le-sni-auto
| Sponsored by ppl
An auto-sni strategy for registering and renewing letsencrypt certificates using SNICallback.
This does a couple of rather simple things:
- caches certificates in memory
- calls
getCertificatesAsync(domain, null)
when a certificate is not in memory - calls
getCertificatesASync(domain, certs)
when a certificate is up for renewal or expired
Install
npm install --save le-sni-auto@2.x
Usage
With node-letsencrypt
'use strict'; var leSni = ; var le =
You can also provide a thunk-style getCertificates(domain, certs, cb)
.
Standalone
'use strict'; var leSni = ; var tlsOptions = SNICallback: leSnisniCallback; https;
You can also provide a thunk-style getCertificates(domain, certs, cb)
.
API
- create(options)
getCertificates(domain, certs, cb)
orgetCertificatesAsync(domain, certs)
renewWithin
(default 7 days, min 3 days)renewBy
(default 2 days, min 12 hours)
sniCallback(domain, cb)
cacheCerts(certs)
uncacheDomain(domain)
.renewWithin
Specifies the maximum amount of time (in ms) before the certificate expires to renew it.
Say the cert expires in 90 days and you would like to renew, at earliest 10 days before it expires.
You would set this to 10 * 24 * 60 * 60 * 1000
.
.renewBy
Specifies the maximum amount of time (in ms) before the certificate expires to renew it.
Say the cert expires in 90 days and you would like to renew, at latest 10 days before it expires.
You would set this to 10 * 24 * 60 * 60 * 1000
.
MUST be less than renewWithin
.
.sniCallback()
This gets passed to https.createServer(tlsOptions, app)
as tlsOptions.SNICallback
.
var leSni = ; var tlsOptions = SNICallback: leSnisniCallback; { res;} https;
.cacheCerts()
Manually load a certificate into the cache.
This is useful in a cluster environment where the master may wish to inform multiple workers of a new or renewed certificate, or to satisfy tls-sni-01 challenges.
leSni.cacheCerts({
, privkey: '<<privkey.pem>>'
, cert: '<<cert.pem + chain.pem>>'
, subject: 'example.com'
, altnames: [ 'example.com', 'www.example.com' ]
, issuedAt: 1470975565000
, expiresAt: 1478751565000
, auto: true
});
.uncacheCerts()
Remove cached certificates from the cache.
This is useful once a tls-sni-01 challenge has been satisfied.
leSni.uncacheCerts({
, subject: 'example.com'
, altnames: [ 'example.com', 'www.example.com' ]
});