Unsupported certificate error in Node.js

I'm getting the below error attempting to start my Node.js 18.17.1 app with a Let's Encrypt certificate. I've temporarily worked around it using openssl 3.1 to save the cert with a modern cipher according to this Node.js issue. Which part of the issuance/renewal process determines the "PKCS7 Encrypted data" cipher as displayed by openssl -info, and how can I control it?

C:\>openssl.exe pkcs12 -in www.mydomain.com.pfx -noout -legacy -info

MAC: sha1, Iteration 1024
MAC length: 20, salt length: 20
PKCS7 Data
Shrouded Keybag: pbeWithSHA1And3-KeyTripleDES-CBC, Iteration 1024
PKCS7 Encrypted data: pbeWithSHA1And40BitRC2-CBC, Iteration 1024
Certificate bag
Certificate bag
C:\>node.exe "C:\Program Files\nodejs\node_modules\npm\bin\npm-cli.js" "start"

> user-lookup@0.0.0 start
> node ./bin/www

      context.loadPKCS12(toBuf(pfx), toBuf(passphrase));

Error: unsupported
    at configSecureContext (node:internal/tls/secure-context:278:15)
    at Object.createSecureContext (node:_tls_common:117:3)
    at Server.setSecureContext (node:_tls_wrap:1362:27)
    at Server (node:_tls_wrap:1226:8)
    at new Server (node:https:74:3)
    at Object.createServer (node:https:112:10)
    at Object.<anonymous> (C:\wt-server\cascade-admin-functions\bin\www:16:25)
    at Module._compile (node:internal/modules/cjs/loader:1256:14)
    at Module._extensions..js (node:internal/modules/cjs/loader:1310:10)
    at Module.load (node:internal/modules/cjs/loader:1119:32)

Node.js v18.17.1

Thank you.

1 Like

Hi @fdoh, and welcome to the LE community forum :slight_smile:

What program/script created that .pfx file?

^^ Same question ^^


win-acme 2.2.6 - are you saying the pfx cipher is 100% on my side with my ACME client?

The .pfx file is NOT provided by Let's Encrypt.
win-acme is likely creating it for you from the .pem files.
[OR something else is doing that - hard to say from where I'm sitting]


What shows?:
openssl.exe version


Thank you Rudy, that puts me on the path to a solution.


OpenSSL 3.1.4 24 Oct 2023 (Library: OpenSSL 3.1.4 24 Oct 2023)

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.