Any upgrade from 0.51.0-alpha3 : internet access is impossible, although Let's Encrypt certificate is valid, and Internet menu verification OK

[rockrider69]

BEFORE

• Are you using a reverse-proxy, like nginx?
  • No

To Reproduce Steps to reproduce the behavior:

1. From 0.51.0-Alpha3: stop HFS (installed as a service via NSSM), copy new hfs.exe and new plugins manually : tried 0.51.0RC11, 0.52.0-alpha2, 0.52.1
2. Restart Server - Check configuration still same and ok vis HS/Admin
3. Access server from any internet client/browser (android, ...) --> you get an error : "domain can't be reached...contact the owner"
4. Revert back to 0.51.0-alpha3 : All is back to normal

Describe the bug I have sucessfully generated, installed and used a Let's Encrypt certificate for my personal HFS V3 Server. All has been fine for several months (since october 2023), including one certificate renewal (via certbot). My current HFS version is 0.51.0-alpha3.

Now each time I try to upgrade the server, i.e install a new main executable - any new version, all seems fine from the server side (including verifying from internet menu, but my server can't be reach anymore from the internet. Error : Domain can't be reached...

HFS Server is running on Windows10.

Rolling back to original exe makes everything work again. Hopefully :wink:

According to Let's Encrypt, I am not supposed to regenerate or renew my certificate each time I upgrade the server... It should work. So I guess I miss something with HFS itself and look for help here.

Expected behavior Be able to follow new HFS versions with same valid SSL certificate.

Screenshots Try to provide videos or else screenshots to help explain your problem.

Environment (please complete the following information):

• OS: Windows 10
• HFS Version 0.51.0-alpha3
• Browser : chrome, edge, ...

Additional context

[rejetto]

first thing that comes to mind is that you allowed that hfs.exe with your firewall/antivirus, and changing the exe needs to be re-allowed. A simple test can be done by temporarily disable all.

But I understand that you clicked "verify" in internet page and it reported the server to be working. That uses my server, located in France, to do the test, so it is really working. Maybe your problem is limited to you testing within your LAN. I'm not sure what's going on there.

You don't need to manually copy new versions, you got an automatic procedure when you click "check for updates".

[rejetto]

There's a test you can do to verify if your problem is with upgrades or with ANY change to your exe, that is installing an older version. If older versions don't work as well, then it's clearly something on your computer and nothing to do with hfs.

[rockrider69]

Thanks for the quick answers and guidance here. Good idea, I will make the test with an older version and report here. Will double check also my firewall rules.

[rockrider69]

Hello!

I have done some more tests with few different versions since december 2023 (back and forth with older and newer). All tests done today. Nothing changed to my current firewall rules, nor to the SSL certificate.

• 50.0alpha3, 50.4, 51.0alpha3 and 51.0beta4 : all 4 are OK, no issue at all.

• 51.0alpha1, 51.0beta5 : both KO "Internal server error" reported on the browser and (server error TypeError: Cannot read properties of undefined (reading 'translate') in debug.log

• 51.0RC11, 51.2, 52.0alpha2, 52.1 : all 4 are KO "No data sent by server" reported on the browser, nothing in the debug.log

I have not been able to tests all versions but if I try a summary :

• 50.0 are OK
• 51.0 alpha3 and beta4 are OK, but alpha1, beta5, RC11 are not.
• 51.2 not OK
• 52.0 alpha2 not OK
• 52.1 not OK

In other words, since 51.0beta5 included, no version tested is working for me (2 types of error messages). But also one older version had a similar problem (51.0alpha1). Too bad I could not find a clear version introducing the issue. It is probably between 51.0 alpha1, alpha3, beta4, beta5 that things fluctuate....

I am now running 51.0beta4 with no issue.

I hope this can help you narrowing things down ;) and let me know if I can help more.

[rejetto]

did you enable "Accept requests only using domain" ?

[rockrider69]

Yes "Accept requests only using domain" is enabled. I guessed it would be more secure. Should I disable it ?

[rejetto]

yes, it is more secure, but.... are you respecting that limit? meaning, when you are blocked ("no data..."), are you using the domain you configured? because if you are not, then you are correctly blocked

[rejetto]

51.0alpha1, 51.0beta5 : both KO "Internal server error" reported on the browser and (server error TypeError: Cannot read properties of undefined (reading 'translate') in debug.log

this was a bug, and it was (apparently) fixed.

51.0RC11, 51.2, 52.0alpha2, 52.1 : all 4 are KO "No data sent by server" reported on the browser, nothing in the debug.log

this is the block finally working, because in previous versions it was NOT working. 0.51beta6 fixed this.

[rockrider69]

"yes, it is more secure, but.... are you respecting that limit? meaning, when you are blocked ("no data..."), are you using the domain you configured? because if you are not, then you are correctly bloked"

I only use the domain name, no IP adress, when connecting and making all the tests I described here, the one OK and the others. I have to check though what is really ongoing because my tests have been done at home, from my smartphone, and while being connected via the Wifi... Could it be an explanation? anyway I'll try some more tests via 4G.

[rejetto]

you can also try to temporarily disable the option. you can do it by accessing http://localhost/~/admin which is never affected by the option

[rockrider69]

Well this is now solved :)

First I installed 0.51.2 and just disabled the option "Accept requests only using domain" as you suggested. And it worked.

Second I re-enabled "Accept requests only using domain", but I changed the Adress/Domain from Automatic (which I never had looked at in detail) to manually defining my https:// mydomain:port. All is fine and OK now with 0.51.2.

I feel I could have played a bit more with these option before posting to really understand the logic, but hopefully my errors will help others.

Many thanks for the time supporting 👍 and the whole HFS work !

[rejetto]

i see, there's clearly a usability problem here. You were not supposed to enable that option without specifying a domain. I will prevent this situation to occur from next release. thanks for the feedback