search

libbymiller / libbybot_eleven

Eleventh incarnation of libbybot, a cheapo presence robot, currently living in an IKEA lamp
26 stars 4 forks source link

SSL_CTX_use_certificate:ee key too small #3

Open man4567890 opened 3 years ago

man4567890 commented 3 years ago

Hi I'm running Ubuntu 21.04 and I get this error when starting the server

nodejs server.js
_tls_common.js:129
      c.context.setCert(cert);
                ^

Error: error:140AB18F:SSL routines:SSL_CTX_use_certificate:ee key too small
    at Object.createSecureContext (_tls_common.js:129:17)
    at Server.setSecureContext (_tls_wrap.js:1328:27)
    at Server (_tls_wrap.js:1186:8)
    at new Server (https.js:70:14)
    at Object.createServer (https.js:94:10)
    at Object.<anonymous> (/var/www/iot-digitata.com/RTCMultiConnection/server.js:270:26)
    at Module._compile (internal/modules/cjs/loader.js:999:30)
    at Object.Module._extensions..js (internal/modules/cjs/loader.js:1027:10)
    at Module.load (internal/modules/cjs/loader.js:863:32)
    at Function.Module._load (internal/modules/cjs/loader.js:708:14) {
  library: 'SSL routines',
  function: 'SSL_CTX_use_certificate',
  reason: 'ee key too small',
  code: 'ERR_SSL_EE_KEY_TOO_SMALL'
}

My letsencrypt seems to be ok

sudo certbot --apache -d xxxxxxx

Saving debug log to /var/log/letsencrypt/letsencrypt.log Plugins selected: Authenticator apache, Installer apache Cert not yet due for renewal

You have an existing certificate that has exactly the same domains or certificate name you requested and isn't close to expiry. (ref: /etc/letsencrypt/renewal/xxxxxx)

What would you like to do?

1: Attempt to reinstall this existing certificate 2: Renew & replace the certificate (may be subject to CA rate limits)

Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 1 Keeping the existing certificate Deploying Certificate to VirtualHost /etc/apache2/sites-enabled/xxxxxxx-le-ssl.conf Enhancement redirect was already set.

Congratulations! You have successfully enabled https://xxxx

IMPORTANT NOTES:

:/var/www/iot-digitata.com/RTCMultiConnection$ 



Also when you say
Add a new directory 'libbybot', and add the html and javascript files from this github repo directory into that directory.
Where must the libbybot directory be, under /var/www/xxxxxxxxxxx/RTCMultiConnection$ ?

Thanks
libbymiller commented 2 years ago

It's a bit late for you, but I just ran into this myself. Issue is that the default is some fake keys in the RTCMulticonnection repo, which are not overridden by the fields in server.js. You need to update config.json with the real letsencrypt keys, something like this:

cat config.json 
{
  "socketURL": "/",
  "dirPath": "",
  "homePage": "/",
  "socketMessageEvent": "RTCMultiConnection-Message",
  "socketCustomEvent": "RTCMultiConnection-Custom-Message",
  "port": "9001",
  "enableLogs": "false",
  "autoRebootServerOnFailure": "false",
  "isUseHTTPs": "true",
  "sslKey": "/etc/letsencrypt/live/libbybot.example.com/privkey.pem",
  "sslCert": "/etc/letsencrypt/live/libbybot.example.com/fullchain.pem",
  "sslCabundle": "/etc/letsencrypt/live/libbybot.example.com/chain.pem",
  "enableAdmin": "false",
  "adminUserName": "username",
  "adminPassword": "password"
}