wedeploy-letsencrypt
v2.0.3
Published
CLI and API for issuing, renewing and revoking certificates on user's behalf using Let's Encrypt
Downloads
11
Maintainers
Readme
Install
$ npm i --save wedeploy-letsencrypt
If you prefer to install it globally and use the CLI, use the following command:
$ npm i -g wedeploy-letsencrypt
Then, the command wel
should be available in PATH. Run wel --help
for more information about the available options.
Usage
Using as CLI
$ wel <cmd> [args]
Commands:
certonly Issue/renew certificate(s)
renew Renew certificate(s)
Options:
--help Show help [boolean]
-v, --version Show version number [boolean]
The options for certonly
and renew
commands are the same and they are:
Options:
--help Show help [boolean]
--account-key-path Path to privkey.pem to use for account (default: generate new) [string]
--agree-tos Agree to the Let's Encrypt Subscriber Agreement. [required]
--cert-path Path to where new cert.pem is saved. [string] [default: ":configDir/live/:hostname/cert.pem"]
--chain-path Path to where new chain.pem is saved. [string] [default: ":configDir/live/:hostname/chain.pem"]
--config-dir Configuration directory. [string] [default: "~/letsencrypt/etc/"]
--debug Show traces and logs. [boolean] [default: false]
--domains Domain names to apply. For multiple domains use space separated list of domains as a parameter.
[array] [required]
--domain-key-path Path to privkey.pem to use for domain (default: generate new) [string]
--duplicate Allow getting a certificate that duplicates an existing one/is an early renewal.
[boolean] [default: false]
--email Email used for registration and recovery contact. [string] [required]
--fullchain-path Path to where new fullchain.pem (cert + chain) is saved.
[string] [default: ":configDir/live/:hostname/fullchain.pem"]
--http-01-port Use HTTP-01 challenge type with this port. [number] [default: 80]
--key-fullchain-path Path to where key + fullchain.pem is saved.
[string] [default: ":configDir/live/:hostname/keyfullchain.pem"]
--renew-within Renew certificates this many days before expiry. [number] [default: 7]
--rsa-key-size Size (in bits) of the RSA key. [number] [default: 2048]
--server ACME Directory Resource URI. Default: staging server. Use "production" to connect to the
production server. [string] [choices: "https://acme-staging.api.letsencrypt.org/directory",
"https://acme-v01.api.letsencrypt.org/directory", "staging", "production"] [default: "staging"]
--webroot-path public_html / webroot path. [string] [default: "/var/lib/haproxy"]
-v, --version Show version number [boolean]
To issue a certificate for a domain, you may use the following command:
$ wel certonly --agree-tos --domains example.com www.example.com --email [email protected] --config-dir ~/cfg-dir --server staging --webroot-path /var/lib/haproxy
The command will validate the example.com
and www.example.com
using HTTP challenge and register or renew a certificate for it. The server (HAProxy for example) should be able to serve files from /var/lib/haproxy
directory.
To renew a certificate for a domain, you may use the following command:
$ wel renew --agree-tos --domains example.com www.example.com --email [email protected] --config-dir ~/cfg-dir --server staging --webroot-path /var/lib/haproxy
If --duplicate
is not specified and there is no certificate to be renewed, an exception will be thrown with a code
property which value will be E_NOT_RENEWABLE
.
Using as API
In an application, require WeDeploy Let's Encrypt implementation and call generateCertificate
method, passing configuration options as properties of an object. The function returns a Promise
, which will be fulfilled with the registered certificates. The certificates will be stored to the configuration directory (configDir
property) already.
The list of available options are the same as those, which could be specified from the command line, but in camelCase. For example, agree-tos
should become agreeTos
and rsa-key-size
should become rsaKeySize
.
Example code for generating a certificate:
const LetsEncrypt = require('wedeploy-letsencrypt');
LetsEncrypt.generateCertificate(options)
.then((certs) => {
console.log('Got certificate(s) for', certs.altnames.join(', '));
})
.catch((error) => {
console.error(error);
});
Example code for renewing a certificate:
const LetsEncrypt = require('wedeploy-letsencrypt');
LetsEncrypt.renewCertificate(options)
.then((certs) => {
console.log('Got certificate(s) for', certs.altnames.join(', '));
})
.catch((error) => {
console.error(error);
});
Test
$ npm test
License
BSD License © Liferay, Inc.