3

What I've Done

I used certbot to certify that I own my domain, which generated several .pem files. The certificates are listed here: https://certbot.eff.org/docs/using.html#where-are-my-certificates

I found this post which makes sense and matches all of the other information I'm getting from Googling around, but when I do this and run node I can't connect to my site using https. Http works fine as it always has.

My server is express.js + node.js and I'm not using a reverse proxy like nginx. It's running on Ubuntu on Google Cloud Platform.

The relevant code is:

var http = require('http');
var https = require('https');
var privateKey  = fs.readFileSync('/etc/letsencrypt/live/troywolters.com/privkey.pem', 'utf8');
var certificate = fs.readFileSync('/etc/letsencrypt/live/troywolters.com/fullchain.pem', 'utf8');
var credentials = {key: privateKey, cert: certificate};
var app = express();

// Lots of other express stuff (app.use()'s)

var httpServer = http.createServer(app);
var httpsServer = https.createServer(credentials, app);
httpServer.listen(80);
httpsServer.listen(443);

What doesn't work

When I try to connect to my site using https://troywolters.com the connection times out and nothing happens. What am I doing wrong?

Community
  • 1
  • 1
TW80000
  • 1,507
  • 1
  • 11
  • 18
  • When remoted into your server can you make a local request to 443 port to make sure your node.js app is handling the request correctly? If it does then you most likely have a iptable issue/port being blocked. If it doesn't then there's something wrong with your app. – Darkrum Mar 25 '17 at 03:06
  • @Darkrum Sorry, how would I do that? I tried looking at `ping` but it seems to not do https, only ECHO, and curl just hangs when I do `curl --request https://troywolters.com`. When I do `curl --request https://127.0.0.1` though it says: curl: (51) SSL: certificate subject name (troywolters.com) does not match target host name '127.0.0.1' so maybe that's a good sign? – TW80000 Mar 25 '17 at 05:22

1 Answers1

0

The answer to the problem was that my hosting platform (Google Cloud Platform) did not allow port 443 through the firewall in the default configuration. Running

gcloud compute firewall-rules create allow-https --description "Incoming https allowed." --allow tcp:443

allowed incoming traffic through port 443 and fixed the problem.

Thank you to Michael Hampton from Server Fault for the tip.

TW80000
  • 1,507
  • 1
  • 11
  • 18