Certificate issues on websocket connections

SarahFromGaia · October 13, 2021, 9:36am

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:
dfkwiki.com

Description of problem:
So I created a fresh Digital Ocean droplet, installed apache2 php certbot etc, SSL working fine certifiate all good when I load any index.php etc you can see the browser is accepting the cert. However for my websocket connections going over port :3000 ie: https://dfkwiki.com:3000/socket.io/?EIO=4&transport=polling&t=Nnuz6sI I suddenly get NET::ERR_CERT_DATE_INVALID despite the expiration date being in the future and the current date being correct. Strangely this is only occurring for some of my users as many are successfully connected to the websocket connection at any time.

In terms of how I'm creating the websockets in node:

const server = https.createServer({
	cert: fs.readFileSync("/etc/letsencrypt/live/dfkwiki.com/cert.pem"),
	key: fs.readFileSync("/etc/letsencrypt/live/dfkwiki.com/privkey.pem"),
}, app);
app.use(cors());

And how I'm connecting client side:

var socket = io.connect("https://dfkwiki.com:3000", {
    secure: true
});

Strangely this worked for a while on the first server I made and then suddenly stopped and has never gone away. I've had so many people try to help on this and no one can figure it out and its reallyyyy annoying and stopping profress on the site so anything would be amazing.

Thanks in advance.
Sarah

My web server is (include version):
Ubuntu 20.04
PHP 7.4.3
Node v16.11.1

My hosting provider, if applicable, is:
Digital Ocean

I can login to a root shell on my machine (yes or no, or I don't know):
Yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
No

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
certbot 1.20.0

webprofusion · October 13, 2021, 9:49am

Use your fullchain.pem instead of just the cert.pem. Your client needs the intermediate certificates included in the full chain.

SarahFromGaia · October 13, 2021, 9:56am

I don't have the words to explain my delight when that graph just loaded. You sir should be knighted.

Thank you SO SO SO SO SO much.

webprofusion · October 13, 2021, 10:54am

Ha great, glad it worked!

system · November 12, 2021, 10:55am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.