Closed smk762 closed 4 months ago
has conflicts, likely because i added some NMC electrums in this commit too: https://github.com/KomodoPlatform/coins/pull/984/commits/3939cae7141f1c863fdc0ac1042568d96fdc1204 the dotbit.zone electrums have a self signed cert... afaik those don't work with WSS see https://electrumx3.nmc.dotbit.zone:50004
cc: @gits7r
unfortunately, the SSL ports of dotbit.zone don't work either because of the self signed certs
coins::utxo::rpc_clients:2666] ERROR "electrumx1.nmc.dotbit.zone:50002" error Custom { kind: InvalidData, error: InvalidCertificateData("invalid peer certificate: UnsupportedCertVersion") }
it would only work if they are signed by an own CA and by using the param disable_cert_verification
but it's easier to get real certs from letsencrypt for free and use certbot to create/renew them
The servers were set-up using the standard ElectrumX (server implementation) manual. Electrum wallet uses a cache that stores the certificate of each server after first connect, and it will not connect to that server any more if server changes its certificate unless it is expired or manually deleted by the user from Electrum wallet cache / persistent data. It's called TOFS (trust on first seen). Is it critical for you for the certificates to be signed by a trusted CA?
Is it critical for you for the certificates to be signed by a trusted CA?
We can't connect to SSL or WSS if the cert is self signed. That means that the Web version of Komodo Wallet will not have NMC at all and Desktop/Mobile can only use the TCP ports.
All your concerns have been fixed at least for the *.dotbit.zone servers that also run under raw IP addresses and .onion hostnames. They now use CA signed SSL certificates, I hope this will not be a trouble for electrum wallet users that have connected using the self-signed one since the certificate change. It's a little bit complicated because LE uses a validity period of 90 days, and for automatic renewals it's more complicated than for an apache web server, especially if the ports 80 and 443 are blocked by something else... but still , I hope this helps.
resolves https://github.com/namecoin/electrum-nmc/issues/336