digitalbazaar/bedrock-letsencrypt

Name: bedrock-letsencrypt

Owner: Digital Bazaar, Inc.

Description: A Bedrock module that automates the HTTPS certificate registration, setup, and renewal process.

Created: 2016-12-17 04:16:55.0

Updated: 2016-12-19 04:44:38.0

Pushed: 2017-04-05 02:34:12.0

Homepage:

Size: 24

Language: JavaScript

GitHub Committers

UserMost Recent Commit# Commits

Other Committers

UserEmailMost Recent Commit# Commits

README

bedrock-letsencrypt

A Bedrock module that automates the HTTPS certificate registration, setup, and renewal process. This module adds automatic TLS Certificate setup and updating via the ACME protocol and the Let's Encrypt Certificate Authority.

Quick Examples
install bedrock-letsencrypt bedrock bedrock-server bedrock-express

Create a basic Bedrock application server:

bedrock = require('bedrock');
config = require('bedrock').config;

odules
ire('bedrock-server');
ire('bedrock-express');
ire('bedrock-letsencrypt');

onfig
ig.server.port = 443;
ig.server.httpPort = 80;
ig.server.bindAddr = ['letsencrypt-1.example.com'];
ig.server.domain = 'letsencrypt-1.example.com';
ig.server.host = 'letsencrypt-1.example.com';
ig.server.baseUri = 'https://' + config.server.host;

ig.letsencrypt.domains = ['letsencrypt-1.example.com'];
ig.letsencrypt.email = 'admin@example.com';
ig.letsencrypt.redisOptions = {
: 1,
ssword: 'REDIS_PASSWORD'


etup landing page
ock.events.on('bedrock-express.configure.routes', function(app) {
p.get('/', function(req, res) {
res.send('Hello Bedrock, Let\'s Encrypt!');
;


ock.start();

Run the application above on any host with public access to the Web. You need to ensure that at least ports 80 and 443 are available on the public Internet because the Let's Encrypt servers will attempt to contact your host during the certificate issuance process.

Configuration

For documentation on this module's configuration, see config.js.

You will need to setup a Redis server to store the accounts, keypairs, and certificates. More on Redis configuration options can be found in the Redis configuration options.

How It Works

This module adds automatic TLS Certificate registration, setup, and renewal via the ACME protocol and the Let's Encrypt Certificate Authority. When the application server starts up, the following process occurs:

  1. The server scans the config file for Let's Encrypt auto-registration domains listed in `bedrock.config.letsencrypt.domains`.
  2. A private key is generated and a certificate request is sent to the Let's Encrypt Certificate Authority (LECA).
  3. The LECA challenges the server to publish a nonce that has been digitally signed at a specific URL under /.well-known/acme-challenge/
  4. Once the server publishes the LECA challenge to the appropriate URL, the LECA provides the signed certificate, which the server then uses to encrypt all future HTTPs traffic.

Registration, setup, and renewal occurs automatically. By default, certificates are valid for 90 days and the server will begin attempting to renew the certificate after 80 days. This process is automatic and the certificates are free. Hooray.

Requirements
This work is supported by the National Institutes of Health's National Center for Advancing Translational Sciences, Grant Number U24TR002306. This work is solely the responsibility of the creators and does not necessarily represent the official views of the National Institutes of Health.