Let's Encrypt untrusted cert - Githubissues

rethinkdb / horizon

Horizon is a realtime, open-source backend for JavaScript apps.

MIT License

6.78k stars 349 forks source link

Let's Encrypt untrusted cert #877

Open allain opened 7 years ago

allain commented 7 years ago

Server version: 2.0.0 Client version: 2.0.0

It would appear that let's encrypt needs me to specify the chain.pem file as well as the private key and cert.

When configuring apache all 3 files need to be specified: SSLCertificateFile /etc/letsencrypt/live/$DOMAIN/cert.pem SSLCertificateKeyFile /etc/letsencrypt/live/$DOMAIN/privkey.pem SSLCertificateChainFile /etc/letsencrypt/live/$DOMAIN/chain.pem

I think adding ca_file might be needed and it'd pass in ca: ... to https://github.com/rethinkdb/horizon/blob/a11ac62921d44ad951001c511a78b4324aef9bc0/cli/src/serve.js#L292

allain commented 7 years ago

I've confirmed that passing in ca resolves the issue when using horizon in an embedded context.