Handshake failed with fatal error SSL_ERROR_SSL

[maltokyo]

When I try to connect (after copying tls.cert and admin.macaroon over) I get this:

E0807 20:53:46.956396286 14 ssl_transport_security.cc:1245] Handshake failed with fatal error SSL_ERROR_SSL: error:1408F10B:SSL routines:ssl3_get_record:wrong version number

Any hints to solve that?

[maltokyo]

Full log (note bitcoind and LND are running fine in a BTCPay server install, on the same docker network):

lndhub_redis    | 1:C 07 Aug 2020 21:07:27.201 # oO0OoO0OoO0Oo Redis is starting oO0OoO0OoO0Oo
lndhub_redis    | 1:C 07 Aug 2020 21:07:27.201 # Redis version=6.0.6, bits=64, commit=00000000, modified=0, pid=1, just started
lndhub_redis    | 1:C 07 Aug 2020 21:07:27.201 # Warning: no config file specified, using the default config. In order to specify a config file use redis-server /path/to/redis.conf
lndhub_redis    | 1:M 07 Aug 2020 21:07:27.204 * Running mode=standalone, port=6379.
lndhub_redis    | 1:M 07 Aug 2020 21:07:27.205 # WARNING: The TCP backlog setting of 511 cannot be enforced because /proc/sys/net/core/somaxconn is set to the lower value of 128.
lndhub_redis    | 1:M 07 Aug 2020 21:07:27.205 # Server initialized
lndhub_redis    | 1:M 07 Aug 2020 21:07:27.205 # WARNING overcommit_memory is set to 0! Background save may fail under low memory condition. To fix this issue add 'vm.overcommit_memory = 1' to /etc/sysctl.conf and then reboot or run the command 'sysctl vm.overcommit_memory=1' for this to take effect.
lndhub_redis    | 1:M 07 Aug 2020 21:07:27.205 # WARNING you have Transparent Huge Pages (THP) support enabled in your kernel. This will create latency and memory usage issues with Redis. To fix this issue run the command 'echo never > /sys/kernel/mm/transparent_hugepage/enabled' as root, and add it to your /etc/rc.local in order to retain the setting after a reboot. Redis must be restarted after THP is disabled.
lndhub_redis    | 1:M 07 Aug 2020 21:07:27.207 * Loading RDB produced by version 6.0.6
lndhub_redis    | 1:M 07 Aug 2020 21:07:27.207 * RDB age 20 seconds
lndhub_redis    | 1:M 07 Aug 2020 21:07:27.207 * RDB memory usage when created 0.77 Mb
lndhub_redis    | 1:M 07 Aug 2020 21:07:27.207 * DB loaded from disk: 0.000 seconds
lndhub_redis    | 1:M 07 Aug 2020 21:07:27.207 * Ready to accept connections
lndhub_1        | using config {"bitcoind":{"rpc":"http://REDACTED:REDACTED=@bitcoind:43782"},"redis":{"port":6379,"host":"lndhub_redis","family":4,"password":"","db":0},"lnd":{"url":"btcpayserver_lnd_bitcoin:8080"}}
lndhub_1        | updateLightning()
lndhub_1        | updated
lndhub_1        | (node:14) DeprecationWarning: grpc.load: Use the @grpc/proto-loader module with grpc.loadPackageDefinition instead
lndhub_1        | (Use `node --trace-deprecation ...` to show where the warning was created)
lndhub_1        | 2020-08-07T21:07:29.461Z : info: [BOOTING UP] : "Listening on port 3000"
lndhub_1        | E0807 21:07:29.557039753      14 ssl_transport_security.cc:1245] Handshake failed with fatal error SSL_ERROR_SSL: error:1408F10B:SSL routines:ssl3_get_record:wrong version number.
lndhub_1        | lnd failure: Error: 14 UNAVAILABLE: failed to connect to all addresses
lndhub_1        |     at Object.exports.createStatusError (/lndhub/node_modules/grpc/src/common.js:91:15)
lndhub_1        |     at Object.onReceiveStatus (/lndhub/node_modules/grpc/src/client_interceptors.js:1209:28)
lndhub_1        |     at InterceptingListener._callNext (/lndhub/node_modules/grpc/src/client_interceptors.js:568:42)
lndhub_1        |     at InterceptingListener.onReceiveStatus (/lndhub/node_modules/grpc/src/client_interceptors.js:618:8)
lndhub_1        |     at callback (/lndhub/node_modules/grpc/src/client_interceptors.js:847:24) {
lndhub_1        |   code: 14,
lndhub_1        |   metadata: Metadata { _internal_repr: {}, flags: 0 },
lndhub_1        |   details: 'failed to connect to all addresses'
lndhub_1        | }
lndhub_1        | lnd failure: Error: 14 UNAVAILABLE: failed to connect to all addresses
lndhub_1        |     at Object.exports.createStatusError (/lndhub/node_modules/grpc/src/common.js:91:15)
lndhub_1        |     at Object.onReceiveStatus (/lndhub/node_modules/grpc/src/client_interceptors.js:1209:28)
lndhub_1        |     at InterceptingListener._callNext (/lndhub/node_modules/grpc/src/client_interceptors.js:568:42)
lndhub_1        |     at InterceptingListener.onReceiveStatus (/lndhub/node_modules/grpc/src/client_interceptors.js:618:8)
lndhub_1        |     at callback (/lndhub/node_modules/grpc/src/client_interceptors.js:847:24) {
lndhub_1        |   code: 14,
lndhub_1        |   metadata: Metadata { _internal_repr: {}, flags: 0 },
lndhub_1        |   details: 'failed to connect to all addresses'
lndhub_1        | }
lndhub_1        | lnd failure
lndhub_1        | Error: 14 UNAVAILABLE: failed to connect to all addresses
lndhub_1        |     at Object.exports.createStatusError (/lndhub/node_modules/grpc/src/common.js:91:15)
lndhub_1        |     at Object.onReceiveStatus (/lndhub/node_modules/grpc/src/client_interceptors.js:1209:28)
lndhub_1        |     at InterceptingListener._callNext (/lndhub/node_modules/grpc/src/client_interceptors.js:568:42)
lndhub_1        |     at InterceptingListener.onReceiveStatus (/lndhub/node_modules/grpc/src/client_interceptors.js:618:8)
lndhub_1        |     at callback (/lndhub/node_modules/grpc/src/client_interceptors.js:847:24) {
lndhub_1        |   code: 14,
lndhub_1        |   metadata: Metadata { _internal_repr: {}, flags: 0 },
lndhub_1        |   details: 'failed to connect to all addresses'
lndhub_1        | }

