2

I am using the following server script to run both http, https servers and redirect all http requests to https.

When I access the server both locally and remotely from IP addresses, the requests redirect to https and api works with an unsecure warning.

But when I access the same routes via domain, I get "Site cannot be Reached" error.

Although, accessing http://example.com/test-route redirects to https://example.com/test-route, I am still getting Site can't be reached error.

import http from 'http';
import https from 'https';
import redirectHttps from 'redirect-https';
import greenlock from 'greenlock';
import app from '../app';

var le = greenlock.create({
  server: 'staging', // using https://acme-v01.api.letsencrypt.org/directory in prod
  configDir: 'certs',
  approveDomains: (opts, certs, cb) => {
    if (certs) {
      opts.domains = ['example.com']
    } else {
      opts.email = 'me@mymail.com',
      opts.agreeTos = true;
    }
    cb(null, {
      options: opts,
      certs: certs
    });
  },
});


http.createServer(le.middleware(redirectHttps())).listen(80, function() {
  console.log("Server Running On http @ port " + 80);
});

https.createServer(le.httpsOptions, le.middleware(app)).listen(443, function() {
  console.log("Server Running On https @ port " + 443);
});
coolaj86
  • 74,004
  • 20
  • 105
  • 125
Deepak
  • 2,487
  • 3
  • 21
  • 27

1 Answers1

1

There's a number of reasons that this could be happening, and a lot has been updated in the library since you posted this question.

I've spent a lot of time recently updating the documentation and examples:

I'd suggest taking a look at the video tutorial:

And check each of the items in the troubleshooting section. For reference:

What if the example didn't work?

Double check the following:

  • Public Facing IP for http-01 challenges
    • Are you running this as a public-facing webserver (good)? or localhost (bad)?
    • Does ifconfig show a public address (good)? or a private one - 10.x, 192.168.x, etc (bad)?
    • If you're on a non-public server, are you using the dns-01 challenge?
  • correct ACME version
    • Let's Encrypt v2 (ACME v2) must use version: 'draft-11'
    • Let's Encrypt v1 must use version: 'v01'
  • valid email
    • You MUST set email to a valid address
    • MX records must validate (dig MX example.com for 'john@example.com')
  • valid DNS records
    • You MUST set approveDomains to real domains
    • Must have public DNS records (test with dig +trace A example.com; dig +trace www.example.com for [ 'example.com', 'www.example.com' ])
  • write access
    • You MUST set configDir to a writeable location (test with touch ~/acme/etc/tmp.tmp)
  • port binding privileges
    • You MUST be able to bind to ports 80 and 443
    • You can do this via sudo or setcap
  • API limits
    • You MUST NOT exceed the API usage limits per domain, certificate, IP address, etc
  • Red Lock, Untrusted
    • You MUST change the server value in production
    • Shorten the 'acme-staging-v02' part of the server URL to 'acme-v02'

Please post an issue at the repository if you're still having trouble and I'll do my best to help you sort things out. Make sure to upgrade to the latest version because it has better debug logging.

coolaj86
  • 74,004
  • 20
  • 105
  • 125
  • Hi @coolaj86 does Greenlock require a particular version of Express? Does it work with Express 3? Apologies if this is off topic – manihiki Jan 06 '22 at 01:22
  • It does not. But it does require node v10.12+ or so, IIRC. It doesn't require express at all. It doesn't use express or vice versa. It's just standard, vanilla, node.js HTTP handlers. – coolaj86 Jan 11 '22 at 16:12
  • Thanks so much, coolaj86, appreciate it. I couldn't figure out how to get greenlock to work on my setup so ended up just using Certbot for Ubuntu per their instructions here https://certbot.eff.org/instructions?ws=other&os=ubuntufocal - Greenlock seemed to be running but was never able to get the https site to show up and couldn't figure out where the problem was – manihiki Jan 11 '22 at 20:48