Letsencrypt doesnt work for different ports


#1

I have configured letsencrypt to work on my website, https://synodins.com, just fine.

The problem is that I am setting up nodejs on it and to setup a socket connection i need to use different ports than 80.

Currently you can see my error here, as I am trying to connect with port 8002.
https://synodins.com:8002

How do I configure letsencrypt to allow for different ports?


#2

// edit: @tialaramex answer is correct, I misread your question.

That’s not possible, for some prior discussion see:

Using the DNS-01 challenge type does not require any open ports and is currently your only option if you’re unable to use port 80 (with HTTP-01) and 443 (with TLS-SNI-01). The validation is performed through a TXT record you need to add to your DNS.

You’ll need one of the alternative clients with DNS-01 support, such as lego.


#3

pfg’s answer is about using a different port to do the Let’s Encrypt validation. And if that’s what you want, yeah, that post is right you can’t do that. But I think you already HAVE a perfectly nice certificate for your name synodins.com, and you would just like to ALSO use that certificate for this server on port 8002. That IS possible. But, as you noticed it is not working right, so you need help figuring out why.

First observation, that port isn’t speaking SSL / TLS at all, it’s speaking plain unencrypted HTTP. You need to configure the server answering on port 8002 to offer TLS encryption. A “nodejs” person might have more insight than me.


#4

The ACME server needs to prove that you control port 80 or 443.

Assuming you do, there are 2 ways to handle that that may work for you:

  1. You can create a proxypass on the port 80 server to proxy /.well-known to port 8002, then configure the letsencrypt-auto to bind to 8002. ACME will ping port80, but your client runs on 8002. see https://github.com/certbot/certbot/issues/2697

  2. You can use the manual option and have the port 80 server route /.well-known to a directory that you can manually edit


#5

Oh wait, I read your question completely wrong.

You have LE working fine on your server, but you also want to use the certificate on port 8002…

You have to configure whatever is running on port 8002 to be an SSL server that uses your LE cert. You could also have port 8002 be on nginx/apache and use your SSL certificate there as a gateway, then proxypass up to node-js speaking plain HTTP on port 8003.


#6

So how do I go about doing this?

How do I configure whatever is running on port 8002 to be an SSL server that uses my LE cert.

Whats running on port 8002 is nodejs server. So should I take up this question with the nodejs community?


#7

Yeah. It’s a nodejs issue.

This how-to sets up a node server on port 8000

The location of the LetsEncrypt certs are well documented. You can either link to their ‘live’ directory, or copy them into your node project (just be sure to keep them updated)


Support for ports other than 80 and 443
#8

Ok so im here:
https://nodejs.org/api/https.html#https_https_createserver_options_requestlistener

And Im trying to figure out which pem files are to be where.
There are:
cert,chain,fullchain and privkey
in the /etc/letsencrypt/live folder.

From that link i copied
const options = {
key: fs.readFileSync(‘test/fixtures/keys/agent2-key.pem’),
cert: fs.readFileSync(‘test/fixtures/keys/agent2-cert.pem’)
};

I guess the cert is for the ‘cert’ key.
But is ‘privkey’ the other one?
How do I precede those things?
Do I just do /etc/letsencrypt/live/synodins.com/cert.pm ?
In the const options.

I am trying that right now but im getting error ‘unexptected token’ when i fire that script up as a server.


#9

I guess cert wants fullchain.pem. key wants privkey.pem.


#10

so its:

const options = {
key: fs.readFileSync(’/etc/letsencrypt/live/synodins.com/privkey.pem’),
cert: fs.readFileSync(’/etc/letsencrypt/live/synodins.com/fullchain.pem’)
};

but im getting error:

https.createServer(options, (req, res) => {
^
SyntaxError: Unexpected token >
at Module._compile (module.js:439:25)
at Object.Module._extensions…js (module.js:474:10)
at Module.load (module.js:356:32)
at Function.Module._load (module.js:312:12)
at Function.Module.runMain (module.js:497:10)
at startup (node.js:119:16)
at node.js:902:3


#11

Node tells you pretty much what the issue is. Seems like you’re running on a Node version that doesn’t support ES6, so use function(req, res) { ... } instead of (req, res) => { ... }.

Also: It’s .pem, not .pm :wink:


#12

I changed that, and it seems to move us forward.

I run the nodejs file as root but as i go synodins.com:8000 it just hangs.


#13

What do you expect to see there? Maybe it doesn’t respond right if a websocket endpoint is accessed normally without a WS handshake?


#14

I was hoping to see ‘hello world’ as the server here
https://nodejs.org/api/https.html#https_https_createserver_options_requestlistener

seems to respond with.


#15

Do you use exactly that code?


#16

Almost. I am using:

const https = require(‘https’);
const fs = require(‘fs’);

const options = {
key: fs.readFileSync(’/etc/letsencrypt/live/synodins.com/privkey.pem’),
cert: fs.readFileSync(’/etc/letsencrypt/live/synodins.com/fullchain.pem’)
};

https.createServer(options, function(req, res) {
console.log(‘creating server’);
res.writeHead(200);
res.end(‘hello world\n’);
}).listen(8000);


#17

I just asked curl to connect to this endpoint securely and that worked:

[njl@totoro ~]$ curl -i https://synodins.com:8000/
HTTP/1.1 200 OK
Date: Fri, 01 Jul 2016 18:11:58 GMT
Connection: keep-alive
Transfer-Encoding: chunked

hello world
[njl@totoro ~]$ 

So hopefully you found or fixed your problem


#18

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.