Setting up SSL on your VM
How to add an SSL certificate to your express js app
Having an ssl certificate for your web app is quite crucial these days from
a security as well as a optimisation point of view. Most often you will be able to setup
A ssl certificate easily through your web host. But if you are like me you use cloud VPN’s
And create Virtual Machines that you deploy your apps or api’s to and usually they don’t make it very
simple to do. Luckily for us there is Lets Encrypt created a free software tool called certbot, which makes
adding an ssl certificate to your app quite painless.
For this tutorial we will require the following:
1 . A Virtual Machine running debian-9-stretch-v20190729 image
with nodejs and npm installed, for this tutorial I set up one on Google Cloud known as a Compute Engine (****check out this article if you need help to set one up)
2 . A domain name (yourdomain.com) or a subdomain (subdomain.yourdomain.com) pointed to your Virtual Machines External IP
3 . An ExpressJS app running on your Virtual Machine (Follow along with this article to set one up)
Step 1:
SSH into your virtual machine as a user with sudo privileges
Step 2:
Add the Certbot PPA to your list of repositories by running the following commands:
- sudo apt-get update
- sudo apt-get install software-properties-common
- sudo add-apt-repository universe
- sudo add-apt-repository ppa:certbot/certbot
- sudo apt-get update
Step 3:
Install certbot with the following command:
sudo apt-get install certbot
Step 4:
At this point make sure that your app is not running , stop it if it is running and run the following command:
sudo certbot certonly — standalone
Certbot will then get to work provisioning and installing your certificate, it will prompt you to enter
The domain name you wish to obtain a certificate for (yourdoman.com or subdomain.yourdomain.com) do
Not add any protocols here(http/https) only the domain name your domain.com or subdomain.yourdomain.com).
It will also prompt you to enter a email address and to accept the terms of use and weather you would like
To opt-in to a mailing list.
Step 5:
Once step 4 completes you can test out the renewal of your ssl certicfate by doing a dry run with the following command:
sudo certbot renew — dry-run
Your ssl certificate is now installed and ready for use, but before you can use the https protocol you need to follow Step 6 to update
Your App to be able to make use of it. But before you continue make a note of where your key and certificate files are stored as you will
Need this in the next step.
Step 6:
Still in the ssh terminal we are going to use nano to update the startup script, this will be
Which ever you have named it to either server.js or index.js or what ever name you gave it when
You created your ExpressJS app.
Run the following to open the nano editor in your terminal:
sudo nano your file.js
Paste the following at the top before “const express = require(‘express’)”
const fs = require(‘fs’)
const https = require(‘https’)
Then at the bottom of the file paste:
https.createServer({
key: fs.readFileSync(‘/etc/letsencrypt/path/to/key.pem’),
cert: fs.readFileSync(‘/etc/letsencrypt/path/to/cert.pem’),
ca: fs.readFileSync(‘/etc/letsencrypt/path/to/chain.pem’)
}, app).listen(443, () => {
console.log(‘Listening…’)
})
Save the file by pressing ctrl + o and enter, then exit nano with ctrl + x
Step 7:
Start up your express app and visit your app in your browser using the https protocol.
You should now see your app load over https and working as usual.
