2

What I've Done

I used certbot to certify that I own my domain, which generated several .pem files. The certificates are listed here: https://certbot.eff.org/docs/using.html#where-are-my-certificates

I found this post which makes sense and matches all of the other information I'm getting from Googling around, but when I do this and run node I can't connect to my site using https. Http works fine as it always has.

My server is express.js + node.js and I'm not using a reverse proxy like nginx. It's running on Ubuntu on Google Cloud Platform.

The relevant code is:

var http = require('http');
var https = require('https');
var privateKey  = fs.readFileSync('/etc/letsencrypt/live/troywolters.com/privkey.pem', 'utf8');
var certificate = fs.readFileSync('/etc/letsencrypt/live/troywolters.com/fullchain.pem', 'utf8');
var credentials = {key: privateKey, cert: certificate};
var app = express();

// Lots of other express stuff (app.use()'s)

var httpServer = http.createServer(app);
var httpsServer = https.createServer(credentials, app);
httpServer.listen(80);
httpsServer.listen(443);

What doesn't work

When I try to connect to my site using https://troywolters.com the connection times out and nothing happens. What am I doing wrong?

Community
  • 1
TW80000
  • 139
  • 5
  • What does `netstat -lnp` show on your server? How is the firewall configured? – Tero Kilkanen Mar 25 '17 at 02:37
  • The relevant lines seem too be `tcp6 0 0 :::443 :::* LISTEN 8689/node` and `tcp6 0 0 :::80 :::* LISTEN 8689/node`. I've never done anything with a firewall on this server so I'm not sure. – TW80000 Mar 25 '17 at 02:43
  • Please add the complete output to the question, it is easier to read from there. – Tero Kilkanen Mar 25 '17 at 02:47
  • as whom does the app run, does that use have read access to `/etc/letsencrypt/live/troywolters.com/privkey.pem` – Jacob Evans Mar 25 '17 at 02:50
  • looking at https://github.com/ayanray/express4_SSL_example/blob/master/app.js I'm not sure your config is correct – Jacob Evans Mar 25 '17 at 02:52
  • 3
    https://cloud.google.com/compute/docs/networking#firewalls – Michael Hampton Mar 25 '17 at 04:10
  • @TeroKilkanen I added the complete output to the question – TW80000 Mar 25 '17 at 05:09
  • @JacobEvans I was hoping that would fix it but changing ownership to my user account (using chown) and giving full permissions (via chmod) didn't fix it :( – TW80000 Mar 25 '17 at 05:10
  • Also, if you'd like to use Let's Encrypt directly with node.js without all the certbot setup, you can use Greenlock: https://git.coolaj86.com/coolaj86/greenlock-express.js – coolaj86 May 25 '18 at 22:17

1 Answers1

1

The answer to the problem was that my hosting platform (Google Cloud Platform) did not allow port 443 through the firewall in the default configuration. Running

gcloud compute firewall-rules create allow-https --description "Incoming https allowed." --allow tcp:443

allowed incoming traffic through port 443 and fixed the problem.

Thank you to Michael Hampton for the tip.

TW80000
  • 139
  • 5