InvalidData: No certificates found in cert file
Hello! Following up from a previous help post here,
https://discord.com/channels/684898665143206084/1182742873670701078
I had been running against
serveTls with these .crt and .key files, but now I'm seeing
My fresh.config.ts ends like this
While my dev.ts file looks like this
Even if I try to make a new cert via
I see the same issue.
I'm running with the following prefix in both cases
Any help is appreciated!7 Replies
It seems like you're encountering an issue where Deno is unable to find any certificates in the specified cert file when using
serveTls. Let's go through some steps to troubleshoot this issue:
1. Check the Certificate and Key Files: Ensure that the certificate and key files are correctly formatted and contain the necessary PEM encoded data. The certificate file should begin with -----BEGIN CERTIFICATE----- and end with -----END CERTIFICATE-----. Similarly, the key file should have -----BEGIN PRIVATE KEY----- and -----END PRIVATE KEY-----.
2. File Paths: Verify that the paths to your certificate and key files are correct. Relative paths can sometimes be tricky, especially when running scripts from different directories. You might want to try using absolute paths to rule out any path resolution issues.
3. File Permissions: Check the permissions of the certificate and key files to ensure that the Deno process has read access to them.
4. Deno Version: Make sure you are using a version of Deno that supports the cert and key options in Deno.listenTls(). According to the documentation, these options were added in Deno 1.20. You can check your Deno version with deno --version.
5. DENO_TLS_CA_STORE: You mentioned using DENO_TLS_CA_STORE=system. This environment variable tells Deno to use the system's root CA store. However, this is not related to the error you're seeing, which is about the server's certificate file.
6. --unsafely-ignore-certificate-errors: This flag disables certificate validation for outgoing connections, such as fetch requests made by your server. It does not affect the loading of your server's certificate and key for serveTls. Be cautious with this flag, as it can make your connections insecure.
7.OpenSSL Command: The command you used to generate a new certificate and key looks correct. However, after generating them, you should verify that the files contain the expected data.
If after checking all the above, you're still facing the issue, you might want to try a minimal example to isolate the problem. Here's a basic example from the documentation that you can use to test
serveTls:
Replace the paths with the absolute paths to your certificate and key files and run this script to see if serveTls works in isolation. If this script works, the issue might be with how the paths or options are being passed in your actual applicationI had the same issue. It turns out that "cert" and "key" options take not the file path but the contents of the files
@xaio thanks very much for this info! I tried again with that and am still struggling. I pushed a minimal repro based off the sample project where I'd expect this to serve HTTPS and it's still not. Any ideas? cc @marvinh. who had some context on the other posted issue
https://github.com/will-weiss/deno-fresh-certs-repro
GitHub
GitHub - will-weiss/deno-fresh-certs-repro: Minimal repro for issue...
Minimal repro for issue with fresh not serving HTTPS - GitHub - will-weiss/deno-fresh-certs-repro: Minimal repro for issue with fresh not serving HTTPS
this is what worked for me - fresh.config.ts:
import { defineConfig } from "$fresh/server.ts";
const cert = {
key: Deno.readTextFileSync('./cert/server.key'),
cert: Deno.readTextFileSync('./cert/server.crt')
};
export default defineConfig({
plugins: [
// Plugins here
],
server: {
cert: cert.cert,
key: cert.key,
port: 8443,
},
});
I'm currently on vacation until New Year's Eve.
Enjoy your holiday!
@xaio that worked, thank you! I had put the port outside the
server object, so that was what was not working.