Certificate not trusted using Nodejs Express and Lets encrypt

Hello there, I’ve been trying to set up https for my website
My domain is: outoften.fr but you can visit my website using api.outoften.fr

I ran the commands listed in the certbot tutorial, sudo certbot certonly --standalone

My web server is (include version): Node js I use a very basic code to create the https server :

const privateKey = fs.readFileSync(’/etc/letsencrypt/live/outoften.fr/privkey.pem’, ‘utf8’);
const certificate = fs.readFileSync(’/etc/letsencrypt/live/outoften.fr/fullchain.pem’, ‘utf8’);
const ca = fs.readFileSync(’/etc/letsencrypt/live/outoften.fr/chain.pem’, ‘utf8’);

const httpsOptions = {
key : privateKey,
cert : certificate,
ca : ca
}
https.createServer(httpsOptions,app).listen(443)

The operating system my web server runs on is (include version): Ubuntu 16.04

My hosting provider, if applicable, is: OVH

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): Not sure what this is

When I go to my website it says not secured but it still says certificate are valid.
I used the website provided by certbot to verify how good or bad it is and I got this result https://www.ssllabs.com/ssltest/analyze.html?d=outoften.fr#whyNotTrusted

Thanks in advance for any help

1 Like

Hi @louisnot

there is no problem visible - Ssllabs reports a Grade A. Same with https://check-your-website.server-daten.de/?q=outoften.fr - Grade B.

Your certificate is valid:

CN=outoften.fr
	16.02.2020
	16.05.2020
expires in 89 days	outoften.fr - 1 entry

But your name server configuration is bad. outoften.fr is listed in the parent zone as your name server. But doesn’t answer via TCP. And your delegation / zone is inconsistent:

Fatal: Inconsistency between delegation and zone. The set of NS records served by the 
authoritative name servers must match those proposed for the delegation in the parent 
zone.: ns103.ovh.net (213.251.128.147): 
Delegation: dns103.ovh.net,ns103.ovh.net,outoften.fr, 
Zone: dns103.ovh.net,ns103.ovh.net
1 Like

Hey, so I do not really know what happened here tbh but it seems to work perfectly since I changed my url from api.outoften.fr to outoften.fr only. I’m getting A grade right now.
I still have a question though, I would like my url to actually be api.outoften.fr is there a way to do this? (With OVH console)

1 Like

Then you have to create a certificate with that domain name and use that.

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.