server-ssl.js

create production/staging folders in ssl folder
ssl/production for production certificates/keys
ssl/staging for staging certificates/keys
the production certificate doesn't get deleted every time you use `--staging`
combines with the previous commit to make sure the ARI always works
updated the layout diagram

/root
│
├── /error
│   ├── 404.html
│   └── 500.html
│
├── /ssl
│   ├── /openssl
│   ├── /production
│   │   │
│   │   ├── ...
│   │   ├── private-key.pem
│   │   └── certificate.pem
│   │
│   ├── /staging
│   │   │
│   │   ├── ...
│   │   ├── private-key.pem
│   │   └── certificate.pem
│   │
│   └── state.js
│
├── /wwwroot
│   └── index.html <---- Your website goes here
│
├── server-ssl.js            <--- server config
└── start-windows.bat

Author: FirstTimeEZ

.gitignore

@@ -1,4 +1,5 @@
-node.exe
+ssl/staging/
+ssl/production/
 ssl/private-key.pem
 ssl/certificate.pem
 ssl/acmePublicSignKey.raw
@@ -8,3 +9,4 @@ ssl/acmePrivateKey.raw
 ssl/last_update.ez
 ssl/last_certification.ez
 node_modules/
+node.exe

README.md

@@ -115,9 +115,18 @@ This layout keeps the project organized and maintainable, separating error handl
 │
 ├── /ssl
 │   ├── /openssl
+│   ├── /production
+│   │   │
+│   │   ├── ...
+│   │   ├── private-key.pem
+│   │   └── certificate.pem
+│   │
+│   ├── /staging
+│   │   │
+│   │   ├── ...
+│   │   ├── private-key.pem
+│   │   └── certificate.pem
 │   │
-│   ├── private-key.pem
-│   └── certificate.pem
 │   └── state.js
 │
 ├── /wwwroot

ssl/state.js

@@ -120,7 +120,7 @@ export const STATE = {
 
         STATE.expireDate && STATE.timeUntilRenew(STATE.expireDate);
 
-        const SSL = join(__rootDir, STATE.SSL);
+        const SSL = join(__rootDir, STATE.SSL, STATE.optStaging ? "staging" : "production");
         const PK = join(SSL, STATE.optPk);
         const CERT = join(SSL, STATE.optCert);
 

start-windows.bat

@@ -15,6 +15,8 @@ set "KEYS=0"
 set "SKIPNODE=0"
 set "OPEN_SSL="
 set "OPEN_SSL_IN_PATH=0"
+set "STAGING=0"
+set "PATH1=production"
 
 title Starting SSL Web Server
 
@@ -32,6 +34,9 @@ if "%~1"=="--port" (
 ) else if "%~1"=="--skipNodeUpdate" (
     set "SKIPNODE=1"
     shift
+) else if "%~1"=="--staging" (
+    set "STAGING=1"
+    shift
 )
 
 shift
@@ -40,6 +45,15 @@ goto loop
 
 if NOT "%PORT%"=="" ( echo Port: %PORT% )
 
+IF "%STAGING%"=="1" (
+    set "PATH1=staging"
+    echo !PATH1!
+)
+
+if NOT EXIST "%currentPath%/ssl/%PATH1%" (
+    mkdir "%currentPath%/ssl/%PATH1%"
+)
+
 @REM check if openssl is in the ssl folder
 @REM prefers openssl from the ssl folder
 IF "%OPEN_SSL_IN_PATH%"=="0" (
@@ -88,28 +102,28 @@ IF "!OPEN_SSL_IN_PATH!"=="0" (
 
 if "%CERT%"=="" (
     set "CERT=certificate.pem"
-    if NOT EXIST "%currentPath%/ssl/%CERT%" ( set "KEYS=1" )
+    if NOT EXIST "%currentPath%/ssl/%PATH1%/!CERT!" ( set "KEYS=1" )
 )
 
 if "%PK%"=="" (
     set "PK=private-key.pem"
-    if NOT EXIST "%currentPath%/ssl/%PK%" ( set "KEYS=1" )
+    if NOT EXIST "%currentPath%/ssl/%PATH1%/!PK!" ( set "KEYS=1" )
 )
 
 if "%KEYS%"=="1" (
     echo --------
     echo Generating Keys for Local Development
 
     if "!OPEN_SSL_IN_PATH!"=="1" (
-        openssl req -x509 -newkey rsa:2048 -nodes -sha256 -keyout "ssl/%PK%" -out "ssl/%CERT%" -days 365 -subj "/CN=localhost"
+        openssl req -x509 -newkey rsa:2048 -nodes -sha256 -keyout "ssl/%PATH1%/%PK%" -out "ssl/%PATH1%/%CERT%" -days 365 -subj "/CN=localhost"
     )
 
     if "!OPEN_SSL_IN_PATH!"=="2" (
-        %currentPath%/ssl/openssl/bin/openssl.exe req -x509 -newkey rsa:2048 -nodes -sha256 -keyout "ssl/%PK%" -out "ssl/%CERT%" -days 365 -subj "/CN=localhost"
+        %currentPath%/ssl/openssl/bin/openssl.exe req -x509 -newkey rsa:2048 -nodes -sha256 -keyout "ssl/%PATH1%/%PK%" -out "ssl/%PATH1%/%CERT%" -days 365 -subj "/CN=localhost"
     )
 
-    if EXIST "%currentPath%/ssl/%PK%" ( echo Successfully Generated Private Key ) 
-    if EXIST "%currentPath%/ssl/%CERT%" ( echo Successfully Generated Certificate ) else (
+    if EXIST "%currentPath%/ssl/%PATH1%/%PK%" ( echo Successfully Generated Private Key ) 
+    if EXIST "%currentPath%/ssl/%PATH1%/%CERT%" ( echo Successfully Generated Certificate ) else (
         echo Certificate Needed to continue Install OpenSSL and try again
         exit
     )
@@ -139,13 +153,13 @@ setlocal
 @REM Check Certificate end date
 
 if "!OPEN_SSL_IN_PATH!"=="1" (
-    for /f "tokens=2 delims==" %%a in ('openssl x509 -in "%currentPath%/ssl/%CERT%" -enddate -noout') do (
+    for /f "tokens=2 delims==" %%a in ('openssl x509 -in "%currentPath%/ssl/%PATH1%/%CERT%" -enddate -noout') do (
         set "DATE=%%a"
     )
 )
 
 if "!OPEN_SSL_IN_PATH!"=="2" (
-    for /f "tokens=2 delims==" %%a in ('%currentPath%/ssl/openssl/bin/openssl.exe x509 -in "%currentPath%/ssl/%CERT%" -enddate -noout') do (
+    for /f "tokens=2 delims==" %%a in ('%currentPath%/ssl/openssl/bin/openssl.exe x509 -in "%currentPath%/ssl/%PATH1%/%CERT%" -enddate -noout') do (
         set "DATE=%%a"
     )
 )