#!/usr/bin/env node
// Native
const path = require('path')
// Packages
const chalk = require('chalk')
const table = require('text-table')
const minimist = require('minimist')
const fs = require('fs-promise')
const ms = require('ms')
// Ours
const strlen = require('../lib/strlen')
const cfg = require('../lib/cfg')
const {handleError, error} = require('../lib/error')
const NowCerts = require('../lib/certs')
const login = require('../lib/login')
const argv = minimist(process.argv.slice(2), {
string: ['config', 'token', 'crt', 'key', 'ca'],
boolean: ['help', 'debug'],
alias: {
help: 'h',
config: 'c',
debug: 'd',
token: 't'
const subcommand = argv._[0]
// options
const help = () => {
${chalk.bold('𝚫 now certs')} <ls | create | renew | replace | rm> <cn>
This command is intended for advanced use only, normally ${chalk.bold('now')} manages your certificates automatically.
-h, --help Output usage information
-c ${chalk.bold.underline('FILE')}, --config=${chalk.bold.underline('FILE')} Config file
-d, --debug Debug mode [off]
-t ${chalk.bold.underline('TOKEN')}, --token=${chalk.bold.underline('TOKEN')} Login token
--crt ${chalk.bold.underline('FILE')} Certificate file
--key ${chalk.bold.underline('FILE')} Certificate key file
--ca ${chalk.bold.underline('FILE')} CA certificate chain file
${chalk.gray('–')} Listing all your certificates:
${chalk.cyan('$ now certs ls')}
${chalk.gray('–')} Creating a new certificate:
${chalk.cyan('$ now certs create domain.com')}
${chalk.gray('–')} Renewing an existing certificate issued with ${chalk.bold('now')}:
${chalk.cyan('$ now certs renew domain.com')}
${chalk.gray('–')} Replacing an existing certificate with a user-supplied certificate:
${chalk.cyan('$ now certs replace --crt domain.crt --key domain.key --ca ca_chain.crt domain.com')}
// options
const debug = argv.debug
const apiUrl = argv.url || 'https://api.zeit.co'
if (argv.config) {
const exit = code => {
// we give stdout some time to flush out
// because there's a node bug where
// stdout writes are asynchronous
// https://github.com/nodejs/node/issues/6456
setTimeout(() => process.exit(code || 0), 100)
if (argv.help || !subcommand) {
} else {
const config = cfg.read()
Promise.resolve(argv.token || config.token || login(apiUrl))
.then(async token => {
try {
await run(token)
} catch (err) {
.catch(e => {
error(`Authentication error – ${e.message}`)
function formatExpirationDate(date) {
const diff = date - Date.now()
return diff < 0 ? chalk.gray(ms(-diff) + ' ago') : chalk.gray('in ' + ms(diff))
async function run(token) {
const certs = new NowCerts(apiUrl, token, {debug})
const args = argv._.slice(1)
const start = Date.now()
if (subcommand === 'ls' || subcommand === 'list') {
if (args.length !== 0) {
error(`Invalid number of arguments. Usage: ${chalk.cyan('`now certs ls`')}`)
return exit(1)
const list = await certs.ls()
const elapsed = ms(new Date() - start)
console.log(`> ${list.length} certificate${list.length === 1 ? '' : 's'} found ${chalk.gray(`[${elapsed}]`)}`)
if (list.length > 0) {
const cur = Date.now()
list.sort((a, b) => {
return a.cn.localeCompare(b.cn)
const header = [['', 'id', 'cn', 'created', 'expiration', 'auto-renew'].map(s => chalk.dim(s))]
const out = table(header.concat(list.map(cert => {
const cn = chalk.bold(cert.cn)
const time = chalk.gray(ms(cur - new Date(cert.created)) + ' ago')
const expiration = formatExpirationDate(new Date(cert.expiration))
return [
cert.uid ? cert.uid : 'unknown',
cert.autoRenew ? 'yes' : 'no'
})), {align: ['l', 'r', 'l', 'l', 'l'], hsep: ' '.repeat(2), stringLength: strlen})
if (out) {
console.log('\n' + out + '\n')
} else if (subcommand === 'create') {
if (args.length !== 1) {
error(`Invalid number of arguments. Usage: ${chalk.cyan('`now certs create <cn>`')}`)
return exit(1)
const cn = args[0]
