2023-01-29 15:27:11 +08:00
## Classes
<dl>
<dt><a href="#AcmeClient ">AcmeClient</a></dt>
<dd><p>AcmeClient</p>
</dd>
</dl>
## Objects
<dl>
<dt><a href="#Client ">Client</a> : <code>object</code></dt>
<dd><p>ACME client</p>
</dd>
</dl>
<a name="AcmeClient"></a>
## AcmeClient
AcmeClient
**Kind**: global class
* [AcmeClient ](#AcmeClient )
* [new AcmeClient(opts) ](#new_AcmeClient_new )
* [.getTermsOfServiceUrl() ](#AcmeClient+getTermsOfServiceUrl ) ⇒ <code>Promise.<(string\|null)></code>
* [.getAccountUrl() ](#AcmeClient+getAccountUrl ) ⇒ <code>string</code>
* [.createAccount([data])](#AcmeClient +createAccount) ⇒ <code>Promise.<object></code>
* [.updateAccount([data])](#AcmeClient +updateAccount) ⇒ <code>Promise.<object></code>
* [.updateAccountKey(newAccountKey, [data])](#AcmeClient +updateAccountKey) ⇒ <code>Promise.<object></code>
* [.createOrder(data) ](#AcmeClient+createOrder ) ⇒ <code>Promise.<object></code>
* [.getOrder(order) ](#AcmeClient+getOrder ) ⇒ <code>Promise.<object></code>
* [.finalizeOrder(order, csr) ](#AcmeClient+finalizeOrder ) ⇒ <code>Promise.<object></code>
* [.getAuthorizations(order) ](#AcmeClient+getAuthorizations ) ⇒ <code>Promise.<Array.<object>></code>
* [.deactivateAuthorization(authz) ](#AcmeClient+deactivateAuthorization ) ⇒ <code>Promise.<object></code>
* [.getChallengeKeyAuthorization(challenge) ](#AcmeClient+getChallengeKeyAuthorization ) ⇒ <code>Promise.<string></code>
* [.verifyChallenge(authz, challenge) ](#AcmeClient+verifyChallenge ) ⇒ <code>Promise</code>
* [.completeChallenge(challenge) ](#AcmeClient+completeChallenge ) ⇒ <code>Promise.<object></code>
* [.waitForValidStatus(item) ](#AcmeClient+waitForValidStatus ) ⇒ <code>Promise.<object></code>
* [.getCertificate(order, [preferredChain])](#AcmeClient +getCertificate) ⇒ <code>Promise.<string></code>
* [.revokeCertificate(cert, [data])](#AcmeClient +revokeCertificate) ⇒ <code>Promise</code>
* [.auto(opts) ](#AcmeClient+auto ) ⇒ <code>Promise.<string></code>
<a name="new_AcmeClient_new"></a>
### new AcmeClient(opts)
| Param | Type | Description |
| --- | --- | --- |
| opts | <code>object</code> | |
| opts.directoryUrl | <code>string</code> | ACME directory URL |
| opts.accountKey | <code>buffer</code> \| <code>string</code> | PEM encoded account private key |
| [opts.accountUrl] | <code>string</code> | Account URL, default: `null` |
| [opts.externalAccountBinding] | <code>object</code> | |
| [opts.externalAccountBinding.kid] | <code>string</code> | External account binding KID |
| [opts.externalAccountBinding.hmacKey] | <code>string</code> | External account binding HMAC key |
| [opts.backoffAttempts] | <code>number</code> | Maximum number of backoff attempts, default: `10` |
| [opts.backoffMin] | <code>number</code> | Minimum backoff attempt delay in milliseconds, default: `5000` |
| [opts.backoffMax] | <code>number</code> | Maximum backoff attempt delay in milliseconds, default: `30000` |
**Example**
Create ACME client instance
```js
const client = new acme.Client({
directoryUrl: acme.directory.letsencrypt.staging,
2024-05-23 19:24:12 +00:00
accountKey: 'Private key goes here',
2023-01-29 15:27:11 +08:00
});
```
**Example**
Create ACME client instance
```js
const client = new acme.Client({
directoryUrl: acme.directory.letsencrypt.staging,
accountKey: 'Private key goes here',
accountUrl: 'Optional account URL goes here',
backoffAttempts: 10,
backoffMin: 5000,
2024-05-23 19:24:12 +00:00
backoffMax: 30000,
2023-01-29 15:27:11 +08:00
});
```
**Example**
Create ACME client with external account binding
```js
const client = new acme.Client({
