2017-03-28 61 views
0

我有一個ExpressJS應用程序,它只在端口3030上的IP地址上運行。Certbot - 如何爲IP:3030創建SSL證書和密鑰?

如何爲此類地址創建SSL證書和密鑰?

我嘗試:

$ certbot certonly --standalone --email [email protected] -d 127.0.1.1:3030

我得到這個錯誤:

Requested domain 127.0.1.1:3030 is not a FQDN

任何想法?

這是package我使用 - certbot。

這是我ExpressJS bin目錄下我的WWW文件:

#!/usr/bin/env node 

/** 
* Module dependencies. 
*/ 

var app = require('../app'); 
var debug = require('debug')('mongoose-iot:server'); 
var http = require('http'); 

// Add HTTPS support. 
// https://www.hacksparrow.com/express-js-https.html 
// http://stackoverflow.com/questions/11744975/enabling-https-on-express-js 
// http://blog.mgechev.com/2014/02/19/create-https-tls-ssl-application-with-express-nodejs/ 
var https = require('https'); 
var fs = require('fs'); 

/** 
* Get port from environment and store in Express. 
*/ 

var port = normalizePort(process.env.PORT || '3000'); 
app.set('port', port); 

/** 
* Create HTTP server. 
*/ 

var server = http.createServer(app); 

/** 
* Listen on provided port, on all network interfaces. 
*/ 

server.listen(port); 
server.on('error', onError); 
server.on('listening', onListening); 

/** 
* Get port from environment and store in Express. 
*/ 

var httpsPort = normalizePort(process.env.PORT || '3030'); 
app.set('port', httpsPort); 

/** 
* Create HTTPS server. 
*/ 

var options = { 
    key: fs.readFileSync('ssl/key.pem'), 
    cert: fs.readFileSync('ssl/cert.pem') 
}; 

var httpsServer = https.createServer(options, app); 

/** 
* Listen on provided port, on all network interfaces. 
*/ 

httpsServer.listen(httpsPort); 
httpsServer.on('error', onError); 
httpsServer.on('listening', onListening); 

/** 
* Normalize a port into a number, string, or false. 
*/ 

function normalizePort(val) { 
    var port = parseInt(val, 10); 

    if (isNaN(port)) { 
    // named pipe 
    return val; 
    } 

    if (port >= 0) { 
    // port number 
    return port; 
    } 

    return false; 
} 

/** 
* Event listener for HTTP server "error" event. 
*/ 

function onError(error) { 
    if (error.syscall !== 'listen') { 
    throw error; 
    } 

    var bind = typeof port === 'string' 
    ? 'Pipe ' + port 
    : 'Port ' + port; 

    // handle specific listen errors with friendly messages 
    switch (error.code) { 
    case 'EACCES': 
     console.error(bind + ' requires elevated privileges'); 
     process.exit(1); 
     break; 
    case 'EADDRINUSE': 
     console.error(bind + ' is already in use'); 
     process.exit(1); 
     break; 
    default: 
     throw error; 
    } 
} 

/** 
* Event listener for HTTP server "listening" event. 
*/ 

function onListening() { 
    var addr = server.address(); 
    var bind = typeof addr === 'string' 
    ? 'pipe ' + addr 
    : 'port ' + addr.port; 
    debug('Listening on ' + bind); 
} 

回答

1

的問題是,letsencrypt SSL certficates是域名,它不會有很多工作要做的IP地址或端口。您必須擁有有效且可公開訪問的域名,以便letsencrypt授權服務器可以對其進行驗證。

在這種情況下,它是用一個簡單的檢查一樣使用HTTP(而不是HTTPS)的發展普遍的做法:

if (process.env.NODE_ENV === "production") { 
    // httpsServer.listen(httpsPort) 
} else { 
    // ... 
} 
+0

據https://stackoverflow.com/questions/2043617/is-it -possible-to-have-ssl-certificate-for-ip-address-not-domain-name and https://stackoverflow.com/questions/1095780/are-ssl-certificates-bound-to-the-servers-ip地址回答可以在面向公衆的IP地址上,但不能在保留的IP範圍內,例如127.0.0.0/24 – taur