Closed chloehjung15 closed 1 year ago
cc @joostjager ?
How do you make the REST api call that returns the error - do you also get this error if you just use curl?
And does it work via grpc using lncli? (see lncli
section in https://github.com/lightningnetwork/lnd/pull/2428)
@jjager-nydig I've made the REST api call just using a POST request but because it's self-signed, I have to tell it to ignore any SSL errors. Unfortunately with the app I'm trying to use this on doesn't allow that so I need it to have a proper certification using let's encrypt.
Sorry not sure how to check the second part. I can call lncli getinfo
on the terminal and it spits out the correct information.
Yes, for lncli
you have to make sure that it doesn't have access to the tls.cert file. Can you try that?
Closing due to inactivity. Please re-open if problem persists.
Hi. I have the same problem with v0.16.3-beta. I used LND for years with Let's Encrypt certificate flawlessly. But after I updated my LND today, it keeps using the self-signed certificate. I even deleted the tls.key and tls.cert, but they got regenerated. This is my last logs related to Let's Encrypt:
2023-06-14 05:44:44.515 [INF] LTND: Autocert challenge listener stopped
2023-06-14 05:45:45.706 [INF] LTND: Using Let's Encrypt certificate for domain maxod.ir
2023-06-14 05:45:45.707 [INF] LTND: Autocert challenge listener started at 127.0.0.1:8090
2023-06-14 05:45:45.710 [INF] LTND: Autocert challenge listener stopped
2023-06-14 05:46:13.579 [INF] LTND: Autocert challenge listener stopped
2023-06-14 05:46:46.705 [INF] LTND: Using Let's Encrypt certificate for domain maxod.ir
2023-06-14 05:46:46.705 [INF] LTND: Autocert challenge listener started at 127.0.0.1:8090
2023-06-14 05:57:15.337 [INF] LTND: Autocert challenge listener stopped
2023-06-14 05:57:26.430 [INF] LTND: Using Let's Encrypt certificate for domain maxod.ir
2023-06-14 05:57:26.431 [INF] LTND: Autocert challenge listener started at 127.0.0.1:8090
2023-06-14 06:01:44.684 [INF] LTND: Autocert challenge listener stopped
2023-06-14 06:01:45.322 [INF] RPCS: Generating TLS certificates...
2023-06-14 06:01:45.326 [INF] RPCS: Done generating TLS certificates
2023-06-14 06:01:45.327 [INF] LTND: Using Let's Encrypt certificate for domain maxod.ir
2023-06-14 06:01:45.327 [INF] LTND: Autocert challenge listener started at 127.0.0.1:8090
It claims it uses the Let's Encrypt certificate, but it doesn't.
More information:
When I deleted the letsencrypt directory and restarted LND, the log saw that the certificate doesn't exist and recreated the directory and generated new certificate using Let's Encrypt. But there was no file in the directory. I restarted LND again, and it claimed that it found the certificate and didn't generate one. And it's still using the self-signed certificate!
letsencrypt is currently not working, this should be fixed by https://github.com/lightningnetwork/lnd/pull/7739
Background
I'm trying to use letsencrypt so I won't have to use self signed cert when I'm making REST API calls. I've added letsencrypt configurations in the
lnd.conf
file but had no luck.Your environment
lnd
tried both v0.15.5-beta and v0.16.0-betauname -a
on *Nix) ubuntu 22btcd
,bitcoind
, or other backend v24.0.1Steps to reproduce
Add below to
~/.lnd/lnd.conf
Forward port 80 to 8081 using
sudo iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to 8081
sudo iptables -t nat -vnL
returns belowStart lnd and I can see
LTND: Using Let's Encrypt certificate for domain your.domain.name
in the logI tried connecting to lnd via RPC (I used thunderhub) with the
tls.cert
in the.lnd/
folder because in the doc it says the letsencrypt certificate is only requested and stored when the first rpc connection comes in.Expected behaviour
Letsencrypt cert to be generated and when I do the REST api call, it won't use the self-signed cert.
Actual behaviour
I can see that there is a
acme_account+key
generated in theletsencrypt/
folder but nothing else. When I make the REST api call, it returns a SSL error about self-signed cert.