Free SSL and Automatic HTTPS for node.js with hapi and other middleware systems via ACME (Let's Encrypt)

Name Last Update
.github Loading commit data...
.gitignore Loading commit data...
LICENSE Loading commit data...
README.md Loading commit data...
example.js Loading commit data...
index.js Loading commit data...
package.json Loading commit data...

About Daplie: We're taking back the Internet!

Down with Google, Apple, and Facebook!

We're re-decentralizing the web and making it read-write again - one home cloud system at a time.

Tired of serving the Empire? Come join the Rebel Alliance:

jobs@daplie.com | Invest in Daplie on Wefunder | Pre-order Cloud, The World's First Home Server for Everyone

greenlock-hapi (letsencrypt-hapi)

Join the chat at https://gitter.im/Daplie/letsencrypt-express

| greenlock (lib) | greenlock-cli | greenlock-express | greenlock-cluster | greenlock-koa | greenlock-hapi |

Free SSL and Automatic HTTPS for node.js with hapi.js and other middleware systems via Let's Encrypt

  • Automatic Registration via SNI (httpsOptions.SNICallback)
    • registrations require an approval callback in production
  • Automatic Renewal (around 80 days)
    • renewals are fully automatic and happen in the background, with no downtime
  • Automatic vhost / virtual hosting

All you have to do is start the webserver and then visit it at it's domain name.


npm install --save greenlock-express@2.x

Pay no attention to the man behind the curtain. (just ignore that the name of the module is greenlock-express)

Part 1: Configure Greenlock

'use strict';

var le = require('greenlock-express').create({
  server: 'staging' // in production use https://acme-v01.api.letsencrypt.org/directory

, configDir: require('os').homedir() + '/letsencrypt/etc'

, approveDomains: function (opts, certs, cb) {
    opts.domains = certs && certs.altnames || opts.domains;
    opts.email = 'john.doe@example.com' // CHANGE ME
    opts.agreeTos = true;

    cb(null, { options: opts, certs: certs });

 , debug: true

WARNING: If you don't do any checks and simply complete approveDomains callback, an attacker will spoof SNI packets with bad hostnames and that will cause you to be rate-limited and/or blocked from the ACME server. Alternatively, You can run registration manually:

npm install -g greenlock-cli

greenlock certonly --standalone \
  --server 'https://acme-v01.api.letsencrypt.org/directory' \
  --config-dir ~/letsencrypt/etc \
  --agree-tos --domains example.com --email user@example.com

# Note: the '--webrootPath' option is also available if you don't want to shut down your webserver to get the cert.

Part 2: Just add Hapi

var hapi = require('hapi');
var https = require('spdy');
var server = new hapi.Server();
var acmeResponder = le.middleware();
var httpsServer = https.createServer(le.httpsOptions).listen(443);

server.connection({ listener: httpsServer, autoListen: false, tls: true });

  method: 'GET'
, path: '/.well-known/acme-challenge'
, handler: function (request, reply) {
    var req = request.raw.req;
    var res = request.raw.res;

    acmeResponder(req, res);

  method: 'GET'
, path: '/'
, handler: function (request, reply) {
    reply("Hello, I'm so Hapi!");

Part 3: Redirect http to https

var http = require('http');
var redirectHttps = require('redirect-https')();

http.createServer(le.middleware(redirectHttps)).listen(80, function () {
  console.log('handle ACME http-01 challenge and redirect to https');