Closed asyscom closed 1 month ago
Hi @asyscom - could you maybe provide some more info like what your remote.lnd.tlscertpath
is set to? If your LND tls cert is somewhere other than the default expected path or perhaps the default path has an older TLS cert then that would explain this.
TLDR: are you very sure that LiT is pointing at the correct, latest TLS cert path?
Hi @asyscom - could you maybe provide some more info like what your
remote.lnd.tlscertpath
is set to? If your LND tls cert is somewhere other than the default expected path or perhaps the default path has an older TLS cert then that would explain this.TLDR: are you very sure that LiT is pointing at the correct, latest TLS cert path?
Hello, thanks to replay This is the entry in lit.conf
remote.lnd.rpcserver=127.0.0.1:10009 remote.lnd.macaroonpath=~/.lnd/data/chain/bitcoin/mainnet/admin.macaroon remote.lnd.tlscertpath=~/.lnd/tls.cert
this is the output of command lit@xxxxx:~$ ls -la ~/.lnd/tls.cert -rw-r--r-- 1 lnd lnd 769 Aug 23 13:22 /home/lit/.lnd/tls.cert
Path is correct and can read the certs
p.s Hav you send me and amail with link to download file? it's very suspicious.
Hi @asyscom!
Hav you send me and amail with link to download file? it's very suspicious.
First of all, we who work on lightning-terminal have NOT sent you this link. Do not download it!
Second of all, to try to resolve your issue:
Could you attempt by deleting the tls.cert
at the specified path, as well as the tls.cert
that's located in your litd folder and then restart both lnd + litd and see if that helps? The tls.cert
files will be regenerated automatically by doing so.
Hi @asyscom!
Hav you send me and amail with link to download file? it's very suspicious.
First of all, we who work on lightning-terminal have NOT sent you an email, and have not sent you this link. Do not download it!
Second of all, to try to resolve your issue: Could you attempt by deleting the
tls.cert
at the specified path, as well as thetls.cert
that's located in your litd folder and then restart both lnd + litd and see if that helps? Thetls.cert
files will be regenerated automatically by doing so.
nothig to do, same error. I've put all errors log here, i hope to help you https://privatebin.io/?2be7558e7b15baac#TZKToTwKiss2gBDAq2AejJMKw3v69WFgspxrumoFEmg
Tls are all new:
-rw-r--r-- 1 lit lit 843 Aug 26 10:11 tls.cert -rw------- 1 lit lit 227 Aug 26 10:11 tls.key
-rw-r--r-- 1 lnd lnd 769 Aug 26 10:11 tls.cert -rw------- 1 lnd lnd 267 Aug 26 10:11 tls.key
actuallly i'm using latest experimentale but the errors are the same of 13.3
I've this confiuration in nginx .conf, could be a problem? are self signed
user www-data; worker_processes auto; pid /run/nginx.pid; include /etc/nginx/modules-enabled/*.conf;
events { worker_connections 768; }
http { ssl_certificate /etc/ssl/certs/nginx-selfsigned.crt; ssl_certificate_key /etc/ssl/private/nginx-selfsigned.key; ssl_session_cache shared:HTTP-TLS:1m; ssl_session_timeout 4h; ssl_protocols TLSv1.2 TLSv1.3; ssl_prefer_server_ciphers on; include /etc/nginx/sites-enabled/*.conf; }
stream { ssl_certificate /etc/ssl/certs/nginx-selfsigned.crt; ssl_certificate_key /etc/ssl/private/nginx-selfsigned.key; ssl_session_cache shared:STREAM-TLS:1m; ssl_session_timeout 4h; ssl_protocols TLSv1.2 TLSv1.3; ssl_prefer_server_ciphers on; include /etc/nginx/streams-enabled/*.conf; }
Thanks for the extra info and logs @asyscom!
I'd just like to sanity check a few more things:
Do you happen to have multiple lnd instances running? That could cause issues like the one you're experiencing. If you do, ensure that only one lnd instance is running, and delete lnd's tls.cert
, and restart the single lnd instance again to ensure that it's regenerated.
Do you want to use the taproot-assets lightning functionality since you're running the latest experimentale version of litd?
If yes: that functionality is not compatible with lnd
v0.18.2
. You instead need to be running an lnd that's based on the lnd
0-19-staging
branch (https://github.com/lightningnetwork/lnd/tree/0-19-staging). I highly recommend running litd
in integrated
mode instead though, if your goal is to use taproot-assets lightning functionality.
If you do not want to use the taproot-assets lightning functionality, i recommend running litd v0.13.3-alpha
instead.
Is the lnd-mode="remote"
config option also set in the config file?
To ensure that there are no errors reading litd´s config file which are causing the issue, let's attempt by sending the flags directly to litd
to see that resolves the issue. Therefore restart litd with the following:
litd --lnd-mode="remote" --remote.lnd.rpcserver="127.0.0.1:10009" --remote.lnd.macaroonpath="/.lnd/data/chain/bitcoin/mainnet/admin.macaroon" --remote.lnd.tlscertpath="/.lnd/tls.cert"
Check that the paths in the above is correct, and also pass any extra flags to the command if that's what you're usually doing.
