1

I'm currently doing a login portal with ReactJS frontend and NodeJS backend, deployed on an AWS EC2 instance. I have used certbot to obtain an SSL, and nginx is able to serve the /build from the ReactJS app. Now my website is accessible at https://my-website without any errors.

When it sends API (https://my-website:8080/api) calls to my server (intialized using PM2), it returns a net::ERR_CERT_AUTHORITY_INVALID. My server is using corsOptions with options: https://my-website.

Is there a specific term or practice I should be doing?

What I've Tried

  1. Use certbot to generate a server.key and a server.pem, and use the https package to create a server with them, but it returns net::ERR_CERT_AUTHORITY_INVALID.
  2. Used fs to open the credentials created for my frontend app, but it returns a permission denied.

I've read that it is not ideal to directly manipulate credentials on the backend, and something along the lines of a reverse proxy should be adopted, however, I am still clueless after reading and trying out. I'd appreciate any help to get this going! Thanks in advance!

My Fix

I simply used the credentials I obtained from certbot in my server.js. Here's a snippet:

const credentials = {
   key: myKey.pem,
   cert: myCert.pem,
   ca: myCa.pem
}

https.createServer(credentials, app).listen(PORT)

The main thing is to switch to the root user (sudo su), else access will be denied to open the file. Hope this helps!

clueless waffle
  • 381
  • 3
  • 10
  • Does this answer your question? [Amazon EC2 + SSL](https://stackoverflow.com/questions/19926385/amazon-ec2-ssl) – stealththeninja Jan 15 '21 at 05:34
  • The answer sounds like SSL on an Apache server. This one matches Node.js + AWS EC2 + SSL, does it help? [AWS SSL on EC2 instance without Load Balancer - NodeJS](https://stackoverflow.com/questions/40479534/aws-ssl-on-ec2-instance-without-load-balancer-nodejs) – stealththeninja Jan 15 '21 at 05:36
  • 1
    I don't think so - I'm able to get SSL on the frontend server, which uses AWS route 53 to obtain a domain, but I can't seem to find a way to reuse the same SSL key etc. on my server. – clueless waffle Jan 15 '21 at 05:37
  • I'm not sure here but: I don't think Route 53 handles the secure connection, it's a domain name service. To issue a certificate from a reputable Certificate Authority [you'll need to prove you own the domain](https://aws.amazon.com/premiumsupport/knowledge-center/route-53-verify-domain-with-third-party/), and once you've been issued your certificate, it sounds like next step is to install it on a load balancer or in your case on EC2. – stealththeninja Jan 15 '21 at 05:44
  • Thanks @stealththeninja, your links confirms that I will have to add some configuration to the nginx default file. That's something I'm confused about. – clueless waffle Jan 15 '21 at 05:46
  • Glad I could at least point in the right direction! Since it looks like you might be new: when you solve your issue, I hope you'll consider posting an answer to your question. – stealththeninja Jan 15 '21 at 16:03

0 Answers0