Error: 2019/01/30 08:29:24 http: TLS handshake error from xxxxx:9730: all certificates configured via GetConfigForClient


(Noam) #1

Does anyone know why I’m getting this error?
Error: 2019/01/30 08:29:24 http: TLS handshake error from xxxxx:9730: all certificates configured via GetConfigForClient


(Matthew Fay) #2

Error defined from here:

This error was only merged a few weeks back, looks like: https://github.com/mholt/caddy/pull/2404

I wonder if CertMagic’s involved in this GetCertificate call over of GetConfigForClient? @matt, got any thoughts?


(Matt Holt) #3

This means that a TLS config could not be chosen for the given ServerName in the ClientHello. If GetConfigForClient returns nil, then GetCertificate is tried; I don’t fully understand why GetCertificate is required but apparently it is, until a future Go version… I think it has something to do with QUIC support.


(Matthew Fay) #4

Gotcha, so this is the expected result of Caddy not having any configuration for the site indicated by the client via SNI?


(Matt Holt) #5

Yep. And as you know, we’re working on ways to improve Caddy’s handling of clients not using SNI.


(Matt Holt) #6

@job_noam Please build caddy using https://github.com/mholt/caddy/pull/2452 and let us know if the error still occurs.


(Noam) #7

Thx Matt, but I don’t know how to build Caddy manual. sorry :slight_smile:


(Matt Holt) #8

There are instructions on the readme.


(Noam) #9

OK I install the new version and it’s working now. Thanks :slight_smile: