Reputation: 6278
I created an ssl certificate automatically with Let's Encrypt.
Now I'm trying to use them to create a https server with node.js
var https = require("https");
global.fs = require("fs");
var certContent = fs.readFileSync("/etc/letsencrypt/csr/0000_csr-certbot.pem", "utf8");
var keysContent = fs.readFileSync("/etc/letsencrypt/keys/0000_key-certbot.pem", "utf8");
console.log("Cert content:", certContent, keysContent);
var server = https.createServer(
{
cert:certContent,
key: keysContent
},
function(request, response)
{
});
On the create server call, it gives this error:
_tls_common.js:109
c.context.setCert(cert);
^
Error: error:0906D06C:PEM routines:PEM_read_bio:no start line
at Object.createSecureContext (_tls_common.js:109:17)
at Server (_tls_wrap.js:853:25)
at new Server (https.js:60:14)
at Object.createServer (https.js:81:10)
at Object.<anonymous> (/home/foo/public_html/main.js:167:20)
at Module._compile (module.js:641:30)
at Object.Module._extensions..js (module.js:652:10)
at Module.load (module.js:560:32)
at tryModuleLoad (module.js:503:12)
at Function.Module._load (module.js:495:3)
The console log shows this output:
Cert content:
-----BEGIN CERTIFICATE REQUEST-----
// base64 here
-----END CERTIFICATE REQUEST-----
-----BEGIN PRIVATE KEY-----
// base64 here
-----END PRIVATE KEY-----
Why is it saying that the pem files are invalid when they have the correct header and footer?
Upvotes: 0
Views: 924
Reputation: 6278
After following aRvi and Steffen advice, I attempted to recreate the ssl certificates.
It turns out that it was failing to create them due to an error in the apache plugin for certbot.
It was trying to use a folder name that didn't exist:
FileNotFoundError: [Errno 2] No such file or directory: '/etc/httpd/conf.d/le_http_01_challenge_pre.conf'
So I told it the correct folder to use with this:
sudo /usr/local/bin/certbot-auto certonly --apache --apache-challenge-location /etc/httpd/conf
I was getting this error:
certbot: error: unrecognized arguments: ––apache-challenge-location /etc/httpd/conf
Because the two dashes in front of apache are the wrong dash character since I copied it off a user written blog that changed it incorrectly.
Upvotes: 0
Reputation: 123531
-----BEGIN CERTIFICATE REQUEST-----
// base64 here
-----END CERTIFICATE REQUEST-----
You are only providing a certificate request here. But it is expected that you actually provide the certificate, which will look like this:
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
The certificates are probably somewhere below /etc/letsencrypt/live
.
Upvotes: 1