无法使用Node js使用LetsEncrypt certbot生成SSL证书 [英] unable to generating SSL certificate with LetsEncrypt certbot using node js
问题描述
我已经在带有预配置SSL证书的firebase上部署了我的react应用,但是由于我使用HTTP而不是HTTPS来对节点js服务器进行API调用.由于我正在从安全站点浏览器中访问非安全内容,因此阻止了我的所有API调用.
I have deployed my react app on firebase which comes with a pre-configured SSL certificate, but since I am making API calls to a node js server using HTTP and not HTTPS. Since I am accessing a non-secured content from within a secured site browser is blocking all my API calls.
最佳和明显的选择是通过HTTPS加载所有资源以提高站点的安全性,这意味着在本例中为节点服务器生成一个由证书颁发机构"签名的单独证书,但我在实现此目标时遇到了麻烦
The best and obvious choice is to load all resources via HTTPS to improve the security of my site which means generating a separate certificate signed by 'Certificate Authority' in this case LetsEncrypt for my node server, but I am having trouble achieving this.
复制步骤
- 已安装Certbot
- 使用命令
$ certbot certonly --manual使用Certbot生成SSL证书 - 输入您的域名
- 经历HTTP-01挑战过程
问题
-
如果我的域已经使用SSL证书保护了,为什么我需要在第3步中提供我的域?我的意思是这是一台Web服务器,并且会通过公共IP接收API请求,为什么需要该域?
Why do I need to provide my domain in step 3 if my domain is already secured with an SSL certificate? I mean this is a web server and would receive API requests via public IP why the need for the domain?
对于HTTP-01挑战过程,Certbot会要求您在Web服务器文档根目录中的.well-known/acme-challenge/目录中创建一个带有自动生成的密钥的文件,并且该文件必须包含身份验证密钥,执行此操作时出现以下错误:
For the HTTP-01 challenge process, Certbot will ask you to create a file with an auto-generated key in your web server document root, inside directories .well-known/acme-challenge/ and this file must contain the auth key, when I do this I am getting below error:
一些挑战失败了.要解决这些错误,请确保正确输入您的域名,并且该域的DNS A/AAAA记录包含正确的IP地址.
Some challenges have failed. To fix these errors, please make sure that your domain name was entered correctly and the DNS A/AAAA record(s) for that domain contain(s) the right IP address.
我也很高兴收到其他建议.谢谢您的宝贵时间.
I would also be happy to receive other suggestions. Thanks for your time.
推荐答案
首先,您必须了解您有一个域指向指向 Firebase 托管的React应用.该域已具有TLS(又称SSL)证书.现在,您正在尝试使用 cerbot 保护一个 Node.JS 服务器,该服务器没有指向它的域,并使用 cerbot 已经受保护的域.
First, you have to understand that you have a domain which points to your Firebase-hosted React application. That domain already has a TLS (aka SSL) certificate. Now, you are trying to secure a Node.JS server, which doesn't have a domain pointing to it, using cerbot, with your already-secured domain.
您现在应该看到,为什么这不能按预期进行.您有一个指向React应用程序的域,但 不是 您的 Node.JS 服务器,并且您正在尝试使用certbot 来保护该域(无论如何,该域已经受到保护). certbot 会向您的React应用程序发出HTTP-01挑战的请求,但会失败,因为挑战不存在.
You should see now, why that doesn't work as expected. You have a domain that is pointing to your React application, but not your Node.JS server, and you are trying to use certbot to secure that domain (which is already secured anyways). certbot will make a request to your React application for the HTTP-01 challenge, and it will fail, because the challenge isn't there.
您如何解决此问题?通过为您的 Node.JS 服务器提供域名,然后将那个域与 certbot 一起使用.
How do you solve this? By giving your Node.JS server a domain name, and using that domain with certbot.
现在,您不必只为 Node.JS 服务器购买另一个域名.您可以使用 子域 ,然后进行修改子域指向您的 Node.JS 服务器. 然后 ,您可以使用 certbot 保护 Node.JS 应用程序.
Now, you don't have to go and buy another domain name just for your Node.JS server. You could use a subdomain, and then make that subdomain point to your Node.JS server. Then, you could use certbot to secure your Node.JS application.
这篇关于无法使用Node js使用LetsEncrypt certbot生成SSL证书的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
