@small-tech/auto-encrypt 2.1.0 → 2.3.0

package/README.md

@@ -2,6 +2,8 @@
 
 Adds automatic provisioning and renewal of [Let’s Encrypt](https://letsencrypt.org) TLS certificates with [OCSP Stapling](https://letsencrypt.org/docs/integration-guide/#implement-ocsp-stapling) to [Node.js](https://nodejs.org) [https](https://nodejs.org/dist/latest-v12.x/docs/api/https.html) servers (including [Express.js](https://expressjs.com/), etc.)
 
+__Note:__ this is the CommonJS (CJS) branch of Auto Encrypt. Please see the main branch for the ECMAScript Modules (ESM) version. Security updates are backported to this branch.
+
 ## How it works
 
 The first time your web site is hit, it will take a couple of seconds to load as your Let’s Encrypt TLS certificates are automatically provisioned for you. From there on, your certificates will be seamlessly renewed 30 days before their expiry date.
@@ -11,7 +13,7 @@ When not provisioning certificates, Auto Encrypt will also forward HTTP calls to
 ## Installation
 
 ```sh
-npm i @small-tech/auto-encrypt
+npm i @small-tech/auto-encrypt@cjs
 ```
 
 ## Usage
@@ -21,7 +23,7 @@ npm i @small-tech/auto-encrypt
 1. Import the module:
 
     ```js
-    import AutoEncrypt from '@small-tech/auto-encrypt'
+    const AutoEncrypt = require('@small-tech/auto-encrypt')
     ```
 
 2. Prefix your server creation code with a reference to the Auto Encrypt class:
@@ -45,7 +47,7 @@ The following code creates an HTTPS server running on port 443 with [OCSP Stapli
 
 
 ```js
-import AutoEncrypt from '@small-tech/auto-encrypt'
+const AutoEncrypt = require('@small-tech/auto-encrypt')
 
 const server = AutoEncrypt.https.createServer((request, response) => {
   response.end('Hello, world')
@@ -73,7 +75,7 @@ You can specify the domains you want the certificate to support, whether the Let
 ### Example
 
 ```js
-import AutoEncrypt from '@small-tech/auto-encrypt'
+const AutoEncrypt = require('@small-tech/auto-encrypt')
 
 const options = {
   // Regular HTTPS server and TLS server options, if any, go here.
@@ -111,7 +113,7 @@ If you want to help improve Auto Encrypt or better understand how it is structur
 ### Regular https
 
 ```js
-import AutoEncrypt from '@small-tech/auto-encrypt'
+const AutoEncrypt = require('@small-tech/auto-encrypt')
 
 const server = AutoEncrypt.https.createServer({ domains: ['dev.ar.al'] }, (request, response) => {
     response.end('Hello, world!')
@@ -132,7 +134,7 @@ server.close(() => {
 
 ```js
 const express = require('express')
-import AutoEncrypt from '@small-tech/auto-encrypt'
+const AutoEncrypt = require('@small-tech/auto-encrypt')
 
 const app = express()
 app.get('/', (request, response) => {
@@ -219,7 +221,7 @@ A complete [small technology](https://small-tech.org/about/#small-technology) to
 
 ## Tests and coverage
 
-This project aims for > 80% coverage. At a recent check, coverage was at 97.42% (statements), 92.64% (branch), 91.49% (functions), 97.42% (lines).
+This project aims for > 80% coverage. At a recent check, coverage was at 95.29% (statements), 82.69% (branch), 95.19% (functions), 95.68% (lines).
 
 To see the current state of code coverage, run `npm run coverage`.
 
@@ -266,7 +268,7 @@ We exist in part thanks to patronage by people like you. If you share [our visio
 
 ## Copyright
 
-© 2020-2021 [Aral Balkan](https://ar.al), [Small Technology Foundation](https://small-tech.org).
+© 2020 - present [Aral Balkan](https://ar.al), [Small Technology Foundation](https://small-tech.org).
 
