acme/autocert: unable to satisfy for domain: no viable challenge type found

Question

acme/autocert: unable to satisfy for domain: no viable challenge type found

dakone22 opened this issue a year ago · comments

docker run -d \
    --security-opt no-new-privileges \
    -p 443:443 \
    --restart unless-stopped \
    --name dumbproxy \
    yarmak/dumbproxy -bind-address :443 -auth 'static://?username=USER&password=PASSWD' -autocert

При

curl -v -x 'https://USER:PASSWD@DOMAIN:443' http://ifconfig.co

выдаёт

*   Trying 1.2.3.4:443...
* Connected to (nil) (1.2.3.4) port 443 (#0)
*  CAfile: /etc/ssl/certs/ca-certificates.crt
*  CApath: /etc/ssl/certs
* TLSv1.0 (OUT), TLS header, Certificate Status (22):
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS header, Unknown (21):
* TLSv1.3 (IN), TLS alert, internal error (592):
* error:0A000438:SSL routines::tlsv1 alert internal error
* Closing connection 0
curl: (35) error:0A000438:SSL routines::tlsv1 alert internal erro

В логах

MAIN    : 2023/04/03 18:12:54 main.go:173: INFO     Starting proxy server...
MAIN    : 2023/04/03 18:12:54 main.go:232: INFO     Proxy server started.
HTTPSRV : 2023/04/03 18:13:09 server.go:3215: http: TLS handshake error from 18.216.99.30:54400: tls: client requested unsupported application protocols ([acme-tls/1])
HTTPSRV : 2023/04/03 18:13:09 server.go:3215: http: TLS handshake error from 23.178.112.102:36054: tls: client requested unsupported application protocols ([acme-tls/1])
HTTPSRV : 2023/04/03 18:13:09 server.go:3215: http: TLS handshake error from 35.164.222.78:47986: tls: client requested unsupported application protocols ([acme-tls/1])
HTTPSRV : 2023/04/03 18:13:10 server.go:3215: http: TLS handshake error from 1.2.3.4:54026: acme/autocert: unable to satisfy "https://acme-v02.api.letsencrypt.org/acme/authz-v3/..." for domain "DOMAIN": no viable challenge type found

Snawoot · Answer 1 · Tue Apr 04 2023 04:47:21 GMT+0800 (China Standard Time)

@dakone22
Исправлено в версии 1.9.1. Обновите образ с помощью docker pull yarmak/dumbproxy и попробуйте снова.

Anton Tokarev · Answer 2 · Tue Apr 25 2023 22:17:18 GMT+0800 (China Standard Time)

@Snawoot все ж апну

нет, нет, да проскакивает

Apr 25 14:08:11 proxy-srv-1 dumbproxy[8001]: HTTPSRV : 2023/04/25 14:08:11 server.go:3228: http: TLS handshake error from 2.183.131.15:49823: acme/autocert: unable to satisfy "https://acme-v02.api.letsencrypt.org/acme/authz-v3/222416874807" for domain "speed.cloudflare.com": no viable challenge type found

версия - v1.9.1
бинарь - compiled binary

Snawoot · Answer 3 · Tue Apr 25 2023 22:26:34 GMT+0800 (China Standard Time)

@antokarev это какие-то левые клиенты приходят и сканируют посторонние домены. мне попадались запрашивающие домены:

speed.cloudflare.com
sparrow.cloudflare.com
icook.tw
www.cloudflare.com

никакой проблемы от них нет. но при желании можно ограничить список доменов, которые autocert будет обслуживать, через опцию -autocert-whitelist domain1.com,www.domain2.org,...