search

keystonejs / keystone-classic

Node.js CMS and web app framework
http://v4.keystonejs.com
MIT License
14.64k stars 2.21k forks source link

SSL using letsencrypt not working properly #4794

Open kaaljabr opened 6 years ago

kaaljabr commented 6 years ago

I am deploying keystonejs app on Ubuntu 16 with docker-compose and having a valid letsencrypt certificate.

I have added the following settings in keystone.js

'ssl': true
'port': 3000,
    'admin path': 'admin',
    'ssl cert': '/etc/letsencrypt/live/mydomain.com/fullchain.pem',
    'ssl key': '/etc/letsencrypt/live/mydomain.com/privkey.pem',
    'letsencrypt': (process.env.NODE_ENV === 'production') && {
        email: 'user@gmail.com',
        domains: ['www.mydomain.com', 'mydomain.com'],
        register: true,
        tos: true,
    },

Server starts fine showing me this:

app | app | ------------------------------------------------ app | KeystoneJS v4.0.0 started: app | mydomain is ready on http://0.0.0.0:3000 app | SSL Server is ready on https://0.0.0.0:3001 app | ------------------------------------------------ app |

But when I visit my website. it does not show it as secured from the url tab in the browser. It shows a little exclamation mark (!) Saying: your connection to this site is not secured.

I have apache2 on my server.

under /etc/apache2/sites-available/mydomain.com.conf I have this:

<VirtualHost *:80>
  # Admin email, Server Name (domain name), and any aliases
  ServerAdmin info@mydomain.com
  ServerName  mydomain.com
  ServerAlias www.mydomain.com

  # Index file and Document Root (where the public files are located)
  DirectoryIndex index.html
  DocumentRoot /var/www/html/mydomain.com/
  # Log file locations
  LogLevel warn
  ErrorLog  /var/www/html/mydomain.com/log/error.log
  CustomLog /var/www/html/mydomain.com/log/access.log combined

ProxyPass / http://localhost:3000/
ProxyPassReverse / http://localhost:3000/
ProxyPreserveHost On

RewriteEngine on
RewriteCond %{SERVER_NAME} =www.mydomain.com [OR]
RewriteCond %{SERVER_NAME} =mydomain.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>

and under /etc/apache2/sites-available/mydomain.com.le.ssl.conf

<IfModule mod_ssl.c>
<VirtualHost *:443>
  # Admin email, Server Name (domain name), and any aliases
  ServerAdmin info@mydomain.com
  ServerName  mydomain.com
  ServerAlias www.mydomain.com

  # Index file and Document Root (where the public files are located)
  DirectoryIndex index.html
  DocumentRoot /var/www/html/mydomain.com/
  # Log file locations
  LogLevel warn
  ErrorLog  /var/www/html/mydomain.com/log/error.log
  CustomLog /var/www/html/mydomain.com/log/access.log combined

ProxyPass / http://localhost:3000/
ProxyPassReverse / http://localhost:3000/
ProxyPreserveHost On

Include /etc/letsencrypt/options-ssl-apache.conf
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/mydomain.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/mydomain.com/privkey.pem
</VirtualHost>
</IfModule>

I have tried pointing the ProxyPass & ProxyPassReverse to 3001 port. But the site will never be accessible. Any help is so much appreciated.

alancwoo commented 6 years ago

I was really banging my head against a wall trying to get letsencrypt working properly with my keystone site, someone managed to find the solution, at least in my case, which was the production flag in the letsencrypt object:

https://community.letsencrypt.org/t/node-keystone-js-help-with-net-err-cert-authority-invalid-error/74371/5

letsencrypt: {
  production: true,
  // the rest
}

Maybe see if that works?

autoboxer commented 5 years ago

@kaaljabr, did @alancwoo's answer work for you?