acme-dns-01-cli
Advanced tools
A manual (interactive CLI) dns-based strategy for Greenlock / Let's Encrypt / ACME DNS-01 challenges
An extremely simple reference implementation of an ACME (Let's Encrypt) dns-01 challenge strategy.
This generic implementation can be adapted to work with any node.js ACME client, although it was built for Greenlock and ACME.js.
_acme-challenge.example.com TXT xxxxxxxxxxxxxxxx TTL 60
Other ACME Challenge Reference Implementations:
npm install --save acme-dns-01-cli@3.x
If you have greenlock@v2.6 or lower, you'll need the old le-challenge-dns@2.x instead.
var Greenlock = require('greenlock');
Greenlock.create({
...
, challenges: { 'http-01': require('acme-http-01-fs')
, 'dns-01': require('acme-dns-01-cli').create({ debug: true })
, 'tls-alpn-01': require('acme-tls-alpn-01-cli')
}
...
});
You can also switch between different implementations by
overwriting the default with the one that you want in approveDomains():
function approveDomains(opts) {
...
if (!opts.challenges) { opts.challenges = {}; }
opts.challenges['dns-01'] = acmeDns01Cli;
opts.challenges['http-01'] = ...
return Promise.resolve({ ... });
}
NOTE: If you request a certificate with 6 domains listed, it will require 6 individual challenges.
For ACME Challenge:
set(opts)remove(opts)The dns-01 strategy supports wildcards (whereas http-01 does not).
The options object has whatever options were set in approveDomains()
as well as the challenge, which looks like this:
{ challenge: {
identifier: { type: 'dns', value: 'example.com'
, wildcard: true
, altname: '*.example.com'
, type: 'dns-01'
, token: 'xxxxxx'
, keyAuthorization: 'xxxxxx.abc123'
, dnsHost: '_acme-challenge.example.com'
, dnsAuthorization: 'xyz567'
, expires: '1970-01-01T00:00:00Z'
}
}
For greenlock.js internals:
options stores the internal defaults merged with the user-supplied optionsOptional:
get(limitedOpts)Note: Typically there wouldn't be a get() for DNS because the NameServer (not Greenlock) answers the requests.
It could be used for testing implementations, but that's about it.
(though I suppose you could implement it if you happen to run your DNS and webserver together... kinda weird though)
If there were an implementation of Greenlock integrated directly into a NameServer (which currently there is not), it would probably look like this:
{ challenge: {
type: 'dns-01'
, identifier: { type: 'dns', value: 'example.com' }
, token: 'abc123'
, dnsHost: '_acme-challenge.example.com'
}
}
Greenlock™ and Bluecrypt™ are trademarks of AJ ONeal
The rule of thumb is "attribute, but don't confuse". For example:
Please contact us if you have any questions in regards to our trademark, attribution, and/or visible source policies. We want to build great software and a great community.
Greenlock™ | MPL-2.0 | Terms of Use | Privacy Policy
FAQs
A manual (interactive CLI) dns-based strategy for Greenlock / Let's Encrypt / ACME DNS-01 challenges
The npm package acme-dns-01-cli receives a total of 1,477 weekly downloads. As such, acme-dns-01-cli popularity was classified as popular.
We found that acme-dns-01-cli demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
pnpm 10 blocks lifecycle scripts by default to improve security, addressing supply chain attack risks but sparking debate over compatibility and workflow changes.
Product
Socket now supports uv.lock files to ensure consistent, secure dependency resolution for Python projects and enhance supply chain security.
Research
Security News
Socket researchers have discovered multiple malicious npm packages targeting Solana private keys, abusing Gmail to exfiltrate the data and drain Solana wallets.