Unhandled 'error' event with self-signed TLS certificate on node:http2 and wget

I created a simple HTTPS server with node:http2 package and self-signed certificate. This is a code for this app server:

import {createSecureServer} from 'node:http2';import {readFileSync} from 'node:fs';try {    const server = createSecureServer({        key: readFileSync('secure.key'),        cert: readFileSync('secure.pem')    });    server.on('request', (req, res) => {        req.on('error', (err) => {            console.error('Request error:', err);            res.statusCode = 500;            res.end('Internal Server Error');        });        res.on('error', (err) => {            console.error('Response error:', err);        });        res.statusCode = 200;        res.end('Hello World');    });    server.on('error', (err) => {        console.error('Server error:', err);    });    server.listen(8443, () => {        console.log('Server listening on port 8443');    });} catch (e) {    console.error(e);}

This is the key (secure.key):

-----BEGIN PRIVATE KEY-----MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDLBMEDahug/X350sMCZ14NRTThdZtw5zzjx+HdxIdos7UXNECn7fOUS/p2eIRqHqPDFK68koZbirnjnsYH7NNai+ZFyKWm6ZB3xqoU9FqYQEb41xqckNxe+HFUpNyxluDhXEZpHehJMUpcYfV99mIpHftabyzS7Se630T+/E56Y6zRckRr0IR6zsOyPBG5QJ8Y7OtHY9U2Qnynb1lIG3ETgBKwvfZiqTKzm4Rghjki/077RDfZQir3bq2B+tERa0OAWtiJHrU/928R4TY24/J9qG2sYALZohdzmUqTX6tRcb+upWvz0gsgUZ4osKCH80WVvsY96honoIp0Ujfswe1BAgMBAAECggEAA1pSabZbOx8Um9ycNdzz06+ck6CimYxoGAbutv/jkJoZ19vtZBiXmOUMVN/hUp4A7FwvapPXk4lzT8wJJIuyYzYY7nbFguqBOp6ATpTz2LyEWjW14yINUaWJZvF2EkTAoALVyC9N7RowSohKSp3tZGpyApNVdSz6JqmV9R7A7l/RgJaWa7b4oanQtF5TUunVYT3qA1G6UBdA+w0ecQmRlFvF57zohPKWjH1WFJ9ZNhNKfTLOwMFMzBfVlJGia2hyObptcChoohL53tVW8mzorWizGWVGrhWdkKa/WTSrje1ZL8dJRokJ9Oinb61JEIVxP3AThDbypSvlf+AcaKo4cQKBgQDbBZvop254teHkbKzADk4T62cYJ+H/HJN2za+jXZhKQNIxJtcceuE7zMyyqxmZtMEz78p+TVfOMLFms/JSewQkVqXOQrJE/oT+rT7ruFpK223IMTv8girD3KZERr3PAiLooQUgbuFaSGJNpSo/AT0hjGbJhNo1XkThlFq0JpKVVQKBgQDtS3YXGmLAo/FHdRguw1nqPlNOOBaej0LBgFGH1dpxB9BuJprdkPNeKo9z+a3JHdzWuxC3/ooLZbFy3GkUJAjp0xAkZBq6kXw6gp+BL/dg6oRShEbGtbD2zu6cCAkK6/1yvHb4EVy+48Y8LFAKh8YzSAZ5spDpkVS4dfAJToL4PQKBgQCHHYi3GENQeHQopNpViP2l0D1Da6dB6HEYg39s+tpuRFrnM5zU1wGIEKnfNyqN5jKiRbXYAQLAEs3+G9jMBVPizwlumzq60YFeU6ZTaOFa+M9bBvSIrAyR09dGm5WQ1TKP7HXrMjwXpDvwxomvYKZDwgfPHgQ3lDZOK2VhacJYGQKBgDaMByxOY273AKq1bwao301qYEn1uLVgJy9F6Pf5n8olyrLXavgNrvPxgqJdPaail7ZAsBorh94Q1Vaa9gisM+RUITzMShyi/tSQXEwdE5eSsTIqt/5Lm89QSCdT7Yg2MT+jtRFXJGO5BkOkyA1zoor9PofRFWCriLcSXUg2ZQLdAoGAbwEnOxBpooLijkjFm+MGixlpJlZMwbRzpEbgK0jZEMD/EwgaTzUkONRHRn6PqFSR6TrHcyiCMirJnSm/JMfU3z4det1jfnhq0tLzrX23yN0czmVrmUvLTUYavpnfFInqL9dOaeL3XMt1D7Z5gV0VzSxA665AH83sRJ8gWQD8zBs=-----END PRIVATE KEY-----

This is the cert (secure.pem):

