search

ocelotconsulting / node-acme-lambda

Use AWS Lambda to manage SSL certificates for ACME providers like Let's Encrypt.
http://www.ocelotconsulting.com/2016/10/07/letsencrypt-lambda.html
ISC License
123 stars 47 forks source link

Errors in using LTS node js version 12.16.1 #32

Open sutarsha opened 4 years ago

sutarsha commented 4 years ago

I am using this lambda function to generate letsencrypt certificate and then put them in s3 bucket so later when I bake images it would pick the certificate from s3. I am using below node version on my mac where this fails.

| => node --version
v12.16.1

However, I get below error when I run it locally. 

| => npm run local-cert

> node-acme-lambda@1.0.0 local-cert /Users/shaileshsutar/company_name/project_name/node-acme-lambda
> node bin/local.js

s3://uat-bucket-name/acme/host.uat.product.company_name.net.json does not exist.
Certificate with key host.uat.product.company_name.net is missing, going to regenerate.
Submitting new order to https://acme-v02.api.letsencrypt.org/acme/new-order for [{"name":"host.uat.product.company_name.net","zoneLevels":3}]
deprecation notice: new signature for signJws(keypair, header, protect, payload)
(node:9847) [DEP0005] DeprecationWarning: Buffer() is deprecated due to security and usability issues. Please use the Buffer.alloc(), Buffer.allocUnsafe(), or Buffer.from() methods instead.
Couldn't retrieve hosted zones from Route53 TypeError: Cannot read property 'Id' of undefined
    at /Users/shaileshsutar/company_name/project_name/node-acme-lambda/src/aws/route53/getHostedZoneId.js:12:96
    at processTicksAndRejections (internal/process/task_queues.js:97:5)
    at async Promise.all (index 0)
    at async Promise.all (index 0)
Couldn't write token digest to DNS record. TypeError: Cannot read property 'Id' of undefined
    at /Users/shaileshsutar/company_name/project_name/node-acme-lambda/src/aws/route53/getHostedZoneId.js:12:96
    at processTicksAndRejections (internal/process/task_queues.js:97:5)
    at async Promise.all (index 0)
    at async Promise.all (index 0)
Experienced error getting challenges TypeError: Cannot read property 'Id' of undefined
    at /Users/shaileshsutar/company_name/project_name/node-acme-lambda/src/aws/route53/getHostedZoneId.js:12:96
    at processTicksAndRejections (internal/process/task_queues.js:97:5)
    at async Promise.all (index 0)
    at async Promise.all (index 0)
Results are [{"err":true,"msg":"Updating cert for host.uat.product.company_name.net, received err TypeError: Cannot read property 'Id' of undefined, TypeError: Cannot read property 'Id' of undefined\n    at /Users/shaileshsutar/company_name/project_name/node-acme-lambda/src/aws/route53/getHostedZoneId.js:12:96\n    at processTicksAndRejections (internal/process/task_queues.js:97:5)\n    at async Promise.all (index 0)\n    at async Promise.all (index 0)"}]

From error, I understand that there is function Buffer() which is deprecated. What I don't understand is error can not read property 'Id'. This works fine with lambda nodjs runtime version 10.x however it fails when I run it on nodejs version 12.x

Am I missing something here? The reason I am raising this here again is that we are getting emails from letencrypt which states that we are using the old acme v1 protocol for retrieving certs. However, this is not the case. I have already updated my config.js file with appropriate acme v2 protocol. Below is the config file I am using. 

const defaultCertInfo = {
    "host.uat.product.company_name.net": [{"name": "host.uat.product.company_name.net", "zoneLevels": 3}]
      }

module.exports = {
  's3-account-bucket': process.env.S3_ACCOUNT_BUCKET || 'uat-bucket-name',
  's3-cert-bucket': process.env.S3_CERT_BUCKET || 'uat-bucket-name',
  's3-folder': process.env.S3_CERT_FOLDER || 'acme',
  'certificate-info': process.env.S3_CERT_INFO ? JSON.parse(process.env.S3_CERT_INFO) : defaultCertInfo,
  'acme-dns-retry': 30,
  'acme-dns-retry-delay-ms': 2000,
  'acme-account-file': process.env.ACME_ACCOUNT_FILE || 'acme-account',
  'acme-account-email': process.env.ACME_ACCOUNT_EMAIL || 'aws-product-nonprod@company_name.com',
  'acme-account-key-bits': 4096,
  'acme-directory-url': 'https://acme-v02.api.letsencrypt.org',
  'region': process.env.AWS_REGION || 'eu-west-1'
}

It may not be related to nodejs version however I just want to make sure we are not at risk due to this. By the way, I have anonymized the actual value.

Regards, Shailesh

larryboymi commented 4 years ago

Thanks @sutarsha , will check this out!

shaileshsutar88 commented 4 years ago

Any update on this. Were you able to reproduce the issue?