A Bedrock module that automates the HTTPS certificate registration, setup, and renewal process. This module adds automatic TLS Certificate setup and updating via the ACME protocol and the Let's Encrypt Certificate Authority.
npm install bedrock-letsencrypt bedrock bedrock-server bedrock-express
Create a basic Bedrock application server:
var bedrock = ;var config = config;// modules;;;// configconfigserverport = 443;configserverhttpPort = 80;configserverbindAddr = 'letsencrypt-1.example.com';configserverdomain = 'letsencrypt-1.example.com';configserverhost = 'letsencrypt-1.example.com';configserverbaseUri = 'https://' + configserverhost;configletsencryptdomains = 'letsencrypt-1.example.com';configletsencryptemail = 'firstname.lastname@example.org';configletsencryptredisOptions =db: 1password: 'REDIS_PASSWORD';// setup landing pagebedrockevents;bedrockstart;
Run the application above on any host with public access to the Web. You need to ensure that at least ports 80 and 443 are available on the public Internet because the Let's Encrypt servers will attempt to contact your host during the certificate issuance process.
For documentation on this module's configuration, see config.js.
You will need to setup a Redis server to store the accounts, keypairs, and certificates. More on Redis configuration options can be found in the Redis configuration options.
How It Works
This module adds automatic TLS Certificate registration, setup, and renewal via the ACME protocol and the Let's Encrypt Certificate Authority. When the application server starts up, the following process occurs:
- The server scans the config file for Let's Encrypt auto-registration
domains listed in
- A private key is generated and a certificate request is sent to the Let's Encrypt Certificate Authority (LECA).
- The LECA challenges the server to publish a nonce that has been digitally signed at a specific URL under /.well-known/acme-challenge/
- Once the server publishes the LECA challenge to the appropriate URL, the LECA provides the signed certificate, which the server then uses to encrypt all future HTTPs traffic.
Registration, setup, and renewal occurs automatically. By default, certificates are valid for 90 days and the server will begin attempting to renew the certificate after 80 days. This process is automatic and the certificates are free. Hooray.
- node v4.4+
- npm 3+