-----BEGIN CERTIFICATE-----MIIDqTCCApGgAwIBAgIUDYaX/OYsGsGKMqnlKalSCiQnM7wwDQYJKoZIhvcNAQELBQAwZDELMAkGA1UEBhMCTFYxDTALBgNVBAgMBFJpZ2ExETAPBgNVBAcMCEJvbGRlcmF5MREwDwYDVQQKDAhUZXN0IEJvdDEgMB4GA1UEAwwXZ3JhbW15LmRldi50Zy50ZXFmdy5jb20wHhcNMjQwODI5MTQwMTM0WhcNMjUwODI5MTQwMTM0WjBkMQswCQYDVQQGEwJMVjENMAsGA1UECAwEUmlnYTERMA8GA1UEBwwIQm9sZGVyYXkxETAPBgNVBAoMCFRlc3QgQm90MSAwHgYDVQQDDBdncmFtbXkuZGV2LnRnLnRlcWZ3LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMsEwQNqG6D9ffnSwwJnXg1FNOF1m3DnPOPH4d3Eh2iztRc0QKft85RL+nZ4hGoeo8MUrryShluKueOexgfs01qL5kXIpabpkHfGqhT0WphARvjXGpyQ3F74cVSk3LGW4OFcRmkd6EkxSlxh9X32Yikd+1pvLNLtJ7rfRP78TnpjrNFyRGvQhHrOw7I8EblAnxjs60dj1TZCfKdvWUgbcROAErC99mKpMrObhGCGOSL/TvtEN9lCKvdurYH60RFrQ4Ba2IketT/3bxHhNjbj8n2obaxgAtmiF3OZSpNfq1Fxv66la/PSCyBRniiwoIfzRZW+xj3qGieginRSN+zB7UECAwEAAaNTMFEwHQYDVR0OBBYEFMbI1PYCYFDCSitIzwLQ/Hlgt9SHMB8GA1UdIwQYMBaAFMbI1PYCYFDCSitIzwLQ/Hlgt9SHMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAFNjz/F9E9JMlL40u+kFKcSmgn2+DxeTyya4RxCMPdgf9zi+0D2N7hzrDE1zLUQIDbtE8/HiZ8GnqZ8ajbcb2ReSBnNIaAnhP6Cpgade21Ix7qGbmjA0oi3LfF6fJms853BRagwURnjOcGWu8mXu1Tji9fJtu+LkbFQTeMrbI31eF56z/1t+anWmc58ziAbH+/p3h0k9JMtgf1oqG2Uyn1WuaaPKhN+u3U1iPtFi61Etar45ldNEGpwC8fUr5Ed4Jp8uwoRM90Uu7sJ6lcwj6DJuRexylyfTMY/yItZEDPnqMGyxrrl9LrwnUir+OPnxQQQ3teOE5dvMd1GguLelFfc=-----END CERTIFICATE-----

All works fine when I start the app:

/usr/bin/node server.mjs

and load the address https://grammy.dev.tg.teqfw.com:8443/ with Chrome browser (you can use the local DNS to map the grammy.dev.tg.teqfw.com to your localhost 127.0.0.1 for the tests):

But the server crashes when I try to open the address with wget:

$ wget --no-check-certificate https://grammy.dev.tg.teqfw.com:8443/--2024-08-30 08:33:02--  https://grammy.dev.tg.teqfw.com:8443/Resolving grammy.dev.tg.teqfw.com (grammy.dev.tg.teqfw.com)... 89.201.4.251Connecting to grammy.dev.tg.teqfw.com (grammy.dev.tg.teqfw.com)|89.201.4.251|:8443... connected.WARNING: cannot verify grammy.dev.tg.teqfw.com's certificate, issued by ‘CN=grammy.dev.tg.teqfw.com,O=Test Bot,L=Bolderay,ST=Riga,C=LV’:  Self-signed certificate encountered.HTTP request sent, awaiting response... 403 Forbidden2024-08-30 08:33:02 ERROR 403: Forbidden.

The error on the console:

Server listening on port 8443node:events:492      throw er; // Unhandled 'error' event      ^Error: read ECONNRESET    at TLSWrap.onStreamRead (node:internal/stream_base_commons:217:20)Emitted 'error' event on TLSSocket instance at:    at emitErrorNT (node:internal/streams/destroy:151:8)    at emitErrorCloseNT (node:internal/streams/destroy:116:3)    at process.processTicksAndRejections (node:internal/process/task_queues:82:21) {  errno: -104,  code: 'ECONNRESET',  syscall: 'read'}Node.js v18.17.1Process finished with exit code 1

The stack trace in the debug mode:

Uncaught Error: read ECONNRESET__node_internal_captureLargerStackTrace errors:496__node_internal_errnoException          errors:623onStreamRead                            stream_base_commons:217callbackTrampoline                      async_hooks.js:130Async call from TickObjectinit                                    node:in…pector_async_hook:25emitInitNative                          async_hooks.js:202emitInitScript                          async_hooks.js:504nextTick                                task_queues:132onDestroy                               destroy:103Socket._destroy                         node:net:812_destroy                                destroy:109destroy                                 destroy:71onStreamRead                            stream_base_commons:217callbackTrampoline                      async_hooks.js:130Async call from TLSWRAPinit                                    node:in…pector_async_hook:25emitInitNative                          async_hooks.js:202TLSSocket._wrapHandle                   node:_tls_wrap:623TLSSocket                               node:_tls_wrap:523tlsConnectionListener                   node:_tls_wrap:1110emit                                    events.js:514onconnection                            node:net:2038callbackTrampoline                      async_hooks.js:130Async call from TCPSERVERWRAPinit                                    node:in…pector_async_hook:25emitInitNative                          async_hooks.js:202createServerHandle                      node:net:1675setupListenHandle                       node:net:1718listenInCluster                         node:net:1799Server.listen                           node:net:1887(anonymous function)                    server.mjs:31run                                     node:in…es/esm/module_job:194Async call from await(anonymous function)                    node:in…odules/esm/loader:525Async call from Promise.thenimport                                  node:in…odules/esm/loader:525(anonymous function)                    node:in…/modules/run_main:58loadESM                                 node:in…rocess/esm_loader:91Async call from awaitrunMainESM                              node:in…/modules/run_main:55executeUserEntryPoint                   node:in…/modules/run_main:78(anonymous function)                    node:in…n/run_main_module:23

My question is how can I catch this exception in my nodejs app? Otherwise it turns out that anyone can take down my server using wget.

Thanks.