[Overtorment]

first, Im seeing that youre using port 8080 fo LND, but default port for LND RPC is 10009, could this be the issue? second, do you have environment variable TLSCERT set? it takes priority over tls.cert file in root directory and if you have garbage there it might be the source of the issue. third, can you try re-running lndhub with environment variable VERBOSE ? this will produce more logs

[maltokyo]

Thanks. So so far I have this:

docker-compose file:

version: "3"
services:
  lndhub_app_btc:
    container_name: lndhub_app_btc
    image: lndhub06:latest
    restart: unless-stopped
    environment:
      CONFIG: XXXXXXXXXX   # stringified json of a config file
      MACAROON:  XXXXXXXXXXXXXXXX  # hex encoded admin.macaroon
      TLSCERT:  XXXXXXXXXXXXX  # hex encoded tls.cert
      GROUNDCONTROL: XXXXXXXXXXXXXXXXXXX  # a new one, its a push notification service - this is where notifications about paid invoices are posted. you can use https://groundcontrol-bluewallet.herokuapp.com
    volumes:
      - lndhub_datadir:/lndhub
      # - "bitcoin_datadir:/etc/bitcoin"
      # - "lnd_bitcoin_datadir:/etc/lnd"
      # - "lnd_bitcoin_rtl_datadir:/data"
    ports:
      - "10009:10009"
    expose:
      - "10009"
    links:
      - lnd_bitcoin

• Do the port settings look ok? It is strange, because in the Dockerfile, there was no mention of port 10009, only 3000.

Dockerfile:

FROM node:buster
RUN groupadd -r lndhubuser -g 1001 && useradd -d /home/lndhubuser -u 1001 -r -g lndhubuser lndhubuser

RUN mkdir /home/lndhubuser/ && chown -R 1001:1001 /home/lndhubuser/
RUN git clone https://github.com/BlueWallet/LndHub.git /lndhub

WORKDIR /lndhub

RUN npm i

RUN mkdir /lndhub/logs && chown -R 1001:1001 /lndhub/

USER lndhubuser

EXPOSE 3000
EXPOSE 10009

CMD /lndhub/node_modules/.bin/babel-node index.js

• Still working out how I will create a "stringified json" (what does it mean?). Can I just paste my config file in [here](still working out how I will create a "stringified json" (what does it mean?). Can I just paste my config file in [here](still working out how I will create a "stringified json" (what does it mean?). Can I just paste my config file in here : https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/JSON/stringify#:~:text=The%20JSON.,a%20replacer%20array%20is%20specified. ?)?

After I work that out, I will try to start it up again.

[Overtorment]

config file wont work, as it is not pure json. here's an example:

CONFIG='{"bitcoind":{"rpc":"http://uuu:ppp@1.2.3.4:8332"},"redis":{"port":12914,"host":"redishost","family":4,"password":"redispassword","db":0},"lnd":{"url":"1.2.3.4:10009","password":"ppp"}}'

[Overtorment]

if you have docker with lndhub only, then it should expose only 3000 (btw it can also be configured by PORT env), but it should be able to connect to LND daemon through RPC, wherever its running, through the default port 10009

[maltokyo]

@Overtorment thanks! Picking it up again now. Sorry for delay. Could you please show me also what admin macaroon and TLSCERT look like hex-encoded for the config env variable? Right now I have the LND ones, just as they exist in the LND directory.

