementation of an ACME (Let's Encrypt) dns-01 challenge strategy.
This generic implementation can be adapted to work with any node.js ACME client, although it was built for Greenlock and ACME.js.
_acme-challenge.example.com TXT xxxxxxxxxxxxxxxx TTL 60
- Prints the ACME challenge DNS Host and DNS Key Authorization Digest to the terminal
- (waits for you to hit enter before continuing)
- Let's you know when the challenge as succeeded or failed, and is safe to remove.
Other ACME Challenge Reference Implementations:
Install
npm install --save acme-dns-01-cli@3.x
If you have greenlock@v2.6
or lower, you'll need the old le-challenge-dns@2.x
instead.
Usage
var Greenlock = require; Greenlock.create;
You can also switch between different implementations by
overwriting the default with the one that you want in approveDomains()
:
{ ... if !optschallenges optschallenges = {}; optschallenges'dns-01' = acmeDns01Cli; optschallenges'http-01' = ... return Promise;}
NOTE: If you request a certificate with 6 domains listed, it will require 6 individual challenges.
Exposed (Promise) Methods
For ACME Challenge:
set(opts)
remove(opts)
The dns-01
strategy supports wildcards (whereas http-01
does not).
The options object has whatever options were set in approveDomains()
as well as the challenge
, which looks like this:
challenge: identifier: type: 'dns' value: 'example.com' wildcard: true altname: '*.example.com' type: 'dns-01' token: 'xxxxxx' keyAuthorization: 'xxxxxx.abc123' dnsHost: '_acme-challenge.example.com' dnsAuthorization: 'xyz567' expires: '1970-01-01T00:00:00Z'
For greenlock.js internals:
options
stores the internal defaults merged with the user-supplied options
Optional:
get(limitedOpts)
Note: Typically there wouldn't be a get()
for DNS because the NameServer (not Greenlock) answers the requests.
It could be used for testing implementations, but that's about it.
(though I suppose you could implement it if you happen to run your DNS and webserver together... kinda weird though)
If there were an implementation of Greenlock integrated directly into a NameServer (which currently there is not), it would probably look like this:
challenge: type: 'dns-01' identifier: type: 'dns' value: 'example.com' token: 'abc123' dnsHost: '_acme-challenge.example.com'
Legal & Rules of the Road
Greenlock™ and Bluecrypt™ are trademarks of AJ ONeal
The rule of thumb is "attribute, but don't confuse". For example:
Please contact us if you have any questions in regards to our trademark, attribution, and/or visible source policies. We want to build great software and a great community.
Greenlock™ | MPL-2.0 | Terms of Use | Privacy Policy