问题描述
截至 2021 年 9 月,Lets Encrypt 的旧根证书已过期(请参阅:https://letsencrypt.org/docs/dst-root-ca-x3-expiration-september-2021/).这导致使用 axios 的节点应用程序在使用 LetsEncrypt 证书连接到 API 时失败.它指出证书已过期.由于我的 Linux 系统运行的是 OpenSSL 1.1.1(Lets Encrypt 声明与其新链兼容),我假设 Node 必须使用其捆绑的过时 OpenSSL,它不支持新证书.不幸的是,节点应用程序只能在节点 8.x 上运行(这是通过 npm n 实现的).
As of September 2021, Lets Encrypt's old root certificate expired (see: https://letsencrypt.org/docs/dst-root-ca-x3-expiration-september-2021/). This has caused a node application using axios to fail when connecting to an API with LetsEncrypt cert. It states that the certificate has expired. Since my Linux system is running OpenSSL 1.1.1 (which Lets Encrypt states is compatible with their new chain), my assumption is that Node must be using its bundled out-of-date OpenSSL, which doesn't support the new certificate. Unfortunately, the node application can only be run on node 8.x (which is being accomplished via npm n).
所以问题是:我可以告诉 axios 覆盖/扩展内置的根证书,以使其与 LetsEncrypt 的新链一起正常工作,即使在过时的 Node 版本上运行?
So the question is: can I tell axios to override/extend the builtin root certs, to get it to work properly with LetsEncrypt's new chain, even while running on an out-of-date version of Node?
基于如何配置axios使用SSL证书?,我尝试从 https://letsencrypt.org/certificates/ 下载 ISRG Root X1 pem,并像这样加载它:
Based on How to configure axios to use SSL certificate?, I attempted to download the ISRG Root X1 pem from https://letsencrypt.org/certificates/, and load it up like:
const httpsAgent = new https.Agent({ ca: fs.readFileSync('./isrgrootx1.pem'),
cert: fs.readFileSync('./isrgrootx1.pem') });
//...
const response = await axios.post(fullEndpoint, {httpsAgent});
然而,似乎没有效果——Axios的所有连接仍然失败,说证书已过期.我觉得那一定非常接近解决方案,但没有任何运气.任何指针将不胜感激.
However, it seems to have no effect - all of Axios's connections still fail, saying the cert is expired. I feel like that must be fairly close to the solution, but haven't had any luck. Any pointers would be greatly appreciated.
推荐答案
将此 CA 添加到您的代理 Https 请求.
这是证书 =>https://letsencrypt.org/certs/isrgrootx1.pem.txt
Add this CA to your Agent Https Request.
Here is the cert => https://letsencrypt.org/certs/isrgrootx1.pem.txt
const axios = require('axios')
import {Agent} from 'https';
const ISRGCAs = [`-----BEGIN CERTIFICATE-----
MIIFazCCA1OgAwIBAgIRAIIQz7DSQONZRGPgu2OCiwAwDQYJKoZIhvcNAQELBQAw
TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh
cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMTUwNjA0MTEwNDM4
WhcNMzUwNjA0MTEwNDM4WjBPMQswCQYDVQQGEwJVUzEpMCcGA1UEChMgSW50ZXJu
ZXQgU2VjdXJpdHkgUmVzZWFyY2ggR3JvdXAxFTATBgNVBAMTDElTUkcgUm9vdCBY
MTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAK3oJHP0FDfzm54rVygc
h77ct984kIxuPOZXoHj3dcKi/vVqbvYATyjb3miGbESTtrFj/RQSa78f0uoxmyF+
0TM8ukj13Xnfs7j/EvEhmkvBioZxaUpmZmyPfjxwv60pIgbz5MDmgK7iS4+3mX6U
A5/TR5d8mUgjU+g4rk8Kb4Mu0UlXjIB0ttov0DiNewNwIRt18jA8+o+u3dpjq+sW
T8KOEUt+zwvo/7V3LvSye0rgTBIlDHCNAymg4VMk7BPZ7hm/ELNKjD+Jo2FR3qyH
B5T0Y3HsLuJvW5iB4YlcNHlsdu87kGJ55tukmi8mxdAQ4Q7e2RCOFvu396j3x+UC
B5iPNgiV5+I3lg02dZ77DnKxHZu8A/lJBdiB3QW0KtZB6awBdpUKD9jf1b0SHzUv
KBds0pjBqAlkd25HN7rOrFleaJ1/ctaJxQZBKT5ZPt0m9STJEadao0xAH0ahmbWn
OlFuhjuefXKnEgV4We0+UXgVCwOPjdAvBbI+e0ocS3MFEvzG6uBQE3xDk3SzynTn
jh8BCNAw1FtxNrQHusEwMFxIt4I7mKZ9YIqioymCzLq9gwQbooMDQaHWBfEbwrbw
qHyGO0aoSCqI3Haadr8faqU9GY/rOPNk3sgrDQoo//fb4hVC1CLQJ13hef4Y53CI
rU7m2Ys6xt0nUW7/vGT1M0NPAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNV
HRMBAf8EBTADAQH/MB0GA1UdDgQWBBR5tFnme7bl5AFzgAiIyBpY9umbbjANBgkq
hkiG9w0BAQsFAAOCAgEAVR9YqbyyqFDQDLHYGmkgJykIrGF1XIpu+ILlaS/V9lZL
ubhzEFnTIZd+50xx+7LSYK05qAvqFyFWhfFQDlnrzuBZ6brJFe+GnY+EgPbk6ZGQ
3BebYhtF8GaV0nxvwuo77x/Py9auJ/GpsMiu/X1+mvoiBOv/2X/qkSsisRcOj/KK
NFtY2PwByVS5uCbMiogziUwthDyC3+6WVwW6LLv3xLfHTjuCvjHIInNzktHCgKQ5
ORAzI4JMPJ+GslWYHb4phowim57iaztXOoJwTdwJx4nLCgdNbOhdjsnvzqvHu7Ur
TkXWStAmzOVyyghqpZXjFaH3pO3JLF+l+/+sKAIuvtd7u+Nxe5AW0wdeRlN8NwdC
jNPElpzVmbUq4JUagEiuTDkHzsxHpFKVK7q4+63SM1N95R1NbdWhscdCb+ZAJzVc
oyi3B43njTOQ5yOf+1CceWxG1bQVs5ZufpsMljq4Ui0/1lvh+wjChP4kqKOJ2qxq
4RgqsahDYVvTH9w7jXbyLeiNdd8XM2w9U/t7y0Ff/9yi0GE44Za4rF2LN9d11TPA
mRGunUHBcnWEvgJBQl9nJEiU0Zsnvgc/ubhPgXRR4Xq37Z0j4r7g1SgEEzwxA57d
emyPxgcYxn/eR44/KJ4EBs+lVDR3veyJm+kXQ99b21/+jh5Xos1AnX5iItreGCc=
-----END CERTIFICATE-----`];
const agent = new Agent({ca: ISRGCAs});
axios({
url:'https://URL',
httpsAgent:agent
}).then(res=>{
console.log(res)
})
这篇关于在旧版本的节点上给 Axios LetsEncrypt 的新根证书的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!