acme/autocert: unable to satisfy for domain: no viable challenge type found
dakone22 opened this issue · comments
dakone22 commented
docker run -d \
--security-opt no-new-privileges \
-p 443:443 \
--restart unless-stopped \
--name dumbproxy \
yarmak/dumbproxy -bind-address :443 -auth 'static://?username=USER&password=PASSWD' -autocert
При
curl -v -x 'https://USER:PASSWD@DOMAIN:443' http://ifconfig.co
выдаёт
* Trying 1.2.3.4:443...
* Connected to (nil) (1.2.3.4) port 443 (#0)
* CAfile: /etc/ssl/certs/ca-certificates.crt
* CApath: /etc/ssl/certs
* TLSv1.0 (OUT), TLS header, Certificate Status (22):
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS header, Unknown (21):
* TLSv1.3 (IN), TLS alert, internal error (592):
* error:0A000438:SSL routines::tlsv1 alert internal error
* Closing connection 0
curl: (35) error:0A000438:SSL routines::tlsv1 alert internal erro
В логах
MAIN : 2023/04/03 18:12:54 main.go:173: INFO Starting proxy server...
MAIN : 2023/04/03 18:12:54 main.go:232: INFO Proxy server started.
HTTPSRV : 2023/04/03 18:13:09 server.go:3215: http: TLS handshake error from 18.216.99.30:54400: tls: client requested unsupported application protocols ([acme-tls/1])
HTTPSRV : 2023/04/03 18:13:09 server.go:3215: http: TLS handshake error from 23.178.112.102:36054: tls: client requested unsupported application protocols ([acme-tls/1])
HTTPSRV : 2023/04/03 18:13:09 server.go:3215: http: TLS handshake error from 35.164.222.78:47986: tls: client requested unsupported application protocols ([acme-tls/1])
HTTPSRV : 2023/04/03 18:13:10 server.go:3215: http: TLS handshake error from 1.2.3.4:54026: acme/autocert: unable to satisfy "https://acme-v02.api.letsencrypt.org/acme/authz-v3/..." for domain "DOMAIN": no viable challenge type found
Snawoot commented
@dakone22
Исправлено в версии 1.9.1
. Обновите образ с помощью docker pull yarmak/dumbproxy
и попробуйте снова.
Anton Tokarev commented
@Snawoot все ж апну
нет, нет, да проскакивает
Apr 25 14:08:11 proxy-srv-1 dumbproxy[8001]: HTTPSRV : 2023/04/25 14:08:11 server.go:3228: http: TLS handshake error from 2.183.131.15:49823: acme/autocert: unable to satisfy "https://acme-v02.api.letsencrypt.org/acme/authz-v3/222416874807" for domain "speed.cloudflare.com": no viable challenge type found
версия - v1.9.1
бинарь - compiled binary
Snawoot commented
@antokarev это какие-то левые клиенты приходят и сканируют посторонние домены. мне попадались запрашивающие домены:
- speed.cloudflare.com
- sparrow.cloudflare.com
- icook.tw
- www.cloudflare.com
никакой проблемы от них нет. но при желании можно ограничить список доменов, которые autocert будет обслуживать, через опцию -autocert-whitelist domain1.com,www.domain2.org,...