stackoom
  简体   繁体   中英

How to setup wildcard domain ssl with letsencrypt greenlock?

 原文  2018-09-26 19:00:57       node.js/ lets-encrypt/ greenlock

Question

I am pretty much new to setting up ssl server i am just exploring a package called greelock

https://www.npmjs.com/package/greenlock

trust me i am using real domain for this setting up ssl.

after installed all packages i run this code. 

'use strict';

require('greenlock-express').create({

  // Let's Encrypt v2 is ACME draft 11
  version: 'draft-11'

  // Note: If at first you don't succeed, switch to staging to debug
  // https://acme-staging-v02.api.letsencrypt.org/directory
        // https://acme-v02.api.letsencrypt.org/directory
, server: 'https://acme-staging-v02.api.letsencrypt.org/directory'

  // Where the certs will be saved, MUST have write access
, configDir: '~/.config/acme/'

  // You MUST change this to a valid email address
, email: 'somename@gmail.com'

  // You MUST change these to valid domains
  // NOTE: all domains will validated and listed on the certificate
, approveDomains: [ 'awesomedomain.com','*.awesomedomain.com' ]

  // You MUST NOT build clients that accept the ToS without asking the user
, agreeTos: true

, app: require('express')().use('/', function (req, res) {
    res.setHeader('Content-Type', 'text/html; charset=utf-8')
    res.end('Hello, World!\n\n💚  🔒 .js');
  })

  // Join the community to get notified of important updates
, communityMember: true

  // Contribute telemetry data to the project
, telemetry: true

//, debug: true

}).listen(80, 443);

Above code is working properly for base domain which is awesomedomain.com but when i try to visit some random subdomain i am facing this error 

 [Error] approveDomains rejected tls sni 'david.awesomedomain.com'
    [Error] (see https://git.coolaj86.com/coolaj86/greenlock.js/issues/11)

1 answers

solution1
 1 ACCPTED  2019-04-03 05:53:28

Use Greenlock v2.7+

Before Greenlock v2.7 there were a number of things you had to do manually to get wildcard registration to work.

I wrote a new file storage plugin so that it won't get tripped up with filesystems that don't allow * .

I also made it be a little smarter about using dns-01 as required and http-01 when allowable.

See the example at https://git.coolaj86.com/coolaj86/greenlock-express.js/src/branch/master/examples/wildcard.js

DNS-01 Plugin

You'll still need a dns-01 plugin. Hit me up on issues if you try one of the ones listed in plugin section of the README and it's not working:

https://git.coolaj86.com/coolaj86/greenlock-express.js

Some of them are pretty old and although I've tried to maintain backwards compatibility through much pain, it's possible that something is amiss.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Invalid SNI error for Wildcard Domains with Greenlock-Express How to use greenlock module in node without express How to install SSL for the following setup (React Frontend + Nodejs Backend + Custom Domain Heroku) SSL on KeystoneJS with letsencrypt and apache2 How to setup SSL for DigitalOcean droplet NGINX: Setup SSL Certificate for multiple ports using 1 domain name How can I use a LetsEncrypt SSL cert in my Heroku Node Express app? How renew greenlock-express certificates forcefully at any time? letsencrypt, nginx, aws and nodejs can't setup How to access the OpenShift wildcard SSL certificate and private key
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM