Node.js Setup
For Node.js applications serving HTTPS directly or managed by PM2.
If Nginx, Apache, LiteSpeed, or a load balancer is in front of Node.js, install the certificate there and proxy traffic to Node.js.
1. Set Variables
bash
export DOMAIN="example.com"
export EMAIL="[email protected]"
export WEBROOT="/var/www/example.com/public"
export ACME_SERVER="your Server URL"
export EAB_KID="your EAB MAC ID"
export EAB_HMAC_KEY="your EAB MAC key"
export CERT_DIR="/etc/ssl/12ssl/$DOMAIN"WEBROOT must be reachable over HTTP for ACME validation.
2. Install and Register acme.sh
bash
curl https://get.acme.sh | sh
source ~/.bashrc 2>/dev/null || source ~/.zshrc 2>/dev/null || true
~/.acme.sh/acme.sh --register-account \
--server "$ACME_SERVER" \
--eab-kid "$EAB_KID" \
--eab-hmac-key "$EAB_HMAC_KEY" \
--accountemail "$EMAIL"3. Issue the Certificate
bash
~/.acme.sh/acme.sh --issue \
-d "$DOMAIN" \
-w "$WEBROOT" \
--server "$ACME_SERVER"4. Install the Certificate
bash
sudo mkdir -p "$CERT_DIR"
sudo ~/.acme.sh/acme.sh --install-cert -d "$DOMAIN" \
--key-file "$CERT_DIR/privkey.pem" \
--fullchain-file "$CERT_DIR/fullchain.pem" \
--reloadcmd "pm2 reload all || systemctl restart node-app"5. Node.js HTTPS Example
js
import fs from 'node:fs'
import https from 'node:https'
import app from './app.js'
const options = {
key: fs.readFileSync('/etc/ssl/12ssl/example.com/privkey.pem'),
cert: fs.readFileSync('/etc/ssl/12ssl/example.com/fullchain.pem')
}
https.createServer(options, app).listen(443)6. Check
bash
curl -I "https://$DOMAIN"
~/.acme.sh/acme.sh --cron --home ~/.acme.sh