HTTPS setting with Let’s Encrypt

We’re using SSL For Free to generate the private key and certificates, and running our Node.js server on AWS EC2.


1. Get the necessary key and cert according to your domain. We use Manual Verification here.

2. Download the file and follow the instruction by putting it under the folder “.well-known/acme-challenge/” for domain ownership verification and push it to your server.

3. Open the verification link and it should prompt a download dialog (means it exists and can be accessed).

4. Download the SSL certificate and login/sign-up for renewal notification.

5. Unzip the file and transform them into PEM format. Here we use OpenSSL to do that.

  1. openssl x509 -in ca_bundle.crt -out chain.pem
  2. openssl x509 -in certificate.crt -out fullchain.pem
  3. openssl rsa -in private.key -text > privkey.pem

6. Configure your Node.js Server (we’re using Express here.)

‘use strict’;
var http = require(‘http’);
var https = require(‘https’);
var fs = require(‘fs’);
const PORT = process.env.PORT || 3000;
const SPORT = process.env.SPORT || 3443;
// launch server
var server = require('express')();
// express configuration
...
// create http server
http.createServer(server).listen(PORT, function () {
console.log(‘Server is listening on’, PORT);
});
// create https server
https.createServer({
key: fs.readFileSync(‘path/to/yourfolder/privkey.pem’),
cert: fs.readFileSync(‘path/to/yourfolder/fullchain.pem’),
ca: fs.readFileSync(‘path/to/yourfolder/chain.pem’)
}, server).listen(SPORT, function () {
console.log(‘Server is listening on’, SPORT);
});

7. And now it’s working

8. Don’t forget to alter your IP table to do the redirect from 443 to whatever port your https server is listening