panoskpv
October 7, 2024, 7:12pm
1
I have Caddy in docker and use certbot to automatically renew certificates outside this docker. Sometimes I get SSL_ERROR_INTERAL_ERROR_ALERTcloudflare-ech.com ’” as error in caddy.
TLS handshake error from 192.168.13.1:51214: no certificate available for 'cloudflare-ech.com
v2.8.4 h1:q3pe0wpBj1OcHFZ3n/1nl4V4bxBrYoSoab7rL9BMYNk=
version: “3.7”
services:
Docker
N/A
{
debug
}
(secure) {
forward_auth {args[0]} authelia:9091 {
uri /api/verify?rd=https://auth.panoskpv91.com
copy_headers Remote-User Remote-Groups Remote-Name Remote-Email
header_up Host {upstream_hostport}
}
}
auth.panoskpv91.com {
reverse_proxy authelia:9091
tls /data/fullchain.pem /data/privkey.pem
}
https://se.panoskpv91.com:443 {
reverse_proxy server:49153
tls /data/fullchain.pem /data/privkey.pem
}
#only internal
https://proxmox.panoskpv91.com:443 {
import secure *
reverse_proxy 192.168.1.19:8006 {
transport http {
tls
tls_insecure_skip_verify
}
}
tls /data/fullchain.pem /data/privkey.pem
}
1 Like
Why? Just let Caddy handle that
Show an example request with curl -v. Please describe your setup. I don’t understand what Cloudflare has to do with your setup.
1 Like
panoskpv
October 8, 2024, 9:15am
3
For the certificates upon issuance I need to be automatically copied to other machine. My DNS provider is cloudflare and I pass relevant api key to certbot.
For internal sites I use caddy and for some sites that I want to have publicly available I use sophos xg reverse proxy and then cloudflare reverse proxy (only for traffic coming from outside my network internal is handled by caddy only). However I randomly see this ssl error only when I reach the some protected uri internally.
curl -v output
<html class="no-js theme-auto center-aligment-no" lang="en-EN" >
<head>
<meta charset="UTF-8">
<meta name="description" content="SearXNG — a privacy-respecting, open metasearch engine">
<meta name="keywords" content="SearXNG, search, search engine, metasearch, meta search">
<meta name="generator" content="searxng/2024.10.4+3e747d049">
<meta name="referrer" content="no-referrer">
<meta name="robots" content="noarchive">
<meta name="viewport" content="width=device-width, initial-scale=1">
<meta name="HandheldFriendly" content="True">
<meta http-equiv="X-UA-Compatible" content="IE=edge, chrome=1">
<title>SearXNG</title>
<link rel="stylesheet" href="/static/themes/simple/css/searxng.min.css?8499d110319f09a6fdf106831ad48717e9a02357" type="text/css" media="screen">
<!--[if gte IE 9]>-->
<script src="/static/themes/simple/js/searxng.head.min.js?20e3306580fcabadf100ed3b88304a00c47e2efe" client_settings="eyJhdXRvY29tcGxldGVfcHJvdmlkZXIiOiAiIiwgImF1dG9jb21wbGV0ZV9taW4iOiA0LCAiaHR0cF9tZXRob2QiOiAiUE9TVCIsICJpbmZpbml0ZV9zY3JvbGwiOiBmYWxzZSwgInRyYW5zbGF0aW9ucyI6IHsibm9faXRlbV9mb3VuZCI6ICJObyBpdGVtIGZvdW5kIiwgIlNvdXJjZSI6ICJTb3VyY2UiLCAiZXJyb3JfbG9hZGluZ19uZXh0X3BhZ2UiOiAiRXJyb3IgbG9hZGluZyB0aGUgbmV4dCBwYWdlIn0sICJzZWFyY2hfb25fY2F0ZWdvcnlfc2VsZWN0IjogdHJ1ZSwgImhvdGtleXMiOiAiZGVmYXVsdCIsICJ0aGVtZV9zdGF0aWNfcGF0aCI6ICIvc3RhdGljL3RoZW1lcy9zaW1wbGUifQ=="></script>