directoryUrl: 'https://acme-provider.example.com/directory-url',
accountKey: 'Private key goes here',
externalAccountBinding: {
kid: 'YOUR-EAB-KID',
2024-05-23 19:24:12 +00:00
hmacKey: 'YOUR-EAB-HMAC-KEY',
},
2023-01-29 15:27:11 +08:00
});
```
<a name="AcmeClient+getTermsOfServiceUrl"></a>
### acmeClient.getTermsOfServiceUrl() ⇒ <code>Promise.<(string\|null)></code>
Get Terms of Service URL if available
**Kind**: instance method of [<code>AcmeClient</code> ](#AcmeClient )
**Returns**: <code>Promise.<(string\|null)></code> - ToS URL
**Example**
Get Terms of Service URL
```js
const termsOfService = client.getTermsOfServiceUrl();
if (!termsOfService) {
// CA did not provide Terms of Service
}
```
<a name="AcmeClient+getAccountUrl"></a>
### acmeClient.getAccountUrl() ⇒ <code>string</code>
Get current account URL
**Kind**: instance method of [<code>AcmeClient</code> ](#AcmeClient )
**Returns**: <code>string</code> - Account URL
**Throws**:
- <code>Error</code> No account URL found
**Example**
Get current account URL
```js
try {
const accountUrl = client.getAccountUrl();
}
catch (e) {
// No account URL exists, need to create account first
}
```
<a name="AcmeClient+createAccount"></a>
### acmeClient.createAccount([data]) ⇒ <code>Promise.<object></code>
Create a new account
2024-02-05 19:24:09 +00:00
https://datatracker.ietf.org/doc/html/rfc8555#section -7.3
2023-01-29 15:27:11 +08:00
**Kind**: instance method of [<code>AcmeClient</code> ](#AcmeClient )
**Returns**: <code>Promise.<object></code> - Account
| Param | Type | Description |
| --- | --- | --- |
| [data] | <code>object</code> | Request data |
**Example**
Create a new account
```js
const account = await client.createAccount({
2024-05-23 19:24:12 +00:00
termsOfServiceAgreed: true,
2023-01-29 15:27:11 +08:00
});
```
**Example**
Create a new account with contact info
```js
const account = await client.createAccount({
termsOfServiceAgreed: true,
2024-05-23 19:24:12 +00:00
contact: ['mailto:test@example .com'],
2023-01-29 15:27:11 +08:00
});
```
<a name="AcmeClient+updateAccount"></a>
### acmeClient.updateAccount([data]) ⇒ <code>Promise.<object></code>
Update existing account
2024-02-05 19:24:09 +00:00
https://datatracker.ietf.org/doc/html/rfc8555#section -7.3.2
2023-01-29 15:27:11 +08:00
**Kind**: instance method of [<code>AcmeClient</code> ](#AcmeClient )
**Returns**: <code>Promise.<object></code> - Account
| Param | Type | Description |
| --- | --- | --- |
| [data] | <code>object</code> | Request data |
**Example**
Update existing account
```js
const account = await client.updateAccount({
2024-05-23 19:24:12 +00:00
contact: ['mailto:foo@example .com'],
2023-01-29 15:27:11 +08:00
});
```
<a name="AcmeClient+updateAccountKey"></a>
### acmeClient.updateAccountKey(newAccountKey, [data]) ⇒ <code>Promise.<object></code>
Update account private key
2024-02-05 19:24:09 +00:00
https://datatracker.ietf.org/doc/html/rfc8555#section -7.3.5
2023-01-29 15:27:11 +08:00
**Kind**: instance method of [<code>AcmeClient</code> ](#AcmeClient )
**Returns**: <code>Promise.<object></code> - Account
| Param | Type | Description |
| --- | --- | --- |
| newAccountKey | <code>buffer</code> \| <code>string</code> | New PEM encoded private key |
| [data] | <code>object</code> | Additional request data |
**Example**
Update account private key
```js
const newAccountKey = 'New private key goes here';
const result = await client.updateAccountKey(newAccountKey);
```
<a name="AcmeClient+createOrder"></a>
### acmeClient.createOrder(data) ⇒ <code>Promise.<object></code>
Create a new order
2024-02-05 19:24:09 +00:00
https://datatracker.ietf.org/doc/html/rfc8555#section -7.4
