acme-protocol

ACME Protocol

This module aims to implement the Automatic Certificate Management Environment (ACME) Protocol, with compatibility for both, the currently employed (e.g. by LetsEncrypt), and the currently being specified version.

Install via npm

$ npm install --save acme-protocol

Usage

var ACME = require( 'acme-protocol' )

// Create a new ACME protocol client
var client = new ACME({
  baseUrl: 'https://acme-staging.api.letsencrypt.org',
  publicKey: '...', // PEM encoded public key (required)
  privateKey: '...', // PEM encoded private key (required)
})

// Configure the client with the ACME server's directory
// NOTE: Optional, will be done on API if unconfigured
client.configure( function( error, directory ) {
  // directory -> {
  //   'new-authz': 'https://acme-staging.api.letsencrypt.org/acme/new-authz',
  //   'new-cert': 'https://acme-staging.api.letsencrypt.org/acme/new-cert',
  //   'new-reg': 'https://acme-staging.api.letsencrypt.org/acme/new-reg',
  //   'revoke-cert': 'https://acme-staging.api.letsencrypt.org/acme/revoke-cert'
  // }
})

// Retrieve a new replay-nonce to be used
client.getNonce( function( error, replayNonce ) {
  // ...
})

// Define your contact details
var contact = [ 'mailto:root@localhost' ]

// Register a new account for defined contact and
// keys the client was initialized with
client.register( contact, function( error, registration ) {
  // client.registrationUrl = registration ->
  //   'https://acme-staging.api.letsencrypt.org/acme/reg/246840'
})

// Create a registration update with `agreement` set
// NOTE: The client's `key` will be added to this registration update
// automatically by the client
var registration = {
  resource: ACME.REGISTRATION,
  contact: client.registration.contact.slice(),
  agreement: 'https://letsencrypt.org/documents/LE-SA-v1.0.1-July-27-2015.pdf',
}

// Update your registration with agreement to TOS
client.updateRegistration( registration, function( error, registration ) {
  // client.registration = registration -> {
  //   id: 246840,
  //   key: {
  //     kty: 'RSA',
  //     n: 'oL9U7lsMfBGZiFO_NmvTbPlPaMgMfg9iuxO2IkgKrJbKVtrGvfzNCOMIaO_wAx8AIf3-tegeaEWWV6FyO6haW1zPhKovVAYyXQKof8CKvueooTie46d0JAHirdAGWn2BWCQKQ-GlFqqMx2ou1BHv9MxfGKaT9CjT8cIROl1ptag3kdUH5ZsjhGmdg_TNXeu4wtiYVf0JG9nWfZncX4Dgv6IpSCoQiGf6FIE_q0jaUhpdBdQ6HEL_s6O3L45FFYvGfAuiciuKVZugR3hXCUJ26NmShMKfdu5qUKPQ02-IQAFGncnMNOVPeDhkLMMIaNerGCsjVz1l_TjXOSTW-h1paw',
  //     e: 'AQAB'
  //   },
  //   contact: [ 'mailto:cert-admin@example.com' ],
  //   agreement: 'https://letsencrypt.org/documents/LE-SA-v1.0.1-July-27-2015.pdf',
  //   initialIp: '217.246.162.70',
  //   createdAt: '2016-07-05T22:28:50Z'
  // }
})

Changelog

0.3.0

Features

• lib/client: Add debug http response status code
• lib/client: Impl .updateRegistration()
• lib/client: Add _clientRequest() cleaning up req/res handling
• lib/acme: Add ACME.KEY_CHANGE resource type
• lib/client: Stub new-authz / new-app methods
• lib/acme: Add 'new-app' resource dir entry type
• lib/acme: Add unsupportedIdentifier error code

Fixes

• lib/client: Fix potential ReferenceError in ._clientRequest()

Tests

• test: Fix expected postdata (wrong nonce)
• test: Fix mock URL in reg update test
• test: Add test for updating registration w/ agreement

Docs

• README.md: Add registration update usage
• README: Add description / note

Maintenance

• package.json: Version 0.3.0
• package.json: Update request to 2.74.0
• .npmignore: Add examples