ERR_CERT_INVALID for Node + Express + Raspberry Pi

Help
1

My domain is: harel.ddns.net

I ran this command: sudo certbot certonly --webroot -w ./public/ -d harel.ddns.net

It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
Cert not yet due for renewal

You have an existing certificate that has exactly the same domains or certificate name you requested and isn’t close to expiry.
(ref: /etc/letsencrypt/renewal/harel.ddns.net.conf)

My web server is (include version): Node (4.2.1) + Express (4.14)

The operating system my web server runs on is (include version): (Raspberry Pi Debian Jessie)

My hosting provider, if applicable, is: no-ip.com

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

2

Hi,

This message means you've already got a certificate with the same domain name..

Can you please run sudo certbot certificates and see if there's any certificate that contains this name & not expired yet?

If so, you could just use that certificate.

Thank you

3

Hi @oriharel

your http - version works. But your https - version has a timeout. So I can't test your website.

You have a lot active certificates:

https://transparencyreport.google.com/https/certificates?cert_search_auth=&cert_search_cert=p:aGFyZWwuZGRucy5uZXQ6ZmFsc2U6ZmFsc2U6OkVBRT0&cert_search=include_expired:false;include_subdomains:false;domain:harel.ddns.net&lu=cert_search_cert

Normally, you need only one or two. And you have created 4 new certificates today.

4

After running this command I get this:

Found the following certs:
Certificate Name: harel.ddns.net
Domains: harel.ddns.net
Expiry Date: 2018-12-07 11:30:28+00:00 (VALID: 89 days)
Certificate Path: /etc/letsencrypt/live/harel.ddns.net/fullchain.pem
Private Key Path: /etc/letsencrypt/live/harel.ddns.net/privkey.pem

So I have a certificate that is not expired yet.

From my Express app - I can’t access the .pem files. So what I did is I copied them into another folder, chown them for the user that runs the web server (pi) and point my Express app to that.
I even run
openssl verify -CAfile chain.pem cert.pem
and that returns OK.

So why https://harel.ddns.net is in error with ERR_CERT_INVALID?

5

I know it has a time out - this is why I’m asking for help here. About the multiple active certificates - this is me trying to troubleshoot this situation.
Everything seems to be configured correctly but still https://harel.ddns.net returns an error with ERR_CERT_INVALID

6

Your webserver

what is that? Apache, nginx? Or another software?

And why is the certificate invalide? Wrong domain? Self signed?

7

Hi,

Can you please check if there's an firewall issue?

Since my scanner told me there's a firewall issue or that port is filtered by your ISP...

Only port 22 & 80 is open...

I'm not exactly sure... Since i can't even connect to your server...

Thank you

8

It's Express :smile:

9

ssl
ssl.png1222×528 42 KB

10

Worked https earlier? Or is this the first time you want to activate https?

Did you created something like that?

PS: Now I am able to connect via https - MOZILLA_PKIX_ERROR_SELF_SIGNED_CERT

11

You’re correct! I didn’t port-forwarded 443!! now it works, thanks!!

12

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.