webpack-encore
webpack-encore copied to clipboard
symfony
'Error: unsupported' when trying to use Symfony pfx certificate
I've used the certificate generated by Symfony with success in the past, but since options.http2 = true is deprecated, I'm trying to adjust my config. But unfortunately, I get an error message.
Webpack config
I've used the example from the documentation without any change:
Encore
// ...
.configureDevServerOptions(options => {
options.server = {
type: 'https',
options: {
pfx: path.join(process.env.HOME, '.symfony5/certs/default.p12')
}
}
})
Error message
$ yarn encore dev-server [webpack-dev-server] SSL certificate: {projectDir}/node_modules/.cache/webpack-dev-server/server.pem [webpack-cli] Error: unsupported at configSecureContext (node:internal/tls/secure-context:279:15) at Object.createSecureContext (node:_tls_common:116:3) at Server.setSecureContext (node:_tls_wrap:1354:27) at Server (node:_tls_wrap:1218:8) at new Server (node:https:74:3) at Object.createServer (node:https:112:10) at Server.createServer ({projectDir}/node_modules/webpack-dev-server/lib/Server.js:2443:57) at Server.initialize ({projectDir}/node_modules/webpack-dev-server/lib/Server.js:1820:10) at Server.start ({projectDir}/node_modules/webpack-dev-server/lib/Server.js:3251:16) at async Command.
({projectDir}/node_modules/@webpack-cli/serve/lib/index.js:159:21) error Command failed with exit code 2.
Versions
Webpack Encore 1.16.1 Node version v19.6.1 webpack-cli 5.0.1 webpack-dev-server 4.11.1 webpack 5.75.0
You can try enabling the legacy openssl providers for nodejs with adding the --openssl-legacy-provider flag to NODE_OPTIONS.
NODE_OPTIONS=--openssl-legacy-provider npm run dev-server
See: https://github.com/nodejs/node/blob/main/doc/changelogs/CHANGELOG_V17.md#openssl-30
Just wondering, what should be the way to fix it? (except passing an option to Node)
Is this something that could be fixed with some kind of "newer" certificates generated by Symfony CLI?
@stof See https://github.com/symfony-cli/cert/issues/4 for more info.
However I don't think using --openssl-legacy-provider is the best solution.
@stof yes possible but far for being trivial so the best course of action is probably to wait for https://github.com/SSLMate/go-pkcs12/pull/47
https://github.com/SSLMate/go-pkcs12/pull/47 has been closed in favor of https://github.com/SSLMate/go-pkcs12/pull/48
SSLMate/go-pkcs12#47 has been closed in favor of SSLMate/go-pkcs12#48
Feature has been merged in upstream library. I opened a PR here: https://github.com/symfony-cli/cert/pull/7
@sarim I'm facing the same issue and I didn't understand the note about upgrading symfony-cli.
I'm not using symfony-cli to execute the server, apparently, just the configureDevServerOptions command that is creating a cert.p12 in the project root. How can I make sure that webpack-encore is using the latest version of symfony-cli?
I'm not that much experienced with Symfony so sorry if I'm asking something that has an obvious answer.
- My
@symfony/webpack-encoreversion:4.6.1 - My
dev-servercommand:"dev-server": "export NODE_OPTIONS=--openssl-legacy-provider && yarn compile-data-model && encore dev-server --hot" - My
configureDevServerOptions:
.configureDevServerOptions((options) => {
options.server = {
type: 'https',
options: {
pfx: 'cert.p12',
},
};
options.allowedHosts = 'all';
})
@BrenoVelasco symfony server:start command creates $HOME/.symfony5/certs/default.p12 file. If you delete this file and symfony will create it again next time. webpack-encore doesn't use symfony-cli, it just uses (if told to via config) the cert file generated by symfony-cli.
If you're using another tool or method to create cert.p12 file in project folder, then that is separate issue and out of scope here. Can't help without more info.