Fenghe's Blog

WSS(Secure Websockt) – Fix NET::ERR_CERT_REVOKED using certbot

This is because you do not have a proper certificate as in the case of HTTPS. To quickly solve it you can use the certbot. In this post, I will just show how I solved the issue with my specific config.

Environment

Server: Ubuntu 18.04 LTS

WSS Server

The server is written in Python.

import asyncio
import json
import logging
import websockets
import ssl
import pathlib

logging.basicConfig()

USERS = set()


async def register(websocket):
    USERS.add(websocket)
    # await notify_users()


async def unregister(websocket):
    USERS.remove(websocket)


async def deploy_service(websocket, path):
    await register(websocket)
    try:
        # await websocket.send()
        async for message in websocket:
            data = json.loads(message)
            print(data)
            await websocket.send('data received')

    finally:
        await unregister(websocket)


ssl_context = ssl.SSLContext(ssl.PROTOCOL_TLS_SERVER)
localhost_pem = pathlib.Path(__file__).with_name("localhost.pem")
ssl_context.load_cert_chain(localhost_pem)

start_server = websockets.serve(deploy_service, 'deploy.blogdiy.net', 6789, ssl=ssl_context)
asyncio.get_event_loop().run_until_complete(start_server)
asyncio.get_event_loop().run_forever()

WSS Client

This is embedded inside the WordPress footer using the Insert Headers and Footers WordPress plugin.

Result Output

If the configuration is right, you should see the following output in the javascript console of the browser if supported.

My Solution

Follow the steps in

In the 4th step, use

$ sudo certbot certonly --standalone

My localhost.pem is formed by appending the fullchain.pem to privkey.pem.

It is in the format of

-----BEGIN PRIVATE KEY-----
// private key
-----END PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
// certifacate 1
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
// certificate 2
-----END CERTIFICATE-----

References

  1. https://bbs.csdn.net/topics/392340267
  2. https://certbot.eff.org/lets-encrypt/ubuntubionic-other

Leave a Reply

Your email address will not be published. Required fields are marked *