2023-01-29 15:27:11 +08:00
**Kind**: instance method of [<code>AcmeClient</code> ](#AcmeClient )
**Returns**: <code>Promise.<object></code> - Order
| Param | Type | Description |
| --- | --- | --- |
| data | <code>object</code> | Request data |
**Example**
Create a new order
```js
const order = await client.createOrder({
identifiers: [
{ type: 'dns', value: 'example.com' },
2024-05-23 19:24:12 +00:00
{ type: 'dns', value: 'test.example.com' },
],
2023-01-29 15:27:11 +08:00
});
```
<a name="AcmeClient+getOrder"></a>
### acmeClient.getOrder(order) ⇒ <code>Promise.<object></code>
Refresh order object from CA
2024-02-05 19:24:09 +00:00
https://datatracker.ietf.org/doc/html/rfc8555#section -7.4
2023-01-29 15:27:11 +08:00
**Kind**: instance method of [<code>AcmeClient</code> ](#AcmeClient )
**Returns**: <code>Promise.<object></code> - Order
| Param | Type | Description |
| --- | --- | --- |
| order | <code>object</code> | Order object |
**Example**
```js
const order = { ... }; // Previously created order object
const result = await client.getOrder(order);
```
<a name="AcmeClient+finalizeOrder"></a>
### acmeClient.finalizeOrder(order, csr) ⇒ <code>Promise.<object></code>
Finalize order
2024-02-05 19:24:09 +00:00
https://datatracker.ietf.org/doc/html/rfc8555#section -7.4
2023-01-29 15:27:11 +08:00
**Kind**: instance method of [<code>AcmeClient</code> ](#AcmeClient )
**Returns**: <code>Promise.<object></code> - Order
| Param | Type | Description |
| --- | --- | --- |
| order | <code>object</code> | Order object |
| csr | <code>buffer</code> \| <code>string</code> | PEM encoded Certificate Signing Request |
**Example**
Finalize order
```js
const order = { ... }; // Previously created order object
const csr = { ... }; // Previously created Certificate Signing Request
const result = await client.finalizeOrder(order, csr);
```
<a name="AcmeClient+getAuthorizations"></a>
### acmeClient.getAuthorizations(order) ⇒ <code>Promise.<Array.<object>></code>
Get identifier authorizations from order
2024-02-05 19:24:09 +00:00
https://datatracker.ietf.org/doc/html/rfc8555#section -7.5
2023-01-29 15:27:11 +08:00
**Kind**: instance method of [<code>AcmeClient</code> ](#AcmeClient )
**Returns**: <code>Promise.<Array.<object>></code> - Authorizations
| Param | Type | Description |
| --- | --- | --- |
| order | <code>object</code> | Order |
**Example**
Get identifier authorizations
```js
const order = { ... }; // Previously created order object
const authorizations = await client.getAuthorizations(order);
authorizations.forEach((authz) => {
const { challenges } = authz;
});
```
<a name="AcmeClient+deactivateAuthorization"></a>
### acmeClient.deactivateAuthorization(authz) ⇒ <code>Promise.<object></code>
Deactivate identifier authorization
2024-02-05 19:24:09 +00:00
https://datatracker.ietf.org/doc/html/rfc8555#section -7.5.2
2023-01-29 15:27:11 +08:00
**Kind**: instance method of [<code>AcmeClient</code> ](#AcmeClient )
**Returns**: <code>Promise.<object></code> - Authorization
| Param | Type | Description |
| --- | --- | --- |
| authz | <code>object</code> | Identifier authorization |
**Example**
Deactivate identifier authorization
```js
const authz = { ... }; // Identifier authorization resolved from previously created order
const result = await client.deactivateAuthorization(authz);
```
<a name="AcmeClient+getChallengeKeyAuthorization"></a>
### acmeClient.getChallengeKeyAuthorization(challenge) ⇒ <code>Promise.<string></code>
Get key authorization for ACME challenge
2024-02-05 19:24:09 +00:00
https://datatracker.ietf.org/doc/html/rfc8555#section -8.1
2023-01-29 15:27:11 +08:00
