My CRA app complains about the ECSDA certificates from LE.
There is an open issue on the CRA repo regarding this. The discussion on that thread mentions differences between the behavior of RSA and CRA keys.
It appears that I have to replace my ECSDA certs with their RSA counterparts.
Here is the complaint from 'yarn start' in the project directory:
$ yarn start
yarn run v1.22.19
$ cross-env PORT=5001 react-scripts start
The certificate "/etc/letsencrypt/live/hoyo.zeetix.com/fullchain.pem" is invalid.
error:03000096:digital envelope routines::operation not supported for this keytype
error Command failed with exit code 1.
info Visit https://yarnpkg.com/en/docs/cli/run for documentation about this command.
While a PR is open on the CRA repo, the "fix" it includes applies only to the validation routine. When I apply that PR to the code, I get a similar complaint later in CRA:
Error: error:0308010C:digital envelope routines::unsupported
at new Hash (node:internal/crypto/hash:71:19)
at Object.createHash (node:crypto:140:10)
at module.exports (/home/tms/frontend/gate_dashboard/node_modules/webpack/lib/util/createHash.js:135:53)
at NormalModule._initBuildHash (/home/tms/frontend/gate_dashboard/node_modules/webpack/lib/NormalModule.js:417:16)
at handleParseError (/home/tms/frontend/gate_dashboard/node_modules/webpack/lib/NormalModule.js:471:10)
at /home/tms/frontend/gate_dashboard/node_modules/webpack/lib/NormalModule.js:503:5
at /home/tms/frontend/gate_dashboard/node_modules/webpack/lib/NormalModule.js:358:12
at /home/tms/frontend/gate_dashboard/node_modules/loader-runner/lib/LoaderRunner.js:373:3
at iterateNormalLoaders (/home/tms/frontend/gate_dashboard/node_modules/loader-runner/lib/LoaderRunner.js:214:10)
at iterateNormalLoaders (/home/tms/frontend/gate_dashboard/node_modules/loader-runner/lib/LoaderRunner.js:221:10)
Waiting for the debugger to disconnect...
/home/tms/frontend/gate_dashboard/node_modules/react-scripts/scripts/start.js:19
throw err;
^
Error: error:0308010C:digital envelope routines::unsupported
at new Hash (node:internal/crypto/hash:71:19)
at Object.createHash (node:crypto:140:10)
at module.exports (/home/tms/frontend/gate_dashboard/node_modules/webpack/lib/util/createHash.js:135:53)
at NormalModule._initBuildHash (/home/tms/frontend/gate_dashboard/node_modules/webpack/lib/NormalModule.js:417:16)
at /home/tms/frontend/gate_dashboard/node_modules/webpack/lib/NormalModule.js:452:10
at /home/tms/frontend/gate_dashboard/node_modules/webpack/lib/NormalModule.js:323:13
at /home/tms/frontend/gate_dashboard/node_modules/loader-runner/lib/LoaderRunner.js:367:11
at /home/tms/frontend/gate_dashboard/node_modules/loader-runner/lib/LoaderRunner.js:233:18
at context.callback (/home/tms/frontend/gate_dashboard/node_modules/loader-runner/lib/LoaderRunner.js:111:13)
at /home/tms/frontend/gate_dashboard/node_modules/react-scripts/node_modules/babel-loader/lib/index.js:59:103 {
opensslErrorStack: [ 'error:03000086:digital envelope routines::initialization error' ],
library: 'digital envelope routines',
reason: 'unsupported',
code: 'ERR_OSSL_EVP_UNSUPPORTED'
}
Node.js v19.8.1
Waiting for the debugger to disconnect...
Waiting for the debugger to disconnect...
error Command failed with exit code 1.
info Visit https://yarnpkg.com/en/docs/cli/run for documentation about this command.
I invite guidance about the easiest way to work around this issue. My current plan is to replace the ECSDA certs with RSA certs for the same domains.
Did you try $ export NODE_OPTIONS=--openssl-legacy-provider ( or SET instead of export if you are on windows), that should make it global within the context of your terminal session.
It does seem to be specific to the use of the crypto module by webpack which suggests webpack is using it's own version. Can you try explicitly referencing a new version of webpack (if you're not already)?
I already have a patch (from the above link) that lets React get through the validation. Perhaps this new change will allow webpack to behave as desired.
One of the options in the above link seems to work, at least well enough for me to continue.
I had to do two things:
Remove and add react-scripts
Apply the patch to 'getHttpsConfig.js' in the newly-installed package
The first is accomplished as follows (from a command line in the project root directory):
yarn remove react-scripts
yarn add react-scripts
This upgraded the 'react-scripts' entry in 'package.json' to:
"react-scripts": "^5.0.1",
I then had to apply the change in 'getHttpsConfig.js' as per the PR in the CRA repo.
After doing these two steps, I'm then able to run 'yarn start' from the embedded terminal in VSC. The app complains (in the debug console) but starts. Here is the complaint in the VSC debug console:
(node:17800) [DEP_WEBPACK_DEV_SERVER_HTTPS] DeprecationWarning: 'https' option is deprecated. Please use the 'server' option.
(Use `node --trace-deprecation ...` to show where the warning was created)
(node:17800) [DEP_WEBPACK_DEV_SERVER_ON_AFTER_SETUP_MIDDLEWARE] DeprecationWarning: 'onAfterSetupMiddleware' option is deprecated. Please use the 'setupMiddlewares' option.
(node:17800) [DEP_WEBPACK_DEV_SERVER_ON_BEFORE_SETUP_MIDDLEWARE] DeprecationWarning: 'onBeforeSetupMiddleware' option is deprecated. Please use the 'setupMiddlewares' option.
Starting the development server...
Compiled successfully!
You can now view gate_dashboard in the browser.
Local https://localhost5001
On Your Network https://172.30.2.595001
Note that the development build is not optimized.
To create a production build, use yarn build.
webpack compiled successfully
From there, I can launch a Chrome development browser from VSC, and the new app opens as desired.
I seem to be back in business!
I REALLY appreciate the above link. I very much prefer this work-around to changing the certs to use RSA. The ECDSA certs work everywhere else and this lets me encapsulate the needed changes to this one (new) react app.
Kudos and props to this community, it would have taken me forever to fix this on my own.