Category: SSL – ServerOK

How to enable SSL/TLS for Express.js application

Posted on September 1, 2021 (September 1, 2021) by ServerOk

For node.js applications, you can enable SSL on the application side or using Nginx or Apache running as a reverse proxy. To enable SSL for a node.js express application, use the following code.

const fs = require('fs')
const https = require('https')
const express = require('express')

var port = 3000;

var options = {
    key: fs.readFileSync('./ssl/ssl.key'),
    cert: fs.readFileSync('./ssl/ssl.crt'),
};

var app = express();

var server = https.createServer(options, app).listen(port, function(){
  console.log("Express server listening on port " + port);
});

app.get('/', function (req, res) {
    res.writeHead(200);
    res.end("hello world\n");
});

const fs = require('fs')

const https = require('https')

const express = require('express')

var port = 3000;

var options = {

key: fs.readFileSync('./ssl/ssl.key'),

cert: fs.readFileSync('./ssl/ssl.crt'),

};

var app = express();

var server = https.createServer(options, app).listen(port, function(){

console.log("Express server listening on port " + port);

});

app.get('/', function (req, res) {

res.writeHead(200);

res.end("hello world\n");

});

See node.js […]

Find expiry date for SSL certificate using openssl

Posted on August 17, 2021 by ServerOk

To find the expiry date of an SSL certificate using openssl command, run

openssl x509 -noout -dates -in /path/to/domain.crt

1	openssl x509 -noout -dates -in /path/to/domain.crt

Example

root@ok:~# openssl x509 -noout -dates -in /etc/ssl/serverok.in.crt
notBefore=Aug 16 22:37:11 2021 GMT
notAfter=Sep 17 22:37:11 2022 GMT
root@ok:~#

root@ok:~# openssl x509 -noout -dates -in /etc/ssl/serverok.in.crt

notBefore=Aug 16 22:37:11 2021 GMT

notAfter=Sep 17 22:37:11 2022 GMT

root@ok:~#

notBefore is the start date for the SSL. notAfter is the expiry date for the SSL. See OpenSSL […]

acme.sh list all SSL certificates

Posted on August 17, 2021 (August 17, 2021) by ServerOk

acme.sh is an open source bash script that makes it easy to issue free SSL certificates using LetsEcrypt and ZeroSSL. To list all SSL certificates, use the command

acme.sh --list

1	acme.sh --list

Example If you need to delete an SSL certficate, run command

acme.sh --remove -d DOMAIN_NAME_HERE

1	acme.sh --remove -d DOMAIN_NAME_HERE

Example

root@ok:~# acme.sh --remove -d booctep.com
[Tue 17 Aug 2021 08:25:20 AM UTC] booctep.com is removed, the key and cert files are in /root/.acme.sh/booctep.com
[Tue 17 Aug 2021 08:25:20 AM UTC] You can remove them by yourself.
root@ok:~#

root@ok:~# acme.sh --remove -d booctep.com

[Tue 17 Aug 2021 08:25:20 AM UTC] booctep.com is removed, the key and cert files are in /root/.acme.sh/booctep.com

[Tue 17 Aug 2021 08:25:20 AM UTC] You can remove them by yourself.

root@ok:~#

See acme.sh […]

ACME (acme.sh) Free SSL Certificate

Posted on July 20, 2021 (August 26, 2021) by ServerOk

ACME (acme.sh) is a shell script for generating LetsEncrypt SSL certificate. acme.sh is written in bash, so it works on any Linux server without special requirements. For getting SSL, another popular option is to use certbot. https://github.com/acmesh-official/acme.sh acme.sh list all SSL certificates To install, run

cd /usr/local/src
git clone https://github.com/acmesh-official/acme.sh.git
cd ./acme.sh
./acme.sh --install -m admin@serverok.in
source ~/.bashrc

cd /usr/local/src

git clone https://github.com/acmesh-official/acme.sh.git

cd ./acme.sh

./acme.sh --install -m admin@serverok.in

source ~/.bashrc

When you install, it will set a daily cronjob […]

Create dhparam.pem

Posted on February 11, 2021 (February 11, 2021) by ServerOk

To generate dhparam.pem, run

cd /etc/ssl/
openssl dhparam -out dhparam.pem 4096

1 2	cd /etc/ssl/ openssl dhparam -out dhparam.pem 4096

To add dhparam in Nginx, add

ssl_dhparam /etc/ssl/dhparam.pem;

1	ssl_dhparam /etc/ssl/dhparam.pem;

See SSL […]

Enable SSL for a site in EasyEngine

Posted on January 31, 2021 by ServerOk

To enable LetsEncrypt SSL for a web site hosted in EasyEngine server, run

ee site update SITE_NAME_HERE --ssl=le

1	ee site update SITE_NAME_HERE --ssl=le

Example See EasyEngine […]

Install LetsEncrypt in CentOS 7

Posted on January 10, 2021 (January 10, 2021) by ServerOk

certbot deprecated support for CentOS 7, so new version of certbot-auto script won’t work on CentOS 7. To install certbot (letsencrypt command line tool), run

yum install -y epel-release 
yum install -y python2-certbot.noarch

1 2	yum install -y epel-release yum install -y python2-certbot.noarch

To run it, use command

/usr/bin/certbot-2

1	/usr/bin/certbot-2

See LetsEncrypt […]

Change Email address of LetsEncrypt SSL

Posted on November 28, 2020 by ServerOk

To change email address of LetsEncrypt SSL certficate account, run

certbot update_account --email you@your-domain.com

1	certbot update_account --email you@your-domain.com

See LetsEncrypt […]

View SSL certficate Details

Posted on November 28, 2020 (March 1, 2021) by ServerOk

To view certificate details

openssl x509 -text -noout -in SSL_FILE.crt

1	openssl x509 -text -noout -in SSL_FILE.crt

For web server

openssl s_client -showcerts -connect serverok.in:443

1	openssl s_client -showcerts -connect serverok.in:443

curl -vI https://serverok.in

1	curl -vI https://serverok.in

IMAP via SSL

openssl s_client -showcerts -connect mail.yourdomain.com:993 -servername mail.yourdomain.com

1	openssl s_client -showcerts -connect mail.yourdomain.com:993 -servername mail.yourdomain.com

POP3 via SSL

openssl s_client -showcerts -connect mail.example.com:995  -servername mail.yourdomain.com

1	openssl s_client -showcerts -connect mail.example.com:995 -servername mail.yourdomain.com

SMTP via SSL

openssl s_client -showcerts -connect mail.yourdomain.com:465  -servername mail.yourdomain.com

1	openssl s_client -showcerts -connect mail.yourdomain.com:465 -servername mail.yourdomain.com

SMTP via TLS/StartTLS

openssl s_client -starttls smtp -showcerts -connect mail.yourdomain.com:25  -servername mail.yourdomain.com

1	openssl s_client -starttls smtp -showcerts -connect mail.yourdomain.com:25 -servername mail.yourdomain.com

See SSL […]

Delete LetsEncrypt SSL certficate

Posted on November 26, 2020 (November 26, 2020) by ServerOk

To list all available LetsEncrypt SSL certficates, run

certbot certificates

1	certbot certificates

To delete a certificate, run

certbot delete --cert-name NAME_OF_SSL_CERT

1	certbot delete --cert-name NAME_OF_SSL_CERT

You can find NAME_OF_SSL_CERT from command “certbot certificates”. See LetsEncrypt […]