keystonejs/keystone-classic

Automated letsencrypt issuing bad certificate - Fake LE Root X1

Open

Aperta il 18 giu 2018

Vedi su GitHub
 (0 commenti) (0 reazioni) (0 assegnatari)JavaScript (14.656 star) (2288 fork)batch import
4.x candidatehelp wantedquestion

Descrizione

Expected behavior

Valid letsencrypt certificate should be issued.

Actual/Current behavior

An invalid certificate is issued by Fake LE Root X1

Steps to reproduce the actual/current behavior

  1. Set NODE_ENV=production in .env
  2. Add letsencrypt config as per this article.
  3. Run keystone
  4. Load in browser, no green padlock as certificate is invalid.

If I manually generate the certificate with certbot, then move the keys over, everything works properly.

Environment

Software Version
Keystone 4.0.0-beta.5
Node v6.12.3
Ubuntu 16.04

Guida contributor

Tech stack
javascriptnodejs
Dominio
backenddevops
Tipo issue
bug
DifficoltàQuanto dovrebbe essere impegnativa per un nuovo contributor.
3
Tempo stimatoTempo stimato per completare e verificare uno scope piccolo.
half day
Stato attivitàQuanto è probabile che la issue sia ancora attiva e reviewable.
stale
ChiarezzaQuanto chiaramente la issue descrive problema, scope e risultato atteso.
needs investigation
Prerequisiti
Node.jsSSL/TLS basics
Adatta ai principiantiQuanto la issue è adatta a contributor alla prima esperienza.
15
Direzione di ricerca
Investigate the automated letsencrypt certificate generation in Keystone. Examine the relevant code (likely in the keystone SSL module) to identify why a 'Fake LE Root X1' certificate is issued instead of a valid one. Compare with manual certbot certificate generation. Look for misconfiguration, outdated ACME library, or issues with the directory endpoint. Check the Keystone documentation and any related issues for known fixes.