I have configured letsencrypt to work on my website, https://synodins.com, just fine.
The problem is that I am setting up nodejs on it and to setup a socket connection i need to use different ports than 80.
Currently you can see my error here, as I am trying to connect with port 8002.
https://synodins.com:8002
How do I configure letsencrypt to allow for different ports?
// edit: @tialaramex answer is correct, I misread your question.
That's not possible, for some prior discussion see:
Using the DNS-01 challenge type does not require any open ports and is currently your only option if you're unable to use port 80 (with HTTP-01) and 443 (with TLS-SNI-01). The validation is performed through a TXT record you need to add to your DNS.
You'll need one of the alternative clients with DNS-01 support, such as lego.
pfgâs answer is about using a different port to do the Letâs Encrypt validation. And if thatâs what you want, yeah, that post is right you canât do that. But I think you already HAVE a perfectly nice certificate for your name synodins.com, and you would just like to ALSO use that certificate for this server on port 8002. That IS possible. But, as you noticed it is not working right, so you need help figuring out why.
First observation, that port isnât speaking SSL / TLS at all, itâs speaking plain unencrypted HTTP. You need to configure the server answering on port 8002 to offer TLS encryption. A ânodejsâ person might have more insight than me.
The ACME server needs to prove that you control port 80 or 443.
Assuming you do, there are 2 ways to handle that that may work for you:
You can create a proxypass on the port 80 server to proxy /.well-known to port 8002, then configure the letsencrypt-auto to bind to 8002. ACME will ping port80, but your client runs on 8002. see https://github.com/certbot/certbot/issues/2697
You can use the manual option and have the port 80 server route /.well-known to a directory that you can manually edit
Oh wait, I read your question completely wrong.
You have LE working fine on your server, but you also want to use the certificate on port 8002âŚ
You have to configure whatever is running on port 8002 to be an SSL server that uses your LE cert. You could also have port 8002 be on nginx/apache and use your SSL certificate there as a gateway, then proxypass up to node-js speaking plain HTTP on port 8003.
So how do I go about doing this?
How do I configure whatever is running on port 8002 to be an SSL server that uses my LE cert.
Whats running on port 8002 is nodejs server. So should I take up this question with the nodejs community?
Yeah. Itâs a nodejs issue.
This how-to sets up a node server on port 8000
The location of the LetsEncrypt certs are well documented. You can either link to their âliveâ directory, or copy them into your node project (just be sure to keep them updated)
Ok so im here:
https://nodejs.org/api/https.html#https_https_createserver_options_requestlistener
And Im trying to figure out which pem files are to be where.
There are:
cert,chain,fullchain and privkey
in the /etc/letsencrypt/live folder.
From that link i copied
const options = {
key: fs.readFileSync(âtest/fixtures/keys/agent2-key.pemâ),
cert: fs.readFileSync(âtest/fixtures/keys/agent2-cert.pemâ)
};
I guess the cert is for the âcertâ key.
But is âprivkeyâ the other one?
How do I precede those things?
Do I just do /etc/letsencrypt/live/synodins.com/cert.pm ?
In the const options.
I am trying that right now but im getting error âunexptected tokenâ when i fire that script up as a server.
I guess cert wants fullchain.pem. key wants privkey.pem.
so its:
const options = {
key: fs.readFileSync(â/etc/letsencrypt/live/synodins.com/privkey.pemâ),
cert: fs.readFileSync(â/etc/letsencrypt/live/synodins.com/fullchain.pemâ)
};
but im getting error:
https.createServer(options, (req, res) => {
^
SyntaxError: Unexpected token >
at Module._compile (module.js:439:25)
at Object.Module._extensionsâŚjs (module.js:474:10)
at Module.load (module.js:356:32)
at Function.Module._load (module.js:312:12)
at Function.Module.runMain (module.js:497:10)
at startup (node.js:119:16)
at node.js:902:3
Node tells you pretty much what the issue is. Seems like you're running on a Node version that doesn't support ES6, so use function(req, res) { ... } instead of (req, res) => { ... }.
Also: It's .pem, not .pm 
I changed that, and it seems to move us forward.
I run the nodejs file as root but as i go synodins.com:8000 it just hangs.
What do you expect to see there? Maybe it doesnât respond right if a websocket endpoint is accessed normally without a WS handshake?
I was hoping to see âhello worldâ as the server here
https://nodejs.org/api/https.html#https_https_createserver_options_requestlistener
seems to respond with.
Do you use exactly that code?
Almost. I am using:
const https = require(âhttpsâ);
const fs = require(âfsâ);
const options = {
key: fs.readFileSync(â/etc/letsencrypt/live/synodins.com/privkey.pemâ),
cert: fs.readFileSync(â/etc/letsencrypt/live/synodins.com/fullchain.pemâ)
};
https.createServer(options, function(req, res) {
console.log(âcreating serverâ);
res.writeHead(200);
res.end(âhello world\nâ);
}).listen(8000);
I just asked curl to connect to this endpoint securely and that worked:
[njl@totoro ~]$ curl -i https://synodins.com:8000/
HTTP/1.1 200 OK
Date: Fri, 01 Jul 2016 18:11:58 GMT
Connection: keep-alive
Transfer-Encoding: chunked
hello world
[njl@totoro ~]$
So hopefully you found or fixed your problem
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.