如果您需要让 Node 应用程序紧急运行,只需在开头添加这行代码即可。
process.env.NODE_TLS_REJECT_UNAUTHORIZED = '0'
这将完全禁用证书验证。显然,这不是一个可以接受的长期解决方案。
The thing that ultimately solved the problem was restarting the Windows web servers the Node app was communicating with.
I didn't think I would need to do this because my Chrome browser could query the same servers with no problems. There must be some difference between Node and the Chrome Browser. The act of restarting the servers the clients were talking to was enough to get around this difference.
这是我在摸索时想到的更多信息。
让我们加密
Lets Encrypt 最初使用特定的证书作为根证书颁发机构:DST 根 CA X3。其有效期为2000年10月1日至2021年10月1日。它不再有效。
Lets Encrypt 现在使用ISRG 根 X1作为根证书颁发机构。它的有效日期范围为 2015-06-04 至 2035-06-04。如果平台无法识别此根证书颁发机构,它就不会信任 Lets Encrypt。
Node
更新操作系统中的证书存储不会对 NodeJS 平台产生影响。
节点使用硬编码的证书颁发机构列表,定义于节点根证书.h. (See 本自述文件更多细节)。
最新的证书ISRG Root X1
自版本以来一直是 Node 的一部分8.0.0
.
(See 这次提交).
Finally, if you want to write a tiny node application to test if a web request will work: here is one.
const got = require('got');
(async () => {
try {
// Change this to the url you want to test
const url = 'https://letsencrpt.org';
console.log(`Reading from ${url}`);
const response = await got(url);
console.log(response.body);
} catch (error) {
console.log(`error: ${error}`);
if(error.response) {
console.log(error.response.body);
}
}
})();