let cert
if (argv.crt || argv.key || argv.ca) { // Issue a custom certificate
if (!argv.crt || !argv.key) {
error(`Missing required arguments for a custom certificate entry. Usage: ${chalk.cyan('`now certs create --crt DOMAIN.CRT --key DOMAIN.KEY [--ca CA.CRT] <id | cn>`')}`)
return exit(1)
const crt = readX509File(argv.crt)
const key = readX509File(argv.key)
const ca = argv.ca ? readX509File(argv.ca) : ''
cert = await certs.put(cn, crt, key, ca)
} else { // Issue a standard certificate
cert = await certs.create(cn)
if (!cert) {
// Cert is undefined and "Cert is already issued" has been printed to stdout
return exit(1)
const elapsed = ms(new Date() - start)
console.log(`${chalk.cyan('> Success!')} Certificate entry ${chalk.bold(cn)} ${chalk.gray(`(${cert.uid})`)} created ${chalk.gray(`[${elapsed}]`)}`)
} else if (subcommand === 'renew') {
if (args.length !== 1) {
error(`Invalid number of arguments. Usage: ${chalk.cyan('`now certs renew <id | cn>`')}`)
return exit(1)
const cert = await getCertIdCn(certs, args[0])
if (!cert) {
return exit(1)
const yes = await readConfirmation(cert, 'The following certificate will be renewed\n')
if (!yes) {
error('User abort')
return exit(0)
await certs.renew(cert.cn)
const elapsed = ms(new Date() - start)
console.log(`${chalk.cyan('> Success!')} Certificate ${chalk.bold(cert.cn)} ${chalk.gray(`(${cert.uid})`)} renewed ${chalk.gray(`[${elapsed}]`)}`)
} else if (subcommand === 'replace') {
if (!argv.crt || !argv.key) {
error(`Invalid number of arguments. Usage: ${chalk.cyan('`now certs replace --crt DOMAIN.CRT --key DOMAIN.KEY [--ca CA.CRT] <id | cn>`')}`)
return exit(1)
const crt = readX509File(argv.crt)
const key = readX509File(argv.key)
const ca = argv.ca ? readX509File(argv.ca) : ''
const cert = await getCertIdCn(certs, args[0])
if (!cert) {
return exit(1)
const yes = await readConfirmation(cert, 'The following certificate will be replaced permanently\n')
if (!yes) {
error('User abort')
return exit(0)
await certs.put(cert.cn, crt, key, ca)
const elapsed = ms(new Date() - start)
console.log(`${chalk.cyan('> Success!')} Certificate ${chalk.bold(cert.cn)} ${chalk.gray(`(${cert.uid})`)} replaced ${chalk.gray(`[${elapsed}]`)}`)
} else if (subcommand === 'rm' || subcommand === 'remove') {
if (args.length !== 1) {
error(`Invalid number of arguments. Usage: ${chalk.cyan('`now certs rm <id | cn>`')}`)
return exit(1)
const cert = await getCertIdCn(certs, args[0])
if (!cert) {
return exit(1)
const yes = await readConfirmation(cert, 'The following certificate will be removed permanently\n')
if (!yes) {
error('User abort')
return exit(0)
await certs.delete(cert.cn)
const elapsed = ms(new Date() - start)
console.log(`${chalk.cyan('> Success!')} Certificate ${chalk.bold(cert.cn)} ${chalk.gray(`(${cert.uid})`)} removed ${chalk.gray(`[${elapsed}]`)}`)
} else {
error('Please specify a valid subcommand: ls | create | renew | replace | rm')
return certs.close()
process.on('uncaughtException', err => {
function readConfirmation(cert, msg) {
return new Promise(resolve => {
const time = chalk.gray(ms(new Date() - new Date(cert.created)) + ' ago')
const tbl = table(
[[cert.uid, chalk.bold(cert.cn), time]],
{align: ['l', 'r', 'l'], hsep: ' '.repeat(6)}
process.stdout.write(`> ${msg}`)
process.stdout.write(' ' + tbl + '\n')
process.stdout.write(`${chalk.bold.red('> Are you sure?')} ${chalk.gray('[y/N] ')}`)
process.stdin.on('data', d => {
resolve(d.toString().trim().toLowerCase() === 'y')
function readX509File(file) {
return fs.readFileSync(path.resolve(file), 'utf8')
async function getCertIdCn(certs, idOrCn) {
const list = await certs.ls()
const thecert = list.filter(cert => {
return cert.uid === idOrCn || cert.cn === idOrCn
if (!thecert) {
error(`No certificate found by id or cn "${idOrCn}"`)
return null
return thecert