 Let’s Encrypt is a trademark of the Internet Security Research Group (ISRG). All rights reserved. Node.js is a trademark of Joyent, Inc. and is used with its permission. We are not endorsed by or affiliated with Joyent or ISRG.
 

package/index.js

@@ -11,18 +11,19 @@
  * @copyright © 2020 Aral Balkan, Small Technology Foundation.
  * @license AGPLv3 or later.
  */
-import os from 'os'
-import util from 'util'
-import https from 'https'
-import ocsp from 'ocsp'
-import monkeyPatchTls from './lib/staging/monkeyPatchTls.js'
-import LetsEncryptServer from './lib/LetsEncryptServer.js'
-import Configuration from './lib/Configuration.js'
-import Certificate from './lib/Certificate.js'
-import Pluralise from './lib/util/Pluralise.js'
-import Throws from './lib/util/Throws.js'
-import HttpServer from './lib/HttpServer.js'
-import log from './lib/util/log.js'
+
+const os                = require('os')
+const util              = require('util')
+const https             = require('https')
+const ocsp              = require('ocsp')
+const monkeyPatchTls    = require('./lib/staging/monkeyPatchTls')
+const LetsEncryptServer = require('./lib/LetsEncryptServer')
+const Configuration     = require('./lib/Configuration')
+const Certificate       = require('./lib/Certificate')
+const Pluralise         = require('./lib/util/Pluralise')
+const Throws            = require('./lib/util/Throws')
+const HttpServer        = require('./lib/HttpServer')
+const log               = require('./lib/util/log')
 
 // Custom errors thrown by the autoEncrypt function.
 const throws = new Throws({
@@ -43,13 +44,13 @@ const throws = new Throws({
  * @alias module:@small-tech/auto-encrypt
  * @hideconstructor
  */
-export default class AutoEncrypt {
-  static letsEncryptServer = null
-  static defaultDomains    = null
-  static domains           = null
-  static settingsPath      = null
-  static listener          = null
-  static certificate       = null
+class AutoEncrypt {
+  static #letsEncryptServer = null
+  static #defaultDomains    = null
+  static #domains           = null
+  static #settingsPath      = null
+  static #listener          = null
+  static #certificate       = null
 
   /**
    * Enumeration.
@@ -65,7 +66,7 @@ export default class AutoEncrypt {
    * people to add AutoEncrypt to their existing apps by requiring the module
    * and prefixing their https.createServer(…) line with AutoEncrypt:
    *
-   * @example import AutoEncrypt from '@small-tech/auto-encrypt'
+   * @example const AutoEncrypt = require('@small-tech/auto-encrypt')
    * const server = AutoEncrypt.https.createServer()
    *
    * @static
@@ -73,7 +74,7 @@ export default class AutoEncrypt {
   static get https () { return AutoEncrypt }
 
 
-  static ocspCache = null
+  static #ocspCache = null
 
   /**
    * Automatically manages Let’s Encrypt certificate provisioning and renewal for Node.js
@@ -143,12 +144,12 @@ export default class AutoEncrypt {
     const configuration = new Configuration({ settingsPath, domains, server: letsEncryptServer})
     const certificate = new Certificate(configuration)
 
-    this.letsEncryptServer = letsEncryptServer
-    this.defaultDomains    = defaultDomains
-    this.domains           = domains
-    this.settingsPath      = settingsPath
-    this.listener          = listener
-    this.certificate       = certificate
+    this.#letsEncryptServer = letsEncryptServer
+    this.#defaultDomains    = defaultDomains
+    this.#domains           = domains
+    this.#settingsPath      = settingsPath
+    this.#listener          = listener
+    this.#certificate       = certificate
 
     function sniError (symbolName, callback, emoji, ...args) {
       const error = Symbol.for(symbolName)
@@ -226,7 +227,7 @@ export default class AutoEncrypt {
    */
   static shutdown () {
     this.clearOcspCacheTimers()
-    this.certificate.stopCheckingForRenewal()
+    this.#certificate.stopCheckingForRenewal()
   }
 
