KeystoneJS with letsencrypt - certificate files required - https

I am following this tutorial Let’s Encrypt KeystoneJS! in an attempt to get letsencrypt working on my KeystoneJS project.
However, when I start the server I am getting the error:
SSL Not Started: Invalid SSL Configuration (certificate files required)
I've generated the standalone certificate with certbot to the directory /home/example/letenscrypt resulting in:
- accounts
- csr
- keys
- letsencrypt.log
- renewal
- renewal-hooks
I've also tried defining the configdir in my keystone init:
keystone.init({
...
letsencrypt: (process.env.NODE_ENV === 'production') && {
email: 'admin#myapp.com',
domains: ['www.myapp.com', 'myapp.com'],
register: true,
tos: true,
configDir: '/home/example/letsencrypt'
},
...
})
I've also tried configDir: '/home/example/letsencrypt/keys' but I always get the same error, I'm wondering what I'm missing?

Ok, so the issue was the NODE_ENV wasn't correctly set to production. Setting it properly in my .env solved this issue (but raised another unfortunately with an invalid certificate being generated)
https://github.com/keystonejs/keystone/wiki/Deployment-Checklist

Related

Connect to Heroku redis from a nestjs app

I am hosting my nestjs application on Heroku and trying to use "Heroku redis" add-on with it.
In the app.module.ts I am importing RedisModule as follows:
#Module({
imports: [
RedisModule.register({ host: process.env.REDIS_URL })
]
})
After configuring Heroku-redis add-on, it added REDIS_URL under config vars in Heroku, however, when I deploy and run the application, I get the following error message:
2020-06-11T09:00:48.690255+00:00 app[web.1]: [ioredis] Unhandled error event: Error: getaddrinfo ENOTFOUND redis://h:abc#ec2-52-51-206-63.eu-west-1.compute.amazonaws.com:16719
(I've replaced the real url value with a sample one to illustrate the problem)
I can't seem to find
RedisModule.register({ url: process.env.REDIS_URL })

Unable to start Angular 7 with SSL certificate connecting to spring cloud applications - PEM_READ_BIO_PRIVATEKEY:bad password read

we are developing a Spring cloud application with microservice architecture and have a self signed certificate.We have written the code and completed the SSL settings in back end successfully.
Now we try to set up the certificate in front end in Angular 7.
we made the following changes
1.Generated the SSL .crt and .key files.placed in SSL folder
2.Modified Angular.json file and included
"ssl": true,
"sslKey": "ssl/server.key",
"sslCert": "ssl/server.crt"
but when I start i am getting the following error
error:0907B068:PEM routines:PEM_READ_BIO_PRIVATEKEY:bad password read
I have found 2 helpful links
NodeJS & SSL - "bad password read"
https://github.com/angular/angular-cli/issues/1576
Please note that I don't want these two solutions
1.Running the front end code in back end server by placing the Angular 7 code in static folder
2.Removing the passphrase from the key.
Link1 says that we need to add the code
var credentials = {
key: fs.readFileSync('XXX.key', 'utf8'),
cert: fs.readFileSync('XXX.crt', 'utf8'),
passphrase: 'XXXX'
}
but where in Angular 7 we need to add the these settings
Thanks
Mahidhar

How to configure local issuer certificate in Wamp using OpenSSL in Laravel project?

Am trying to send SMS Locally with Nexmo but i configured my Wamp server to use OpenSSL but when i try sending, i get this error.
cURL error 60: SSL certificate problem: unable to get local issuer certificate (see http://curl.haxx.se/libcurl/c/libcurl-errors.html)
Am sending the message in a route from my web.php like this,
Route::get( '/sms/send/{to}', function(\ Nexmo\Client $nexmo, $to){
$message = $nexmo->message()->send([
'to' => $to,
'from' => env('NEXMO_NUMBER'),
'text' => 'Sending SMS from Laravel. Woohoo!'
]);
Log::info('sent message: ' . $message['message-id']);
});
Need help of how i can fix this.
Source: https://github.com/nexmo/nexmo-php#troubleshooting
Some users have issues making requests due to the following error:
Fatal error: Uncaught exception 'GuzzleHttp\Exception\RequestException' with message 'cURL error 60: SSL certificate problem: unable to get local issuer certificate (see http://curl.haxx.se/libcurl/c/libcurl-errors.html)'
This is due to some PHP installations not shipping with a list of trusted CA certificates. This is a system configuration problem, and not specific to either cURL or Nexmo.
IMPORTANT: In the next paragraph we provide a link to a CA certificate bundle. Nexmo do not guarantee the safety of this bundle, and you should review it yourself before installing any CA bundle on your machine.
To resolve this issue, download a list of trusted CA certificates (e.g. the curl bundle) and copy it on to your machine. Once this is done, edit php.ini and set the curl.cainfo parameter:
Linux/MacOS
curl.cainfo = "/etc/pki/tls/cacert.pem"
Windows
curl.cainfo = "C:\php\extras\ssl\cacert.pem"

