Node.js HTTPS Server Let's Encrypt Certificate Files Location on Windows Server

Question

I have a windows server 2012 and wanted to run a node.js web server over https. I have SSL certificate from let's encrypt.

My server code is here:

const https = require("https"),
fs = require("fs");

const options = {
  key: // not have,
  cert: "C:\\ProgramData\\win-acme\\acme-v02.api.letsencrypt.org\\Certificates\\ichangedthispart-csr.pem"
};
const express = require('express')
const qs=require('qs')
const app = express()
const port = 3000

app.listen(port, () => {
  console.log(`Example app listening at http://localhost:${port}`)
})

https.createServer(options, app).listen(8080);

When I runned with just cert option there is

node:_tls_common:155
context.setCert(cert);
        ^

Error: error:0909006C:PEM routines:get_name:no start line
    at setCerts (node:_tls_common:155:13)
    at Object.createSecureContext (node:_tls_common:210:7)
    at Server.setSecureContext (node:_tls_wrap:1336:27)
    at Server (node:_tls_wrap:1191:8)
    at new Server (node:https:67:14)
    at Object.createServer (node:https:92:10)
    at Object.<anonymous> (C:\inetpub\wwwroot\app\server.js:42:7)
    at Module._compile (node:internal/modules/cjs/loader:1108:14)
    at Object.Module._extensions..js (node:internal/modules/cjs/loader:1137:10)
    at Module.load (node:internal/modules/cjs/loader:973:32) {
  library: 'PEM routines',
  function: 'get_name',
  reason: 'no start line',
  code: 'ERR_OSSL_PEM_NO_START_LINE'
}

I don't have the pem file for 'key' inside win-acme directory. In some examples also another pem file for 'ca'; i don't have that file too.

Could these other .pem files be generated with something using this single pem file on windows server? Do I need any other information? There are some examples using with openssl but it seems different.

Answer 1

I intented to have the key.pem file from let's encrypt certification. Now I solved the issue.

First I was using win-acme tool to generate certificate on windows server. To get key.pem file from certificate generation process, you need to change the PrivateKeyExportable to true in settings.json file of win-acme.

Secondly, you need to generate or renew certificate using win-acme with the PEM encoded files (Apache, nginx, etc.) for storing option. Pick the "How would you like to store the certificate?" question as PEM encoded files (Apache, nginx, etc.) option.

Finally you will have both key.pem and crt.pem files at the export directory. Then use them for the https options object as:

const options = {
 key: fs.readFileSync('yourhomesite.com-key.pem', 'utf8'),
 cert: fs.readFileSync('yourhomesite.com-crt.pem', 'utf8')
};