I’m writing integration tests for a system that uses LetsEncrypt (which is amazing!). We need to use the staging LE server in order to not hit rate limits.
That means that everything inside our tests has to be configured using the Fake LE Root X1 CA, which I downloaded with:
curl -s https://acme-staging.api.letsencrypt.org/acme/issuer-cert | openssl x509 -inform der -outform pem -out acme-staging.pem
This file works great with curl’s --cacert. It works great with Go:
package main
import (
"crypto/tls"
"crypto/x509"
"io/ioutil"
"log"
"net/http"
cleanhttp "github.com/hashicorp/go-cleanhttp"
)
func main() {
t := cleanhttp.DefaultTransport()
certs, err := ioutil.ReadFile("acme-staging.pem")
if err != nil {
log.Fatal(err)
}
t.TLSClientConfig = &tls.Config{RootCAs: x509.NewCertPool()}
t.TLSClientConfig.RootCAs.AppendCertsFromPEM(certs)
c := &http.Client{Transport: t}
resp, err := c.Get("https://galaxy.test-20160721224638.meet-eeyore.com/")
log.Print(err)
log.Print(resp)
}
But it doesn’t work with Node.js (tried 4.4.3):
var https = require('https');
var fs = require('fs');
https.get({
hostname: 'galaxy.test-20160721224638.meet-eeyore.com',
path: '/',
ca: fs.readFileSync('acme-staging.pem'),
}, function (res) {
console.log("got response", res.statusCode);
}).on('error', function (e) {
console.log("got error", e.message);
});
This gets me got error unable to get issuer certificate.
I realize this is kinda more of a Node support question than a LE question, but perhaps somebody else here has written test suites in Node with the fake root cert…