How to configure an SSL certificate for an application that runs in Express?

Question

I'm trying to configure the Express server I have created, to pass the SSL certificate and go from http to https.

I read the Express documentation but I can not find the solution. They proposed things to me like Lets Encrypt but it does not support Node.js I do not know if I should modify the hosts file, which I already modified to run the application, or what I have to do. I saw a form, but it only works on Unix system. I show the way in which I have configured the file of the server in case they can help me, it took three days looking for ways to do it without success. The ones I saw do not support Node.js. Thank you

I EDIT THE QUESTION: Sorry for not including more details, the question is that my application is not in production and my domain is provisional: michaelgram.test. I think that with that Lets Encrypt does not grant me the certificates. I do not know what else to do.The issue is that the application is hosted locally, on my computer

I edit again: Forgive, forget to say that my purpose is to create the certificate for an application in which you can make the registration to Facebook and tried the methods that my colleagues kindly offered, but it did not work, thanks to the new facebook policy. If you have another idea, then my domain would be michaelgram.test thank you and forgive the inconvenience, for not doing well the question.

 let express = require('express'); let aws = require('aws-sdk'); let multer = require('multer'); let multerS3 = require('multer-s3'); let ext = require('file-extension'); let cookieParser = require('cookie-parser'); let bodyParser = require('body-parser'); let expressSession = require('express-session'); let passport = require('passport'); let michaelgram = require('michaelgram-client'); let auth = require('./auth') let config = require('./config'); let port = process.env.PORT || 5050; let client = michaelgram.createClient(config.client); let s3 = new aws.S3({ accessKeyId: config.aws.accessKey, secretAccessKey: config.aws.secretKey }); let storage = multerS3({ s3: s3, bucket: 'michaelgram', acl: 'public-read', metadata: function (req, file, cb) { cb(null, { fieldName: file.fieldname }) }, key: function (req, file, cb) { cb(null, +Date.now() + '.' + ext(file.originalname)) } }); let upload = multer({ storage: storage }).single('picture'); let app = express(); app.use(bodyParser.json()); app.use(bodyParser.urlencoded({ extended: false })); app.use(cookieParser()); app.use(expressSession({ secret: config.secret, resave: false, saveUninitialized: false })) app.use(passport.initialize()) app.use(passport.session()) app.set('view engine', 'pug'); app.use(express.static('public')); passport.use(auth.localStrategy); passport.use(auth.facebookStrategy); passport.deserializeUser(auth.deserializeUser); passport.serializeUser(auth.serializeUser); app.get('/', function (req, res) { res.render('index', { title: 'Michaelgram' }); }) app.get('/signup', function (req, res) { res.render('index', { title: 'Michaelgram - Signup' }); }) app.post('/signup', function (req, res) { let user = req.body; client.saveUser(user, function (err, usr) { if (err) return res.status(500).send(err.message) debugger res.redirect('/signin'); }); }); app.get('/signin', function (req, res) { res.render('index', { title: 'Michaelgram - Signin' }); }) app.post('/login', passport.authenticate('local', { successRedirect: '/', failureRedirect: '/signin' })); app.get('/auth/facebook', passport.authenticate('facebook', { scope: 'email' })); app.get('/auth/facebook/callback', passport.authenticate('facebook', { successRedirect: '/', failureRedirect: '/signin' })); function ensureAuth (req, res, next) { if (req.isAuthenticated()) { return next() } res.status(401).send({ error: 'not authenticated' }) } app.get('/api/pictures', function (req, res, next) { let pictures = [ ]; setTimeout(function () { res.send(pictures); }, 2000) }); app.post('/api/pictures', ensureAuth,function (req, res) { upload(req, res, function (err) { if (err) { return res.send(500, "Error uploading file"); } res.send('File uploaded'); }) }) app.get('/api/user/:username', (req, res) => { const user = { username: 'miguelito', avatar: '', pictures: [ ] } res.send(user); }) app.get('/:username', function (req, res) { res.render('index', { title: `Michaelgram - ${req.params.username}` }); }) app.get('/:username/:id', function (req, res) { res.render('index', { title: `Michaelgram - ${req.params.username}` }); }) app.listen(port, function (err) { if (err) return console.log('Hubo un error'), process.exit(1); console.log('Michaelgram escuchando en el puerto 5050'); }) 

Answer 1

Once you have your key and crt ready you just launch the app with reference to them. These names just came using letsencrypt's default naming.

var options = {
    key: fs.readFileSync(__dirname + '/components/ssl/privkey.pem'),
    cert: fs.readFileSync(__dirname + '/components/ssl/fullchain.pem')
};
server = require('https').createServer(options, app);

Answer 2

When you're securing a web server with TLS you need two things:

• private_key
• server_certificate

To your first point, Lets Encrypt is a service that will support exactly what you're trying to do. The service they provide allows you to generate a trusted key and certificate which secures traffic on the server AS WELL AS let's others know that it was signed by a trusted cert authority. See https://letsencrypt.org/how-it-works/

If you JUST want tls you can generate a self signed certificate like so: https://www.akadia.com/services/ssh_test_certificate.html

After you have your certificate and your key here is the https configuration for the server:

var https = require('https');
var fs = require('fs');
var express = require('express');

var options = {
    key: fs.readFileSync('/etc/apache2/ssl/server.key'),
    cert: fs.readFileSync('/etc/apache2/ssl/server.crt'),
    requestCert: false,
    rejectUnauthorized: false
};


var app = express();

var server = https.createServer(options, app).listen(3000, function(){
    console.log("server started at port 3000");
});

See: create a trusted self-signed SSL cert for localhost (for use with Express/Node)