**Kind**: instance method of [<code>AcmeClient</code> ](#AcmeClient )
**Returns**: <code>Promise.<string></code> - Key authorization
| Param | Type | Description |
| --- | --- | --- |
| challenge | <code>object</code> | Challenge object returned by API |
**Example**
Get challenge key authorization
```js
const challenge = { ... }; // Challenge from previously resolved identifier authorization
const key = await client.getChallengeKeyAuthorization(challenge);
// Write key somewhere to satisfy challenge
```
<a name="AcmeClient+verifyChallenge"></a>
### acmeClient.verifyChallenge(authz, challenge) ⇒ <code>Promise</code>
Verify that ACME challenge is satisfied
**Kind**: instance method of [<code>AcmeClient</code> ](#AcmeClient )
| Param | Type | Description |
| --- | --- | --- |
| authz | <code>object</code> | Identifier authorization |
| challenge | <code>object</code> | Authorization challenge |
**Example**
Verify satisfied ACME challenge
```js
const authz = { ... }; // Identifier authorization
const challenge = { ... }; // Satisfied challenge
await client.verifyChallenge(authz, challenge);
```
<a name="AcmeClient+completeChallenge"></a>
### acmeClient.completeChallenge(challenge) ⇒ <code>Promise.<object></code>
Notify CA that challenge has been completed
2024-02-05 19:24:09 +00:00
https://datatracker.ietf.org/doc/html/rfc8555#section -7.5.1
2023-01-29 15:27:11 +08:00
**Kind**: instance method of [<code>AcmeClient</code> ](#AcmeClient )
**Returns**: <code>Promise.<object></code> - Challenge
| Param | Type | Description |
| --- | --- | --- |
| challenge | <code>object</code> | Challenge object returned by API |
**Example**
Notify CA that challenge has been completed
```js
const challenge = { ... }; // Satisfied challenge
const result = await client.completeChallenge(challenge);
```
<a name="AcmeClient+waitForValidStatus"></a>
### acmeClient.waitForValidStatus(item) ⇒ <code>Promise.<object></code>
Wait for ACME provider to verify status on a order, authorization or challenge
2024-02-05 19:24:09 +00:00
https://datatracker.ietf.org/doc/html/rfc8555#section -7.5.1
2023-01-29 15:27:11 +08:00
**Kind**: instance method of [<code>AcmeClient</code> ](#AcmeClient )
**Returns**: <code>Promise.<object></code> - Valid order, authorization or challenge
| Param | Type | Description |
| --- | --- | --- |
| item | <code>object</code> | An order, authorization or challenge object |
**Example**
Wait for valid challenge status
```js
const challenge = { ... };
await client.waitForValidStatus(challenge);
```
**Example**
2024-02-05 19:24:09 +00:00
Wait for valid authorization status
2023-01-29 15:27:11 +08:00
```js
const authz = { ... };
await client.waitForValidStatus(authz);
```
**Example**
Wait for valid order status
```js
const order = { ... };
await client.waitForValidStatus(order);
```
<a name="AcmeClient+getCertificate"></a>
### acmeClient.getCertificate(order, [preferredChain]) ⇒ <code>Promise.<string></code>
Get certificate from ACME order
2024-02-05 19:24:09 +00:00
https://datatracker.ietf.org/doc/html/rfc8555#section -7.4.2
2023-01-29 15:27:11 +08:00
**Kind**: instance method of [<code>AcmeClient</code> ](#AcmeClient )
**Returns**: <code>Promise.<string></code> - Certificate
| Param | Type | Default | Description |
| --- | --- | --- | --- |
| order | <code>object</code> | | Order object |
| [preferredChain] | <code>string</code> | <code>null</code> | Indicate which certificate chain is preferred if a CA offers multiple, by exact issuer common name, default: `null` |
**Example**
Get certificate
```js
const order = { ... }; // Previously created order