   //
@@ -254,7 +255,7 @@ export default class AutoEncrypt {
     // By turning on OCSP Stapling, you can improve the performance of your website, provide better privacy protections
     // … and help Let’s Encrypt efficiently serve as many people as possible.
     //
-    // (Source: https://letsencrypt.org/docs/integration-guide/implement-ocsp-stapling)
+    // (Source: https://letsencrypt.org/docs/integration-guide/#implement-ocsp-stapling)
 
     this.ocspCache = new ocsp.Cache()
     const cache = this.ocspCache
@@ -294,12 +295,12 @@ export default class AutoEncrypt {
   // Custom object description for console output (for debugging).
   static [util.inspect.custom] () {
     return `
-       # AutoEncrypt (static class)
+      # AutoEncrypt (static class)
 
-        - Using Let’s Encrypt ${this.letsEncryptServer.name} server.
-        - Managing TLS for ${this.domains.toString().replace(',', ', ')}${this.domains === this.defaultDomains ? ' (default domains)' : ''}.
-        - Settings stored at ${this.settingsPath === null ? 'default settings path' : this.settingsPath}.
-        - Listener ${typeof this.listener === 'function' ? 'is set' : 'not set'}.
+        - Using Let’s Encrypt ${this.#letsEncryptServer.name} server.
+        - Managing TLS for ${this.#domains.toString().replace(',', ', ')}${this.#domains === this.#defaultDomains ? ' (default domains)' : ''}.
+        - Settings stored at ${this.#settingsPath === null ? 'default settings path' : this.#settingsPath}.
+        - Listener ${typeof this.#listener === 'function' ? 'is set' : 'not set'}.
     `
   }
 
@@ -307,3 +308,5 @@ export default class AutoEncrypt {
     throws.error(Symbol.for('StaticClassCannotBeInstantiatedError'))
   }
 }
+
+module.exports = AutoEncrypt

package/lib/Account.js

@@ -14,15 +14,15 @@
 //
 ////////////////////////////////////////////////////////////////////////////////
 
-import fs from 'fs'
-import Throws from './util/Throws.js'
-import NewAccountRequest from './acme-requests/NewAccountRequest.js'
+const fs                              = require('fs-extra')
+const Throws                          = require('./util/Throws')
+const NewAccountRequest               = require('./acme-requests/NewAccountRequest')
 
 const throws = new Throws({
   // No custom errors are thrown by this class.
 })
 
-export default class Account {
+class Account {
   //
   // Async factory method.
   //
@@ -65,3 +65,5 @@ export default class Account {
   get kid ()      { return this.data.kid                                     }
   set kid (value) { throws.error(Symbol.for('ReadOnlyAccessorError'), 'kid') }
 }
+
+module.exports = Account

package/lib/AcmeRequest.js

@@ -6,12 +6,12 @@
  * @license AGPLv3 or later.
  */
 
-import jose from 'jose'
-import prepareRequest from 'bent'
-import types from '../typedefs/lib/AcmeRequest.js'
-import Nonce from './Nonce.js'
-import Throws from './util/Throws.js'
-import log from './util/log.js'
+const jose            = require('jose')
+const prepareRequest  = require('bent')
+const types           = require('../typedefs/lib/AcmeRequest')
+const Nonce           = require('./Nonce')
+const Throws          = require('./util/Throws')
+const log             = require('./util/log')
 
 const throws = new Throws({
   [Symbol.for('AcmeRequest.classNotInitialisedError')]:
@@ -28,33 +28,33 @@ const throws = new Throws({
  *
  * @alias module:lib/AcmeRequest
  */
-export default class AcmeRequest {
-  static initialised = false
-  static directory = null
-  static accountIdentity = null
-  static nonce = null
-  static __account = null
+class AcmeRequest {
+  static #initialised = false
+  static #directory = null
+  static #accountIdentity = null
+  static #nonce = null
+  static #account = null
 
