tls-sni disabled on LetsEncrypt
SilverCory opened this issue · 6 comments
SilverCory commented
http: TLS handshake error from 82.34.xxx.xxx:55065: acme/autocert: unable to authorize "xxx.xxx.xxx"; tried ["tls-sni-02" "tls-sni-01"]
deepch commented
Also does not work.
SilverCory commented
@deepch it won't because tls-sni is disabled on letsencrypt's end, you have to use http-01
You can do this in a manner similar to below
m := &autocert.Manager{
Prompt: autocert.AcceptTOS,
HostPolicy: autocert.HostWhitelist(panel.Config.Web.DomainNames[0:]...),
}
dir := cacheDir()
fmt.Println("Using cache: ", dir)
if err := os.MkdirAll(dir, 0700); err != nil {
log.Printf("warning: autocert.NewListener not using a cache: %v", err)
} else {
m.Cache = autocert.DirCache(dir)
}
go http.ListenAndServe(":http", m.HTTPHandler(nil))
return autotls.RunWithManager(panel.GinInstance, *m)deepch commented
this method redirect http to https I need pure :80 and https ;(
SilverCory commented
@deepch you can turn of the redirect by supplying a handler in m.HTTPHandler(...)
deepch commented
thx I run it
m := &autocert.Manager{
Prompt: autocert.AcceptTOS,
HostPolicy: autocert.HostWhitelist(panel.Config.Web.DomainNames[0:]...),
}
dir := cacheDir()
fmt.Println("Using cache: ", dir)
if err := os.MkdirAll(dir, 0700); err != nil {
log.Printf("warning: autocert.NewListener not using a cache: %v", err)
} else {
m.Cache = autocert.DirCache(dir)
}
go http.ListenAndServe(":http", m.HTTPHandler(panel.GinInstance))
return autotls.RunWithManager(panel.GinInstance, *m)
if use go http.ListenAndServe(":http", m.HTTPHandler(nil)) <--- nil work as redirect
if use go http.ListenAndServe(":http", m.HTTPHandler(panel.GinInstance)) <--- panel.GinInstance work as http and cert receive no problem
thx you.