Some notes to upgrade the project

[hutch120]

First, thanks @larryboymi for this project, it made the job much easier!

I got this project working using Windows/VSCode. I upgraded all dependencies to the latest package versions as of 21-Nov-2019 and deployed the zip file to AWS Lambda with Node 12.x. After upgrade npm install reports 0 vulnerabilities, having said that, there are a lot of depreciated functions that should to be updated that I didn't get around to.

I made some notes while I was getting this working which are copied below. They essentially describe how I did some basic updates to the code and some tips for config and deployment. I thought this might help others, and maybe could be a starting point to refresh the project. Sry, didn't have time to do a PR.

Upgrading packages

• I used npm-check-updates to update all the dependencies.
• Install npm-check-updates globally then run ncu -u to update packages.json
• Delete packages-lock.json (I usually delete the node_modules directory to be sure)
• Update /util/generateRSAKeyPair.js as follows:

// const promisify = require('es6-promisify')
const { promisify } = require('es6-promisify')

• Update zip.js as follows:

/* zipfile.bulk([
  { expand: true, cwd: './/', src: ['app.js', 'config.js'] },
  { expand: true, cwd: './', src: ['src/**'] },
  { expand: true, cwd: './build', src: ['**'] }
]) */
zipfile.file('app.js')
zipfile.file('config.js')
zipfile.directory('src', 'src')
zipfile.directory('build', false)

Run npm i or npm run dist and you should see 0 vulnerabilities

Clearly still a bit of cleanup required to get this fully updated, some areas might be:

• Update depreciated packages
• Update depreciated functions

Other Tips

• If you use VSCode to build, then run npm run dist in bash shell (not powershell/cmd/etc) to allow the commands in package.json like mv and other bash style commands to work.
• Note that you must have something for s3Folder in config.js (empty is not valid)
• For the IAM role (see AWS.md), took me a little while to figure out where I could get the ARN for the route53 hostedzone by looking at the url when you go into Route53 domain manager.
• BTW.. I never figured out how to test locally, where are you supposed to put your credentials? Anyway, I just uploaded the zip file to AWS lambda.
• On Windows you may need to install Python2.7 (at c:\Python27) Not sure about this, seemed to be needed by some packages pre-upgrade... but then after the upgrade I didn't see it using python, so might not be required any more.

Example config

I rearranged the config a bit, just feels a bit more readable to me. If you modify the default config.js then make sure to update the ACME_DIRECTORY_URLs to the latest.

const USE_PRODUCTION = process.env.USE_PRODUCTION || false // Change this to true for production.

const defaultCertInfo = {
  'somedomain': ['*.somedomain.com']
}

const s3AccountBucket = 'acme-account.somedomain.com' // Create this bucket
const s3CertBucket = 'acme-certs.somedomain.com' // Create this bucket
const s3Folder = 'certs' // Create this folder on both buckets
const acmeAccountFile = 'account' // This is the filename of a file that gets created in s3AccountBucket/s3Folder. It is pretty much a certificate file.
const acmeAccountEmail = 'YOUR_EMAIL_ADDRESS'
const awsRegion = 'ap-southeast-2' // Enter a region.

// Should not need to edit below this line.
const productionDirectoryUrl = process.env.ACME_DIRECTORY_URL || 'https://acme-v02.api.letsencrypt.org' // 'https://acme-v01.api.letsencrypt.org'
const stagingDirectoryUrl = process.env.ACME_DIRECTORY_URL || 'https://acme-staging-v02.api.letsencrypt.org' // 'https://acme-staging.api.letsencrypt.org'

module.exports = {
  's3-account-bucket': process.env.S3_ACCOUNT_BUCKET || s3AccountBucket,
  's3-cert-bucket': process.env.S3_CERT_BUCKET || s3CertBucket,
  's3-folder': process.env.S3_CERT_FOLDER || s3Folder,
  'certificate-info': process.env.S3_CERT_INFO ? JSON.parse(process.env.S3_CERT_INFO) : defaultCertInfo,
  'acme-dns-retry': 30,
  'acme-dns-retry-delay-ms': 2000,
  'acme-account-file': process.env.ACME_ACCOUNT_FILE || acmeAccountFile,
  'acme-account-email': process.env.ACME_ACCOUNT_EMAIL || acmeAccountEmail,
  'acme-account-key-bits': 2048,
  'acme-directory-url': USE_PRODUCTION ? productionDirectoryUrl : stagingDirectoryUrl,
  'region': process.env.AWS_REGION || awsRegion
}

Save raw cert files

I also edited createV2Certificate.js, and added a function to save a bunch of raw certificate files.

Copy in this function and change saveCertificate to saveCerts.

const saveCerts = async (data) => {
  await saveFile(
    config['s3-cert-bucket'],
    config['s3-folder'],
    `${data.key}.json`,
    JSON.stringify({
      key: data.keypair,
      cert: data.cert,
      issuerCert: data.issuerCert
    })
  )
  await saveFile(
    config['s3-cert-bucket'],
    config['s3-folder'],
    `${data.key}.key`,
    data.keypair.privateKeyPem
  )
  await saveFile(
    config['s3-cert-bucket'],
    config['s3-folder'],
    `${data.key}.cer`,
    data.cert
  )
  return {}
}

[larryboymi]

Thanks @hutch120 , I'll look to update everything very soon and respond. Appreciate your efforts