Closed aghamir closed 3 years ago
What address are you trying to connect to? What does the log say?
Dear @guggero , I ran the lnd on cloud server. I try to connect to it with my python grpc script from local with this tool: https://api.lightning.community/#addinvoice It returns:
{"code":"-9","message":"Build invoice error. <_InactiveRpcError of RPC that terminated with:\n\tstatus = StatusCode.UNAVAILABLE\n\tdetails = \"failed to connect to all addresses\"\n\tdebug_error_string = \"{\"created\":\"@1631514327.242779824\",\"description\":\"Failed to pick subchannel\",\"file\":\"src/core/ext/filters/client_channel/client_channel.cc\",\"file_line\":3008,\"referenced_errors\":[{\"created\":\"@1631514273.943246107\",\"description\":\"failed to connect to all addresses\",\"file\":\"src/core/ext/filters/client_channel/lb_policy/pick_first/pick_first.cc\",\"file_line\":397,\"grpc_status\":14}]}\"\n>","status":"failed"}
This works before I remove tls.cert and tls.key and changing tlsextraip in lnd.conf.
However, after removing this files, I get this error.
I will enable the debug level in lnd.conf
and post it here as soon as I get the log.
Dear @guggero ,
How can I be able to set the log for grpc
module?
How can I be able to set the log for grpc module?
https://chromium.googlesource.com/external/github.com/grpc/grpc/+/HEAD/examples/python/debug/
I ran the lnd on cloud server.
I mean, what IP address are you using in your python code to connect? 127.0.0.1? I'm pretty sure this is a TLS problem with an incorrect address that isn't reflected in the cert.
No not 127.0.0.1.
I use valid static ip of server for cloud and local. I've set tlsextraip=0.0.0.0
and tlsextraip=xx.xx.xx.xx
which my valid local static ip in lnd.conf
.
Doesn't this options enable all ip addresses to use tls.cert to connect to lnd server?
tlsextraip=0.0.0.0
No, tlsextraip=0.0.0.0
is not automatically parsed into "all addresses". You need to add each one individually and then re-generate the cert (delete tls.key and tls.cert then restart lnd).
One of the issue to add each ip address is that the tls.cert reveals the ip addresses in Subject Alternative Name
field.
Is there any way to avoid this issue? I used tlsdisableautofill=true
. However, the info still shows in that name.
That's how TLS certificates work. They need to contain the information that you are trying to verify. Alternatively you can use a DNS name to mask the IP, but resolving that will still give you some IP address. If you just don't want to include the IP that your python script uses to connect, you can also turn off TLS certificate verification in the script, then it will just ignore the host/IP part of the certificate.
Closing as there's no issue with lnd
here, but as misunderstanding in what needs to be specified within a TLS certificate. Check out the Let's Encrypt support (--letsencryptdomain
, etc) if you want to specify a domain instead of an IP in the cert.
@guggero , Thanks for your help. My issue has been solved. You are awesome.
Background
I've deleted the
tls.cert
andtls.key
and change thetlsextraip
to 0.0.0.0 as well. After I restart lnd, I can add invoice with lncli. However, I cannot add invoice in remote withtls.cert
andadmin.macaroon
. I get this error foraddinvoice
grpc:Your environment
lnd
: lnd version 0.13.1-beta commit=v0.13.1-betauname -a
on *Nix): Ubuntu20.04btcd
,bitcoind
, or other backend: Bitcoin Core version v0.21.1Steps to reproduce
Remove the tls.cert. Try to addinvoice with grpc from remote server. My
lnd.conf
is:Expected behaviour
Can create invoice normally from remote too.
Actual behaviour
I cannot create invoice from remote.