2

I’d like to know how to configure a secure domain with Redbird proxy properly. The basic info is a bit confusing because examples are slightly fragmented. I suppose it should be possible with letsencrypt automatically (as claimed there).

I’ve tried:

   var proxy = require('redbird')({
     port:80,
     ssl: {
       port: 3000,
       letsencrypt: {
           path: '../SSL-certs',
       }
     }
   });
  proxy.register('secure-web.net', 'http://xx.xx.xxx.xxx:8080',{
      ssl: {
        letsencrypt: {
          email: 'my@mail.com'
        }
      }
  });
  proxy.register('insecure-web.net', 'http://xx.xxx.xx.xxx:6881');

Terminal throws (when I try to visit the page):

{"name":"redbird","hostname":"honza-kvm","pid":3089,"level":50,"err":{"message":"140009434470272:error:1408A0C1:SSL routines:ssl3_get_client_hello:no shared cipher:../deps/openssl/openssl/ssl/s3_srvr.c:1418:\n","name":"Error","stack":"Error: 140009434470272:error:1408A0C1:SSL routines:ssl3_get_client_hello:no shared cipher:../deps/openssl/openssl/ssl/s3_srvr.c:1418:\n"},"msg":"HTTPS Client  Error","time":"2016-11-08T13:03:37.979Z","v":0}

Firefox throws:

Error code: SSL_ERROR_NO_CYPHER_OVERLAP

The directory SSL-certs is intentionally empty (it seems it should be according to the manual page) but maybe I need some important info about using letsencrypt via Redbird in general.

Honza Hejzl
  • 874
  • 8
  • 23

1 Answers1

3

This example enabled http and https to my existing localhost:8080.

var proxy = require('redbird')({
  port: 80
  xfwd: false,
  letsencrypt: {
    path: "certs",
    port: 3000
  },
  ssl: {
    port: 443
  }
});

proxy.register("www.example.com", "http://localhost:8080", {
    ssl: {
    letsencrypt: {
      email: "me@example.com",
      production: false
      }
    }
});

Also, when switching from production:false to production:true, I found the certificate issuer was still

Fake LE Intermediate X1

I completely removed the contents of the certs dir, and restarted the proxy to find

Let's Encrypt Authority X3

Dave
  • 46
  • 1
  • Unfortunately, Firefox is still throwing the error, console: `{"name":"redbird","hostname":"my-kvm","pid":3692,"level":50,"err":{"message":"140699083372416:error:1408A0C1:SSL routines:ssl3_get_client_hello:no shared cipher:../deps/openssl/openssl/ssl/s3_srvr.c:1418:\n","name":"Error","stack":"Error: 140699083372416:error:1408A0C1:SSL routines:ssl3_get_client_hello:no shared cipher:../deps/openssl/openssl/ssl/s3_srvr.c:1418:\n"},"msg":"HTTPS Client Error","time":"2017-01-11T14:41:20.902Z","v":0}` – Honza Hejzl Jan 11 '17 at 14:43
  • I used the code Dave provided and I had the same problem as Honza (no shared cipher). I fixed it by manually creating the directory where the Redbird configuration states the certs are to be stored. I should also share that I used "production: false" in my config and found that I couldn't test it locally because I wasn't actually on my domain, and once I uploaded it to my cloud VPS, got a cert untrusted SSL error in my browser until I switched to "production: true" on it running on the cloud VPS. Then it finally worked. – Matt Welke Jan 20 '18 at 03:19