dylanpiercey / auto-sni Goto Github PK
View Code? Open in Web Editor NEWπ Free, automated HTTPS for NodeJS made easy.
π Free, automated HTTPS for NodeJS made easy.
Hi,
I'm trying to use auto-sni inside of a docker container node app.
Problem is, any time I restart the container, new certificates are requested. After a few restarts, I soon hit the LE rate limits.
Looking at the source, I think the certificates and other files are stored in the module's 'static' directory. Is that correct? If so, would it be possible to pass in an option to specify another directory? That way I can run the container with a volume mounted so that the files in static are persisted across container restarts.
Any info appreciated.
Thanks
Hello again Dylan,
Just wanted to let you know that greenlock has been updated for Let's Encrypt v2: v2.2
There's a new option version
that's required since the ACME api doesn't have built-in versioning.
I've tried to clean the docs up quite a bit, so hopefully it's very clear:
Even with the following settings I seem to keep getting the self-signed certificate from "Fake LE Intermediate X1"
createServer({
email: "[email protected]",
agreeTos: true,
debug: false,
domains: ["enkarma.co.uk"],
forceSSL: true,
ports: {
http: 80,
https: 443
}
}, app);
Is setting debug: false not sufficient? Thanks in advance for your help.
This is the error I get:
D:\SOMEPROJECT\node_modules\auto-sni\lib\index.js:54
.once('close', httpServer.close.bind(httpServer))
^
TypeError: Cannot read property 'close' of undefined
That's what my server.js looks like:
var express = require('express');
var createServer = require("auto-sni");
var app = express();
app.get('/', function (req, res) {
//SOME ACTION
});
createServer({
email: "EMAIL",
agreeTos: true,
debug: true,
ports: {
http: 8000,
https: 8443
}
}, app);
What am I doing wrong here?
Just a heads up:
I just published a new version of letsencrypt - v1.5.0
(also a new version of letiny-core v2.0.0 and a new dependency rsa-compat - all to fix various bugs)
There shouldn't be any breaking changes to the API, but it does require a shim for the new Buffer methods that aren't implemented in older version of node.
Let me know if you have any problems or if I can answer any questions.
Hey Dylan,
my certificates are not getting updated. Am I right that since the big update, there is no well-known endpoint anymore?
Is it possible to use auto-sni to dynamically generate SSL certificates? For example, I want to have a proxy server that receives incoming requests from clients and creates an SSL cert for them before redirecting them to my backend servers. Can auto-sni do this?
it looks like we using cert.pem as cert
but we have to use fullchain.pem to fix the "invalid CA issue"
When I install the module, I get the following warning: οΏ½[email protected]: letsencrypt has been renamed to greenlock. Please find it at npm greenlock
Any plans to update this?
Like your idea but I have my own http server instance, could I use your module to only manage certificates? And preferably only a subset of them, the ones obtained through let's encrypt.
In the readme you say to run the following command to give Node access to ports 80 and 443:
sudo setcap cap_net_bind_service=+ep $(which node)
I am a linux noob so node
does not mean anything go me.
Here come the questions:
$()
characters have to be written or is this a placeholder for the node name?Everything was working dandy and I was optimizing how to config our app. Something when wrong and I no longer get error messages.
This is what curl returns
curl -kv https://localhost:8443
* Rebuilt URL to: https://localhost:8443/
* Trying ::1...
* Connected to localhost (::1) port 8443 (#0)
* SSL peer handshake failed, the server most likely requires a client certificate to connect
* Closing connection 0
curl: (35) SSL peer handshake failed, the server most likely requires a client certificate to connect
my current config:
secureServer = createServer({
email: config.LETSENCRYPT_ISSUES_EMAIL, // Emailed when certificates expire.
agreeTos: true, // Required for letsencrypt.
debug: true, // Add console messages and uses staging LetsEncrypt server. (Disable in production)
domains: [["localhost","www.localhost"]], // List of accepted domain names. (You can use nested arrays to register bundles with LE).
forceSSL: true, // Make this false to disable auto http->https redirects (default true).
redirectCode: 301, // If forceSSL is true, decide if redirect should be 301 (permanent) or 302 (temporary). Defaults to 302
ports: {
http: 8080, // Optionally override the default http port.
https: 8443 // Optionally override the default https port.
}
}, app);
No errors on the console. How do I see what the error is?
Hey Dylan, I just wanted to make you aware that I published a new version of letsencrypt
(v1.0.8). It fixes a bug where the registerAsync
would return before registration was complete and a bug in the pyconf parser/stringifier.
I don't think anything should have broken, but please let me know if you have any issues with it.
There is no documentation about where are the certificates and key stored.
