- Create an Environment with the Node.js application server.
- Install the Let’s Encrypt add-on to generate free SSL certificates for your application
- Due to the specifics of the Node.js engine, the Let’s Encrypt add-on only generates SSL certificates. You will need to manually adjust your application code to read the certificates from the following paths:
/var/lib/jelastic/keys/privkey.pem
/var/lib/jelastic/keys/fullchain.pem
/var/lib/jelastic/keys/ca.cer
“
Create a new app or integrate HTTPS configurations into the existing application. See the examples below:
- For a new application, replace the content of the default
server.js
file in the/home/jelastic/ROOT
directory.
- For an existing application – for example, deploy the default ‘Hello World’ package and edit the
/home/jelastic/ROOT/server.js
file to enable HTTPS.
- Run your application via Web SSH. In our example, we use the forever process manager (sudo is needed to listen on the privileged port 443).
The command should be adjusted based on the process manager you’re using. Alternatively, you can start your application without a process manager:
Sudo node server.js
- Go to your Node.js application using
https://
to verify access and check the certificate’s validity.
Certificate Update
- Let’s Encrypt SSL certificates are valid for 90 days. They should be updated before expiration to ensure continued encryption validity. The add-on provides automated renewal 30 days before the expiration date. After updating the certificate, you need to restart (or reload, if possible) the server to apply the new certificates.
- The operation can be automated alongside the certificate update by means of the webhooks – a custom script executed after the default add-on operations.
- Go to the /var/lib/jelastic/keys/letsencrypt folder (create if missing) and add the settings-custom file. Based on the Node.js process manager, your restart/reload script may vary. For example:
- Alternatively, you can provide the .sh script with the required commands:
- Ensure that your script file is executable by running
chmod +x {fileName}
. For example, the script content can be as follows:
- Also, you can configure the update hook via API using the deployHook parameter. See Let’s Encrypt SSL article for more details.
- You can manually trigger certificate updates from the Add-Ons menu for your Node.js server.
Additional Recommendations:
- Create environment variables to store the paths to the Let’s Encrypt certificates. This practice helps avoid “hardcoding” the paths and simplifies updates if the certificate locations change.
For example:
- Let’s Encrypt certificate – /var/lib/jelastic/keys/fullchain.pem
- Let’s Encrypt private key – /var/lib/jelastic/keys/privkey.pem
When working with the Let’s Encrypt add-on via API, you can use the deployHook parameter to handle custom logic once certificates got issued/updated.