Large number of tls errors
tropnikovvl opened this issue · 6 comments
Describe the bug
I am using the latest version of the application and there are a large number of errors in the container logs
To Reproduce
Steps to reproduce the behavior:
- docker run ...
- wait for automatic letsencrypt registration
- see the errors after a few hours
Desktop (please complete the following information):
Ubuntu 18.04 LTS
firewall rules:
Chain INPUT (policy DROP 311 packets, 19332 bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:123
25098 2780K ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:22
50533 8258K ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:51825
4746 581K ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:443
389 24278 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80
30838 20M ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED
448 31045 ACCEPT all -- * * 10.99.97.0/24 0.0.0.0/0
157 12635 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
Output all accept
sorry for not answering sooner
Are you running this on a VPS or on a residential network? Is your server behind a NAT service?
It looks to me like something is preventing LetsEncrypt from reaching your server. You might want to check if virtual firewall port forwarding rules are correct or if your ISP (in case of a residential network) allows for HTTP/HTTPS connections on the usual 80 and 443 ports (some residential providers block any and all incoming requests to those ports).
hi, this is vps,
but ports 80 and 443 are open, otherwise I would not be able to connect to the server
I am trying to get more information about your infrastructure because I had no issues generating certificates on AWS for instance
Can you provide your config file or launch command? My second guess would be misconfiguration of the SUBSPACE_ENDPOINT_HOST parameter
I used standard parameters.
And I'm not using arg SUBSPACE_ENDPOINT_HOST
docker create \
--name subspace \
--restart always \
--network host \
--cap-add NET_ADMIN \
--volume /data:/data \
--volume /usr/bin/wg:/usr/bin/wg \
--env SUBSPACE_HTTP_HOST="subspace.example.com" \
--env SUBSPACE_NAMESERVERS="1.1.1.1,8.8.8.8" \
--env SUBSPACE_LISTENPORT="51825" \
--env SUBSPACE_IPV6_NAT_ENABLED=0 \
subspacecommunity/subspace:latest
Also my provider has a firewall, but there I opened 80, 443 and a port for wireguard
You should change SUBSPACE_HTTP_HOST to a valid URL. The error is letsencrypt trying to reach your server using subspace.example.com which will not work. You can try it using duckdns.
Closing since it is not a bug. However the readme should be updated. Where it reads SUBSPACE_ENDPOINT_HOST
should be SUBSPACE_HTTP_HOST
.