Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/higordiego/letsencrypt-cli
CLI for node-letsencrypt modeled after the official client
https://github.com/higordiego/letsencrypt-cli
Last synced: 5 days ago
JSON representation
CLI for node-letsencrypt modeled after the official client
- Host: GitHub
- URL: https://github.com/higordiego/letsencrypt-cli
- Owner: higordiego
- License: apache-2.0
- Created: 2015-12-27T22:36:23.000Z (almost 9 years ago)
- Default Branch: master
- Last Pushed: 2015-12-20T05:21:43.000Z (about 9 years ago)
- Last Synced: 2023-03-01T08:52:07.602Z (almost 2 years ago)
- Language: JavaScript
- Size: 53.7 KB
- Stars: 0
- Watchers: 2
- Forks: 7
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# letsencrypt-cli (for node.js)
CLI for node-letsencrypt modeled after the official client.
* Free SSL Certificates
* 90-day certificate lifetime
* One-off standalone registration / renewal
* On-the-fly registration / renewal via webroot## Install Node
For **Windows**:
Choose **Stable** from
For Linux and **OS X**:
```
curl -L bit.ly/iojs-min | bash
```# Install LetsEncrypt
```bash
npm install -g letsencrypt-cli
```## Usage
These commands are shown using the **testing server**.
Want to use the **live server**?
1. remove the `--server https://acme-staging.api.letsencrypt.org/directory`
2. or change it to `--server https://acme-v01.api.letsencrypt.org/directory`**Note**: This has really only been tested with single domains so if
multiple domains doesn't work for you, file a bug.### Standalone
You can run standalone mode to get a cert **on the server** you will be
using it for over ports 80 and 443 (or 5001) like so:```bash
letsencrypt certonly \
--agree-tos --email [email protected] \
--standalone \
--domains example.com,www.example.com \
--server https://acme-staging.api.letsencrypt.org/directory \
--config-dir ~/letsencrypt/etc
```Then you can see your certs at `~/letsencrypt/etc/live`.
```
ls ~/letsencrypt/etc/live
```This option is great for testing, but since it requires the use of
the same ports that your webserver needs, it isn't a good choice
for production.### WebRoot (for production)
You can specify the path to where you keep your `index.html` with `webroot`.
For example, if I want to get a domain for `example.com` and my `index.html` is
at `/srv/www/example.com`, then I would use this command:```bash
sudo letsencrypt certonly \
--agree-tos --email [email protected] \
--webroot --webroot-path /srv/www/example.com \
--config-dir /etc/letsencrypt \
--domains example.com,www.example.com \
--server https://acme-staging.api.letsencrypt.org/directory
```Note that we use `sudo` because in this example we are using `/etc/letsencrypt`
as the cert directory rather than `~/letsencrypt/etc`, which we used in the previous example.Then see your brand new shiny certs:
```
ls /etc/letsencrypt/live/
```You can use a cron job to run the script above every 80 days (the certificates expire after 90 days)
so that you always have fresh certificates.## Test with a free domain
```bash
# Install Daplie DNS
npm install -g ddns-cli# see terms of use
ddns --help# agree to terms and get domain
ddns --random --email [email protected] --agree# the default is to use the ip address from which
# you can the command, but you can also assign the
# ip manually
ddns --random --email [email protected] --agree -a '127.0.0.1'
```Example domain:
```
rubber-duck-42.daplie.me
```## Run without Root
If you'd like to allow node.js to use privileged ports `80` and `443`
(and everything under 1024 really) without being run as `root` or `sudo`,
you can use `setcap` to do so. (it may need to be run any time you reinstall node as well)```bash
sudo setcap cap_net_bind_service=+ep /usr/local/bin/node
```By default `node-letsencrypt` assumes your home directory `~/letsencrypt/`, but if
you really want to use `/etc/letsencrypt`, `/var/lib/letsencrypt/`, and `/var/log/letsencrypt`
you could change the permissions on them. **Probably a BAD IDEA**. Probabry a security risk.```
# PROBABLY A BAD IDEA
sudo chown -R $(whoami) /etc/letsencrypt /var/lib/letsencrypt /var/log/letsencrypt
```## Command line Options
```
Usage:
letsencrypt [OPTIONS] [ARGS]Options:
--email EMAIL Email used for registration and recovery contact. (default: null)--domains URL Domain names to apply. For multiple domains you can enter a comma
separated list of domains as a parameter. (default: [])--duplicate BOOLEAN Allow getting a certificate that duplicates an existing one
--agree-tos BOOLEAN Agree to the Let's Encrypt Subscriber Agreement
--debug BOOLEAN show traces and logs
--tls-sni-01-port NUMBER Port number to perform tls-sni-01 challenge.
Boulder in testing mode defaults to 5001. (default: 443 and 5001)--http-01-port [NUMBER] Port used in the SimpleHttp challenge. (Default is 80)
--rsa-key-size [NUMBER] Size (in bits) of the RSA key. (Default is 2048)
--cert-path STRING Path to where new cert.pem is saved
(Default is :conf/live/:hostname/cert.pem)--fullchain-path [STRING] Path to where new fullchain.pem (cert + chain) is saved
(Default is :conf/live/:hostname/fullchain.pem)--chain-path [STRING] Path to where new chain.pem is saved
(Default is :conf/live/:hostname/chain.pem)--domain-key-path STRING Path to privkey.pem to use for domain (default: generate new)
--config-dir STRING Configuration directory. (Default is ~/letsencrypt/etc/)
--server [STRING] ACME Directory Resource URI. (Default is https://acme-v01.api.letsencrypt.org/directory))
--standalone [BOOLEAN] Obtain certs using a "standalone" webserver. (Default is true)
--webroot BOOLEAN Obtain certs by placing files in a webroot directory.
--webroot-path STRING public_html / webroot path.
-h, --help Display help and usage details
```Note: some of the options may not be fully implemented. If you encounter a problem, please report a bug on the issues page.