Laravel Guzzle : curl error 77 error setting certificate verify locations

OS: Ubuntu 16.04
PHP : 7.2
CURL : curl 7.47.0 (x86_64-pc-linux-gnu) libcurl/7.47.0 GnuTLS/3.4.10 zlib/1.2.8 libidn/1.32 librtmp/2.3
Guzzle: 6.3
My project currently is using some packages that depends on Guzzle, e.g: AWS, Mailgun...However, it often threw out this error:
error: cURL error 77: error setting certificate verify locations:
CAfile: /etc/ssl/certs
CApath: /etc/ssl/certs (see http://curl.haxx.se/libcurl/c/libcurl-errors.html)
Below is part of my php.ini
[curl]
; A default value for the CURLOPT_CAINFO option. This is required to be an
; absolute path.
curl.cainfo='/etc/ssl/certs/ca-certificates.crt'
[openssl]
; The location of a Certificate Authority (CA) file on the local filesystem
; to use when verifying the identity of SSL/TLS peers. Most users should
; not specify a value for this directive as PHP will attempt to use the
; OS-managed cert stores in its absence. If specified, this value may still
; be overridden on a per-stream basis via the "cafile" SSL stream context
; option.
openssl.cafile='/etc/ssl/certs/ca-certificates.crt'
; If openssl.cafile is not specified or if the CA file is not found, the
; directory pointed to by openssl.capath is searched for a suitable
; certificate. This value must be a correctly hashed certificate directory.
; Most users should not specify a value for this directive as PHP will
; attempt to use the OS-managed cert stores in its absence. If specified,
; this value may still be overridden on a per-stream basis via the "capath"
; SSL stream context option.
openssl.capath='/etc/ssl/certs/'
None of this work, even though retrieving via ini_get() it's ok and fully recognized. For now, I have to make a workaround by modifying vendor/guzzlehttp/guzzle/src/Client.php and adjust default config to 'verify' => '/etc/ssl/certs/ca-certificates.crt' then everything's ok (which I believe not a good option)
retrieving via init_get()
array(8) {
["default_cert_file"]=> string(21) "/usr/lib/ssl/cert.pem"
["default_cert_file_env"]=> string(13) "SSL_CERT_FILE"
["default_cert_dir"]=> string(18) "/usr/lib/ssl/certs"
["default_cert_dir_env"]=> string(12) "SSL_CERT_DIR"
["default_private_dir"]=> string(20) "/usr/lib/ssl/private"
["default_default_cert_area"]=> string(12) "/usr/lib/ssl"
["ini_cafile"]=> string(34) "/etc/ssl/certs/ca-certificates.crt"
["ini_capath"]=> string(15) "/etc/ssl/certs/"
}
openssl.cafile: /etc/ssl/certs/ca-certificates.crt
curl.cainfo: /etc/ssl/certs/ca-certificates.crt
Note: I've tried setting up ~/.curlrc together with export CURL_CA_BUNDLE=/etc/ssl/certs/ca-certificates.crt but none of this work
Does anyone have any solution or any clue to solve this issue?
Relating to 'SSL certificate problem: unable to get local issuer certificate' error. Rather obviously this applies to the system sending the CURL request (and no the server receiving the request)
Download the latest cacert.pem from https://curl.haxx.se/ca/cacert.pem
Add the following line to php.ini (if this is shared hosting and you don't have access to php.ini then you could add this to .user.ini in public_html)
curl.cainfo="/path/to/downloaded/cacert.pem"
Make sure you enclose the path within double quotation marks!!!
grant permission to your web server user like ngnix or www-data to read the file.
sudo chown www-data /etc/ssl/certs/cacert.pem
last step restart fpm and ngnix or apache

gitlab-shell ssl cert issues

I've tried now for several hours te set up gitlab and especially gitlab-shell. After being trolled by the documentation I found a sample config, that fitted my needs, but I get an API 500 error :
Running /home/git/gitlab-shell/bin/check
Check GitLab API access: FAILED. code: 500
gitlab-shell self-check failed
Try fixing it:
Make sure GitLab is running;
Check the gitlab-shell configuration file:
sudo -u git -H editor /home/git/gitlab-shell/config.yml
Please fix the error above and rerun the checks.
To explain my current setup:
#/home/git/gitlab-shell/config.yml
user: git
gitlab_url: https://[myfqdn]/
http_settings:
ca_file: "/etc/gitlab-ssl/git-mydomain-chain.pem"
ca_path: "/etc/gitlab-ssl"
self_signed_cert: false
repos_path: "/home/git/repositories/"
auth_file: "/home/git/.ssh/authorized_keys"
redis:
bin: "/usr/bin/redis-cli"
namespace: resque:gitlab
host: localhost
port: 6379
log_level: INFO
audit_usernames: false
In the /etc/gitlab-ssl directory are two files:
* my privatekey git-mydomain-key.pem
* the combinded public key and CA-key git-mydomain-chain.pem
In addition I added the ca-key to the ca-certificates (it's a cacert signed one).
Can anyone help me and tell me what went wrong?
This error has nothing to do with gitlab. This is pure YAML parser (Psych in your case) error.
Line 5 column 3 is:
ca_path:
⇑ HERE
That said you have a strange unterminated string right above:
⇓⇓⇓ WTF?!
ca_file: "/etc/gitlab-ssl/git-mydomain-chain.pem #This file contains my public key and the ca key
Remove everything after hash (inclusive) and close the string quotes.
Hope it helps.

Resources