Node.js Certbot-如何为IP:3030创建SSL证书和密钥?
我有一个仅在端口3030的IP地址上运行的ExpressJS应用程序 如何为此类地址创建SSL证书和密钥 我试过:Node.js Certbot-如何为IP:3030创建SSL证书和密钥?,node.js,express,ssl,certbot,Node.js,Express,Ssl,Certbot,我有一个仅在端口3030的IP地址上运行的ExpressJS应用程序 如何为此类地址创建SSL证书和密钥 我试过: $certbot certonly--独立--电子邮件test1@yahoo.co.uk-d 127.0.1.1:3030 我得到这个错误: 请求的域127.0.1.1:3030不是FQDN 有什么想法吗 这是我使用的certbot 这是我的ExpressJS bin目录中的www文件: #!/usr/bin/env node /** * Module dependencies
$certbot certonly--独立--电子邮件test1@yahoo.co.uk-d 127.0.1.1:3030请求的域127.0.1.1:3030不是FQDN#!/usr/bin/env node
/**
* Module dependencies.
*/
var app = require('../app');
var debug = require('debug')('mongoose-iot:server');
var http = require('http');
// Add HTTPS support.
// https://www.hacksparrow.com/express-js-https.html
// http://stackoverflow.com/questions/11744975/enabling-https-on-express-js
// http://blog.mgechev.com/2014/02/19/create-https-tls-ssl-application-with-express-nodejs/
var https = require('https');
var fs = require('fs');
/**
* Get port from environment and store in Express.
*/
var port = normalizePort(process.env.PORT || '3000');
app.set('port', port);
/**
* Create HTTP server.
*/
var server = http.createServer(app);
/**
* Listen on provided port, on all network interfaces.
*/
server.listen(port);
server.on('error', onError);
server.on('listening', onListening);
/**
* Get port from environment and store in Express.
*/
var httpsPort = normalizePort(process.env.PORT || '3030');
app.set('port', httpsPort);
/**
* Create HTTPS server.
*/
var options = {
key: fs.readFileSync('ssl/key.pem'),
cert: fs.readFileSync('ssl/cert.pem')
};
var httpsServer = https.createServer(options, app);
/**
* Listen on provided port, on all network interfaces.
*/
httpsServer.listen(httpsPort);
httpsServer.on('error', onError);
httpsServer.on('listening', onListening);
/**
* Normalize a port into a number, string, or false.
*/
function normalizePort(val) {
var port = parseInt(val, 10);
if (isNaN(port)) {
// named pipe
return val;
}
if (port >= 0) {
// port number
return port;
}
return false;
}
/**
* Event listener for HTTP server "error" event.
*/
function onError(error) {
if (error.syscall !== 'listen') {
throw error;
}
var bind = typeof port === 'string'
? 'Pipe ' + port
: 'Port ' + port;
// handle specific listen errors with friendly messages
switch (error.code) {
case 'EACCES':
console.error(bind + ' requires elevated privileges');
process.exit(1);
break;
case 'EADDRINUSE':
console.error(bind + ' is already in use');
process.exit(1);
break;
default:
throw error;
}
}
/**
* Event listener for HTTP server "listening" event.
*/
function onListening() {
var addr = server.address();
var bind = typeof addr === 'string'
? 'pipe ' + addr
: 'port ' + addr.port;
debug('Listening on ' + bind);
}
问题是letsencrypt ssl证书是针对域名的,它与IP地址或端口没有多大关系。您必须拥有有效且可公开访问的域名,以便letsencrypt授权服务器可以对其进行验证 在这种情况下,通常的做法是在开发中使用http(而不是https),使用简单的检查,如:
if (process.env.NODE_ENV === "production") {
// httpsServer.listen(httpsPort)
} else {
// ...
}