Node.js as reverse proxy and letencrypt

lassevestergaard · October 8, 2017, 6:47pm

Hi all

I am experiencing an odd issue with ssl certificate renewal on my server.

I have a setup with a reverse proxy developed in node.js, and deployed through pm2. On top of that, I have setup a letsencrypt certificate with auto renewal. All-in-all, the certificate is setup correctly, and it also auto renews perfectly fine. The issue seems to be that I need to manually restart my reverse proxy through pm2 when the letsencrypt auto renewal has happened. Otherwise I get an out of date warning when accessing my webpage.

I have Googled around, but simply can’t find anyone reporting this issue. I only see that everyone seems to use NginX as reverse proxy, which I might do at a later point, but for now I would like to figure out was is going wrong in my current setup.

Best regards

Lasse Vestergaard

rg305 · October 8, 2017, 7:31pm

When a renewal happens the public cert is changed.
If the reverse proxy is unaware of the change it will continue serving the old cert.

There are hooks that can be used to run scripts that can assist with such processes.
Look into Pre and Post Validation Hooks

Patches · October 8, 2017, 8:42pm

Node.js currently doesn’t support hot reloading of certificates. It’s an open bug:

An “unofficial” workaround is described by indutny and retrohacker in the comments.

ahaw021 · October 8, 2017, 11:08pm

just to clarify it’s not a bug it’s designed behavior (just like Apache, Nginx etc). A lot of web servers cache the certificates and keys in memory for faster access hence the need to restart.

Andrei

system · November 7, 2017, 11:08pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.