<!--<![endif]-->
<link title="SearXNG" type="application/opensearchdescription+xml" rel="search" href="/opensearch.xml?method=POST&autocomplete=">
<link rel="icon" href="/static/themes/simple/img/favicon.png?60321eeb6e2f478f0e5704529308c594d5924246" sizes="any">
<link rel="icon" href="/static/themes/simple/img/favicon.svg?ee99f2c4793c32451062177672c8ab309dbef940" type="image/svg+xml">
<link rel="apple-touch-icon" href="/static/themes/simple/img/favicon.png?60321eeb6e2f478f0e5704529308c594d5924246">
</head>
<body class="index_endpoint" >
<main id="main_index" class="">
<nav id="links_on_top"><a href="/info/en/about" class="link_on_top_about"><svg class="ion-icon-big" viewBox="0 0 512 512" aria-hidden="true"><path d="M248 64C146.39 64 64 146.39 64 248s82.39 184 184 184 184-82.39 184-184S349.61 64 248 64z" fill="none" stroke="currentColor" stroke-miterlimit="10" stroke-width="32"/><path fill="none" stroke="currentColor" stroke-linecap="round" stroke-linejoin="round" stroke-width="32" d="M220 220h32v116"/><path fill="none" stroke="currentColor" stroke-linecap="round" stroke-miterlimit="10" stroke-width="32" d="M208 340h88"/><path fill="currentColor" stroke="currentColor" stroke-linecap="round" d="M248 130a26 26 0 1026 26 26 26 0 00-26-26z"/></svg><span>About</span></a><a href="/preferences" class="link_on_top_preferences"><svg viewBox="0 0 512 512" class="ion-icon-big" aria-hidden="true"><path d="M262.29 192.31a64 64 0 1057.4 57.4 64.13 64.13 0 00-57.4-57.4zM416.39 256a154.34 154.34 0 01-1.53 20.79l45.21 35.46a10.81 10.81 0 012.45 13.75l-42.77 74a10.81 10.81 0 01-13.14 4.59l-44.9-18.08a16.11 16.11 0 00-15.17 1.75A164.48 164.48 0 01325 400.8a15.94 15.94 0 00-8.82 12.14l-6.73 47.89a11.08 11.08 0 01-10.68 9.17h-85.54a11.11 11.11 0 01-10.69-8.87l-6.72-47.82a16.07 16.07 0 00-9-12.22 155.3 155.3 0 01-21.46-12.57 16 16 0 00-15.11-1.71l-44.89 18.07a10.81 10.81 0 01-13.14-4.58l-42.77-74a10.8 10.8 0 012.45-13.75l38.21-30a16.05 16.05 0 006-14.08c-.36-4.17-.58-8.33-.58-12.5s.21-8.27.58-12.35a16 16 0 00-6.07-13.94l-38.19-30A10.81 10.81 0 0149.48 186l42.77-74a10.81 10.81 0 0113.14-4.59l44.9 18.08a16.11 16.11 0 0015.17-1.75A164.48 164.48 0 01187 111.2a15.94 15.94 0 008.82-12.14l6.73-47.89A11.08 11.08 0 01213.23 42h85.54a11.11 11.11 0 0110.69 8.87l6.72 47.82a16.07 16.07 0 009 12.22 155.3 155.3 0 0121.46 12.57 16 16 0 0015.11 1.71l44.89-18.07a10.81 10.81 0 0113.14 4.58l42.77 74a10.8 10.8 0 01-2.45 13.75l-38.21 30a16.05 16.05 0 00-6.05 14.08c.33 4.14.55 8.3.55 12.47z" fill="none" stroke="currentColor" stroke-linecap="round" stroke-linejoin="round" stroke-width="32"/></svg><span>Preferences</span></a></nav>
<div class="index">
<div class="title"><h1>SearXNG</h1></div>
<form id="search" method="POST" action="/search" role="search">
<div id="search_header">
<div id="search_view">
<div class="search_box">
<input id="q" name="q" type="text" placeholder="Search for..." autocomplete="off" autocapitalize="none" spellcheck="false" autocorrect="off" dir="auto" value="">
