Need help to make autocert working
995 views
Skip to first unread message
Tong Sun
May 7, 2019, 9:07:36 PM5/7/19
to golang-nuts
Hi,
I've been trying to get an TLS server up and running for the past several days without success. I've used the following guides as reference:
and many more.
But for all of them I'm getting
This site can’t be reached
site took too long to respond.The latest code that I tried is
whose console log was:
2019/05/07 20:27:16 Serving http/https for domains: [my.domain.com]
2019/05/07 20:28:05 http: TLS handshake error from 99.xx.xx.221:43662: EOF
The previous errors I got from console log were:
2019/05/07 11:11:11 http: TLS handshake error from 99.xx.xx.221:40820: context deadline exceeded
2019/05/07 11:11:11 http: TLS handshake error from 99.xx.xx.221:40826: acme/autocert: missing certificate
. . .
The console log looked very strange to me --
- I have a real site with real DNS name.
- I ssh into the box as me, and start the program as:
sudo ./autocert-server my.domain.com
However, that 99.xx.xx.221 from all logs is my own home IP address (with a different domain name).
How come the autocert TLS handshake trying to connect my home IP address, instead of the remote server that I run the web site from and provide the real DNS name with?
thx
Kurtis Rader
May 7, 2019, 9:42:52 PM5/7/19
to Tong Sun, golang-nuts
On Tue, May 7, 2019 at 6:07 PM Tong Sun <sunto...@gmail.com> wrote:
I've been trying to get an TLS server up and running for the past several days without success. I've used the following guides as reference:
FWIW, I recommend the Caddy HTTPS web server rather than rolling your own. It took me just a few minutes to setup with a cert it automatically acquired from LetsEncrypt. It's written in Go. And it already has a rich set of plugins such as ipfilter that I contributed an enhancement to. See https://caddyserver.com/
Kurtis Rader
Caretaker of the exceptional canines Junior and Hank
Tong Sun
May 7, 2019, 11:39:19 PM5/7/19
to golang-nuts
On Tuesday, May 7, 2019 at 9:42:52 PM UTC-4, Kurtis Rader wrote:
On Tue, May 7, 2019 at 6:07 PM Tong Sun <sunto...@gmail.com> wrote:I've been trying to get an TLS server up and running for the past several days without success. I've used the following guides as reference:FWIW, I recommend the Caddy HTTPS web server rather than rolling your own. It took me just a few minutes to setup with a cert it automatically acquired from LetsEncrypt. It's written in Go. And it already has a rich set of plugins such as ipfilter that I contributed an enhancement to. See https://caddyserver.com/
Thanks Kurtis, I'll for sure using it for some serious.
For now, I need the program as minimalist as possible, because I'm trying to rewrite this small Perl code as Go,
whose only purpose is to severve an 1x1 pixel.
Kurtis Rader
May 7, 2019, 11:54:43 PM5/7/19
to Tong Sun, golang-nuts
On Tue, May 7, 2019 at 8:39 PM Tong Sun <sunto...@gmail.com> wrote:
Thanks Kurtis, I'll for sure using it for some serious.For now, I need the program as minimalist as possible, because I'm trying to rewrite this small Perl code as Go,whose only purpose is to severve an 1x1 pixel.
Then why are you writing a HTTPS server that uses a TLS cert from LetsEncrypt? The code you linked to is a simple HTTP server.
Assuming the answer is you need (or want to use) HTTPS my answer is still the same: Use Caddy. It's very small and trivial to install and setup. It is also extremely efficient at serving static content (I use it with Hugo to serve static blog content). Again, don't reinvent the wheel.
alex
May 8, 2019, 3:25:53 AM5/8/19
to golang-nuts
> This site can’t be reached
> site took too long to respond.
Where is this coming from, some kind of a client?
> How come the autocert TLS handshake trying to connect my home IP address
autocert doesn't connect anywhere except the ACME directory, Let's Encrypt being most common I guess.
Most likely you've tried connecting to your server from home and that's where your own IP would show up.
Make sure the domain name points to a publicly accessible IP address where your box is running.
The ACME CA will try to connect to it while verifying proof of domain control. If it can't, the validation fails and autocert won't be able to complete TLS handshake.
pkdchoy
May 24, 2022, 1:03:28 PM5/24/22
to golang-nuts
Hi sunto,
I am facing the same problem. Have you found a solution?
Thanks.
Reply all
Reply to author
Forward
0 new messages