I'm getting an error when I attempt to create the server with Express.
fs.js:651
return binding.mkdir(pathModule._makeLong(path),
^
Error: EEXIST, file already exists '../node_modules/auto-sni/static'
at Object.fs.mkdirSync (fs.js:651:18)
I have some issues getting auto-sni to work with Restify. I've followed your example, but was only able to make it work by changing your index.js Line 103 from
// Let request through to provided https-server.
httpsServer.emit('request', req, res)
to
// Let request through to provided https-server.
httpsServer.server.emit('request', req, res)
After this I can get Restify to work using forceSSL = false. As soon as I change it to true though, all my requests get dropped in nirvana and the server responds with an unexpectedly closed connection. No amount of debugging could get me the exact point at where my connections are dropped. I can't even reach the SNICallback or handleChallenge. I can see you're passing SNICallback to createServer, but I can't seem to figure out how Restify (or node's https for that matter) is using it.
It'd be really great if you could help me out!
how would this work if you use nginx as a reverse proxy ?
what would the nginx configuration look like?
Is this possible?
Hi,
I've received emails saying that my cert is going to expire, I thought this was supposed to auto-renew? I searched for 'renewal' on this Git site but didn't get any results. Can you give me some guidance on looking into this further, unsure of what to do...
Thank you!
Mark
Auto-sni uses ursa (https://github.com/quartzjer/ursa).
When Installing on windows I got this error message:
C:\Users\alex\ae_api\node_modules\ursa>if not defined npm_config_node_gyp (node "C:\Program Files\nodejs\node_modules\npm\bin\node-gyp-bin\\..\..\node_modules\node-gyp\bin\node-gyp.js" rebuild )
else (node "" rebuild )
Building the projects in this solution one at a time. To enable parallel build, please add the "/m" switch.
ursaNative.cc
..\src\ursaNative.cc(157): warning C4244: 'argument' : conversion from 'ssize_t' to 'int', possible loss of data [C:\Users\alex\ae_api\node_modules\ursa\build\ursaNative.vcxproj]
..\src\ursaNative.cc(172): warning C4244: 'argument' : conversion from 'ssize_t' to 'int', possible loss of data [C:\Users\alex\ae_api\node_modules\ursa\build\ursaNative.vcxproj]
..\src\ursaNative.cc(378): warning C4267: 'initializing' : conversion from 'size_t' to 'int', possible loss of data [C:\Users\alex\ae_api\node_modules\ursa\build\ursaNative.vcxproj]
..\src\ursaNative.cc(379): warning C4267: 'initializing' : conversion from 'size_t' to 'int', possible loss of data [C:\Users\alex\ae_api\node_modules\ursa\build\ursaNative.vcxproj]
..\src\ursaNative.cc(686): warning C4267: 'argument' : conversion from 'size_t' to 'int', possible loss of data [C:\Users\alex\ae_api\node_modules\ursa\build\ursaNative.vcxproj]
..\src\ursaNative.cc(734): warning C4267: 'argument' : conversion from 'size_t' to 'int', possible loss of data [C:\Users\alex\ae_api\node_modules\ursa\build\ursaNative.vcxproj]
..\src\ursaNative.cc(779): warning C4267: 'argument' : conversion from 'size_t' to 'int', possible loss of data [C:\Users\alex\ae_api\node_modules\ursa\build\ursaNative.vcxproj]
..\src\ursaNative.cc(826): warning C4267: 'argument' : conversion from 'size_t' to 'int', possible loss of data [C:\Users\alex\ae_api\node_modules\ursa\build\ursaNative.vcxproj]
..\src\ursaNative.cc(945): warning C4267: 'argument' : conversion from 'size_t' to 'unsigned int', possible loss of data [C:\Users\alex\ae_api\node_modules\ursa\build\ursaNative.vcxproj]
..\src\ursaNative.cc(1003): warning C4267: 'argument' : conversion from 'size_t' to 'unsigned int', possible loss of data [C:\Users\alex\ae_api\node_modules\ursa\build\ursaNative.vcxproj]
win_delay_load_hook.c
LINK : fatal error LNK1181: cannot open input file 'C:\OpenSSL-Win64\lib\libeay32.lib' [C:\Users\alex\ae_api\node_modules\ursa\build\ursaNative.vcxproj]
gyp ERR! build error
gyp ERR! stack Error: `C:\Program Files (x86)\MSBuild\12.0\bin\msbuild.exe` failed with exit code: 1
gyp ERR! stack at ChildProcess.onExit (C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\lib\build.js:276:23)
gyp ERR! stack at emitTwo (events.js:106:13)
gyp ERR! stack at ChildProcess.emit (events.js:191:7)
gyp ERR! stack at Process.ChildProcess._handle.onexit (internal/child_process.js:204:12)
gyp ERR! System Windows_NT 10.0.10586
gyp ERR! command "C:\\Program Files\\nodejs\\node.exe" "C:\\Program Files\\nodejs\\node_modules\\npm\\node_modules\\node-gyp\\bin\\node-gyp.js" "rebuild"
gyp ERR! cwd C:\Users\alex\ae_api\node_modules\ursa
gyp ERR! node -v v6.2.1
gyp ERR! node-gyp -v v3.3.1
gyp ERR! not ok
npm WARN install:[email protected] [email protected] install: `node-gyp rebuild`
npm WARN install:[email protected] Exit status 1
[email protected] C:\Users\alex\ae_api
`-- [email protected] extraneous
When checking ursa I found this information in their readme: https://github.com/quartzjer/ursa#windows-install.
