Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

HTTPS - Exposing ca option #216

Open
rac146 opened this issue Sep 30, 2021 · 1 comment
Open

HTTPS - Exposing ca option #216

rac146 opened this issue Sep 30, 2021 · 1 comment

Comments

@rac146
Copy link

rac146 commented Sep 30, 2021

I noticed with the upcoming expiration of the LetsEncrypt DST Root CA X3 root cert, I had to include my fullchain.pem as the 'ca' option when creating the https server, otherwise the cert was still trying to use the old DST Root CA (which expires Sept 30) instead of the new ISRG Root X1 cert, resulting in expired/invalid https requests.

My certs were generated with certbot

Info: https://letsencrypt.org/docs/dst-root-ca-x3-expiration-september-2021/

It's a really simple change in dev-server.js.
Starting at line 46:

const key = fs.readFileSync(options.key)
const cert = fs.readFileSync(options.cert)
const ca = fs.readFileSync(options.ca)
server = https.createServer({ key, cert, ca }, app)

In essence, making a new option for 'ca' exposes it to the nollup options.

Can anyone else confirm/deny they're seeing the same issue? Is there another way to workaround this problem without setting 'ca'?

@rac146
Copy link
Author

rac146 commented Sep 30, 2021

Ok, update - it seems if you're using certbot, you can just set the fullchain.pem as the 'cert', no 'ca' option required.

Old way:
cert: cert.pem
key: privkey.pem

New way:
cert: fullchain.pem
key: privkey.pem

I'll leave this open in case there are any other reasons to expose 'ca'

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant