rabbit_rabbit
rabbit_rabbit8mo ago

InvalidData: No certificates found in cert file

Hello! Following up from a previous help post here, https://discord.com/channels/684898665143206084/1182742873670701078 I had been running against serveTls with these .crt and .key files, but now I'm seeing 
error: Uncaught (in promise) InvalidData: No certificates found in cert file
    await Deno.serve(
               ^
    at listenTls (ext:deno_net/02_tls.js:72:40)
    at Object.serve (ext:deno_http/00_serve.js:593:16)
    at bootServer (https://deno.land/x/fresh@1.6.1/src/server/boot.ts:78:16)
    at startServer (https://deno.land/x/fresh@1.6.1/src/server/boot.ts:39:11)
    at dev (https://deno.land/x/fresh@1.6.1/src/dev/dev_command.ts:58:11)
    at eventLoopTick (ext:core/01_core.js:178:11)
    at async file:///Users/willweiss/dev/morehumaninternet/virtual-hospitals-africa/dev.ts:8:1
error: Uncaught (in promise) InvalidData: No certificates found in cert file
    await Deno.serve(
               ^
    at listenTls (ext:deno_net/02_tls.js:72:40)
    at Object.serve (ext:deno_http/00_serve.js:593:16)
    at bootServer (https://deno.land/x/fresh@1.6.1/src/server/boot.ts:78:16)
    at startServer (https://deno.land/x/fresh@1.6.1/src/server/boot.ts:39:11)
    at dev (https://deno.land/x/fresh@1.6.1/src/dev/dev_command.ts:58:11)
    at eventLoopTick (ext:core/01_core.js:178:11)
    at async file:///Users/willweiss/dev/morehumaninternet/virtual-hospitals-africa/dev.ts:8:1
My fresh.config.ts ends like this 
export default defineConfig({
  port,
  plugins: [tailwind()],
  cert: "./local-certs/localhost.crt",
  key: "./local-certs/localhost.key",
})
export default defineConfig({
  port,
  plugins: [tailwind()],
  cert: "./local-certs/localhost.crt",
  key: "./local-certs/localhost.key",
})
While my dev.ts file looks like this 
#!/usr/bin/env -S deno run -A --watch=static/,routes/

import dev from '$fresh/dev.ts'
import config from './fresh.config.ts'

import "$std/dotenv/load.ts";

await dev(import.meta.url, './main.ts', config)
#!/usr/bin/env -S deno run -A --watch=static/,routes/

import dev from '$fresh/dev.ts'
import config from './fresh.config.ts'

import "$std/dotenv/load.ts";

await dev(import.meta.url, './main.ts', config)
Even if I try to make a new cert via 
openssl req -newkey rsa:2048 -nodes -keyout server.key -x509 -days 365 -out server.crt -subj "/C=US/ST=State/L=City/O=Organization/CN=localhost"
openssl req -newkey rsa:2048 -nodes -keyout server.key -x509 -days 365 -out server.crt -subj "/C=US/ST=State/L=City/O=Organization/CN=localhost"
I see the same issue. I'm running with the following prefix in both cases 
DENO_TLS_CA_STORE=system deno run -A --unsafely-ignore-certificate-errors
DENO_TLS_CA_STORE=system deno run -A --unsafely-ignore-certificate-errors
Any help is appreciated!
7 Replies
Deno AI Helper
Deno AI Helper8mo ago
It seems like you're encountering an issue where Deno is unable to find any certificates in the specified cert file when using serveTls. Let's go through some steps to troubleshoot this issue: 1. Check the Certificate and Key Files: Ensure that the certificate and key files are correctly formatted and contain the necessary PEM encoded data. The certificate file should begin with -----BEGIN CERTIFICATE----- and end with -----END CERTIFICATE-----. Similarly, the key file should have -----BEGIN PRIVATE KEY----- and -----END PRIVATE KEY-----. 2. File Paths: Verify that the paths to your certificate and key files are correct. Relative paths can sometimes be tricky, especially when running scripts from different directories. You might want to try using absolute paths to rule out any path resolution issues. 3. File Permissions: Check the permissions of the certificate and key files to ensure that the Deno process has read access to them. 4. Deno Version: Make sure you are using a version of Deno that supports the cert and key options in Deno.listenTls(). According to the documentation, these options were added in Deno 1.20. You can check your Deno version with deno --version. 5. DENO_TLS_CA_STORE: You mentioned using DENO_TLS_CA_STORE=system. This environment variable tells Deno to use the system's root CA store. However, this is not related to the error you're seeing, which is about the server's certificate file. 6. --unsafely-ignore-certificate-errors: This flag disables certificate validation for outgoing connections, such as fetch requests made by your server. It does not affect the loading of your server's certificate and key for serveTls. Be cautious with this flag, as it can make your connections insecure. 7.
Deno AI Helper
Deno AI Helper8mo ago
OpenSSL Command: The command you used to generate a new certificate and key looks correct. However, after generating them, you should verify that the files contain the expected data. If after checking all the above, you're still facing the issue, you might want to try a minimal example to isolate the problem. Here's a basic example from the documentation that you can use to test serveTls: 
const cert = await Deno.readTextFile("./local-certs/localhost.crt");
const key = await Deno.readTextFile("./local-certs/localhost.key");

const listener = Deno.listenTls({
  hostname: "localhost",
  port: 443,
  cert,
  key,
});

for await (const conn of listener) {
  // Handle the connection
}
const cert = await Deno.readTextFile("./local-certs/localhost.crt");
const key = await Deno.readTextFile("./local-certs/localhost.key");

const listener = Deno.listenTls({
  hostname: "localhost",
  port: 443,
  cert,
  key,
});

for await (const conn of listener) {
  // Handle the connection
}
Replace the paths with the absolute paths to your certificate and key files and run this script to see if serveTls works in isolation. If this script works, the issue might be with how the paths or options are being passed in your actual application
Helpful Links: Deno 1.13 Release Notes Deno 1.20 Release Notes Writing tests | Fresh docs Web Streams at the Edge
xaio
xaio8mo ago
I had the same issue. It turns out that "cert" and "key" options take not the file path but the contents of the files
rabbit_rabbit
rabbit_rabbit8mo ago
@xaio thanks very much for this info! I tried again with that and am still struggling. I pushed a minimal repro based off the sample project where I'd expect this to serve HTTPS and it's still not. Any ideas? cc @marvinh. who had some context on the other posted issue https://github.com/will-weiss/deno-fresh-certs-repro 
Watcher File change detected! Restarting!
config {
  plugins: [
    {
      name: "tailwind",
      configResolved: [AsyncFunction: configResolved],
      middlewares: [],
      buildStart: [AsyncFunction: buildStart]
    }
  ],
  server: {
    cert: "-----BEGIN CERTIFICATE-----\n" +
      "MIIDyzCCArOgAwIBAgIJAMaX7qDdOwAuMA0GCSqGSIb3DQEBCwUAMIGeMQswCQYD\n" +
      "VQQGEwJ"... 1275 more characters,
    key: "-----BEGIN PRIVATE KEY-----\n" +
      "MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQCThucD3xBEj1CW\n" +
      "prufDoA"... 1608 more characters
  }
}

 🍋 Fresh ready
    Local: http://localhost:8000/
Watcher File change detected! Restarting!
config {
  plugins: [
    {
      name: "tailwind",
      configResolved: [AsyncFunction: configResolved],
      middlewares: [],
      buildStart: [AsyncFunction: buildStart]
    }
  ],
  server: {
    cert: "-----BEGIN CERTIFICATE-----\n" +
      "MIIDyzCCArOgAwIBAgIJAMaX7qDdOwAuMA0GCSqGSIb3DQEBCwUAMIGeMQswCQYD\n" +
      "VQQGEwJ"... 1275 more characters,
    key: "-----BEGIN PRIVATE KEY-----\n" +
      "MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQCThucD3xBEj1CW\n" +
      "prufDoA"... 1608 more characters
  }
}

 🍋 Fresh ready
    Local: http://localhost:8000/
GitHub
GitHub - will-weiss/deno-fresh-certs-repro: Minimal repro for issue...
Minimal repro for issue with fresh not serving HTTPS - GitHub - will-weiss/deno-fresh-certs-repro: Minimal repro for issue with fresh not serving HTTPS
xaio
xaio8mo ago
this is what worked for me - fresh.config.ts: import { defineConfig } from "$fresh/server.ts"; const cert = { key: Deno.readTextFileSync('./cert/server.key'), cert: Deno.readTextFileSync('./cert/server.crt') }; export default defineConfig({ plugins: [ // Plugins here ], server: { cert: cert.cert, key: cert.key, port: 8443, }, });
marvinh.
marvinh.8mo ago
I'm currently on vacation until New Year's Eve.
rabbit_rabbit
rabbit_rabbit8mo ago
Enjoy your holiday! @xaio that worked, thank you! I had put the port outside the server object, so that was what was not working.
More Posts
Cannot use deno prompt when in windows CMDIt only works in the VSCode integrated terminal? I have added some output around the run command, buStreaming large files with fetch and FormDataHi, I'm trying to find a way to build multiplart/form-data requests in Deno that contain large filesIf I want to integrate a fully featured Deno runtime into my application, where do I start?I want to create a scripting environment for my application that will enable people to create customTrying to deploy a project on Deno Deploy with a private Github repository dependencyBy reading the docs at https://docs.deno.com/runtime/manual/basics/modules/private I found that I caHow can I make sure the code gets run on the client-side??!```tsx import { useEffect, useState } from "preact/hooks"; export default function Callback() { VSCode + Deno + Vite + TypescriptJust setup a project with `create-vite-extra` but all the starter files are full of typescript errorMemory LimitHello guys, in some situations i'am receiving one of the following error message `dd-hard-memory-limGoogle CalendarHi! I am looking for a minimal example how to access google calendar API. I already obtained credenI can't access my deno cloud github accountPlease help, by mistake I converted my personal github account to an organization account, and now IUploaded a module, need help!I uploaded my module: https://deno.land/x/vipps_mobilepay_sdk@0.0.1 But then I realised that I shoul