<button id="clear_search" type="reset" aria-label="clear"><span class="hide_if_nojs"><svg viewBox="0 0 512 512" class="ion-icon-big" aria-hidden="true"><path fill="none" stroke="currentColor" stroke-linecap="round" stroke-linejoin="round" stroke-width="32" d="M368 368L144 144M368 144L144 368"/></svg></span><span class="show_if_nojs">clear</span></button>
<button id="send_search" type="submit" aria-label="search"><span class="hide_if_nojs"><svg viewBox="0 0 512 512" class="ion-icon-big" aria-hidden="true"><path d="M221.09 64a157.09 157.09 0 10157.09 157.09A157.1 157.1 0 00221.09 64z" fill="none" stroke="currentColor" stroke-miterlimit="10" stroke-width="32"/><path fill="none" stroke="currentColor" stroke-linecap="round" stroke-miterlimit="10" stroke-width="32" d="M338.29 338.29L448 448"/></svg></span><span class="show_if_nojs">search</span></button>
</div>
</div>
</div>
<input type="hidden" name="category_general" value="1" >
<input type="hidden" name="language" value="auto" >
<input type="hidden" name="time_range" value="" >
<input type="hidden" name="safesearch" value="0" >
<input type="hidden" name="theme" value="simple" >
</form></div>
</main>
<footer>
<p>
Powered by <a href="/info/en/about">searxng</a> - 2024.10.4+3e747d049 — a privacy-respecting, open metasearch engine<br>
<a href="https://github.com/searxng/searxng">Source code</a>
| <a href="https://github.com/searxng/searxng/issues">Issue tracker</a>
| <a href="/stats">Engine stats</a> | <a href="https://searx.space">Public instances</a>
</p>
</footer>
<!--[if gte IE 9]>-->
<script src="/static/themes/simple/js/searxng.min.js?ffa4a0f048589269763afabb9c45f9c3aa95262c"></script>
<!--<![endif]-->
</body>
</html>
If you’re getting HTML back, then you’re not getting a TLS error.
What I’m asking for is actual evidence of how you’re making the request which results in that error. Make a request with curl -v which results in TLS error and show the entire command and output.
1 Like
panoskpv
October 8, 2024, 7:21pm
5
When I get this error in Librewolf using curl -v https://sx.panoskpv91.com/ I get the below output. When I switched to brave to test no errors. Refreshing liibrewolf no errors. Below IPv6 addresses seems to be cloudflare ones. I do not know if this is related. My DNS server is pihole in docker with ipv6 disabled.
* Host sx.panoskpv91.com:443 was resolved.
* IPv6: 2606:4700:3036::6815:5115, 2606:4700:3036::ac43:9c63
* IPv4: 192.168.13.15
* Trying 192.168.13.15:443...
* Connected to sx.panoskpv91.com (192.168.13.15) port 443
* ALPN: curl offers h2,http/1.1
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* CAfile: /etc/pki/tls/certs/ca-bundle.crt
* CApath: none
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_CHACHA20_POLY1305_SHA256 / x25519 / id-ecPublicKey
* ALPN: server accepted h2
* Server certificate:
* subject: CN=*.panoskpv91.com
* start date: Sep 29 19:51:09 2024 GMT
* expire date: Dec 28 19:51:08 2024 GMT
* subjectAltName: host "sx.panoskpv91.com" matched cert's "*.panoskpv91.com"
* issuer: C=US; O=Let's Encrypt; CN=E6
* SSL certificate verify ok.
