Skip to content

ACME - v23.0.1
Compare
Choose a tag to compare
@FirstTimeEZ FirstTimeEZ released this 16 Dec 15:37
· 5 commits to main since this release
v23.0.1
a0b54bf
This commit was signed with the committer’s verified signature.
FirstTimeEZ
SSH Key Fingerprint: OCJ4hbDPqF73ANW2PBlyjgyxBq9oHxoSP/VR48SNdCc Learn about vigilant mode.

A module for interacting with ACME servers for automated SSL/TLS certificate issuance and management.

Release Notes

  • add getNextNonce export
  • rename newDirectoryAsync to newDirectory (its still async)
  • rename newNonceAsync to newNonce (its still async)
  • changes to how errors/exceptions are returned
  • errors have error.type of bac:failed:methodName
  • exceptions have error.type of bac:exception:methodName
  • inside error.details is the message/exception
  • errors and exceptions from bac have an error.status of 777777 or similar

Exports

import * as bac from 'base-acme-client'; // ES6

newDirectory

Fetches the directory information from an ACME server.

newNonce

Retrieves a new nonce from the ACME server.

createJsonWebKey

Creates a JSON Web Key (JWK) from a public key.

createAccount

Creates a new account on the ACME server.

createOrder

Creates a new order for certificate issuance on the ACME server.

finalizeOrder

Finalizes a certificate order by submitting a Certificate Signing Request (CSR).

postAsGet

Performs a POST-as-GET request to retrieve order or authorization status.

postAsGetChal

Performs a POST-as-GET request for challenges

signPayloadJson

Signs a JSON payload for ACME server requests.

signPayload

Signs a payload for ACME server requests.

formatPublicKey

Formats a PEM-encoded public key to a key object.

formatPrivateKey

Formats a PEM-encoded private key to a key object.

base64urlEncode

Encodes input to a base64url-encoded string.

hexToBytes

Converts a hexadecimal string to a Uint8Array of bytes.

getNextNonce

Retrieves the next nonce for ACME protocol requests.

fetchRequest

Sends a signed request to the ACME server.

fetchSuggestedWindow

Fetches the suggested renewal window information for a certificate from the specified URL.

fetchAndRetryUntilOk

Fetch a resource with multiple retry attempts and progressive backoff.

fetchAndRetryProtectedUntilOk

Fetch a protected resource with multiple retry attempts and progressive backoff.

Errors/Exceptions

Errors and Exceptions will be returned in an object

// Exceptions
{
  answer: {
    error: {
      type: 'bac:exception:methodName',
      detail: Error: SyntaxError: Unexpected end of input
          at file:///base-acme-client.js:666:11
          at ModuleJob.run (node:internal/modules/esm/module_job:271:25)
          at async onImport.tracePromise.__proto__ (node:internal/modules/esm/loader:547:26)
          at async asyncRunEntryPointWithESMLoader (node:internal/modules/run_main:116:5),
      status: 777777
    }
  }
}

// Error from the Base ACME Client
{
  answer: {
    error: {
      type: 'bac:failed:methodName',
      detail: 'Could not complete methodName after multiple attempts',
      status: 777777
    }
  }
}

// Error from the ACME Server
{
  answer: {
    error: {
      type: 'urn:ietf:params:acme:error:orderNotReady',
      detail: `Order's status ("valid") is not acceptable for finalization`,
      status: 403
    }
  }
}

Full Working Examples

This module is used by Lets Encrypt ACME Client and Server SSL

Assets 2
Loading