Help with getting started


#1

Hello, please help with getting started.
Cant figure out how to work with greenlock
I have Node v 4.4.5 (can’t upgrade)
NGINX separated config for my.domain.com:
server {
listen 80;
server_name “my.domain.com”;
root /server/my-domain;
index index.html;

    location / {
        return 301 https://my.domain.com;
    }

}
server {
listen 443 ssl;
server_name "my.domain.com";
root /server/my-domain;
index index.html;

ssl on;

ssl_certificate /server/my-domain/cert/cert.crt;
ssl_certificate_key /server/my-domain/cert/pKey.pem;
ssl_dhparam /server/my-domain/cert/dhparam.pem;

add_header Strict-Transport-Security 'max-age=604800';
add_header X-Frame-Options SAMEORIGIN;

error_page  497 https://$host$request_uri;
location / {
    proxy_pass http://127.0.0.10:9119;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header Host $host;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

    proxy_connect_timeout 300;
    proxy_send_timeout    300;
    proxy_read_timeout    300;
    send_timeout          300;

    add_header Pragma no-cache;
    add_header Cache-Control no-cache;
    gzip_types *;
}

}
Cant figure out how to register to get chain,fullchain and other pem , and what to do next?


#2

That button on letsencrypt.org should be the first thing to try :slight_smile:


#3

Oh, thanks, that wasn’t helpful.


#4

The question is how to get those pem’s and other using greenlock library


#5

If that is the case, you’re either withholding crucial information or asking the wrong questions. :slight_smile:


#6

What steps have you tried already, perhaps link to whatever “greenlock” actually is (you can’t expect everybody to know every software in existance), what exact problems you’re running into et cetera.

To get the right answers, you’ll need to ask the right questions :slight_smile:


#7

My bad, sorry. I’ll try to be more concrete. Moment.


#8

//So i need to register to send request to LE, then get challenges.
//What do i do wrong?
var LE = require(‘greenlock’);
var le;

// Storage Backend
var leStore = require('le-store-certbot').create({
  configDir: '~/server/my-domain/cert'         //<---empty folder. can i use this path here?          
, debug: false
});

function leAgree(opts, agreeCb) {
  // opts = { email, domains, tosUrl }
  agreeCb(null, opts.tosUrl);
}


le = LE.create({
  server: LE.stagingServerUrl        // do i need productionServerUrl?
, store: leStore                                        
, challenges: {
    'http-01': leHttpChallenge                           
  }
, challengeType: 'http-01'                                
, agreeToTerms: leAgree                             
, debug: false
});


 le.register({

    domains: ['my.domain.com']                              
  , email: 'user@email.com'                             
  , agreeTos: ''                                   
  , rsaKeySize: 2048                                 
  , challengeType: 'http-01'                               

  }).then(function (results) {

    console.log('success');

  }, function (err) {

    // Note: you must either use le.middleware() with express,
    // manually use le.challenges['http-01'].get(opts, domain, key, val, done) <---how to use it???
    // or have a webserver running and responding
    // to /.well-known/acme-challenge at `webrootPath`
    console.error('[Error]: node-greenlock/examples/standalone');
    console.error(err.stack);

  });

#9

I guess that “greenlock” stuff is quite a specific library. It would take one a lot of time to dig in the whole library to figure out how to use it. I myself currently don’t have the time, sorry.

Aren’t there any “how to” manuals on the web?


#10


couldn’t find any manual…


#11

Hmmm. That page says:

Important: Use node v4.5+ or v6.x, node <= v4.4 has a known bug in the Buffer implementation.

It also says:

This is a low-level library for implementing ACME / LetsEncrypt Clients, CLIs, system tools, and abstracting storage backends (file vs db, etc).

Doesn’t sound like you’re using the best tool for the job. This is a tool for writing a client for Let’s Encrypt. If you need to ask how to use it to write a client, you probably shouldn’t be using that tool. Or, failing that, you should probably ask the developers of that tool.


#12

Out of curiosity: what are you trying to do and why do you need to use Greenlock?


#13

I have several servers (machines). Each has several subdomains. I need to build system that will be automaticaly update certificates (it will be NodeJS process). First it will periodicaly check existing certificates, when their endDate is close, process wil automaticaly rerequest new. Certificates and keys from each subdomain are in separated folder
(…/server/my1.domain.com/cert , …/server/my2.domain.com/cert etc).
So there will be config where
domains:[
{
name:‘my1.domain.com’,
email: ‘my@email.com’,
some_needed_info: ‘xz’,
some_needed_path:’/for/example/to/certificate/file
},
{…}
…,
{…}
]

I found, that Greenlock the only library that works on NodeJS (THE ONLY NODEJS ACME Client Implementations );
And i spent whole day to understand how it works, but couldn’t…


#14

But do you need a LIBRARY (if we’re shouting now, I might as well…) or just a CLIENT?

See https://letsencrypt.org/docs/client-options/ for “NodeJS”. I would say greenlock-cli is the most logical choice.


#15

LIBRARY/CLIENT no matters, i need something that i can use inside NodeJS project. greenlock-cli - is for bash/cmd.exe.


#16

I think people are puzzled by your approach in this case, because almost everyone using Node chooses to use some existing external client application (which may or may not itself be written in Node) to get their certificates. It seems like you’ve decided to write your own, which will be an elaborate, complicated programming project to replicate functionality that might already exist. Could you explain why using an existing client application isn’t appropriate for your situation and why the certificate request needs to happen natively from inside of your Node application?


#17

Thank for answer .The boss want it to be nodejs process (daemon), that will be started in PM2 and periodicaly check and update certificates, if new subdomain or domain appears, the only thing we must do - write information to config and restart daemon.
I dont need to replicate existing functionality. Do you know any (npm??) client module, that has API i can use for requesting?


#18

So, looks like i found one solution, cant say is that right. Will see.


#19

Finally, i got it. Thanks!


#20

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.