* Certificate level 0: Public key type EC/prime256v1 (256/128 Bits/secBits), signed using ecdsa-with-SHA384
* Certificate level 1: Public key type EC/secp384r1 (384/192 Bits/secBits), signed using sha256WithRSAEncryption
* Certificate level 2: Public key type RSA (4096/152 Bits/secBits), signed using sha256WithRSAEncryption
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* using HTTP/2
* [HTTP/2] [1] OPENED stream for https://sx.panoskpv91.com/
* [HTTP/2] [1] [:method: GET]
* [HTTP/2] [1] [:scheme: https]
* [HTTP/2] [1] [:authority: sx.panoskpv91.com]
* [HTTP/2] [1] [:path: /]
* [HTTP/2] [1] [user-agent: curl/8.6.0]
* [HTTP/2] [1] [accept: */*]
> GET / HTTP/2
> Host: sx.panoskpv91.com
> User-Agent: curl/8.6.0
> Accept: */*
>
< HTTP/2 200
< alt-svc: h3=":443"; ma=2592000
< content-type: text/html; charset=utf-8
< referrer-policy: no-referrer
< server: Caddy
< server-timing: total;dur=10.034, render;dur=1.868
< x-content-type-options: nosniff
< x-download-options: noopen
< x-robots-tag: noindex, nofollow
< content-length: 6233
< date: Tue, 08 Oct 2024 19:14:17 GMT
<
<!DOCTYPE html>
<html class="no-js theme-auto center-aligment-no" lang="en-EN" >
<head>
<meta charset="UTF-8">
<meta name="description" content="SearXNG — a privacy-respecting, open metasearch engine">
<meta name="keywords" content="SearXNG, search, search engine, metasearch, meta search">
<meta name="generator" content="searxng/2024.10.4+3e747d049">
<meta name="referrer" content="no-referrer">
<meta name="robots" content="noarchive">
<meta name="viewport" content="width=device-width, initial-scale=1">
<meta name="HandheldFriendly" content="True">
<meta http-equiv="X-UA-Compatible" content="IE=edge, chrome=1">
<title>SearXNG</title>
<link rel="stylesheet" href="/static/themes/simple/css/searxng.min.css?8499d110319f09a6fdf106831ad48717e9a02357" type="text/css" media="screen">
<!--[if gte IE 9]>-->
<script src="/static/themes/simple/js/searxng.head.min.js?20e3306580fcabadf100ed3b88304a00c47e2efe" client_settings="eyJhdXRvY29tcGxldGVfcHJvdmlkZXIiOiAiIiwgImF1dG9jb21wbGV0ZV9taW4iOiA0LCAiaHR0cF9tZXRob2QiOiAiUE9TVCIsICJpbmZpbml0ZV9zY3JvbGwiOiBmYWxzZSwgInRyYW5zbGF0aW9ucyI6IHsibm9faXRlbV9mb3VuZCI6ICJObyBpdGVtIGZvdW5kIiwgIlNvdXJjZSI6ICJTb3VyY2UiLCAiZXJyb3JfbG9hZGluZ19uZXh0X3BhZ2UiOiAiRXJyb3IgbG9hZGluZyB0aGUgbmV4dCBwYWdlIn0sICJzZWFyY2hfb25fY2F0ZWdvcnlfc2VsZWN0IjogdHJ1ZSwgImhvdGtleXMiOiAiZGVmYXVsdCIsICJ0aGVtZV9zdGF0aWNfcGF0aCI6ICIvc3RhdGljL3RoZW1lcy9zaW1wbGUifQ=="></script>
<!--<![endif]-->
<link title="SearXNG" type="application/opensearchdescription+xml" rel="search" href="/opensearch.xml?method=POST&autocomplete=">
<link rel="icon" href="/static/themes/simple/img/favicon.png?60321eeb6e2f478f0e5704529308c594d5924246" sizes="any">
<link rel="icon" href="/static/themes/simple/img/favicon.svg?ee99f2c4793c32451062177672c8ab309dbef940" type="image/svg+xml">
<link rel="apple-touch-icon" href="/static/themes/simple/img/favicon.png?60321eeb6e2f478f0e5704529308c594d5924246">
</head>
<body class="index_endpoint" >
<main id="main_index" class="">
<nav id="links_on_top"><a href="/info/en/about" class="link_on_top_about"><svg class="ion-icon-big" viewBox="0 0 512 512" aria-hidden="true"><path d="M248 64C146.39 64 64 146.39 64 248s82.39 184 184 184 184-82.39 184-184S349.61 64 248 64z" fill="none" stroke="currentColor" stroke-miterlimit="10" stroke-width="32"/><path fill="none" stroke="currentColor" stroke-linecap="round" stroke-linejoin="round" stroke-width="32" d="M220 220h32v116"/><path fill="none" stroke="currentColor" stroke-linecap="round" stroke-miterlimit="10" stroke-width="32" d="M208 340h88"/><path fill="currentColor" stroke="currentColor" stroke-linecap="round" d="M248 130a26 26 0 1026 26 26 26 0 00-26-26z"/></svg><span>About</span></a><a