Generating certificate for dev env + staging env + prod env


I don’t understand so well how letsencrypt works. I have no experience about certificates at all either.

I have a website in HTTPS (certificate provided by another 3rd party, not letsencrypt AFAIK) at
This website communicates through AJAX with which is a node.js backend (Hapi.js) behind a nginx proxy, under ubuntu 16.04.

Currently, doesn’t have a valid certificate. I setup yesterday a self-signed certificate, but it doesn’t fix the issue, since it requires manual operation of whitelisting the domain anyway. Even though it’s only staging and not prod, I need something clean (ISO prod).

My conclusion is that I need a valid certificate for my staging environment. I don’t see any other way. (my first thought was that since it’s only AJAX request, a self-signed certificate may be enough, would just generate a warning of sort by would sill work, seems like I was mistaken)

My self signed certificate generated 3 files (crt, csr and key), my node application loads both key and crt file upon startup.

How can I generate those files with letsencrypt? I went through the “certbot-auto” but didn’t understand everything and it eventually failed in my dev environment (couldn’t verify the authenticity of the web server or something). It seems it can change the nginx configuration and all, but the only thing I think I need is to generate those files and load them when starting my app. But I could be wrong.

My domain is:

I ran this command: None

My web server is (include version): None in dev, nginx as proxy in staging/prod

The operating system my web server runs on is (include version):
Dev env: Ubuntu 17.10
Staging env: Ubuntu 16.04.03

My hosting provider, if applicable, is: OVH

I can login to a root shell on my machine (yes or no, or I don’t know): Yes

In order to use certbot you’ll have to configure your node.js application to serve static files from a directory and point certbot’s --webroot-path to that directory.

An easier solution is to use greenlock-express. Implementing it will allow your node.js application to obtain and renew its certificate all by itself, without the need for certbot or similar clients. There are specific instructions for integrating with hapi here.

Please note that whether you use certbot or greenlock your website needs to be publicly listening on the Internet in order for Let’s Encrypt to verify you own the domain. For private firewalled services you will need to look at using DNS TXT based authentication instead.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.