Numerous Pancakes Munched


    3.0.7 • Public • Published

    acme-dns-01-cli | a Root project

    An extremely simple reference implementation of an ACME (Let's Encrypt) dns-01 challenge strategy.

    This generic implementation can be adapted to work with any node.js ACME client, although it was built for Greenlock and ACME.js.   TXT   xxxxxxxxxxxxxxxx    TTL 60
    • Prints the ACME challenge DNS Host and DNS Key Authorization Digest to the terminal
      • (waits for you to hit enter before continuing)
    • Let's you know when the challenge as succeeded or failed, and is safe to remove.

    Other ACME Challenge Reference Implementations:


    npm install --save acme-dns-01-cli@3.x

    If you have greenlock@v2.6 or lower, you'll need the old le-challenge-dns@2.x instead.


    var Greenlock = require('greenlock');
    , challenges: { 'http-01': require('acme-http-01-fs')
                  , 'dns-01': require('acme-dns-01-cli').create({ debug: true })
                  , 'tls-alpn-01': require('acme-tls-alpn-01-cli')

    You can also switch between different implementations by overwriting the default with the one that you want in approveDomains():

    function approveDomains(opts) {
      if (!opts.challenges) { opts.challenges = {}; }
      opts.challenges['dns-01'] = acmeDns01Cli;
      opts.challenges['http-01'] = ...
      return Promise.resolve({ ... });

    NOTE: If you request a certificate with 6 domains listed, it will require 6 individual challenges.

    Exposed (Promise) Methods

    For ACME Challenge:

    • set(opts)
    • remove(opts)

    The dns-01 strategy supports wildcards (whereas http-01 does not).

    The options object has whatever options were set in approveDomains() as well as the challenge, which looks like this:

    { challenge: {
        identifier: { type: 'dns', value: ''
      , wildcard: true
      , altname: '*'
      , type: 'dns-01'
      , token: 'xxxxxx'
      , keyAuthorization: 'xxxxxx.abc123'
      , dnsHost: ''
      , dnsAuthorization: 'xyz567'
      , expires: '1970-01-01T00:00:00Z'

    For greenlock.js internals:

    • options stores the internal defaults merged with the user-supplied options


    • get(limitedOpts)

    Note: Typically there wouldn't be a get() for DNS because the NameServer (not Greenlock) answers the requests. It could be used for testing implementations, but that's about it. (though I suppose you could implement it if you happen to run your DNS and webserver together... kinda weird though)

    If there were an implementation of Greenlock integrated directly into a NameServer (which currently there is not), it would probably look like this:

    { challenge: {
        type: 'dns-01'
      , identifier: { type: 'dns', value: '' }
      , token: 'abc123'
      , dnsHost: ''

    Legal & Rules of the Road

    Greenlock™ and Bluecrypt™ are trademarks of AJ ONeal

    The rule of thumb is "attribute, but don't confuse". For example:

    Built with Greenlock (a Root project).

    Please contact us if you have any questions in regards to our trademark, attribution, and/or visible source policies. We want to build great software and a great community.

    Greenlock™ | MPL-2.0 | Terms of Use | Privacy Policy


    npm i acme-dns-01-cli

    DownloadsWeekly Downloads






    Unpacked Size

    26.4 kB

    Total Files


    Last publish


    • coolaj86