rabbit_rabbit
rabbit_rabbit7mo ago

InvalidData: No certificates found in cert file

Hello! Following up from a previous help post here, https://discord.com/channels/684898665143206084/1182742873670701078 I had been running against serveTls with these .crt and .key files, but now I'm seeing
error: Uncaught (in promise) InvalidData: No certificates found in cert file
await Deno.serve(
^
at listenTls (ext:deno_net/02_tls.js:72:40)
at Object.serve (ext:deno_http/00_serve.js:593:16)
at bootServer (https://deno.land/x/fresh@1.6.1/src/server/boot.ts:78:16)
at startServer (https://deno.land/x/fresh@1.6.1/src/server/boot.ts:39:11)
at dev (https://deno.land/x/fresh@1.6.1/src/dev/dev_command.ts:58:11)
at eventLoopTick (ext:core/01_core.js:178:11)
at async file:///Users/willweiss/dev/morehumaninternet/virtual-hospitals-africa/dev.ts:8:1
error: Uncaught (in promise) InvalidData: No certificates found in cert file
await Deno.serve(
^
at listenTls (ext:deno_net/02_tls.js:72:40)
at Object.serve (ext:deno_http/00_serve.js:593:16)
at bootServer (https://deno.land/x/fresh@1.6.1/src/server/boot.ts:78:16)
at startServer (https://deno.land/x/fresh@1.6.1/src/server/boot.ts:39:11)
at dev (https://deno.land/x/fresh@1.6.1/src/dev/dev_command.ts:58:11)
at eventLoopTick (ext:core/01_core.js:178:11)
at async file:///Users/willweiss/dev/morehumaninternet/virtual-hospitals-africa/dev.ts:8:1
My fresh.config.ts ends like this
export default defineConfig({
port,
plugins: [tailwind()],
cert: "./local-certs/localhost.crt",
key: "./local-certs/localhost.key",
})
export default defineConfig({
port,
plugins: [tailwind()],
cert: "./local-certs/localhost.crt",
key: "./local-certs/localhost.key",
})
While my dev.ts file looks like this
#!/usr/bin/env -S deno run -A --watch=static/,routes/

import dev from '$fresh/dev.ts'
import config from './fresh.config.ts'

import "$std/dotenv/load.ts";

await dev(import.meta.url, './main.ts', config)
#!/usr/bin/env -S deno run -A --watch=static/,routes/

import dev from '$fresh/dev.ts'
import config from './fresh.config.ts'

import "$std/dotenv/load.ts";

await dev(import.meta.url, './main.ts', config)
Even if I try to make a new cert via
openssl req -newkey rsa:2048 -nodes -keyout server.key -x509 -days 365 -out server.crt -subj "/C=US/ST=State/L=City/O=Organization/CN=localhost"
openssl req -newkey rsa:2048 -nodes -keyout server.key -x509 -days 365 -out server.crt -subj "/C=US/ST=State/L=City/O=Organization/CN=localhost"
I see the same issue. I'm running with the following prefix in both cases
DENO_TLS_CA_STORE=system deno run -A --unsafely-ignore-certificate-errors
DENO_TLS_CA_STORE=system deno run -A --unsafely-ignore-certificate-errors
Any help is appreciated!
7 Replies
Deno AI Helper
Deno AI Helper7mo ago
It seems like you're encountering an issue where Deno is unable to find any certificates in the specified cert file when using serveTls. Let's go through some steps to troubleshoot this issue: 1. Check the Certificate and Key Files: Ensure that the certificate and key files are correctly formatted and contain the necessary PEM encoded data. The certificate file should begin with -----BEGIN CERTIFICATE----- and end with -----END CERTIFICATE-----. Similarly, the key file should have -----BEGIN PRIVATE KEY----- and -----END PRIVATE KEY-----. 2. File Paths: Verify that the paths to your certificate and key files are correct. Relative paths can sometimes be tricky, especially when running scripts from different directories. You might want to try using absolute paths to rule out any path resolution issues. 3. File Permissions: Check the permissions of the certificate and key files to ensure that the Deno process has read access to them. 4. Deno Version: Make sure you are using a version of Deno that supports the cert and key options in Deno.listenTls(). According to the documentation, these options were added in Deno 1.20. You can check your Deno version with deno --version. 5. DENO_TLS_CA_STORE: You mentioned using DENO_TLS_CA_STORE=system. This environment variable tells Deno to use the system's root CA store. However, this is not related to the error you're seeing, which is about the server's certificate file. 6. --unsafely-ignore-certificate-errors: This flag disables certificate validation for outgoing connections, such as fetch requests made by your server. It does not affect the loading of your server's certificate and key for serveTls. Be cautious with this flag, as it can make your connections insecure. 7.
Deno AI Helper
Deno AI Helper7mo ago
OpenSSL Command: The command you used to generate a new certificate and key looks correct. However, after generating them, you should verify that the files contain the expected data. If after checking all the above, you're still facing the issue, you might want to try a minimal example to isolate the problem. Here's a basic example from the documentation that you can use to test serveTls:
const cert = await Deno.readTextFile("./local-certs/localhost.crt");
const key = await Deno.readTextFile("./local-certs/localhost.key");

