Skip to content


Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?


Failed to load latest commit information.
Latest commit message
Commit time
September 21, 2016 15:56
October 5, 2017 18:40
June 13, 2022 13:24
July 22, 2017 11:12
October 5, 2017 18:57

No longer maintained!

js-standard-style Join the chat at

Auto SNI

SSL Certificates using SNI with almost zero configuration for free with!

If you have any questions, throw them up on gitter.



npm install auto-sni


  • Fetch SSL certificates from letsencrypt.
  • Automatically renew certificates.
  • Forward all incoming http requests to https.


var createServer = require("auto-sni");

var server = createServer({
  email: ..., // Emailed when certificates expire.
  agreeTos: true, // Required for letsencrypt.
  debug: true, // Add console messages and uses staging LetsEncrypt server. (Disable in production)
  domains: ["", ["", ""]], // List of accepted domain names. (You can use nested arrays to register bundles with LE).
  dir: "~/letsencrypt/etc", // Directory for storing certificates. Defaults to "~/letsencrypt/etc" if not present.
  ports: {
    http: 80, // Optionally override the default http port.
    https: 443 // // Optionally override the default https port.

// Server is a "https.createServer" instance.
server.once("listening", ()=> {
  console.log("We are ready to go.");

Usage with express.

var createServer = require("auto-sni");
var express      = require("express");
var app          = express();

app.get("/test", ...);

createServer({ email: ..., domains: ..., agreeTos: true }, app);

Usage with koa.

var createServer = require("auto-sni");
var koa          = require("koa");
var app          = koa();


createServer({ email: ..., domains: ..., agreeTos: true }, app.callback());

Usage with rill.

var createServer = require("auto-sni");
var rill         = require("rill");
var app          = rill();

app.get("/test", ...);

createServer({ email: ..., domains: ..., agreeTos: true }, app.handler());

Usage with hapi.

// Untested (Let me know in gitter if this doesn't work.)
var createServer = require("auto-sni");
var hapi         = require("hapi");
var server       = new hapi.Server();
var secureServer = createServer({ email: ..., domains: ..., agreeTos: true });

server.connection({ listener: secureServer, autoListen: false, tls: true });

Usage with restify.

// Untested (Let me know in gitter if this doesn't work.)
var createServer = require("auto-sni");
var restify      = require("restify");
var app          = restify.createServer({ name: 'myapp', version: '1.0.0' });

app.get("/test", ...);

createServer({ email: ..., domains: ..., agreeTos: true }, app.server);

Dynamic Domains

You can also specify an async function to approve domains like so:

  domains: (options, cert, cb) => {
    setTimeout(() => cb({ options, cert }), 1000)

Root Access

AutoSNI requires access to low level ports 80 (http) and 443 (https) to operate by default. These ports are typically restricted by the operating system.

In production (on linux servers) you can use the following command to give Node access to these ports.

sudo setcap cap_net_bind_service=+ep `readlink -f \`which node\``

For development it's best to set the "ports" option manually to something like:

  ports: {
    http: 3001,
    https: 3002

// Access server on localhost:3002

Rate Limits

Currently LetsEncrypt imposes some rate limits on certificate creation. Click here for the current rate limits.


Please use npm test for tests and feel free to create a PR!


πŸ” Free, automated HTTPS for NodeJS made easy.






No packages published