Few weeks back I was looking for a “FREE” SSL/TLS Certificate for my website ( iyogeshjoshi.com ). C’mon, who don’t like “Free stuffs” ;). It’s then when I heard about Let’s Encrypt.
Let’s Encrypt is a new Certificate Authority, It’s automated, open and free by Internet Security Research Group (ISRG). Sponsored by big shots like Mozilla, Facebook, Cisco, Chrome, and so on ( see other sponsors here ). Thanks to them now we can get “https” for our sites for free.
Since the Let’s Encrypt, there are many clients including the native one’s to get the certificate ( You can get and contribute to native client here ). But I couldn’t find any good source for node server. So here I’m writing how I did it.
One of my colleague told me about this site, gethttpsforfree, Name itself is self explanatory, it’s pretty simple and straight forward site with most of the information required. For some reason, I saw everywhere people are considering only Apache and Nginx as servers, so are writing about them only.
Before we proceed I will suggest you to get a linux or mac machine it’ll we a lot easier with it, and I will also be assuming for rest of the blog that you’ve any *nix machine.
Let’s get started, open gethttpsforfree, and start with it. Till Step 3, you shouldn’t have any problem, if you’ve any feel free to write them on comment, but I suggest you to do some googling on that first. So the first three steps contains:
- Getting Account info and generating account.key .
- Certificate Signing Request (CSR) to get a signed certificate from Let’s Encrypt. ( Note: Make to change *.cnf file and domain name in the commads)
- Sign API requests with Let’s Encrypt.
Assuming you’ve completed first three steps successfully, let’s move on to the fourth one, viz, Verifying Ownership, here they ask you to run the following python command on you hosting machine:
# Don't copy this, please copy the command given to you by
# getfreehttps site only. sudo python -c “import BaseHTTPServer; \
h = BaseHTTPServer.BaseHTTPRequestHandler; \
h.do_GET = lambda r: r.send_response(200) or r.end_headers() or r.wfile.write(‘8Blbq6zcw457ZpLwaw...some_hash_key’); \
s = BaseHTTPServer.HTTPServer((‘0.0.0.0’, 80), h); \
s.serve_forever()”
But probably if you’re like me who don’t like to pay for hosting, because it’s just one page and host on some free available hosting sites or have one of your own server configured at you home or don’t want to execute some complicated python commands, don’t still there is a way. If you’ve noticed on gethttpsforfree site they’ve also give an option based on file. So that works like you have to serve some content provided by them on a specific url, viz, again given by them.
If you already have a NodeJs server file, or if you’re using Express server you’re good to go but if you don’t have one, I’ve created a gist for server.js feel free to fork and use it.
So using file option and using my server.js file all you have to do is create a file inside your public directory, so that it can be served directly. So it’s like if it asks you to serve the content under: http://yourdomain.com/.well-known/acme-challenge/8Blbq61234557Zpabcxyz-zAEJTbDZQWgpnPpF2rXK6vCs , all you’ve to do is:
# create a folder .well-known inside public
$ mkdir .well-known && cd .well-known# create another folder acme-challenge inside .well-known
$ mkdir acme-challenge && cd acme-challenge# create a file inside acme-challenge folder with name in url
# i.e 8Blbq61234557Zpabcxyz-zAEJTbDZQWgpnPpF2rXK6vCs
$ vim 8Blbq61234557Zpabcxyz-zAEJTbDZQWgpnPpF2rXK6vCs
# paste the content from the gethttpsforfree site which you have to
# serve save and exit
Save the file update or restart you server if needed and check wether it’s serving content under that url, if it is serving go ahead.
So now the last step consist of Installing certificate to your site, which is not hard. So if you’ve finished last step on site successfully you will get 2 certificates from them “Signed Certificate” and “Intermediate Certificate” copy them and save them to a single file one after another first Signed then Intermediate certificate and save the file as “chained.pem” this is the file you need in server.js file and another file you’ll be needing is “domain.key” which you’ve generated in step 2.
// options for ssl certificate in server.js file
var options = {
cert: fs.readFileSync('path/to/chained.pem'),
key: fs.readFileSync('path/to/domain.key'),
}// if you're using HTTPS do it like this NOTE: it's httpS not http
https.createServer(options, requestHandler);// if you're using Express do it like this
https.createServer(options, app).listen(PORT, callback);
And it’s done. Now all you have to do is restart you node server, and verify it. Enjoy :)