CODEWITHSUNDEEP
node.jsexpresssslhttpsgreenlock
user10124491
user10124491

Reputation:

Invalid SNI error for Wildcard Domains with Greenlock-Express

I need to secure *.keytap.xyz with greenlock-express. My DNS is DigitalOcean, and I am using the greenlock plugin for it, but whether I put that in or not, I get the error:

Fetching certificate for '*.keytap.xyz' to use as default for HTTPS server...
Unhandled rejection Error: invalid SNI

I am using version 2.6.7 for greenlock-express and 2.1.0 for le-challenge-digitalocean.

My code is:

var leChallengeDigitalOcean = require('le-challenge-digitalocean').create({
  debug: false,
  doApiKey: 'xxxxxxxxxxxxxx'
});
require('greenlock-express').create({
  server: 'https://acme-staging-v02.api.letsencrypt.org/directory',
  challengeType: 'dns-01',
  challenges: {
    'dns-01': leChallengeDigitalOcean
  },
    email: '[email protected]',
    agreeTos: true,
    confDir: '~/.config/acme',
    approveDomains: ['*.keytap.xyz'],
    app: app
}).listen(80, 443);

I don't even know what an SNI is. Thanks in advance.

Upvotes: 0

Views: 471

Answers (1)

Alexander Meise
Alexander Meise

Reputation: 1438

SNI stands for SERVER NAME INDICATION (see link).

Basically it allows multiple websites to run in the same ip/port pair with different certificates. The domain name is not encrypted and therefore the webserver can redirect each request to the relevant site based on the domain name.

I think your error is because the listener is waiting for a server name/domain name and you are giving it a wildcard.

Are you sure you need a wildcard cert or SNI at all?

Upvotes: 0

Related Questions