1

I am pretty much new to setting up ssl server i am just exploring a package called greelock

https://www.npmjs.com/package/greenlock

trust me i am using real domain for this setting up ssl.

after installed all packages i run this code.

'use strict';

require('greenlock-express').create({

  // Let's Encrypt v2 is ACME draft 11
  version: 'draft-11'

  // Note: If at first you don't succeed, switch to staging to debug
  // https://acme-staging-v02.api.letsencrypt.org/directory
        // https://acme-v02.api.letsencrypt.org/directory
, server: 'https://acme-staging-v02.api.letsencrypt.org/directory'

  // Where the certs will be saved, MUST have write access
, configDir: '~/.config/acme/'

  // You MUST change this to a valid email address
, email: 'somename@gmail.com'

  // You MUST change these to valid domains
  // NOTE: all domains will validated and listed on the certificate
, approveDomains: [ 'awesomedomain.com','*.awesomedomain.com' ]

  // You MUST NOT build clients that accept the ToS without asking the user
, agreeTos: true

, app: require('express')().use('/', function (req, res) {
    res.setHeader('Content-Type', 'text/html; charset=utf-8')
    res.end('Hello, World!\n\n   .js');
  })

  // Join the community to get notified of important updates
, communityMember: true

  // Contribute telemetry data to the project
, telemetry: true

//, debug: true

}).listen(80, 443);

Above code is working properly for base domain which is awesomedomain.com but when i try to visit some random subdomain i am facing this error 

 [Error] approveDomains rejected tls sni 'david.awesomedomain.com'
    [Error] (see https://git.coolaj86.com/coolaj86/greenlock.js/issues/11)
Nane
  • 2,370
  • 6
  • 34
  • 74
  • 1
    Hey, sorry for the inconvenience. In the latest security updates I forgot to match wildcard domains. If you could just use multiple domains for now I’ll try to fix that in the next release. – coolaj86 Sep 27 '18 at 14:02
  • Also, you’ll have to use the dns-01 challenge instead of the default http-01 challenge. Who do you use for DNS? Check the list of plugins at http://git.coolaj86.com/coolaj86/greenlock-express.js – coolaj86 Sep 27 '18 at 14:05
  • @CoolAJ86 I am using cloudflare as my dns and yes i properly configured my wildcard settings in cloudflare – Nane Sep 27 '18 at 15:44
  • Since I only need wildcard domains for my application ill wait for your next release and your package is awesome and simple to use – Nane Sep 27 '18 at 19:00

1 Answers1

2

Use Greenlock v2.7+

Before Greenlock v2.7 there were a number of things you had to do manually to get wildcard registration to work.

I wrote a new file storage plugin so that it won't get tripped up with filesystems that don't allow *.

I also made it be a little smarter about using dns-01 as required and http-01 when allowable.

See the example at https://git.coolaj86.com/coolaj86/greenlock-express.js/src/branch/master/examples/wildcard.js

DNS-01 Plugin

You'll still need a dns-01 plugin. Hit me up on issues if you try one of the ones listed in plugin section of the README and it's not working:

https://git.coolaj86.com/coolaj86/greenlock-express.js

Some of them are pretty old and although I've tried to maintain backwards compatibility through much pain, it's possible that something is amiss.

coolaj86
  • 74,004
  • 20
  • 105
  • 125