acme/autocert: missing server name

suyashkumar / ssl-proxy

:lock: Simple zero-config SSL reverse proxy with real autogenerated certificates (LetsEncrypt, self-signed, provided)

MIT License

742 stars 87 forks source link

acme/autocert: missing server name #36

Closed 1722393429 closed 2 years ago

1722393429 commented 2 years ago

2022/03/02 20:26:18 http: TLS handshake error from 138.246.253.24:41988: acme/autocert: missing server name

tcwalther commented 2 years ago

While this issue has little information about the problem, I can confirm that letsencrypt integration seems to be broken. It used to work flawlessly less than a year ago, but when I run ssl-proxy with -domain=example.com now, I get the same error message. Using a manual cert+key pair (created via certbot) works fine.

suyashkumar commented 2 years ago

Thanks for reporting this folks! I'll take a look at this this weekend. Out of curiosity, does this happen with the prebuilt binaries and also when you build from source?

grischard commented 2 years ago

Hi! This happens to me both when I build from source (linux, aarm64) and with the pre-built binaries (darwin, amd64).

I run:

./ssl-proxy-darwin-amd64 -from [::]:443 -to 127.0.0.1:8000 -domain reasonableexcuse.stereo.lu

The logs say:

2022/03/08 19:51:03 http: TLS handshake error from [2001:470:1f07:63c:8cc:74b8:1f3:1009]:52731: acme/autocert: unable to satisfy "https://acme-v02.api.letsencrypt.org/acme/authz-v3/85721842810" for domain "reasonableexcuse.stereo.lu": no viable challenge type found 2022/03/08 19:51:04 http: TLS handshake error from [2001:470:1f07:63c:8cc:74b8:1f3:1009]:52734: acme/autocert: missing certificate

suyashkumar commented 2 years ago

Thanks folks! I think that I've been able to repro and fix the error in a limited test environment, simply by updating the golang crypto dependencies. Sending a PR here: https://github.com/suyashkumar/ssl-proxy/pull/37 that should be merged soon. Thanks for reporting, and if you get a chance to test it let me know if it worked in your usage. Thanks!

suyashkumar commented 2 years ago

This should be addressed with #37, and I've also published an updated release with prebuilt binaries here: https://github.com/suyashkumar/ssl-proxy/releases/tag/v0.2.7

You can easily pull down the latest release at the command line with

wget -qO- "https://getbin.io/suyashkumar/ssl-proxy" | tar xvz

Give them a try and let me know if you still have issues. Thanks!

Jipok commented 2 years ago

Fixed for me.

suyashkumar commented 2 years ago

Great! I'll close this out then. If anyone else has similar issues feel free to comment and reopen. Thanks!

mxbfnk commented 9 months ago

Heyja, I think the problem is present again with newest version 0.5.2.

Connecting from WIN Agent to Linux Proxy.

-selfcert works fine!

grischard commented 9 months ago

@mxbfnk Since this issue is two years old and the original cause of that problem got resolved, can I suggest opening a new issue?

mxbfnk commented 9 months ago

sure. ;) I thought here because of the last comment from @suyashkumar