TL;DR: the TLS certificates come from Let’s Encrypt, but it seems node (or one of the packages I’m using to register user sessions/cookies) sees the certificate in my node app as self-signed and throws errors/warnings.
I’m having issues with an express/express-session app while trying to create user sessions. The options are these:
import pgConnect from 'connect-pg-simple';
import session, { SessionOptions } from 'express-session';
const PgStoreGenerator = pgConnect(session);
const sessionStore = new PgStoreGenerator({
conString: getEnv('DATABASE_URL'),
tableName: 'user_sessions',
createTableIfMissing: true,
});
const sessionOptions: SessionOptions = {
store: sessionStore,
name: getEnv('SESSION_NAME'),
secret: getEnv('SESSION_SECRET')!,
resave: false,
saveUninitialized: false,
cookie: {
secure: true,
httpOnly: true,
maxAge: +getEnv('SESSION_MAXAGE')! * 1000,
sameSite: 'none',
},
};
A setup similar to this one has worked in railway.app, but in here I get errors while session table is pruned (happens automatically, I believe) and when attempting to send cookies to the client:
Apr 26 11:17:13 PM Failed to prune sessions: self-signed certificate
Apr 26 11:18:05 PM Error: self-signed certificate
Apr 26 11:18:05 PM at TLSSocket.onConnectSecure (node:_tls_wrap:1540:34)
Apr 26 11:18:05 PM at TLSSocket.emit (node:events:513:28)
Apr 26 11:18:05 PM at TLSSocket._finishInit (node:_tls_wrap:959:8)
Apr 26 11:18:05 PM at ssl.onhandshakedone (node:_tls_wrap:743:12)
I’m really not sure where to begin seeking help because it may be an issue with one of the libs (I’m opening issues in their respective repositories), but I thought I’d come here too since it didn’t happen when I had a similar app on railway.
Any and all suggestions are very welcome. Thanks! =]