Unable to connect to secure websocket

Posted August 2, 2018 8.4k views
Node.jsDeploymentLet's EncryptUbuntu 16.04JavaScript

Hi! I’m having trouble setting up my WebSocket server in Digital Ocean.

I’m changing my actual domain name for for the question’s sake.

I basically have a NodeJs WebSocket server that I’m trying to connect to a react app I’m hosting at Heroku. I’m getting the following error when attempting to connect:

WebSocket connection to 'wss://' failed: Error during WebSocket handshake: Unexpected response code: 200

Here’s my server entry code:

        const PORT = process.env.PORT || 8080
        const privateKey = fs.readFileSync('/etc/letsencrypt/live/', 'utf-8')
        const certificate = fs.readFileSync('/etc/letsencrypt/live/', 'utf-8')
        const credentials = { key: privateKey, cert: certificate }

        const server = express()
        const httpsServer = https.createServer(credentials, server)

        this.wss = new WebSocket.Server({ server: httpsServer })

I used cert-bot to secure my connection, as for Heroku is obligatory. So here’s my nginx default config file, located at /etc/nginx/sites-available/default

server {

        # SSL configuration
        # listen 443 ssl default_server;
        # listen [::]:443 ssl default_server;
        # Note: You should disable gzip for SSL traffic.
        # See:
        # Read up on ssl_ciphers to ensure a secure configuration.
        # See:
        # Self signed certs generated by the ssl-cert package
        # Don't use them in a production server!
        # include snippets/snakeoil.conf;

        root /var/www/html;

        # Add index.php to the list if you are using PHP
        index index.html index.htm index.nginx-debian.html;


        location / {
                # First attempt to serve request as file, then
                # as directory, then fall back to displaying a 404.
                try_files $uri $uri/ =404;

        # pass PHP scripts to FastCGI server
        #location ~ \.php$ {
        # include snippets/fastcgi-php.conf;
        # # With php-fpm (or other unix sockets):
        # fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
        # # With php-cgi (or other tcp sockets):
        # fastcgi_pass;

        # deny access to .htaccess files, if Apache's document root
        # concurs with nginx's one
        #location ~ /\.ht {
        # deny all;

    listen [::]:443 ssl ipv6only=on; # managed by Certbot
    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

I also changed a bit my UFW config. Here’s the output to sudo ufw status

Nginx Full                 ALLOW       Anywhere                  
22/tcp                     ALLOW       Anywhere                  
Nginx Full (v6)            ALLOW       Anywhere (v6)             
22/tcp (v6)                ALLOW       Anywhere (v6)             

Just to be clear, I’m NOT using for real. I just changed it in the current question for privacy concerns, :D

Hope anyone can point me in the right direction. Not really sure where I’m going wrong.

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Submit an Answer
1 answer

Maybe you already figure out. But just in case, there is no certificate needed on node.js server. Just configure certificates on nginx. Thought these http and web sockets are same.