Neutrinos Peludos Magnéticos

    acme-express

    0.2.4 • Public • Published

    acme-express

    Automatic Certificate Management Environment (ACME) protocol client for acquiring free SSL certificates.

    Letsencrypt.org is a gratis, open source community sponsored service that implements the ACME protocol. This script will allow you to create a signed SSL certificate, suitable to secure your server with HTTPS, using letsencrypt.org or any other certificate authority that supports the ACME protocol.

    Installation

      npm install -g acme-express

    CLI

      Usage: acme-express --account account.pem --csr csr.der --domain ${DOMAIN} --ca letsencrypt-beta
    
      Options:
    
        -h, --help                                           output usage information
        --account <account.pem>                              Account private key PEM file
        --csr <csr.der>                                      Certificate Signing Request file in DER encoding
        --dom <domain>                                       The domain for which we are requesting a certificate. e.g. "mydomain.org"
        --ca <URL|"letsencrypt-beta"|"letsencrypt-staging">  Certificate authority URL running ACME protocol. Default "letsencrypt-staging"
        --agreement <URL|"letsencrypt-1.0.1">                The certificate agreement URL. Default "letsencrypt-1.0.1"
        --log <debug|info|warn|error>                        Set the log level (logs always use STDERR). Default "info"
        --cross-signed                                       Print letsencrypt.org's cross-signed x1 cert to STDOUT
    

    How to Use

    1. Register a domain and point your DNS at your server.
    2. From that server, use this script to verify that you control the domain and acquire a signed certficate.

    Sign a Cert

      # Set your domain 
      DOMAIN=mydomain.org
     
      # Create domain key and DER encoded Certificate Signing request 
      openssl genrsa 4096 > domain.pem
      openssl req -new -sha256 -key domain.pem -subj "/CN=${DOMAIN}" -outform DER > csr.der
     
      # Create account key and get letsencrypt.org to sign your cert 
      openssl genrsa 4096 > account.pem
      sudo acme-express --account account.pem --csr csr.der --dom "${DOMAIN}" --ca letsencrypt-beta > ${DOMAIN}.pem
     
      # (Optional) Examine your new certificate 
      openssl x509 -in ${DOMAIN}.pem -text

    Why Sudo?

    To verify ownership of the domain, we use the simple HTTP challenge/response method. This script will briefly host a Node.js HTTP server on port 80 (which requires admin access). The challenge token is served at the well-defined challenge/response URL so that the certificate authority can request it.

    See the "challengeResponse" method in src/acme-protocol.coffee

    Create an HTTPS Server

    Here is an example Node.js express server using a certificate produced by this script:

      let fs      = require('fs');
      let http    = require('http');
      let https   = require('https');
      let express = require('express');
      let app     = express();
      let domain  = 'mydomain.org';
     
      // Load the HTTPS credentials
      let credentials = {
        key  : fs.readFileSync('domain.pem'),
        cert : fs.readFileSync(domain + '.pem'),
     
        // If you want to get an 'A' on your ssllabs report card, you need to
        // include the cross-signed cert from letsencrypt.org. Download it
        // directly from letsencrypt.org at the following URL:
        //   https://letsencrypt.org/certs/lets-encrypt-x1-cross-signed.pem
        ca   : [fs.readFileSync('lets-encrypt-x1-cross-signed.pem')]
      }
     
      // Create an HTTPS server with your express app
      https.createServer(credentials, app).listen(443, function() {
        console.log('Listening on HTTPS');
      });
     
      // (Optional) Create a simple server to redirect all HTTP traffic to HTTPS
      http.createServer(function (req, res) {
        let code = (req.method === 'POST') ? 307 : 302;
        res.writeHead(code, {'Location' : 'https://' + domain + req.url});
        res.end();
      }).listen(80, function() {
        console.log('Redirecting HTTP to HTTPS');
      });

    Install

    npm i acme-express

    DownloadsWeekly Downloads

    0

    Version

    0.2.4

    License

    Apache-2.0

    Last publish

    Collaborators

    • themadcreator