Error: 2019/01/30 08:29:24 http: TLS handshake error from xxxxx:9730: all certificates configured via GetConfigForClient

job_noam · January 30, 2019, 8:45am

Does anyone know why I’m getting this error?
Error: 2019/01/30 08:29:24 http: TLS handshake error from xxxxx:9730: all certificates configured via GetConfigForClient

Whitestrake · January 30, 2019, 2:20pm

Error defined from here:

https://github.com/mholt/caddy/blob/8369a1211544224b2967dd3ac43372a2ef432291/caddytls/config.go#L273-L282

This error was only merged a few weeks back, looks like: https://github.com/mholt/caddy/pull/2404

I wonder if CertMagic’s involved in this GetCertificate call over of GetConfigForClient? @matt, got any thoughts?

matt · January 30, 2019, 5:04pm

This means that a TLS config could not be chosen for the given ServerName in the ClientHello. If GetConfigForClient returns nil, then GetCertificate is tried; I don’t fully understand why GetCertificate is required but apparently it is, until a future Go version… I think it has something to do with QUIC support.

Whitestrake · January 31, 2019, 12:35am

Gotcha, so this is the expected result of Caddy not having any configuration for the site indicated by the client via SNI?

matt · January 31, 2019, 2:58pm

Yep. And as you know, we’re working on ways to improve Caddy’s handling of clients not using SNI.

matt · February 2, 2019, 10:00pm

@job_noam Please build caddy using https://github.com/mholt/caddy/pull/2452 and let us know if the error still occurs.

job_noam · February 3, 2019, 6:02am

Thx Matt, but I don’t know how to build Caddy manual. sorry

matt · February 3, 2019, 4:03pm

There are instructions on the readme.

job_noam · February 6, 2019, 3:35am

OK I install the new version and it’s working now. Thanks

system · May 7, 2019, 3:35am

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.