   static initialise (directory = throws.ifMissing(), accountIdentity = throws.ifMissing()) {
-    this.directory = directory
-    this.accountIdentity = accountIdentity
-    this.nonce = new Nonce(directory)
-    this.initialised = true
+    this.#directory = directory
+    this.#accountIdentity = accountIdentity
+    this.#nonce = new Nonce(directory)
+    this.#initialised = true
   }
 
   static uninitialise () {
-    this.directory = null
-    this.accountIdentity = null
-    this.nonce = null
-    this.__account = null
-    this.initialised = false
+    this.#directory = null
+    this.#accountIdentity = null
+    this.#nonce = null
+    this.#account = null
+    this.#initialised = false
   }
 
-  static set account (_account = throws.ifMissing()) { this.__account = _account }
-  static get account () { return this.__account }
+  static set account (_account = throws.ifMissing()) { this.#account = _account }
+  static get account () { return this.#account }
 
   constructor () {
-    if (!AcmeRequest.initialised) {
+    if (!AcmeRequest.#initialised) {
       throws.error(Symbol.for('AcmeRequest.classNotInitialisedError'))
     }
   }
@@ -145,7 +145,7 @@ export default class AcmeRequest {
 
     // Always save the fresh nonce returned from API calls.
     const freshNonce = response.headers['replay-nonce']
-    AcmeRequest.nonce.set(freshNonce)
+    AcmeRequest.#nonce.set(freshNonce)
 
     // The response returned is the raw response object. Let’s consume
     // it and return a more relevant response.
@@ -208,11 +208,11 @@ export default class AcmeRequest {
     // ===== the arguments array as the latter does not reflect default parameters.
     const originalRequestDetails = [command, payload, useKid, successCodes, url, nonce]
 
-    url = url || AcmeRequest.directory[`${command}Url`]
+    url = url || AcmeRequest.#directory[`${command}Url`]
 
     const protectedHeader = {
       alg: 'RS256',
-      nonce: nonce || await AcmeRequest.nonce.get(),
+      nonce: nonce || await AcmeRequest.#nonce.get(),
       url
     }
 
@@ -221,10 +221,10 @@ export default class AcmeRequest {
       protectedHeader.kid = AcmeRequest.account.kid
     } else {
       // If we’re not using the kid, we must use the public JWK (see RFC 8555 § 6.2 Request Authentication)
-      protectedHeader.jwk = AcmeRequest.accountIdentity.publicJWK
+      protectedHeader.jwk = AcmeRequest.#accountIdentity.publicJWK
     }
 
-    const signedRequest = jose.JWS.sign.flattened(payload, AcmeRequest.accountIdentity.key, protectedHeader)
+    const signedRequest = jose.JWS.sign.flattened(payload, AcmeRequest.#accountIdentity.key, protectedHeader)
 
     const httpsHeaders = {
       'Content-Type': 'application/jose+json',
@@ -244,3 +244,6 @@ export default class AcmeRequest {
     }
   }
 }
+
+module.exports = AcmeRequest
+

package/lib/Authorisation.js

@@ -13,14 +13,14 @@
 //
 ////////////////////////////////////////////////////////////////////////////////
 
-import EventEmitter from 'events'
-import log from './util/log.js'
-import AuthorisationRequest from './acme-requests/AuthorisationRequest.js'
-import ReadyForChallengeValidationRequest from './acme-requests/ReadyForChallengeValidationRequest.js'
-import HttpServer from './HttpServer.js'
-import waitFor from './util/waitFor.js'
+const EventEmitter = require('events')
+const log = require('./util/log')
+const AuthorisationRequest = require('./acme-requests/AuthorisationRequest')
+const ReadyForChallengeValidationRequest = require('./acme-requests/ReadyForChallengeValidationRequest')
+const HttpServer = require('./HttpServer')
+const waitFor = require('./util/waitFor')
 
