Updating a Node-RED Certificate

Time Flies!

It’s been almost a year since I posted Exposing Node-RED to the Internet. In that post, I talk about how I exposed a Node-RED dashboard to the internet. As part of that process, I configured Node-RED to work with a TLS/SSL certificate. Having been a year since I initially obtained my certificate, it recently expired, so it’s now time to renew the certificate for my Node-RED instance.

As an aside, I purchased my .app domain through GoDaddy, which includes a free TLS/SSL certificate (not sure if GoDaddy will always have this deal).

While it’s not an overly complicated process to update the certificate for Node-RED – it takes only a few steps – I thought I would go ahead and document the steps I followed in case it is helpful to someone else.

Let’s Renew Our Certificate

Step 1: Download Updated Certificate

As I mentioned above, I originally obtained my SSL certificate as part of the process of purchasing my .app domain through GoDaddy. As my certificate neared expiration, GoDaddy already had my new certificate ready to go. All I had to do was sign into GoDaddy, and:

Go to the SSL Certificates page:

SSL certificates menu option

Select the desired domain:

Select desired domain

Download the updated certificate ZIP file:

Download ZIP file

If you are not using GoDaddy, following the process provided by your certificate issuer to download the latest version of your certificate.

Step 2: Replace Certificate File for Node-RED

The ZIP file provided by GoDaddy has three files in it as shown here:

Certificate ZIP file

The file I need is the second one – 908820146cd5bdc7.pem.

In my case, I want to get this file from my Windows laptop to my Raspberry Pi that is running Node-RED.

It is worth mentioning here that if you download the certificate directly onto your Raspberry Pi, you can skip the next step (copying from Windows to Raspberry Pi).

Copy Certificate from Windows to Raspberry Pi

The easiest way I’ve found to copy a file from Windows onto my Raspberry Pi (without resorting to copying files to-and-from USB drives) is to use the scp command. For example, I used the following command to copy the .pem file shown above to my Raspberry Pi:

C:\Downloads>scp 908820146cd5bdc7.pem pi@raspberrypi:~/.node-red/mycert.pem

The above command will ask for the ssh password for your Raspberry Pi and will then copy the file to the destination folder provided. In my case, I copied it directly to the .node-red folder overwriting the expired certificate file.

Step 3: Restart Node-RED Service

With the new certificate installed, all that is left to do is restart the Node-RED service:

node-red-restart

And that’s it! The new certificate is now good for another year.

Summary

Although GoDaddy does send me a reminder that my certificate is expiring, I still find it a good practice to set a reminder to help ensure I update the certificate before it actually expires to prevent the site from being unavailable.

Finally, as alluded to above, if you are looking to add a certificate to your Node-RED setup for the first time, refer back to my first post on this topic: Exposing Node-RED to the Internet.

Thanks!

Related Articles

You might find these Node-RED articles interesting:

Leave a Reply

Related Posts