So on Windows, you need to install some dependencies first.
It would be helpful for the next windows users to find this information in auto-sni's readme before trying to install auto-sni.
i believe this is a great repo if it is really working.
Can you please take a look with the error that i got??
Thank you.
Error: ENOENT: no such file or directory, open '/root/letsencrypt/etc/live/www.ABC.com/privkey.pem'
[LE] register
[NLE]: begin registration
[le/core.js] try email
[le/core.js] create account
[le/core.js] created account
[le/core.js] privkeyPath /root/letsencrypt/etc/live/www.ABC.com/privkey.pem
[le/core.js] domainKeyPath: undefined
AutoSNI LetsEncrypt Error: TypeError: Path must be a string. Received undefined
at assertPath (path.js:7:11)
at Object.dirname (path.js:1326:5)
at /root/my-debian/Node_server/node_modules/letsencrypt/lib/core.js:274:31
at tryCatcher (/root/my-debian/Node_server/node_modules/bluebird/js/release/util.js:16:23)
at Promise._settlePromiseFromHandler (/root/my-debian/Node_server/node_modules/bluebird/js/release/promise.js:504:31)
at Promise._settlePromise (/root/my-debian/Node_server/node_modules/bluebird/js/release/promise.js:561:18)
at Promise._settlePromiseCtx (/root/my-debian/Node_server/node_modules/bluebird/js/release/promise.js:598:10)
at Async._drainQueue (/root/my-debian/Node_server/node_modules/bluebird/js/release/async.js:143:12)
at Async._drainQueues (/root/my-debian/Node_server/node_modules/bluebird/js/release/async.js:148:10)
at Immediate.Async.drainQueues (/root/my-debian/Node_server/node_modules/bluebird/js/release/async.js:17:14)
at runCallback (timers.js:574:20)
at tryOnImmediate (timers.js:554:5)
at processImmediate as _immediateCallback
Will fall back to self signed certificate.
//server.js
var httpPort = 80;
var httpsPort = 443;
createServer({
email: '[email protected]', // Emailed when certificates expire.
agreeTos: true, // Required for letsencrypt.
debug: true, // Add console messages and uses staging LetsEncrypt server. (Disable in production)
domains: ["ABC.com", "test.ABC.com", "www.ABC.com"], // List of accepted domain names. (You can use nested arrays to register bundles with LE).
forceSSL: true, // Make this false to disable auto http->https redirects (default true).
redirectCode: 301, // If forceSSL is true, decide if redirect should be 301 (permanent) or 302 (temporary). Defaults to 302
ports: {
http: httpPort, // Optionally override the default http port.
https: httpsPort // // Optionally override the default https port.
}
} ,app);
This is probably a n00b question (sorry π ), but could your clarify if the user needs to perform any prior steps with Letβs Encrypt itself, or does this package work out of the box (i.e. without the user having to interact with Letβs Encrypt at all)?
version 2.1.1 throws error as:
le.challenges[tls-sni-01].loopback should be defined as function (opts, domain, token, cb) { ... } and should prove (by external means) that the ACME server challenge 'tls-sni-01' will succeed
However, version 1.5.1 working fine.
using: nodejs, npm, express as:
let server = createServer({
email: '[email protected]',
agreeTos: true,
debug: false,
domains: [ ['abc.com', 'www.abc.com'] ], // i use nested array
ports: {
http: 8080,
https:8443
}
}, app);
Here is the error produced when trying to run my node server:
html/live_nodejs/node_modules/auto-sni/node_modules/mz/node_modules/any-promise/register.js:61
throw new Error('Cannot find any-promise implementation nor'+
^
Error: Cannot find any-promise implementation nor global.Promise. You must install polypill or call require("any-promise/register") with your preferred implementation, e.g. require("any-promise/register")("bluebird") on application load prior to any require("any-promise").
