acme-dns-01-cli
Advanced tools
Readme
An extremely simple reference implementation of an ACME (Let's Encrypt) dns-01 challenge strategy.
This generic implementation can be adapted to work with any node.js ACME client, although it was built for Greenlock and ACME.js.
_acme-challenge.example.com TXT xxxxxxxxxxxxxxxx TTL 60
Other ACME Challenge Reference Implementations:
npm install --save acme-dns-01-cli@3.x
If you have greenlock@v2.6 or lower, you'll need the old le-challenge-dns@2.x instead.
var Greenlock = require('greenlock');
Greenlock.create({
...
, challenges: { 'http-01': require('acme-http-01-fs')
, 'dns-01': require('acme-dns-01-cli').create({ debug: true })
, 'tls-alpn-01': require('acme-tls-alpn-01-cli')
}
...
});
You can also switch between different implementations by
overwriting the default with the one that you want in approveDomains():
function approveDomains(opts) {
...
if (!opts.challenges) { opts.challenges = {}; }
opts.challenges['dns-01'] = acmeDns01Cli;
opts.challenges['http-01'] = ...
return Promise.resolve({ ... });
}
NOTE: If you request a certificate with 6 domains listed, it will require 6 individual challenges.
For ACME Challenge:
set(opts)remove(opts)The dns-01 strategy supports wildcards (whereas http-01 does not).
The options object has whatever options were set in approveDomains()
as well as the challenge, which looks like this:
{ challenge: {
identifier: { type: 'dns', value: 'example.com'
, wildcard: true
, altname: '*.example.com'
, type: 'dns-01'
, token: 'xxxxxx'
, keyAuthorization: 'xxxxxx.abc123'
, dnsHost: '_acme-challenge.example.com'
, dnsAuthorization: 'xyz567'
, expires: '1970-01-01T00:00:00Z'
}
}
For greenlock.js internals:
options stores the internal defaults merged with the user-supplied optionsOptional:
get(limitedOpts)Note: Typically there wouldn't be a get() for DNS because the NameServer (not Greenlock) answers the requests.
It could be used for testing implementations, but that's about it.
(though I suppose you could implement it if you happen to run your DNS and webserver together... kinda weird though)
If there were an implementation of Greenlock integrated directly into a NameServer (which currently there is not), it would probably look like this:
{ challenge: {
type: 'dns-01'
, identifier: { type: 'dns', value: 'example.com' }
, token: 'abc123'
, dnsHost: '_acme-challenge.example.com'
}
}
Greenlock™ and Bluecrypt™ are trademarks of AJ ONeal
The rule of thumb is "attribute, but don't confuse". For example:
Please contact us if you have any questions in regards to our trademark, attribution, and/or visible source policies. We want to build great software and a great community.
Greenlock™ | MPL-2.0 | Terms of Use | Privacy Policy
FAQs
A manual (interactive CLI) dns-based strategy for Greenlock / Let's Encrypt / ACME DNS-01 challenges
The npm package acme-dns-01-cli receives a total of 3,315 weekly downloads. As such, acme-dns-01-cli popularity was classified as popular.
We found that acme-dns-01-cli demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Tea.xyz, a crypto project aimed at rewarding open source contributions, is once again facing backlash due to an influx of spam packages flooding public package registries.
Security News
As cyber threats become more autonomous, AI-powered defenses are crucial for businesses to stay ahead of attackers who can exploit software vulnerabilities at scale.
Security News
UnitedHealth Group disclosed that the ransomware attack on Change Healthcare compromised protected health information for millions in the U.S., with estimated costs to the company expected to reach $1 billion.