I'm trying to set up let's encrypt on a load balancer written in Go, I tried both the automatic and manual setup but I always get errors.
The domain is pointing correctly to our server (Digital Ocean) and I can even open the site from a browser without errors, also an ssl check report no errors on this domain. The fact is that when I run the Go executable on server from CLI I get errors repeatedly.
The server code is that, the certificate and the key are created when I look at the domain from a browser for the first time after the server start:
go func() {
log.Printf("Staring HTTP service on %s ...", ":80")
http.HandleFunc("/*", http.HandlerFunc(func (w http.ResponseWriter, r *http.Request) {
http.Redirect(w, r, "https://" + app.Cfg.S_HOST + ":443" + r.RequestURI, http.StatusMovedPermanently)
}))
if err := http.ListenAndServe(":80", nil); err != nil {
errs <- err
}
}()
log.Printf("Staring HTTPS service on %s ...", ":443")
http.HandleFunc("/hello", http.HandlerFunc(func (w http.ResponseWriter, r *http.Request) {
w.Header().Set("Content-Type", "text/plain")
w.Write([]byte("This is an example server.
"))
}))
certManager := autocert.Manager{
Prompt: autocert.AcceptTOS,
HostPolicy: autocert.HostWhitelist(app.Cfg.S_HOST), //your domain here
Cache: autocert.DirCache("certs"), //folder for storing certificates
}
server := &http.Server{
Addr: ":443",
TLSConfig: &tls.Config{
ServerName: app.Cfg.S_HOST,
GetCertificate: certManager.GetCertificate,
},
}
if err := server.ListenAndServeTLS("", ""); err != nil {
print(err.Error())
} //key and cert are comming from Let's Encrypt
I get those errors:
http: TLS handshake error from (ip):59451: read tcp (myserver IP):443->(ip):59451: read: connection reset by peer
hello.ServerName empty:2017/04/01 17:14:38 http: TLS handshake error from (ip):58193: acme/autocert: missing server name
http: TLS handshake error from (ip):45822: acme/autocert: host not configured
http: TLS handshake error from (ip):58440: EOF
Then I tried also creating the certificate manually (succesfully) and simply using that code and I get errors again and again:
The server code is:
go func() {
log.Printf("Staring HTTP service on %s ...", ":80")
http.HandleFunc("/*", http.HandlerFunc(func (w http.ResponseWriter, r *http.Request) {
http.Redirect(w, r, "https://" + app.Cfg.S_HOST + ":443" + r.RequestURI, http.StatusMovedPermanently)
}))
if err := http.ListenAndServe(":80", nil); err != nil {
errs <- err
}
}()
log.Printf("Staring HTTPS service on %s ...", ":443")
http.HandleFunc("/hello", http.HandlerFunc(func (w http.ResponseWriter, r *http.Request) {
w.Header().Set("Content-Type", "text/plain")
w.Write([]byte("This is an example server.
"))
}))
// ssl["cert"] and ssl["key"] are the cert and key path (letsencrypt/live...)
if err := http.ListenAndServeTLS(sslAddr, ssl["cert"], ssl["key"], nil); err != nil {
errs <- err
}
Errors:
http2: server: error reading preface from client (ip):10319: bogus greeting "POST / HTTP/1.1 Host: 4"
http: TLS handshake error from (ip):10322: EOF
http: TLS handshake error from (ip):13504: read tcp (my server ip):443->(ip):13504: read: connection reset by peer
http2: server: error reading preface from client (ip):9672: timeout waiting for client preface
Can someone help me please? Thanks
As JimB and others said in the comments, this can be the result of bad requests. Invalid requests will be logged when using https://www.ssllabs.com/ssltest/ to test a site's https configuration. A good test score can give you confidence the log messages are benign and can be safely ignored.
Also the acme/autocert package is evolving rapidly (at Jan 2018), please check your version is up to date.