Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

TLS handshake error-Let's Encrypt #1352

Open
Jainam-17-18 opened this issue Jan 11, 2025 Discussed in #1347 · 4 comments
Open

TLS handshake error-Let's Encrypt #1352

Jainam-17-18 opened this issue Jan 11, 2025 Discussed in #1347 · 4 comments

Comments

@Jainam-17-18
Copy link

Discussed in #1347

Originally posted by Jainam-17-18 January 9, 2025
I have deployed my application and it's fine when ssl: false under proxy.

Now I have to do ssl: true.

proxy:
  ssl: true
  host: subdomain.domain.com
  app_port: 8081
  response_timeout: 300
  healthcheck:
    interval: 3
    path: /healthcheck
    timeout: 3

But getting error:

{"time":"xxxx","level":"INFO","msg":"http: TLS handshake error from 103.136.75.230:61871: acme/autocert: unable to satisfy \"https://acme-v02.api.letsencrypt.org/acme/authz/xxxxxxxx/xxxxxxxx\" for domain \"mysubdomain.domain.com\": no viable challenge type found"}
{"time":"xxxx","level":"INFO","msg":"http: TLS handshake error from myServerIP:port: acme/autocert: missing certificate"}
{"time":"xxxx","level":"INFO","msg":"http: TLS handshake error from myServerIP:port: acme/autocert: missing certificate"}

Server Setup:
Have checked my server's both Port 80 and 443 is showing opened on https://portchecker.co/ .
Server transfer request to VM where the application had been deployed.

I have a server's port (abcd) which map with NAT to VM's port (443).
I also have another port (wxyz) which map with NAT to VM's port (80).
@nickhammond
Copy link
Contributor

@Jainam-17-18 Is DNS pointing at your domain?

@Jainam-17-18
Copy link
Author

Jainam-17-18 commented Jan 12, 2025
edited
Loading

@nickhammond yes DNS is pointing to my domain. (Had check on https://check-host.net/check-dns)
But failed on checking HTTP (https://check-host.net/check-http).

Also, on ( https://letsdebug.net/ ) DNS is passed, put htttp-01 and tls-alpn-01 is failing.

@hamen
Copy link

hamen commented Jan 17, 2025

On two new deploy Hetzner VPS:

{"time":"2025-01-17T11:28:32.524645544Z","level":"INFO","msg":"Deployed","service":"random-web","hosts":["random.nerdplayground.online"],"target":"bf828e77d11e:80"}
{"time":"2025-01-17T11:30:34.619556517Z","level":"INFO","msg":"http: TLS handshake error from 188.114.102.190:42988: acme/autocert: unable to satisfy \"https://acme-v02.api.letsencrypt.org/acme/authz/2175446585/461990872605\" for domain \"random.nerdplayground.online\": no viable challenge type found"}
{"time":"2025-01-17T11:30:34.619784803Z","level":"INFO","msg":"http: TLS handshake error from 188.114.102.191:40340: acme/autocert: missing certificate"}
{"time":"2025-01-17T11:30:35.056557844Z","level":"INFO","msg":"http: TLS handshake error from 188.114.102.191:29596: acme/autocert: missing certificate"}
{"time":"2025-01-17T11:30:35.682296343Z","level":"INFO","msg":"http: TLS handshake error from 188.114.102.190:35986: acme/autocert: missing certificate"}
{"time":"2025-01-17T11:30:36.052416014Z","level":"INFO","msg":"http: TLS handshake error from 162.158.129.127:35180: acme/autocert: missing certificate"}

Image
Image

 {"time":"2025-01-17T11:15:48.787968438Z","level":"INFO","msg":"http: TLS handshake error from 95.99.81.173:35580: unknown server name"}
{"time":"2025-01-17T11:15:49.968811163Z","level":"INFO","msg":"http: TLS handshake error from 95.99.81.173:35584: unknown server name"}
{"time":"2025-01-17T11:15:50.57478104Z","level":"INFO","msg":"http: TLS handshake error from 95.99.81.173:35588: unknown server name"}
{"time":"2025-01-17T11:22:40.370993505Z","level":"INFO","msg":"http: TLS handshake error from 172.71.183.176:32560: acme/autocert: unable to satisfy \"https://acme-v02.api.letsencrypt.org/acme/authz/2175434315/461988216845\" for domain \"swimminglane.fun\": no viable challenge type found"}
{"time":"2025-01-17T11:30:19.84745889Z","level":"INFO","msg":"http: TLS handshake error from 95.99.81.173:49042: unknown server name"}
{"time":"2025-01-17T11:30:19.848074187Z","level":"INFO","msg":"http: TLS handshake error from 95.99.81.173:49046: unknown server name"}
 {"time":"2025-01-17T11:30:20.077375747Z","level":"INFO","msg":"http: TLS handshake error from 95.99.81.173:49052: unknown server name"}
{"time":"2025-01-17T11:30:20.235523263Z","level":"INFO","msg":"http: TLS handshake error from 95.99.81.173:49060: unknown server name"}
{"time":"2025-01-17T11:30:20.246497374Z","level":"INFO","msg":"http: TLS handshake error from 95.99.81.173:49072: unknown server name"}
{"time":"2025-01-17T11:34:00.270060038Z","level":"INFO","msg":"http: TLS handshake error from 172.71.142.17:49932: acme/autocert: unable to satisfy \"https://acme-v02.api.letsencrypt.org/acme/authz/2175434315/461991974425\" for domain \"swimminglane.fun\": no viable challenge type found"}

Image
Image

This stuff is killing me 🤣

@rubyonrails3
Copy link

I do not understand completely how Cloudflare DNS with proxy checkmark on works, but I was getting redirect error, then I turned off DNS proxy checkmark and after few minutes things start to work.

I have no idea what does Cloudflare proxy checkmark next to A record do.

I had a DNS setting in go daddy and that didn't give me any issues.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@nickhammond @hamen @rubyonrails3 @Jainam-17-18