[maltokyo]

Hi Again @Overtorment I just cant seem to get around this. I am using the normal config file and normal admin.macaroon and tls.cert in the LNDHub base directory. Confirmed that redis is connecting ok. But still get these errors below.

I do think that lnd rpc does run on 8080, and bitcoind on 43782 on BTCPay Server as in config below ( @NicolasDorier please confirm?)

log:

lndhub06        | using config {"bitcoind":{"rpc":"http://lnd:PWREMOVED@bitcoind:43782/wallet/wallet.dat"},"redis":{"port":6379,"host":"lndhub_redis","family":4,"password":"","db":0},"lnd":{"url":"lnd_bitcoin:8080","password":""}}
lndhub06        | updateLightning()
lndhub06        | updated
lndhub06        | (node:20) DeprecationWarning: grpc.load: Use the @grpc/proto-loader module with grpc.loadPackageDefinition instead
lndhub06        | (Use `node --trace-deprecation ...` to show where the warning was created)
lndhub06        | 2020-10-03T11:01:19.817Z : info: [BOOTING UP] : "Listening on port 3000"
lndhub06        | E1003 11:01:19.843507484      20 ssl_transport_security.cc:1245] Handshake failed with fatal error SSL_ERROR_SSL: error:1408F10B:SSL routines:ssl3_get_record:wrong version number.
lndhub06        | lnd failure: Error: 14 UNAVAILABLE: failed to connect to all addresses
lndhub06        |     at Object.exports.createStatusError (/lndhub/node_modules/grpc/src/common.js:91:15)
lndhub06        |     at Object.onReceiveStatus (/lndhub/node_modules/grpc/src/client_interceptors.js:1209:28)
lndhub06        |     at InterceptingListener._callNext (/lndhub/node_modules/grpc/src/client_interceptors.js:568:42)
lndhub06        |     at InterceptingListener.onReceiveStatus (/lndhub/node_modules/grpc/src/client_interceptors.js:618:8)
lndhub06        |     at callback (/lndhub/node_modules/grpc/src/client_interceptors.js:847:24) {
lndhub06        |   code: 14,
lndhub06        |   metadata: Metadata { _internal_repr: {}, flags: 0 },
lndhub06        |   details: 'failed to connect to all addresses'
lndhub06        | }
lndhub06        | lnd failure: Error: 14 UNAVAILABLE: failed to connect to all addresses
lndhub06        |     at Object.exports.createStatusError (/lndhub/node_modules/grpc/src/common.js:91:15)
lndhub06        |     at Object.onReceiveStatus (/lndhub/node_modules/grpc/src/client_interceptors.js:1209:28)
lndhub06        |     at InterceptingListener._callNext (/lndhub/node_modules/grpc/src/client_interceptors.js:568:42)
lndhub06        |     at InterceptingListener.onReceiveStatus (/lndhub/node_modules/grpc/src/client_interceptors.js:618:8)
lndhub06        |     at callback (/lndhub/node_modules/grpc/src/client_interceptors.js:847:24) {
lndhub06        |   code: 14,
lndhub06        |   metadata: Metadata { _internal_repr: {}, flags: 0 },
lndhub06        |   details: 'failed to connect to all addresses'
lndhub06        | }
lndhub06        | lnd failure
lndhub06        | Error: 14 UNAVAILABLE: failed to connect to all addresses
lndhub06        |     at Object.exports.createStatusError (/lndhub/node_modules/grpc/src/common.js:91:15)
lndhub06        |     at Object.onReceiveStatus (/lndhub/node_modules/grpc/src/client_interceptors.js:1209:28)
lndhub06        |     at InterceptingListener._callNext (/lndhub/node_modules/grpc/src/client_interceptors.js:568:42)
lndhub06        |     at InterceptingListener.onReceiveStatus (/lndhub/node_modules/grpc/src/client_interceptors.js:618:8)
lndhub06        |     at callback (/lndhub/node_modules/grpc/src/client_interceptors.js:847:24) {
lndhub06        |   code: 14,
lndhub06        |   metadata: Metadata { _internal_repr: {}, flags: 0 },
lndhub06        |   details: 'failed to connect to all addresses'
lndhub06        | }

[Overtorment]

okay, the easy way is to just place admin.macaroon and tls.cert files in the root folder, launch lndhub and it will print that it is using them, and their hex contents so you could copy-paste it in config later.

as for lnd port. I don't remember what port 8080 does, but my lndhub is configured for lnd port 10009, and I suspect yours should too

[NicolasDorier]

port 8080 is the REST interface. I guess @Overtorment is using the RPC interface, which we do not expose. And that is 10009. You need to add it to bitcoin-lnd.yml in expose section so then lndhub can connect to it.