href="/preferences" class="link_on_top_preferences"><svg viewBox="0 0 512 512" class="ion-icon-big" aria-hidden="true"><path d="M262.29 192.31a64 64 0 1057.4 57.4 64.13 64.13 0 00-57.4-57.4zM416.39 256a154.34 154.34 0 01-1.53 20.79l45.21 35.46a10.81 10.81 0 012.45 13.75l-42.77 74a10.81 10.81 0 01-13.14 4.59l-44.9-18.08a16.11 16.11 0 00-15.17 1.75A164.48 164.48 0 01325 400.8a15.94 15.94 0 00-8.82 12.14l-6.73 47.89a11.08 11.08 0 01-10.68 9.17h-85.54a11.11 11.11 0 01-10.69-8.87l-6.72-47.82a16.07 16.07 0 00-9-12.22 155.3 155.3 0 01-21.46-12.57 16 16 0 00-15.11-1.71l-44.89 18.07a10.81 10.81 0 01-13.14-4.58l-42.77-74a10.8 10.8 0 012.45-13.75l38.21-30a16.05 16.05 0 006-14.08c-.36-4.17-.58-8.33-.58-12.5s.21-8.27.58-12.35a16 16 0 00-6.07-13.94l-38.19-30A10.81 10.81 0 0149.48 186l42.77-74a10.81 10.81 0 0113.14-4.59l44.9 18.08a16.11 16.11 0 0015.17-1.75A164.48 164.48 0 01187 111.2a15.94 15.94 0 008.82-12.14l6.73-47.89A11.08 11.08 0 01213.23 42h85.54a11.11 11.11 0 0110.69 8.87l6.72 47.82a16.07 16.07 0 009 12.22 155.3 155.3 0 0121.46 12.57 16 16 0 0015.11 1.71l44.89-18.07a10.81 10.81 0 0113.14 4.58l42.77 74a10.8 10.8 0 01-2.45 13.75l-38.21 30a16.05 16.05 0 00-6.05 14.08c.33 4.14.55 8.3.55 12.47z" fill="none" stroke="currentColor" stroke-linecap="round" stroke-linejoin="round" stroke-width="32"/></svg><span>Preferences</span></a></nav>
<div class="index">
<div class="title"><h1>SearXNG</h1></div>
<form id="search" method="POST" action="/search" role="search">
<div id="search_header">
<div id="search_view">
<div class="search_box">
<input id="q" name="q" type="text" placeholder="Search for..." autocomplete="off" autocapitalize="none" spellcheck="false" autocorrect="off" dir="auto" value="">
<button id="clear_search" type="reset" aria-label="clear"><span class="hide_if_nojs"><svg viewBox="0 0 512 512" class="ion-icon-big" aria-hidden="true"><path fill="none" stroke="currentColor" stroke-linecap="round" stroke-linejoin="round" stroke-width="32" d="M368 368L144 144M368 144L144 368"/></svg></span><span class="show_if_nojs">clear</span></button>
<button id="send_search" type="submit" aria-label="search"><span class="hide_if_nojs"><svg viewBox="0 0 512 512" class="ion-icon-big" aria-hidden="true"><path d="M221.09 64a157.09 157.09 0 10157.09 157.09A157.1 157.1 0 00221.09 64z" fill="none" stroke="currentColor" stroke-miterlimit="10" stroke-width="32"/><path fill="none" stroke="currentColor" stroke-linecap="round" stroke-miterlimit="10" stroke-width="32" d="M338.29 338.29L448 448"/></svg></span><span class="show_if_nojs">search</span></button>
</div>
</div>
</div>
<input type="hidden" name="category_general" value="1" >
<input type="hidden" name="language" value="auto" >
<input type="hidden" name="time_range" value="" >
<input type="hidden" name="safesearch" value="0" >
<input type="hidden" name="theme" value="simple" >
</form></div>
</main>
<footer>
<p>
Powered by <a href="/info/en/about">searxng</a> - 2024.10.4+3e747d049 — a privacy-respecting, open metasearch engine<br>
<a href="https://github.com/searxng/searxng">Source code</a>
| <a href="https://github.com/searxng/searxng/issues">Issue tracker</a>
| <a href="/stats">Engine stats</a> | <a href="https://searx.space">Public instances</a>
</p>
</footer>
<!--[if gte IE 9]>-->
<script src="/static/themes/simple/js/searxng.min.js?ffa4a0f048589269763afabb9c45f9c3aa95262c"></script>
<!--<![endif]-->
</body>
* Connection #0 to host sx.panoskpv91.com left intact```
Edit: I get this error only in librewolf in my Fedora.
I don’t understand. You’re showing a successful HTTP request which responds with some HTML. I still don’t see any evidence of a problem.
1 Like
system
November 7, 2024, 8:41pm
7
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.