const certificate = await client.getCertificate(order);
```
**Example**
Get certificate with preferred chain
```js
const order = { ... }; // Previously created order
const certificate = await client.getCertificate(order, 'DST Root CA X3');
```
<a name="AcmeClient+revokeCertificate"></a>
### acmeClient.revokeCertificate(cert, [data]) ⇒ <code>Promise</code>
Revoke certificate
2024-02-05 19:24:09 +00:00
https://datatracker.ietf.org/doc/html/rfc8555#section -7.6
2023-01-29 15:27:11 +08:00
**Kind**: instance method of [<code>AcmeClient</code> ](#AcmeClient )
| Param | Type | Description |
| --- | --- | --- |
| cert | <code>buffer</code> \| <code>string</code> | PEM encoded certificate |
| [data] | <code>object</code> | Additional request data |
**Example**
Revoke certificate
```js
const certificate = { ... }; // Previously created certificate
const result = await client.revokeCertificate(certificate);
```
**Example**
Revoke certificate with reason
```js
const certificate = { ... }; // Previously created certificate
const result = await client.revokeCertificate(certificate, {
2024-05-23 19:24:12 +00:00
reason: 4,
2023-01-29 15:27:11 +08:00
});
```
<a name="AcmeClient+auto"></a>
### acmeClient.auto(opts) ⇒ <code>Promise.<string></code>
Auto mode
**Kind**: instance method of [<code>AcmeClient</code> ](#AcmeClient )
**Returns**: <code>Promise.<string></code> - Certificate
| Param | Type | Description |
| --- | --- | --- |
| opts | <code>object</code> | |
| opts.csr | <code>buffer</code> \| <code>string</code> | Certificate Signing Request |
| opts.challengeCreateFn | <code>function</code> | Function returning Promise triggered before completing ACME challenge |
| opts.challengeRemoveFn | <code>function</code> | Function returning Promise triggered after completing ACME challenge |
| [opts.email] | <code>string</code> | Account email address |
| [opts.termsOfServiceAgreed] | <code>boolean</code> | Agree to Terms of Service, default: `false` |
| [opts.skipChallengeVerification] | <code>boolean</code> | Skip internal challenge verification before notifying ACME provider, default: `false` |
| [opts.challengePriority] | <code>Array.<string></code> | Array defining challenge type priority, default: `['http-01', 'dns-01']` |
| [opts.preferredChain] | <code>string</code> | Indicate which certificate chain is preferred if a CA offers multiple, by exact issuer common name, default: `null` |
**Example**
Order a certificate using auto mode
```js
const [certificateKey, certificateRequest] = await acme.crypto.createCsr({
2024-05-23 19:24:12 +00:00
altNames: ['test.example.com'],
2023-01-29 15:27:11 +08:00
});
const certificate = await client.auto({
csr: certificateRequest,
email: 'test@example .com',
termsOfServiceAgreed: true,
challengeCreateFn: async (authz, challenge, keyAuthorization) => {
// Satisfy challenge here
},
challengeRemoveFn: async (authz, challenge, keyAuthorization) => {
// Clean up challenge here
2024-05-23 19:24:12 +00:00
},
2023-01-29 15:27:11 +08:00
});
```
**Example**
Order a certificate using auto mode with preferred chain
```js
const [certificateKey, certificateRequest] = await acme.crypto.createCsr({
2024-05-23 19:24:12 +00:00
altNames: ['test.example.com'],
2023-01-29 15:27:11 +08:00
});
const certificate = await client.auto({
csr: certificateRequest,
email: 'test@example .com',
termsOfServiceAgreed: true,
preferredChain: 'DST Root CA X3',
challengeCreateFn: async () => {},
2024-05-23 19:24:12 +00:00
challengeRemoveFn: async () => {},
2023-01-29 15:27:11 +08:00
});
```
<a name="Client"></a>
## Client : <code>object</code>
ACME client
**Kind**: global namespace