at register (/var/www/html/live_nodejs/node_modules/auto-sni/node_modules/mz/node_modules/any-promise/register.js:61:11)
at Object.<anonymous> (/var/www/html/live_nodejs/node_modules/auto-sni/node_modules/mz/node_modules/any-promise/index.js:1:101)
at Module._compile (module.js:456:26)
at Object.Module._extensions..js (module.js:474:10)
at Module.load (module.js:356:32)
at Function.Module._load (module.js:312:12)
at Module.require (module.js:364:17)
at require (module.js:380:17)
at Object.<anonymous> (/var/www/html/live_nodejs/node_modules/auto-sni/node_modules/mz/fs.js:2:15)
at Module._compile (module.js:456:26)
And here is index.js:
var createServer = require("auto-sin");
var server = createServer({
email: "[email protected]", // Emailed when certificates expire.
agreeTos: true, // Required for lets encrypt
debug: true, // Add console messages and uses staging LetsEncrypt server. (Disable in production)
domains: ["www.test.com", "test.com"], // Optional list of allowed domains (uses pathtoregexp)
forceSSL: true, // Make this false to disable auto http->https redirects (default true).
ports: {
https: 9000 // // Optionally override the default https port.
}
});
server.listen(9000);
// Server is a "https.createServer" instance.
server.once("listening", function() {
console.log("We are ready to go.");
});
```.
Hi guys, when i start my server, print this error.
Ubuntu 16 on AWS, i install certbot, and execute server with sudo node ...
I am using ports 8080 http and 8443 https.
[DEBUG le/lib/core.js] registeryAsync err
Error: The CA was unable to validate the file you provisioned.
Probably a stupid question.
Any idea or steps to make this work under AWS elastic beanstalk environment?
I have a domain called example.com. I'd like to have a certificate for both www.example.com and example.com.
I'm trying to set the domains
property in the options of auto-sni like this:
domains: ["example.com", "www.example.com"]
, but it doesn't work and i have no error messages.
What am i doing wrong?
I am getting this strange messages with auto-sni and express.
with debug=true
This Let's Encrypt / ACME server has been updated with urls that this client doesn't understand
{ 'key-change': 'https://acme-staging.api.letsencrypt.org/acme/key-change',
'new-authz': 'https://acme-staging.api.letsencrypt.org/acme/new-authz',
'new-cert': 'https://acme-staging.api.letsencrypt.org/acme/new-cert',
'new-reg': 'https://acme-staging.api.letsencrypt.org/acme/new-reg',
'revoke-cert': 'https://acme-staging.api.letsencrypt.org/acme/revoke-cert' }
with debug=false:
This Let's Encrypt / ACME server has been updated with urls that this client doesn't understand
{ 'key-change': 'https://acme-v01.api.letsencrypt.org/acme/key-change',
'new-authz': 'https://acme-v01.api.letsencrypt.org/acme/new-authz',
'new-cert': 'https://acme-v01.api.letsencrypt.org/acme/new-cert',
'new-reg': 'https://acme-v01.api.letsencrypt.org/acme/new-reg',
'revoke-cert': 'https://acme-v01.api.letsencrypt.org/acme/revoke-cert' }
The debug=false certificates do work!! So it is not an error, but rather a warning message.
Perhaps a redirect message? I think this log entries are confusing, and should not appear when everything is working.
Hi,
I'm running auto-sni on my node.js server in ubuntu on a digital ocean vps with the code below. It works fine for http, but when going to https I get a certificate error shown here:
Certificate Error
There are issues with the site's certificate chain (net::ERR_CERT_AUTHORITY_INVALID).
I'm not sure what's wrong...
Thank you,
Mark
`var createServer = require("auto-sni");
var express = require("express");
var app = express();
app.get("/test", function (req, res) {
res.end('Hello, World!123');
});
createServer({
email: "[email protected]",
server: 'https://acme-v01.api.letsencrypt.org/directory',
agreeTos: true,
debug: true, // Add console messages and uses staging LetsEncrypt server. (Disable in production)
domains: ["traqify.com"], // List of accepted domain names. (You can use nested arrays to register bundles with LE).
forceSSL: false, // Make this false to disable auto http->https redirects (default true).
redirectCode: 301, // If forceSSL is true, decide if redirect should be 301 (permanent) or 302 (temporary). Defaults to 302
ports: {
http: 80, // Optionally override the default http port.
https: 443 // Optionally override the default https port.
} }, app);
`
A declarative, efficient, and flexible JavaScript library for building user interfaces.
π Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. πππ
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google β€οΈ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.