Finally if it's an option with your setup: have you attempted running litd
in integrated mode (which then starts an lnd
instance through litd), instead of running lnd
separately? Do have the same issue in integrated mode?
3. lnd-mode="remote"
i've switched to 0.13.3-alpha, added lnd-mode="remote" in lit.confi star but same error
Question: In lit.conf, the autentication about faraday, is it possible use .cookie instead user and password? i'm in vps and put my ip public. is it correct?
Tried from command line also but same certifcate error, this is output p.s. I've removed lit.conf only for test
Lightning Terminal (LiT) by Lightning Labs
LND Operating mode remote
LND Node status locked
LND Alias ???? (node is locked)
LND Version ???? (node is locked)
LiT Version 0.13.3-alpha commit=v0.13.3-alpha
Web interface 127.0.0.1:8443 (open https://127.0.0.1:8443 in your browser)
Lnd instance is single and in not locket
lnd 906628 1 12 10:11 ? 00:10:17 /usr/local/bin/lnd postgres 917175 6098 1 11:31 ? 00:00:00 postgres: 14/main: admin lndb 127.0.0.1(40050) idle postgres 917242 6098 0 11:32 ? 00:00:00 postgres: 14/main: admin lndb 127.0.0.1(52192) idle admin 917312 894988 0 11:32 pts/2 00:00:00 grep --color=auto lnd
LIT connects correctly to LND, but it doesn't like the certificates or the version. However, this is a false error because the version is 18.2
2024-08-26 11:58:50.417 [INF] LITD: Retrying to create LND Services client 2024-08-26 11:58:50.417 [INF] LNDC: Creating lnd connection to 127.0.0.1:10009 2024-08-26 11:58:50.418 [INF] LNDC: Connected to lnd 2024-08-26 11:58:50.419 [WRN] GRPC: [core] [Channel #464 SubChannel #465] grpc: addrConn.createTransport failed to connect to {Addr: "127.0.0.1:10009", ServerName: "127.0.0.1:10009", }. Err: connection error: desc = "transport: authentication handshake failed: tls: failed to verify certificate: x509: certificate signed by unknown authority" 2024-08-26 11:58:50.419 [ERR] STAT: could not start the lit sub-server: Error when creating LND Services client: error subscribing to lnd wallet state: lnd version incompatible, need at least v0.13.0-beta, got error on state subscription: rpc error: code = Unavailable desc = connection error: desc = "transport: authentication handshake failed: tls: failed to verify certificate: x509: certificate signed by unknown authority" 2024-08-26 11:58:55.424 [INF] LITD: Retrying to create LND Services client
i've switched to 0.13.3-alpha
Great, thanks!
I'm not really able to recreate your issue, so just wanted to check if you could please share your lnd
+ lit
config with us (and censor out anything sensitive of course) so that I can check if there's anything strange in the configs?
From the logs you've just shared:
2024-08-26 11:39:48.021 [WRN] LITD: open /home/lit/.lit/lit.conf: no such file or directory
It seems like you're having issues loading a config from that path just FYI.
You've also specified that the lnd datadir should be /data/lnd/
in the startup command of litd.
Could you please double check that all of these paths are correct?
Question: In lit.conf, the autentication about faraday, is it possible use .cookie instead user and password? i'm in vps and put my ip public. is it correct?
Are you refering to the config options for bitcoin in Faraday? If so, these are the config options that exists: https://github.com/lightninglabs/faraday/blob/f7ba1fea38fdead61b8c22d57775ec076579b40f/chain/client.go#L22-L29
LIT connects correctly to LND, but it doesn't like the certificates or the version. However, this is a false error because the version is 18.2
If you're refering to the line need at least v0.13.0-beta
in the log you've included, that version in the error message is to be expeected.
i've switched to 0.13.3-alpha
Great, thanks!
I'm not really able to recreate your issue, so just wanted to check if you could please share your
lnd
+lit
config with us (and censor out anything sensitive of course) so that I can check if there's anything strange in the configs?From the logs you've just shared:
2024-08-26 11:39:48.021 [WRN] LITD: open /home/lit/.lit/lit.conf: no such file or directory
It seems like you're having issues loading a config from that path just FYI.
You've also specified that the lnd datadir should be
/data/lnd/
in the startup command of litd.Could you please double check that all of these paths are correct?
Question: In lit.conf, the autentication about faraday, is it possible use .cookie instead user and password? i'm in vps and put my ip public. is it correct?
Are you refering to the config options for bitcoin in Faraday? If so, these are the config options that exists: https://github.com/lightninglabs/faraday/blob/f7ba1fea38fdead61b8c22d57775ec076579b40f/chain/client.go#L22-L29
LIT connects correctly to LND, but it doesn't like the certificates or the version. However, this is a false error because the version is 18.2
If you're refering to the line
need at least v0.13.0-beta
in the log you've included, that version in the error message is to be expeected.