-export default class Authorisation extends EventEmitter {
+class Authorisation extends EventEmitter {
 
   // Async factory method. Use this to instantiate.
   // TODO: add check to ensure factory method is used.
@@ -181,3 +181,5 @@ export default class Authorisation extends EventEmitter {
     }
   }
 }
+
+module.exports = Authorisation

package/lib/Certificate.js

@@ -6,19 +6,19 @@
  * @license AGPLv3 or later.
  */
 
-import fs from 'fs'
-import tls from 'tls'
-import util from 'util'
-import moment from 'moment'
-import log from './util/log.js'
-import { Certificate as X509Certificate } from './x.509/rfc5280.js'
-import Account from './Account.js'
-import AccountIdentity from './identities/AccountIdentity.js'
-import Directory from './Directory.js'
-import Order from './Order.js'
-import CertificateIdentity from './identities/CertificateIdentity.js'
-import AcmeRequest from './AcmeRequest.js'
-import Throws from './util/Throws.js'
+const fs                              = require('fs-extra')
+const tls                             = require('tls')
+const util                            = require('util')
+const moment                          = require('moment')
+const log                             = require('./util/log')
+const x509                            = require('./x.509/rfc5280')
+const Account                         = require('./Account')
+const AccountIdentity                 = require('./identities/AccountIdentity')
+const Directory                       = require('./Directory')
+const Order                           = require('./Order')
+const CertificateIdentity             = require('./identities/CertificateIdentity')
+const AcmeRequest                     = require('./AcmeRequest')
+const Throws                          = require('./util/Throws')
 
 const throws = new Throws({
   // No custom errors are thrown by this class.
@@ -30,7 +30,7 @@ const throws = new Throws({
  * @alias module:lib/Certificate
  * @param {String[]} domains List of domains this certificate covers.
  */
-export default class Certificate {
+class Certificate {
   /**
    * Get a SecureContext that can be used in an SNICallback.
    *
@@ -174,13 +174,13 @@ export default class Certificate {
       // written but before we had a chance to clean up the old files.)
       if (fs.existsSync(certificateIdentityPath) && fs.existsSync(certificatePath)) {
         log('   🚑    ❨auto-encrypt❩ A new certificate was also found. Going to delete the old one and use that.')
-        fs.rmSync(oldCertificateIdentityPath, {recursive: true, force: true})
-        fs.rmSync(oldCertificatePath, {recursive: true, force: true})
+        fs.removeSync(oldCertificateIdentityPath)
+        fs.removeSync(oldCertificatePath)
       } else {
         // The renewal process must have failed. Delete any previous state and restore the old certificate.
         log('   🚑    ❨auto-encrypt❩ Cleaning up previous state and restoring old certificate…')
-        fs.rmSync(certificateIdentityPath, {recursive: true, force: true})
-        fs.rmSync(certificatePath, {recursive: true, force: true})
+        fs.removeSync(certificateIdentityPath)
+        fs.removeSync(certificatePath)
         fs.renameSync(oldCertificateIdentityPath, certificateIdentityPath)
         fs.renameSync(oldCertificatePath, certificatePath)
       }
@@ -278,15 +278,15 @@ export default class Certificate {
 
     //
     // In case old files were left behind, remove them first and then rename the current files.
-    // (If the directory doesn’t exist, will silently do nothing.)
+    // (If the directory doesn’t exist, fs.removeSync() will silently do nothing.)
     //
     const certificateIdentityPath = this.#configuration.certificateIdentityPath
     const oldCertificateIdentityPath = `${certificateIdentityPath}.old`
     const certificatePath = this.#configuration.certificatePath
     const oldCertificatePath = `${certificatePath}.old`
 
