Comments (5)
Hello,
This is, as you've noted, already implemented to a certain degree. If you are using auto-mode you specify a challenge type priority and a challenge is selected for you. If no challenge matches your priority list, any available challenge will be selected.
Let's Encrypt returns all available challenge types when requesting a certificate. Available types depend on the DNS name, for example a wildcard certificate needs to be authorized by a dns-01 challenge. You should enforce the challenge types in your challengeCreateFn()
, for example:
async function challengeCreateFn(authz, challenge, keyAuthorization) {
if (challenge.type === 'http-01') {
// Do http-01 things
}
else if (challenge.type === 'dns-01') {
// Do dns-01 things
}
else {
throw new Error('Unsupported challenge type');
}
}
await client.auto({
challengePriority: ['http-01', 'dns-01'],
challengeCreateFn
});
The unknown challenge type
error you are seeing is caused by tls-alpn-01 not being implemented in acme-client yet, thanks for reporting it! Just pushed a fix 7409efb, will land with v2.2.2 today or tomorrow.
Please let me know if you have any further questions.
from node-acme-client.
Thanks for your reply.
The problem is, that i can only satisfy http-01 requests, since im writing an bot for automatic ssl cert renewal on gitlab instances(currently only gitlab.com). One way would be to filter the challenge type everytime it doesnt match http-01 and request a new one, but this would be extremly inefficient when you have a large list of domains.
Also i currently dont use automode because the bot verifys by itself, if the challenge is available and then calls your functions.
from node-acme-client.
Alright, I think I understand the issue.
When ordering a certificate all available challenges are returned from the API, so you can just select the one that fits your needs.
I'm going to use https://github.com/publishlab/node-acme-client/blob/master/examples/api.js#L76 as an example.
Instead of popping the last challenge off the array (line 76):
const challenge = authz.challenges.pop();
Try selecting the http-01 challenge type:
const challenge = authz.challenges.find(c => c.type === 'http-01');
if (!challenge) {
throw new Error('No http-01 challenge available');
}
Hope this helps!
from node-acme-client.
Thanks that should solve my issue, will test it at the weekend. ^^
Maybe you should include this or a comment in https://github.com/publishlab/node-acme-client/blob/master/examples/api.js#L76 so other people can use this too!
(I logged authz.challenges and saw the different types of challenges, but thought that they were the different challenges for the different domains)
from node-acme-client.
Great, glad I could help!
If anyone should stumble across this issue with a similar question:
/**
* authorizations / client.getAuthorizations(order);
* An array with one item per DNS name in the certificate order.
* All items require at least one satisfied challenge before order can be completed.
*/
const authorizations = await client.getAuthorizations(order);
authorizations.forEach((authz) => {
/**
* challenges / authz.challenges
* An array of all available challenge types for a single DNS name.
* One of these challenges needs to be satisfied.
*/
const challenges = authz.challenges;
});
I'll note it down in the example/documentation as well.
from node-acme-client.
Related Issues (20)
- The value "jwk" is invalid for option "format" HOT 2
- Which certificate is which using auto? HOT 5
- verifyChallenge should ignore bad certificates when following redirects
- axios incompatability - Cannot assign to read only property 'toJSON' of object 'Error'
- Use our own verification method to satisfy the challenge?
- I want one call to finish before I call the other. HOT 2
- Docker causes dns package to resolve TXT as CNAME HOT 5
- some suggestions
- Request certificate for subdomain HOT 1
- await auto() exits prematurely when dns-01 challenge failed for wildcard certificate HOT 1
- Depends on Vulnerable Axios version HOT 1
- [Security] Depends on vulnerable version of jsrsasign HOT 1
- Time between when challengeCreateFn is called and when challengeRemoveFn is called
- Are you looking for an active maintainer
- [Question] What's the purpose of `pendingDomains` in http-01 example?
- commonName deprecated for certificate issuance, use altNames instead HOT 2
- upgrade to 5.3.0 from 5.0.0 breaks CreateCsr() HOT 1
- The SSL Certificate And Key Do Not Match When Adding To GCP Load Balancer HOT 1
- Issue with DNS challenge in auto mode HOT 4
- ZeroSSL 429 Too Many Requests
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from node-acme-client.