README
letsencrypt-python (for node.js)
node.js wrapper for the official letsencrypt python client.
Are you sure?
This is a wrapper around the letsencrypt python client.
You probably want one of these:
- node-letsencrypt for node.js APIs
- letsencrypt-cli for Windows, Mac, and Linux
- letsencrypt-express for expressjs
- acme for node.js APIs
Installation
First install the Python client
# install the python client (takes 2 minutes normally, 20 on a rasberry pi)
git clone https://github.com/letsencrypt/letsencrypt
pushd letsencrypt
./letsencrypt-auto
Note the location of the client
echo "$HOME/.local/share/letsencrypt/bin/letsencrypt"
Install the node.js modules
# install the node module
npm install --save letsencrypt-python
Usage
var leBinPath = '/home/user/.local/share/letsencrypt/bin/letsencrypt';
var lep = require('letsencrypt-python').create(leBinPath);
lep.register('certonly', {
standalone: true
, domains: ['example.com']
, agreeTos: true
, email: 'user@example.com'
, configDir: '/etc/letsencrypt'
, logsDir: '/var/log/letsencrypt'
, workDir: '/var/lib/letsencrypt'
, text: true
});
lep.register('certonly', {
webroot: true
, webrootPath: '/srv/www/example.com'
, domains: ['example.com']
, agreeTos: true
, email: 'user@example.com'
, configDir: '/etc/letsencrypt'
, logsDir: '/var/log/letsencrypt'
, workDir: '/var/lib/letsencrypt'
, text: true
});
Note: the python client allows multiple
--webroot-path in connection with --domains, but we don't.
If you'd like the letsencrypt client to be able to run in standalone mode as non-root you'll need to allow it to use ports 443 and 80:
sudo setcap cap_net_bind_service=+ep ~/.local/share/letsencrypt/bin/letsencrypt
Full Api
Instance Methods
lep.register(cmd, args, cb) // { email: '', agreeTos: true, domains: ['example.com'], ... }
// aliases for register(cmd, args, cb)
lep.run(args, cb);
lep.certonly(args, cb);
lep.install(args, cb);
lep.revoke(args, cb);
lep.rollback(args, cb);
lep.configChanges(args, cb);
lep.plugins(args, cb);
Helper Functions
LEP.create(leBinDir, { debug: true }) // returns an "instance"
LEP.liveServer // "https://acme-v01.api.letsencrypt.org/directory"
LEP.stagingServer // "https://acme-staging.api.letsencrypt.org/directory"
LEP.subcommands // array of commands
LEP.keys // the result of LEP.opts() retrieved from cached-opts.json
LEP.parseOptions(text) // parse output of client to options
LEP.objToArr(keys, args) // creates an array of arguments and values
// but ignores (accidental) unsupported args
// { str: 'baz', t: true, f: false, arr: ['foo', 'bar'] }
// => --str baz --t --arr 1,2
LEP.opts(lebinpath, cb, opts) // array of all arguments (see appendix)
LEP.exec(lebinpath, cliargs, cb, opts) // runs letsencrypt with command line arguments
LEP.register(lebinpath, keys, args, cb, opts) // a friendly wrapper around exec (runs objToArr)
Note that currently the only use of opts is { debug: true }
which prints the letsencrypt command before it runs
LICENSE
Dual-licensed MIT and Apache-2.0
See LICENSE
Appendix
All arguments are "supported" (though many of them don't make sense to try).
--some-arg becomes someArg
var LEP = require('letsencrypt-python');
LEP.opts(leBinPath, function (err, parsedOutput) {
console.log(JSON.stringify(parsedOutput, null, ' '));
});
These are all of the arguments at the time this module was published:
help
config
verbose
text
registerUnsafelyWithoutEmail
email
domains
domain
duplicate
userAgent
version
renewByDefault
agreeTos
account
debug
noVerifySsl
tlsSni01Port
http01Port
rsaKeySize
redirect
noRedirect
hsts
noHsts
uir
noUir
strictPermissions
csr
checkpoints
init
prepare
authenticators
installers
certPath
keyPath
fullchainPath
chainPath
configDir
workDir
logsDir
server
authenticator
installer
configurator
apache
nginx
standalone
manual
webroot
apacheCtl
apacheEnmod
apacheDismod
apacheLeVhostExt
apacheServerRoot
webrootPath
manualTestMode
manualPublicIpLoggingOk
standaloneSupportedChallenges
And, yes, the two weird ones will properly convert back to also work.
--tls-sni-01-port
--http-01-port