I am trying to setup a secure websocket server (wss://) in go using acme/autocert. The program starts, but when I try to connect to it I get the following error:
http: TLS handshake error from <IP>: acme/autocert:
unable to authorize "<my domain>"; challenge "tls-alpn-01" failed with error:
acme: authorization error for <my domain>: 403 urn:acme:error:unauthorized:
Cannot negotiate ALPN protocol "acme-tls/1" for tls-alpn-01 challenge
This is the code I am using to start the websocket server:
func Run() {
hub = newHub()
go hub.run()
mux := http.NewServeMux()
mux.HandleFunc("/ws", func(w http.ResponseWriter, r *http.Request) {
serveWs(hub, w, r)
})
certManager := autocert.Manager{
Prompt: autocert.AcceptTOS,
Cache: autocert.DirCache("certs"),
}
server := &http.Server{
Addr: ":8080",
Handler: mux,
TLSConfig: &tls.Config{
GetCertificate: certManager.GetCertificate,
},
}
go server.ListenAndServeTLS("", "")
}
It should automatically get a new certificate when there is none in the cache (certs folder). The error message tells me that there is a problem while negotiating the protocol when creating a new certificate. Do I need to add supported protocols somewhere?
I'm not sure what is your issue but trying to add the HostPolicy in order to let to the manager know which host is allowed to respond to. here an example https://github.com/kjk/go-cookbook/blob/master/free-ssl-certificates/main.go#L77
Note: as a suggestion try to use 443 or 8443 as a secure ports.