I have a webserver running on HTTPS with a letsencrypt certificate and a client on node that connects to it via socket.io. This has been working for a good while, but on 11. January 2021 letsencrypt updated the certificate (as it has done for several years now, successfully) and since then I'm getting an error on the socket.io client.
Error: xhr poll error
at XHR.Transport.onError (.
ode_modulesengine.io-clientlibransport.js:68:13)
at Request.<anonymous> (.
ode_modulesengine.io-clientlibransportspolling-xhr.js:132:10)
at Request.Emitter.emit (.
ode_modulescomponent-emitterindex.js:145:20)
at Request.onError (.
ode_modulesengine.io-clientlibransportspolling-xhr.js:314:8)
at Timeout._onTimeout (.
ode_modulesengine.io-clientlibransportspolling-xhr.js:261:18)
at listOnTimeout (internal/timers.js:554:17)
at processTimers (internal/timers.js:497:7) {
type: 'TransportError',
description: 503
}
When debugging, the underlying error is
code:'UNABLE_TO_VERIFY_LEAF_SIGNATURE'
message:'unable to verify the first certificate'
stack:'Error: unable to verify the first certificate
at TLSSocket.onConnectSecure (_tls_wrap.js:1502:34)
at TLSSocket.emit (events.js:314:20)
at TLSSocket._finishInit (_tls_wrap.js:937:8)
at TLSWrap.ssl.onhandshakedone (_tls_wrap.js:711:12)
at TLSWrap.callbackTrampoline (internal/async_hooks.js:126:14)'
I have tried updating nodejs (from 8 to 12 and then 14), even tried
process.env["NODE_TLS_REJECT_UNAUTHORIZED"] = 0;
, didn't work.
The only thing that worked was passing {rejectUnauthorized: false}
to the socket.io client. Which obviously shouldn't be a permanent solution. Opening the website in a browser (chrome, firefox) does not give any errors.
I'm on Windows, server is on linux. client has socket.io-client of version 2.4.0.
Has letsencrypt changed something that isn't supported by socket.io 2.x? Do I have to upgrade to 3? (Server and client?) Or did something break at letsencrypt side? Anyone else experiencing similar problems?