-    fs.rmSync(oldCertificateIdentityPath, {recursive: true, force: true})
-    fs.rmSync(oldCertificatePath, {recursive: true, force: true})
+    fs.removeSync(oldCertificateIdentityPath)
+    fs.removeSync(oldCertificatePath)
     fs.renameSync(certificateIdentityPath, oldCertificateIdentityPath)
     fs.renameSync(certificatePath, oldCertificatePath)
 
@@ -296,8 +296,8 @@ export default class Certificate {
     await this.createSecureContext(/* renewCertificate = */ true)
 
     // Delete the backup of the old certificate.
-    fs.rmSync(oldCertificateIdentityPath, {recursive: true, force: true})
-    fs.rmSync(oldCertificatePath, {recursive: true, force: true})
+    fs.removeSync(oldCertificateIdentityPath)
+    fs.removeSync(oldCertificatePath)
   }
 
 
@@ -367,7 +367,7 @@ export default class Certificate {
   }
 
   parseDetails (certificatePem) {
-    const certificate = (X509Certificate.decode(certificatePem, 'pem', {label: 'CERTIFICATE'})).tbsCertificate
+    const certificate = (x509.Certificate.decode(certificatePem, 'pem', {label: 'CERTIFICATE'})).tbsCertificate
 
     const serialNumber = certificate.serialNumber
     const issuer = certificate.issuer.value[0][0].value.toString('utf-8').slice(2).trim()
@@ -417,3 +417,5 @@ export default class Certificate {
     `
   }
 }
+
+module.exports = Certificate

package/lib/Configuration.js

@@ -7,13 +7,13 @@
  * @license AGPLv3 or later.
  */
 
-import os from 'os'
-import fs from 'fs'
-import path from 'path'
-import util from 'util'
-import crypto from 'crypto'
-import log from './util/log.js'
-import Throws from './util/Throws.js'
+const os                                = require('os')
+const fs                                = require('fs-extra')
+const path                              = require('path')
+const util                              = require('util')
+const crypto                            = require('crypto')
+const log                               = require('./util/log')
+const Throws                            = require('./util/Throws')
 
 // Custom errors thrown by this class.
 const throws = new Throws({
@@ -26,17 +26,11 @@ function isAnArrayOfStrings (object) {
   return Array.isArray(object) && containsOnlyStrings(object)
 }
 
-function ensureDirSync (directory) {
-  if (!fs.existsSync(directory)) {
-    fs.mkdirSync(directory, { recursive: true })
-  }
-}
-
 /**
  * @alias module:lib/Configuration
  * @hideconstructor
  */
-export default class Configuration {
+class Configuration {
   #server = null
   #domains = null
   #settingsPath = null
@@ -79,7 +73,7 @@ export default class Configuration {
     }
 
     // And ensure that the settings path exists in the file system.
-    ensureDirSync(this.#settingsPath)
+    fs.ensureDirSync(this.#settingsPath)
 
     //
     // Create account paths.
@@ -112,7 +106,7 @@ export default class Configuration {
     this.#certificateDirectoryPath = path.join(this.#settingsPath, certificateDirectoryName)
 
     // And ensure that the certificate directory path exists in the file system.
-    ensureDirSync(this.#certificateDirectoryPath)
+    fs.ensureDirSync(this.#certificateDirectoryPath)
 
     this.#certificatePath = path.join(this.#certificateDirectoryPath, 'certificate.pem')
     this.#certificateIdentityPath = path.join(this.#certificateDirectoryPath, 'certificate-identity.pem')
@@ -236,3 +230,4 @@ export default class Configuration {
     `
   }
 }
+module.exports = Configuration

package/lib/Directory.js

@@ -11,25 +11,25 @@
 //
 ////////////////////////////////////////////////////////////////////////////////
 
