search

lightninglabs / lightning-terminal

Lightning Terminal: Your Home for Lightning Liquidity
MIT License
511 stars 92 forks source link

Running `litd` in remote mode with `tlsencryptkey=true` set for `lnd` is not supported #856

Open asyscom opened 2 months ago

asyscom commented 2 months ago

Hello, just installed lit but i cant start due to this error: 2024-09-30 08:35:08.082 [DBG] GRPC: [core] [Channel #4 SubChannel #5] Subchannel Connectivity change to CONNECTING 2024-09-30 08:35:08.082 [DBG] GRPC: [core] [Channel #4 SubChannel #5] Subchannel picks a new address "127.0.0.1:10009" to connect 2024-09-30 08:35:08.083 [DBG] GRPC: [core] [pick-first-lb 0xc000747c50] Received SubConn state update: 0xc000747dd0, {ConnectivityState:CONNECTING ConnectionError:} 2024-09-30 08:35:08.085 [DBG] GRPC: [core] Creating new client transport to "{Addr: \"127.0.0.1:10009\", ServerName: \"127.0.0.1:10009\", }": connection error: desc = "transport: authentication handshake failed: tls: failed to verify certificate: x509: certificate signed by unknown authority" 2024-09-30 08:35:08.085 [WRN] GRPC: [core] [Channel #4 SubChannel #5] grpc: addrConn.createTransport failed to connect to {Addr: "127.0.0.1:10009", ServerName: "127.0.0.1:10009", }. Err: connection error: desc = "transport: authentication handshake failed: tls: failed to verify certificate: x509: certificate signed by unknown authority" 2024-09-30 08:35:08.085 [DBG] GRPC: [core] [Channel #4 SubChannel #5] Subchannel Connectivity change to TRANSIENT_FAILURE, last error: connection error: desc = "transport: authentication handshake failed: tls: failed to verify certificate: x509: certificate signed by unknown authority" 2024-09-30 08:35:08.085 [DBG] GRPC: [core] [pick-first-lb 0xc000747c50] Received SubConn state update: 0xc000747dd0, {ConnectivityState:TRANSIENT_FAILURE ConnectionError:connection error: desc = "transport: authentication handshake failed: tls: failed to verify certificate: x509: certificate signed by unknown authority"}

Temprary workaround is stop lnd, delete certs, set tlsencryptkey=false and start, but i neet to keep enrcypt enable

How to solve?

OS: Ubuntu 22 bitcoin core: VERSION=27.1 lnd: VERSION=0.18.3 lit: v0.13.4-alpha

Thanks in advance Davide

ellemouton commented 2 months ago

Hi @asyscom - you are running in remote mode yes (ie, LND is separate from LiT)?

Are you sure that LiT is being pointed to the correct LND TLS cert location? Is your LND cert in the default location or in a user-specified location? And is LiT pointing to this correct location?

asyscom commented 2 months ago

Hi @asyscom - you are running in remote mode yes (ie, LND is separate from LiT)?

Are you sure that LiT is being pointed to the correct LND TLS cert location? Is your LND cert in the default location or in a user-specified location? And is LiT pointing to this correct location?

Hello, im running btc,lnd,lit all in the same machine. Ive follow minibolt guide (adapted for ubuntu)

ellemouton commented 2 months ago

@asyscom - pls can you provide: where your LND cert file is stored & the location that LiT is pointing to for this file 🙏

asyscom commented 2 months ago

Hi @asyscom - you are running in remote mode yes (ie, LND is separate from LiT)? Are you sure that LiT is being pointed to the correct LND TLS cert location? Is your LND cert in the default location or in a user-specified location? And is LiT pointing to this correct location?

Hello, im running btc,lnd,lit all in the same machine. Ive follow minibolt guide (adapted for ubuntu)

Hi, certs file are here: ~/.lnd/tls.cert

and this is the option in lit.conf

Remote lnd options

remote.lnd.rpcserver=127.0.0.1:10009 remote.lnd.macaroonpath=~/.lnd/data/chain/bitcoin/mainnet/admin.macaroon remote.lnd.tlscertpath=~/.lnd/tls.cert

ellemouton commented 2 months ago

Note that ~/.lnd/ is potentially different to /.lnd depending on what user owns the file & depending on your general folder structure.

So perhaps try to change remote.lnd.macaroonpath to ~/.lnd/data/chain/bitcoin/mainnet/admin.macaroon and remote.lnd.tlscertpath to ~/.lnd/tls.cert if LiT is being run by the same linux user as LND

asyscom commented 2 months ago

no no it's correct the tilde is present, the problem is the cut and pasto into github

Remote lnd options

remote.lnd.rpcserver=127.0.0.1:10009 remote.lnd.macaroonpath=~/.lnd/data/chain/bitcoin/mainnet/admin.macaroon remote.lnd.tlscertpath=~/.lnd/tls.cert

this is the output of ls lit@node:~$ ls -la ~/.lnd/tls.cert -rw-r--r-- 1 lnd lnd 769 Sep 28 20:49 /home/lit/.lnd/tls.cert

asyscom commented 2 months ago

Sure! Here’s the translation:

Ok, understood. Do you have plans to implement this feature in future versions? Thank you, Davide

ViktorTigerstrom commented 2 months ago

Sorry, I needed to remove the previous comment favour for this one. As stated in the previous issue https://github.com/lightninglabs/lightning-terminal/issues/831, you currently need to run lnd in integrated mode in order to run with the tlsencryptkey=true option set. Running with a remote lnd instance (lnd-mode=remote) is not supported currently, when the tlsencryptkey=true option is set.

As stated in the issue, you therefore need to run in litd in integrated mode (lnd-mode=integrated), in order to be able to use the tlsencryptkey feature.

Ok, understood. Do you have plans to implement this feature in future versions? Thank you, Davide

We'll keep this issue open to track this for the future, and look into what it would take to add support for the feature with (lnd-mode=remote) set. I'll also update the title of this issue slightly.