1

Bad(?) news "SSL For Free is joining ZeroSSL". Since their news I renewed my certificates and TLS stopped working. Used to work fine.

I believe free certs are now from something called AutoSSL. Hopefully.

With new certificates I get error "You may need to install an Intermediate/chain certificate to link it to a trusted root certificate" from https://www.sslshopper.com/ssl-checker.html and this error "TLS Certificate is not trusted" from https://www.digicert.com/help.

Browsers are smart enough to mask the problem but my Android app uses an API and it stopped working.

Anyone else getting TLS problems since ZeroSSL got involved?

I'm using redbirdjs on nodejs which is awesome since its so simple (two domains, same server), but Zero provides no installation instructions for my setup. (My domains are small in traffic so using the fastest webservers etc. isn't an issue).

Zero took away the 2 domains in one cert option (gee thanks) so my updated script looks like:


const { constants } = require('crypto');

var redbird = new require('redbird')({ port: 8080, ssl: { port: 443 }});

redbird.register('domain1.com', 'http://127.0.0.1:9443', {
    ssl: {
        key: 'ssl/domain1/private.key',
        cert: 'ssl/domain1/certificate.crt',
        ca: 'ssl/domain1/ca_bundle.crt',
        secureOptions: constants.SSL_OP_NO_TLSv1 | constants.SSL_OP_NO_TLSv1_1,
    }
});

redbird.register('domain2.com', 'http://127.0.0.1:3003', {
    ssl: {
        key: 'ssl/domain2/private.key',
        cert: 'ssl/domain2/certificate.crt',
        ca: 'ssl/domain2/ca_bundle.crt',
        secureOptions: constants.SSL_OP_NO_TLSv1 | constants.SSL_OP_NO_TLSv1_1,
    }
});

Other than separating the domain ssl config, it is the same as what used to work with SSLForFree.

I read somewhere that "free" SSL CA's do not necessarily provide the "full chain".

Anyone know how to get TLS working again with ZeroSSL on redbirdjs and nodejs?

Gerry
  • 1,031
  • 1
  • 14
  • 30

1 Answers1

0

Well, I got it working. I used https://whatsmychaincert.com, which I think just literally joins a couple files together. Either way for redbird fans (like me) here is the script for multiple domains on the same server.

// https://github.com/OptimalBits/redbird
// https://whatsmychaincert.com/
// 9443 is where domain1 server runs locally
// 3003 is where domain2 server runs locally

const { constants } = require('crypto');

var redbird = new require('redbird')({ port: 8080, ssl: { port: 443 }});

redbird.register('domain1.com', 'http://127.0.0.1:9443', {
    ssl: {
        port: 9443,
        key: 'ssl/domain1/private.key',
        cert: 'ssl/domain1/domain1.chained.crt',  // used whatsmychaincert.com to generate ('enter hostname', no need to include root)
        secureOptions: constants.SSL_OP_NO_TLSv1 | constants.SSL_OP_NO_TLSv1_1,
    }
});

redbird.register('domain2.net', 'http://127.0.0.1:3003', {
    ssl: {
        port: 3003,
        key: 'ssl/domain2/private.key',
        cert: 'ssl/domain2/domain2.chained.crt',
        secureOptions: constants.SSL_OP_NO_TLSv1 | constants.SSL_OP_NO_TLSv1_1,
    }
});

Of the 3 files downloaded from ZeroSSL, whatsmychaincert.com put the certificate.crt and the ca_bundle.crt (in that order) into one file called domain.chained.crt (as see in the script above).

Gerry
  • 1,031
  • 1
  • 14
  • 30