hassio-addons/addon-nginx-proxy-manager

TLS alert, unrecognized name (624):

droopanu opened this issue · 3 comments

droopanu commented

Problem/Motivation

NPM 1.0.1 not working.

Expected behavior

HTTPS requests to the NPM should work

Actual behavior

# curl -kv https://192.168.86.87:443
*   Trying 192.168.86.87:443...
* Connected to 192.168.86.87 (192.168.86.87) port 443 (#0)
* ALPN: offers http/1.1
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS alert, unrecognized name (624):
* error:14094458:SSL routines:ssl3_read_bytes:tlsv1 unrecognized name
* Closing connection 0
**curl: (35) error:14094458:SSL routines:ssl3_read_bytes:tlsv1 unrecognized name**

It was working on older NPM (0.12.3) (restored from backup. no configuration deployed):

curl -kv https://192.168.86.87:443
*   Trying 192.168.86.87:443...
* Connected to 192.168.86.87 (192.168.86.87) port 443 (#0)
* ALPN: offers http/1.1
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
* ALPN: server accepted http/1.1
* Server certificate:
*  subject: O=Nginx Proxy Manager; OU=Dummy Certificate; CN=localhost
*  start date: May 13 01:17:10 2019 GMT
*  expire date: May 10 01:17:10 2029 GMT
*  issuer: O=Nginx Proxy Manager; OU=Dummy Certificate; CN=localhost
*  SSL certificate verify result: self signed certificate (18), continuing anyway.
> GET / HTTP/1.1
> Host: 192.168.86.87
> User-Agent: curl/7.84.0
> Accept: */*
>
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):

Steps to reproduce

Install NPM on HASSOS (2024.01.06)

Proposed changes

(If you have a proposed change, workaround or fix,
describe the rationale behind it)

sinclairpaul commented

Please use the cert name for TLS to function correctly

droopanu commented

How do I do that? :)

sinclairpaul commented

You follow the docs to request a certificate, then use that for access.