keystonejs/keystone-classic

Automated letsencrypt issuing bad certificate - Fake LE Root X1

Open

#4,660 建立於 2018年6月18日

在 GitHub 查看
 (0 留言) (0 反應) (0 負責人)JavaScript (14,656 star) (2,288 fork)batch import
4.x candidatehelp wantedquestion

描述

Expected behavior

Valid letsencrypt certificate should be issued.

Actual/Current behavior

An invalid certificate is issued by Fake LE Root X1

Steps to reproduce the actual/current behavior

  1. Set NODE_ENV=production in .env
  2. Add letsencrypt config as per this article.
  3. Run keystone
  4. Load in browser, no green padlock as certificate is invalid.

If I manually generate the certificate with certbot, then move the keys over, everything works properly.

Environment

Software Version
Keystone 4.0.0-beta.5
Node v6.12.3
Ubuntu 16.04

貢獻者指南

技術棧
javascriptnodejs
領域
backenddevops
議題類型
bug
難度面向新貢獻者的預計實作難度,1 表示很小改動,5 表示專家級工作。
3
預計時間有經驗貢獻者完成調查、實作、測試並準備 pull request 的粗略時間範圍。
half day
活動狀態議題目前的可參與程度:新鮮、活躍、陳舊、阻塞或等待維護者輸入。
stale
清晰度議題是否清楚說明預期改動、驗收標準和下一步。
needs investigation
前置要求
Node.jsSSL/TLS basics
新手友善度1-100 的估計分數,表示該議題對首次貢獻者的友善程度。
15
研究方向
Investigate the automated letsencrypt certificate generation in Keystone. Examine the relevant code (likely in the keystone SSL module) to identify why a 'Fake LE Root X1' certificate is issued instead of a valid one. Compare with manual certbot certificate generation. Look for misconfiguration, outdated ACME library, or issues with the directory endpoint. Check the Keystone documentation and any related issues for known fixes.