const listener = Deno.listenTls({
hostname: "localhost",
port: 443,
cert,
key,
});

for await (const conn of listener) {
// Handle the connection
}
const cert = await Deno.readTextFile("./local-certs/localhost.crt");
const key = await Deno.readTextFile("./local-certs/localhost.key");

const listener = Deno.listenTls({
hostname: "localhost",
port: 443,
cert,
key,
});

for await (const conn of listener) {
// Handle the connection
}
Replace the paths with the absolute paths to your certificate and key files and run this script to see if serveTls works in isolation. If this script works, the issue might be with how the paths or options are being passed in your actual application
xaio
xaio7mo ago
I had the same issue. It turns out that "cert" and "key" options take not the file path but the contents of the files
rabbit_rabbit
rabbit_rabbit7mo ago
@xaio thanks very much for this info! I tried again with that and am still struggling. I pushed a minimal repro based off the sample project where I'd expect this to serve HTTPS and it's still not. Any ideas? cc @marvinh. who had some context on the other posted issue https://github.com/will-weiss/deno-fresh-certs-repro
Watcher File change detected! Restarting!
config {
plugins: [
{
name: "tailwind",
configResolved: [AsyncFunction: configResolved],
middlewares: [],
buildStart: [AsyncFunction: buildStart]
}
],
server: {
cert: "-----BEGIN CERTIFICATE-----\n" +
"MIIDyzCCArOgAwIBAgIJAMaX7qDdOwAuMA0GCSqGSIb3DQEBCwUAMIGeMQswCQYD\n" +
"VQQGEwJ"... 1275 more characters,
key: "-----BEGIN PRIVATE KEY-----\n" +
"MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQCThucD3xBEj1CW\n" +
"prufDoA"... 1608 more characters
}
}

🍋 Fresh ready
Local: http://localhost:8000/
Watcher File change detected! Restarting!
config {
plugins: [
{
name: "tailwind",
configResolved: [AsyncFunction: configResolved],
middlewares: [],
buildStart: [AsyncFunction: buildStart]
}
],
server: {
cert: "-----BEGIN CERTIFICATE-----\n" +
"MIIDyzCCArOgAwIBAgIJAMaX7qDdOwAuMA0GCSqGSIb3DQEBCwUAMIGeMQswCQYD\n" +
"VQQGEwJ"... 1275 more characters,
key: "-----BEGIN PRIVATE KEY-----\n" +
"MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQCThucD3xBEj1CW\n" +
"prufDoA"... 1608 more characters
}
}

🍋 Fresh ready
Local: http://localhost:8000/
GitHub
GitHub - will-weiss/deno-fresh-certs-repro: Minimal repro for issue...
Minimal repro for issue with fresh not serving HTTPS - GitHub - will-weiss/deno-fresh-certs-repro: Minimal repro for issue with fresh not serving HTTPS
xaio
xaio7mo ago
this is what worked for me - fresh.config.ts: import { defineConfig } from "$fresh/server.ts"; const cert = { key: Deno.readTextFileSync('./cert/server.key'), cert: Deno.readTextFileSync('./cert/server.crt') }; export default defineConfig({ plugins: [ // Plugins here ], server: { cert: cert.cert, key: cert.key, port: 8443, }, });
marvinh.
marvinh.7mo ago
I'm currently on vacation until New Year's Eve.
rabbit_rabbit
rabbit_rabbit7mo ago
Enjoy your holiday! @xaio that worked, thank you! I had put the port outside the server object, so that was what was not working.