Hello, error about lit.conf is ok, i had temporary removed to run litd manually with optio, now ive resumed into right folder. Here link to may lnd and lit confi via privatebin
lnd.conf https://privatebin.io/?5c8fc77001b0eb84#57UT27niEvHXG41njLB8eLXpXuiR8wpK1DVDeB3e2kjD
lit.conf https://privatebin.io/?97be351c9e0127d0#43yzcHKBZEJQD9i9kXYVBqFYeWdvrp2FxohSvM5eWTgj
The path to the macaroon and tls are link bur readable without problem from user lit
The macaroon of faraday and loop not exist in path specified in lit.conf, is it correct?
Oh, I see you've enabled tlsencryptkey=true
in lnd
. I think this is likely what's causing the issues. I need to check if this is compatible while lnd
is in remote mode.
Normally in litd
, there's also options to enable it for lit
through the lit.conf
when lnd
is in integrated mode.
https://github.com/lightninglabs/lightning-terminal/blob/a9c576494247f2c94c44667a791f4d47a3126395/config.go#L159-L165
I'm assuming you intentionally want use tlsencryptkey=true
? If yes, I'll have to look into this and see if I can make that work locally while lnd
is in remote mode.
thanks! Well...i've followed the standard procedure to installa lnd using mininbolt guide and say to set it. What do you mean withe remote? lnd, btc and lit are in the same machine
Oh, I see you've enabled
tlsencryptkey=true
inlnd
. I think this is likely what's causing the issues. I need to check if this is compatible whilelnd
is in remote mode.Normally in
litd
, there's also options to enable it forlit
through thelit.conf
whenlnd
is in integrated mode.I'm assuming you intentionally want use
tlsencryptkey=true
? If yes, I'll have to look into this and see if I can make that work locally whilelnd
is in remote mode.
Disabling tlsencryptkey=true all works fine
Disabling tlsencryptkey=true all works fine
Great! If you do not explicitly want to run lnd
with tlsencryptkey=true
set, I recommend turning it off.
I've now checked locally, and managed to reproduce your error when tlsencryptkey=true
is set to true
and with lnd-mode=remote
is set. Like I previously suspected, we currently don't support tlsencryptkey=true
in Lightning Terminal when lnd
is running remotely.
If you want to explicitly run lnd
with letsencrypt, we do support it when lnd is running in integrated mode in Lightning Terminal (lnd-mode=integrated
)!
What do you mean withe remote?
In lightning Terminal (litd
), there are two modes of operation, integrated
or remote
. If you run in integrated mode, litd
will launch lnd
(and all other sub-servers like loop
, pool
etc) as a single executable daemon, meaning you won't need to run an lnd
instance separately. If you run it in remote
mode, you need to run lnd
separately and connect litd
to that instance. This is why you need to specify the information required to connect to the remote instance when starting litd --remote.lnd.rpcserver="127.0.0.1:10009" --remote.lnd.macaroonpath="/data/lnd/data/chain/bitcoin/mainnet/admin.macaroon" --remote.lnd.tlscertpath="/data/lnd/tls.cert"
. If you run in integrated mode, that won't be required as litd will launch the lnd instance! You can read more about integrated
mode here:
https://docs.lightning.engineering/lightning-network-tools/lightning-terminal/integrating-litd
When running lnd
in integrated mode, you will specify it's configuration in the lit.conf
file instead, by moving the config options you've specified in your lnd.conf
file, to the lit.conf
file and prefixing them lnd.OPTION
, i.e. the options you've specified here: https://privatebin.io/?5c8fc77001b0eb84#57UT27niEvHXG41njLB8eLXpXuiR8wpK1DVDeB3e2kjD
So if you want to run litd
in integrated mode with tlsencryptkey=true
, you'd first need to specify lnd-mode=integrated
in your lit.conf
file need, and then also add lnd.tlsencryptkey=true
.
Like I said though, if you don't want to explicitly run with letsencrypt
, feel free to keep the setup you have which is working!
Finally: Note that there's been new spam messages from bots above, which I've now removed. Therefore do not download the files from the link(s) that you'll see in your Github notification email!
Let me know if you're satisfied with the above! If so, I'll go ahead and close the issue.
Let me know if you're satisfied with the above! If so, I'll go ahead and close the issue.
Yes absolutely yes! Close the issue Thank you very much
Background Hello, when run litd i've this error at login Error when creating LND Services client: error subscribing to lnd wallet state: lnd version incompatible, need at least v0.13.0-beta, got error on state subscription: rpc error: code = Unavailable desc = connection error: desc = "transport: authentication handshake failed: tls: failed to verify certificate: x509: certificate signed by unknown authority" LND is not running. Please start lnd and try again.
Your environment lit version 13.3 lnd versione 18.2 Ubuntu 22.4 bitcoind version 27.1.0 In journal ive this 024-08-26 09:03:23.431 [DBG] GRPC: [core] Creating new client transport to "{Addr: "127.0.0.1:10009", ServerName: "127.0.0.1:10009", }": connection error: desc = "transport: authentication handshake failed: tls: failed to verify certificate: x509: certificate signed by unknown authority"
Of course, LND and Bitcoin are functioning correctly, and the TLS settings are correct because they are also used by other software like BOS.