-
Notifications
You must be signed in to change notification settings - Fork 228
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Lightsail Ubuntu api error: tlsv1 alert internal error #317
Comments
All - Good news: I believe I have resolved part of the issue by stopping the systemd.resolved service and manually editing the resolv.conf file. Bad news: I still have the same (or related) issue. I retested and got the same error. Syslog has the following (apparently) related error: http: TLS handshake error from 107.22.246.55:53446: no certificate available for 'theschaubs.com'" I would think it expected that there is no certificate available because I am creating an initial certificate. Therefore, the error doesn't make sense to me. Any help in deciphering and troubleshooting this would be wonderful. |
Okay - I'm one step closer. It appears that tls = "none" is required if you do not already have a certificate (i.e., you are registering and Letsencrypt and do not already have a certificate on the server). When doing so, the protocol changes to http from https and the api then works. I was able to register acme-dns, get a cname, have certbot issue the txt (with the api properly populating it in acme-dns). Great so far. However, Certbot cannot access that txt record. It physically lives in the acme-dns database and dig works properly, returning the records. I validated this from both the host and an external computer. Can anyone help me to understand and resolve the this issue? |
I am trying to configure acme-dns on a lightsail Ubuntu instance and I have a "tlsv1 alert internal error" return. As I dug into this, it appears that this can be caused by listening on port 53 for a non-public facing IP. This is where I believe lightsail is adding to my challenges. My understanding is that I need to update the listen address from loopback to public, either directly or via wildcard.
I get a dns conflict with systemd.resolvd when supplying a wildcard (0.0.0.0:53) because the 127.0.0.1 is already open with resolv. Lightsail directly exposes the internal IP address and I can configure that address, the service starts fine, but I get the error above when testing the api. Finally, the sevice will not start when I use the public assigned IP address through lightsail (listen udp4 107.22.246.55:53: bind: cannot assign requested address).
There could well be other issues with the configuration, but the errors I'm seeing appear to match this particular one. I will include my config.cfg below in case there are issues there with most of the comments removed. Really appreciate any help I can get with this issue.
Regards...Greg
The text was updated successfully, but these errors were encountered: