NOTE: As I am writing this bug report, I realize that an even newer tailscale version was released (v1.68.1). While I can't try v1.68.1 at the moment to see if it fixes the issue, I'll leave a link to the release notes in case someone is able to eyeball it and determine whether that bugfix is related to this here issue. If it is related, I'll give it a try when I get a chance.
I updated my linux machine. The update included a bump to tailscale from version 1.66.4 to 1.68.0.
After the update, I can no longer access node domains using https. I can still access them with http.
# does not work anymore
curl https://foo.tail123456.ts.net
# still works
curl http://foo.tail123456.ts.net
This is an example of the emitted caddy logs when running curl https://foo.tail123456.ts.net:
{"level":"debug","ts":1718822986.680432,"logger":"tailscale","msg":"cert(\"foo.tail12345.ts.net\"): already had ACME account."}
{"level":"debug","ts":1718822987.5187576,"logger":"tailscale","msg":"cert(\"foo.tail12345.ts.net\"): starting SetDNS call..."}
{"level":"debug","ts":1718822991.303825,"logger":"tailscale","msg":"netcheck: [v1] report: udp=true v6=false v6os=true mapvarydest=true portmap= v4a=98.765.432.198:12345 derp=00 derpdist=4v4:105ms,18v4:111ms,23v4:84ms"}
{"level":"debug","ts":1718822995.895996,"logger":"tailscale","msg":"wg: [v2] [emid9] - Receiving keepalive packet"}
{"level":"debug","ts":1718822998.1051943,"logger":"tailscale","msg":"cert(\"foo.tail12345.ts.net\"): did SetDNS"}
{"level":"debug","ts":1718822998.6333194,"logger":"tailscale","msg":"cert(\"foo.tail12345.ts.net\"): acme: WaitOrder: OrderError status \"invalid\""}
{"level":"debug","ts":1718822998.6334443,"logger":"tailscale","msg":"cert(\"foo.tail12345.ts.net\"): getCertPEM: acme: order status: invalid"}
{"level":"debug","ts":1718822998.6339269,"logger":"http.stdlib","msg":"http: TLS handshake error from 100.12.34.56:12345: 500 Internal Server Error: acme: order status: invalid"}
I have since rolled back the update and all is working fine at the moment.
thenbe
commented
4 months ago
NOTE: As I am writing this bug report, I realize that an even newer tailscale version was released (
v1.68.1). While I can't tryv1.68.1at the moment to see if it fixes the issue, I'll leave a link to the release notes in case someone is able to eyeball it and determine whether that bugfix is related to this here issue. If it is related, I'll give it a try when I get a chance.I updated my linux machine. The update included a bump to tailscale from version
1.66.4to1.68.0.After the update, I can no longer access node domains using https. I can still access them with http.
This is an example of the emitted caddy logs when running
curl https://foo.tail123456.ts.net:I have since rolled back the update and all is working fine at the moment.
I'm using the latest caddy-tailscale: https://github.com/tailscale/caddy-tailscale/commit/4e8fde6df984ff16921cbd9ce68263b4e99889c7