ERR TLS Certificate failed to provision.

[JerryBerry12]

Describe the bug When I try to start loophole, I get an error that says:

ERR TLS Certificate failed to provision. Will be obtained with first request made by any client, therefore first execution may be slower

The browser shows an optimum security warning (i use optimum) and then it shows screenshot 1

To Reproduce Steps to reproduce the behavior:

1. Start loophole with ./loophole http 3000 --hostname error-test --verbose
2. See the error message

Expected behavior Loophole to start and provision tls

Screenshots Screen Shot 1

Environment

• OS: Raspberry Pi Lite on a Raspberry Pi 4 Model B
• Version: 10 (buster)

[Morishiri]

ERR TLS Certificate failed to provision. Will be obtained with first request made by any client, therefore first execution may be slower

is actually just a warning. It should not affect your exposed domain.

The issue must be different. Are you sure there are no additional errors printed in verbose log? I tested it from my side and I was able to successfully start a tunnel at the moment.

[JerryBerry12]

No, I don't see anything. The whole verbose output is here I cannot get to the website, it's just blocking it with: ERR_SSL_PROTOCOL_ERROR. I'm trying to expose port 3000 for a rocket.chat server if that helps.

[JerryBerry12]

I tried exposing port 80 instead and didn't work. I also tried visiting error-test.loophole.site while the client wasn't running, and it produced same error

[JerryBerry12]

Hi, just wondering if you have any solutions. I want to get my service up and running as soon as possible.

[Morishiri]

Please try removing .loophole directory in your homedir. Maybe something is wrong with the certificate you have stored locally.

[JerryBerry12]

I noticed that when I unpacked loophole I kept the executeable in the orginal folder, I didn't move it to the home folder. I tried deleting .loophole from the main directory. then cding into the loophole extract directory, logging in, and then trying agian, and it didn't work. I'm gonna try to move the executeable to the home dir, then delete .loophole and try agian. Sorry to bother you on a Sunday... Thanks!

[JerryBerry12]

Nope didn't work, actually took longer to start up for some reason, or maybe my ssh is slow idk, but still getting tls certificate error. and still ERR_SSL_PROTOCOL_ERROR on browser. Have any more ideas?

[JerryBerry12]

Hey I don't know if you saw my prev. message but I would like to get this running asap.

[0x7f]

Can you please try opening the tunnel on another device? Your phone for example. Maybe your computer has a strange configuration in terms of SSL certificates. I did not run into this issue yet and have no clue why your computer is behaving this way.

We also had trouble with our servers recently which should be resolved by now. Maybe trying again also resolves your issue already?

[JerryBerry12]

Nope still doesn't work. Sorry for taking so long; I was busy this week.

[JerryBerry12]

Its been 2 weeks. Does anyone have an answer? If no one gets back, I may have to start looking elsewhere. This is time sensitive

[Morishiri]

Can you please try opening the tunnel on another device? Your phone for example. Maybe your computer has a strange configuration in terms of SSL certificates. I did not run into this issue yet and have no clue why your computer is behaving this way.

We also had trouble with our servers recently which should be resolved by now. Maybe trying again also resolves your issue already?

Did you try accessing your website on another computer or your phone? We cannot really help without any more details, from our side the service operates correctly.

[JerryBerry12]

yes I did. Sorry if I sound mean, I understand you guys are trying. If you don't have anything else to try you can close this issue. It may not work with my network. Thanks for the help

[benc-uk]

I used to use loophole a lot a few years ago, it worked really well Now I just get the TLF cert problem, and my tunnels just result in a URL redirect back to localhost

Is the service still supported and up and running? Because it doesn't seem like it

[Morishiri]

@benc-uk it is up and running, but supported by small amount of people in addition to regular work. Please describe your issue further.

Where do you get the cert problem? In your terminal (ERR TLS Certificate failed to provision. Will be obtained with first request made by any client, therefore first execution may be slower) or in your browser?

If it's the message in your terminal - just ignore it, it is just a notice that we failed to obtain cert automatically via our request and that it will be obtained when you open your browser - that's how ACME certificate obtainment work in this case (we are removing this notification in future release as it causes too much confusion)

About the redirect - loophole is simple service putting traffic from our domain to your localhost, if you are getting some kind of redirects to localhost it may be your application doing that, some webservers redirect for example from path without slash (/) to path with it or the other way around. Check your application if you have correct base url configured and if it is not doing redirects.

[Morishiri]

yes I did. Sorry if I sound mean, I understand you guys are trying. If you don't have anything else to try you can close this issue. It may not work with my network. Thanks for the help

We are not able to diagnose anything else. We are privacy-focused and we don't gather any data about your usage - if you won't provide us with any details we are not able to get them. From our side service is operational and there are people running it at the moment without issues, we are also able to start new tunnels and use them successfully so it must be something related to your setup. Logs were saying that it is successfully running so I would aim that the underlying app is not running correctly. Are you able to access it when going to localhost:3000? I guess you already moved to different solution, but if not - we can still try to solve it. I can offer a call to take a look at it together with you.

[benc-uk]

@Morishiri - thanks I can confirm it was some strange direct issue, it didn't happen when I tried with localhost.run for some reason, but I can confirm that Loophole is working with some other local services I tried it with

[Morishiri]

@benc-uk May be that we don't forward some headers to the underlying service and that's the reason. Similar to https://github.com/loophole/cli/issues/187

[JerryBerry12]

Yes, I can still reach it from localhost:3000. Although I did switch operating systems ( had to for Rocket.Chat v6), so lemme redownload the loophole script and try again

[JerryBerry12]

It works! Guess it was something with my OS. Thanks for the help! You can close this issue now. (I didn't want to close it myself bc I saw @benc-uk was talking with you guys)

[DpVic]

Hi everyone, today I tried using this app and encountered the same problem. To provide some context, I have a website on localhost with a custom domain dpvic.local.

After reading the documentation, I attempted to run the tunnel as follows:

./loophole http 80 --hostname dpvic.local --verbose

Please note that I initially believed that the --hostname option was meant to point to my local domain, rather than the tunnel domain at "https://.{hostname.}loophole.site". This resulted in the following URL: https://dpvic.local.loophole.site. I suspect that due to some sort of limitation (I haven't investigated it thoroughly, my apologies), this was causing the error.

In any case, after redirecting my localhost to my custom local domain and changing the --hostname option to a simpler domain, like this:

./loophole http 80 --hostname dpvic --verbose

The error disappeared. I hope this information is helpful to someone.

[Morishiri]

Hello, yes - it only supports one level of subdomains, so you cannot use the .. We will add validation to not allow the dot in the hostname :)

[FT-oi]

Hello,I occasionally report this error when using the terminal. ./loophole http 8040 localhost --hostname ioce ERR TLS Certificate failed to provision. Will be obtained with first request made by any client, therefore first execution may be slower (Sometimes the website certificate is dangerous) But it doesn't affect access.,But the website will often (take a long time to load) can not beaccessed.,Sorry to bother.,I'm new to this aspect.,I don't understand a lot of places.,I hope you can guide it (from Microsoft Translator)