SSL don't work really on web server with Node app


#1

Please fill out the fields below so we can help you better.

My domain is: thurly.com

I ran this command: ./certbot-auto certonly --webroot -w /root/thurly -d thurly.com

It produced this output:
IMPORTANT NOTES:

  • Congratulations! Your certificate and chain have been saved at
    /etc/letsencrypt/live/thurly.com/fullchain.pem. Your cert will
    expire on 2017-04-26. To obtain a new or tweaked version of this
    certificate in the future, simply run certbot-auto again. To
    non-interactively renew all of your certificates, run
    "certbot-auto renew"

  • If you like Certbot, please consider supporting our work by:

    Donating to ISRG / Let’s Encrypt: https://letsencrypt.org/donate
    Donating to EFF: https://eff.org/donate-le

My operating system is (include version): Ubuntu 14.04 LTS

My web server is (include version): Node app

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
No


#2

By using certonly you’re just getting the certificates, in the location provided by the output. You have to install it into your webserver manually. Did you do that?


#3

Thanks for your replying.
I don’t understand what you mean.
Could you explain about that in detail?


#4

The webserver uses the TLS certificate and corresponding private key for encrypting the connections. Therefore, the webserver needs to know where to find the certificate & private key. This has to be configured in the webserver.

From the text you’ve given us, you only ran certbot-auto with the certonly subcommand. This will only get you a certificate. But your webserver doesn’t have a crystal ball. The webserver doesn’t know what you want, until you tell it so. So you’ll have to configure your webserver properly for TLS and say where to find the certificate and private key.

If this doesn’t make any sense, you’d probably need to read a lot more about webservers and TLS in general and in my opinion you should leave this stuff to someone with more affinity/knowledge about this things.


How to help someone who doesn't know the right questions to ask?
#5

Start by read the doc ?
https://nodejs.org/api/https.html#https_https_createserver_options_requestlistener

your key and chain are in /etc/letsencrypt/live/thurly.com/ directory


#6

Thanks very much for your helping.
I configured the webserver with the certificate and private key.
So it is working well now.


#7

2 posts were split to a new topic: How to help someone who doesn’t know the right questions to ask?


#8

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.