Large number of tls errors

Question

Large number of tls errors

tropnikovvl opened this issue 3 years ago · comments

Vladislav Tropnikov commented 3 years ago

Describe the bug
I am using the latest version of the application and there are a large number of errors in the container logs

To Reproduce
Steps to reproduce the behavior:

docker run ...
wait for automatic letsencrypt registration
see the errors after a few hours

Screenshots

Desktop (please complete the following information):
Ubuntu 18.04 LTS

firewall rules:

Chain INPUT (policy DROP 311 packets, 19332 bytes)
 pkts bytes target     prot opt in     out     source               destination
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpt:123
25098 2780K ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:22
50533 8258K ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpt:51825
 4746  581K ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:443
  389 24278 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:80
30838   20M ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
  448 31045 ACCEPT     all  --  *      *       10.99.97.0/24        0.0.0.0/0
  157 12635 ACCEPT     all  --  lo     *       0.0.0.0/0            0.0.0.0/0

Output all accept

Gabriel Chamon Araujo · Answer 1 · Mon Jun 14 2021 22:17:03 GMT+0800 (China Standard Time)

sorry for not answering sooner

Are you running this on a VPS or on a residential network? Is your server behind a NAT service?

It looks to me like something is preventing LetsEncrypt from reaching your server. You might want to check if virtual firewall port forwarding rules are correct or if your ISP (in case of a residential network) allows for HTTP/HTTPS connections on the usual 80 and 443 ports (some residential providers block any and all incoming requests to those ports).

Vladislav Tropnikov · Answer 2 · Tue Jun 15 2021 04:23:03 GMT+0800 (China Standard Time)

hi, this is vps,
but ports 80 and 443 are open, otherwise I would not be able to connect to the server

Gabriel Chamon Araujo · Answer 3 · Tue Jun 15 2021 04:26:28 GMT+0800 (China Standard Time)

I am trying to get more information about your infrastructure because I had no issues generating certificates on AWS for instance

Can you provide your config file or launch command? My second guess would be misconfiguration of the SUBSPACE_ENDPOINT_HOST parameter

Vladislav Tropnikov · Answer 4 · Wed Jun 16 2021 05:34:01 GMT+0800 (China Standard Time)

I used standard parameters.
And I'm not using arg SUBSPACE_ENDPOINT_HOST

docker create \
    --name subspace \
    --restart always \
    --network host \
    --cap-add NET_ADMIN \
    --volume /data:/data \
    --volume /usr/bin/wg:/usr/bin/wg \ 
    --env SUBSPACE_HTTP_HOST="subspace.example.com" \
    --env SUBSPACE_NAMESERVERS="1.1.1.1,8.8.8.8" \
    --env SUBSPACE_LISTENPORT="51825" \
    --env SUBSPACE_IPV6_NAT_ENABLED=0 \
    subspacecommunity/subspace:latest

Also my provider has a firewall, but there I opened 80, 443 and a port for wireguard

Gabriel Chamon Araujo · Answer 5 · Wed Jun 16 2021 06:18:21 GMT+0800 (China Standard Time)

You should change SUBSPACE_HTTP_HOST to a valid URL. The error is letsencrypt trying to reach your server using subspace.example.com which will not work. You can try it using duckdns.

Gabriel Chamon Araujo · Answer 6 · Wed Jun 16 2021 06:33:29 GMT+0800 (China Standard Time)

Closing since it is not a bug. However the readme should be updated. Where it reads SUBSPACE_ENDPOINT_HOST should be SUBSPACE_HTTP_HOST.