-import util from 'util'
-import prepareRequest from 'bent'
-import log from './util/log.js'
-import Throws from './util/Throws.js'
+const util           = require('util')
+const prepareRequest = require('bent')
+const log            = require('./util/log')
+const Throws         = require('./util/Throws')
 
 const throws = new Throws()
 
-export default class Directory {
-  directory         = null
-  letsEncryptServer = null
-  directoryRequest  = null
+class Directory {
+  #directory         = null
+  #letsEncryptServer = null
+  #directoryRequest  = null
 
   //
   // Factory method access (async).
   //
-  static isBeingInstantiatedViaAsyncFactoryMethod = false
+  static #isBeingInstantiatedViaAsyncFactoryMethod = false
 
   static async getInstanceAsync (configuration = throws.ifMissing()) {
-    Directory.isBeingInstantiatedViaAsyncFactoryMethod = true
+    Directory.#isBeingInstantiatedViaAsyncFactoryMethod = true
     const directory = new Directory(configuration)
     await directory.getUrls()
     return directory
@@ -40,13 +40,13 @@ export default class Directory {
   //
 
   // Directory URLs.
-  get keyChangeUrl()      { return this.directory.keyChange  }
-  get newAccountUrl()     { return this.directory.newAccount }
-  get newNonceUrl()       { return this.directory.newNonce   }
-  get newOrderUrl()       { return this.directory.newOrder   }
-  get revokeCertUrl()     { return this.directory.revokeCert }
-  get termsOfServiceUrl() { return this.directory.meta.termsOfService }
-  get websiteUrl()        { return this.directory.meta.website        }
+  get keyChangeUrl()      { return this.#directory.keyChange  }
+  get newAccountUrl()     { return this.#directory.newAccount }
+  get newNonceUrl()       { return this.#directory.newNonce   }
+  get newOrderUrl()       { return this.#directory.newOrder   }
+  get revokeCertUrl()     { return this.#directory.revokeCert }
+  get termsOfServiceUrl() { return this.#directory.meta.termsOfService }
+  get websiteUrl()        { return this.#directory.meta.website        }
 
   //
   // Private.
@@ -54,28 +54,28 @@ export default class Directory {
 
   constructor(configuration) {
     // Ensure async factory method instantiation.
-    if (Directory.isBeingInstantiatedViaAsyncFactoryMethod === false) {
+    if (Directory.#isBeingInstantiatedViaAsyncFactoryMethod === false) {
       throws.error(Symbol.for('MustBeInstantiatedViaAsyncFactoryMethodError'), 'Directory')
     }
-    Directory.isBeingInstantiatedViaAsyncFactoryMethod = false
+    Directory.#isBeingInstantiatedViaAsyncFactoryMethod = false
 
-    this.letsEncryptServer = configuration.server
-    this.directoryRequest = prepareRequest('GET', 'json', this.letsEncryptServer.endpoint)
+    this.#letsEncryptServer = configuration.server
+    this.#directoryRequest = prepareRequest('GET', 'json', this.#letsEncryptServer.endpoint)
 
-    log(`   📕    ❨auto-encrypt❩ Directory is using endpoint ${this.letsEncryptServer.endpoint}`)
+    log(`   📕    ❨auto-encrypt❩ Directory is using endpoint ${this.#letsEncryptServer.endpoint}`)
   }
 
   // (Async) Fetches the latest Urls from the Let’s Encrypt ACME endpoint being used.
   // This will throw if the request fails. Ensure that you catch the error when
   // using it.
-  async getUrls() { this.directory = await this.directoryRequest() }
+  async getUrls() { this.#directory = await this.#directoryRequest() }
 
   // Custom object description for console output (for debugging).
   [util.inspect.custom] () {
     return `
       # Directory
 
-      Endpoint: ${this.letsEncryptServer.endpoint}
+      Endpoint: ${this.#letsEncryptServer.endpoint}
 
       ## URLs:
 
@@ -89,3 +89,5 @@ export default class Directory {
     `
   }
 }
+
+module.exports = Directory