Confusing error message when SSL problem in SRV check

matrix-org / matrix-federation-tester

Tester for matrix federation written in golang.

78 stars 17 forks source link

Confusing error message when SSL problem in SRV check #96

Closed jaywink closed 4 years ago

jaywink commented 4 years ago

Case;

SRV record is set-up correctly (domain.tld delegates via SRV to matrix.domain.tld)
There is no .well-known
The homeserver matrix.domain.tld has a valid SSL certificate for matrix.domain.tld but not for domain.tld (as required by spec for SRV to work)

The error given by the federation tester is as follows (in the JSON output):

"ConnectionErrors": {
    "1.2.3.4:443": {
      "Message": "Non-200 response 404 from remote server"
    }
  },

richvdh commented 4 years ago

are you sure?

Tahvok commented 4 years ago

Same issue here. My cert for subdomain is correct and working properly, however the parent domain is pointing to a completely unrelated website which I don't have control over. The federation tester is complaining with same error: https://federationtester.matrix.org/api/report?server_name=tahvok.com

richvdh commented 4 years ago

@Tahvok I see a completely different error for you: https://gist.github.com/richvdh/71913e1e8d382aaed1410978aeaeb97b.

I'm going to close this until someone can actually demonstrate the reported problem.

tulir commented 4 years ago

@jaywink's error seems perfectly normal if there's a web server/reverse proxy that has virtualhosts for both domain.tld and matrix.domain.tld. The web server will see it as a request to domain.tld (SNI is always set to what certs the client expects, Host header is generally the same as SNI). If there's no Matrix stuff on the domain.tld virtualhost, 404 is the correct response.