You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I noticed with the upcoming expiration of the LetsEncrypt DST Root CA X3 root cert, I had to include my fullchain.pem as the 'ca' option when creating the https server, otherwise the cert was still trying to use the old DST Root CA (which expires Sept 30) instead of the new ISRG Root X1 cert, resulting in expired/invalid https requests.
I noticed with the upcoming expiration of the LetsEncrypt DST Root CA X3 root cert, I had to include my fullchain.pem as the 'ca' option when creating the https server, otherwise the cert was still trying to use the old DST Root CA (which expires Sept 30) instead of the new ISRG Root X1 cert, resulting in expired/invalid https requests.
My certs were generated with certbot
Info: https://letsencrypt.org/docs/dst-root-ca-x3-expiration-september-2021/
It's a really simple change in dev-server.js.
Starting at line 46:
const key = fs.readFileSync(options.key)
const cert = fs.readFileSync(options.cert)
const ca = fs.readFileSync(options.ca)
server = https.createServer({ key, cert, ca }, app)
In essence, making a new option for 'ca' exposes it to the nollup options.
Can anyone else confirm/deny they're seeing the same issue? Is there another way to workaround this problem without setting 'ca'?
The text was updated successfully, but these errors were encountered: