HTTPS - Exposing ca option
Opened this issue · 1 comments
I noticed with the upcoming expiration of the LetsEncrypt DST Root CA X3 root cert, I had to include my fullchain.pem as the 'ca' option when creating the https server, otherwise the cert was still trying to use the old DST Root CA (which expires Sept 30) instead of the new ISRG Root X1 cert, resulting in expired/invalid https requests.
My certs were generated with certbot
Info: https://letsencrypt.org/docs/dst-root-ca-x3-expiration-september-2021/
It's a really simple change in dev-server.js.
Starting at line 46:
const key = fs.readFileSync(options.key)
const cert = fs.readFileSync(options.cert)
const ca = fs.readFileSync(options.ca)
server = https.createServer({ key, cert, ca }, app)
In essence, making a new option for 'ca' exposes it to the nollup options.
Can anyone else confirm/deny they're seeing the same issue? Is there another way to workaround this problem without setting 'ca'?
Ok, update - it seems if you're using certbot, you can just set the fullchain.pem as the 'cert', no 'ca' option required.
Old way:
cert: cert.pem
key: privkey.pem
New way:
cert: fullchain.pem
key: privkey.pem
I'll leave this open in case there are any other reasons to expose 'ca'