问题
I'm trying to set up let's encrypt on a load balancer written in Go, I tried both the automatic and manual setup but I always get errors.
The domain is pointing correctly to our server (Digital Ocean) and I can even open the site from a browser without errors, also an ssl check report no errors on this domain. The fact is that when I run the Go executable on server from CLI I get errors repeatedly.
- Automatic (acme/autocert) setup:
The server code is that, the certificate and the key are created when I look at the domain from a browser for the first time after the server start:
go func() {
log.Printf("Staring HTTP service on %s ...", ":80")
http.HandleFunc("/*", http.HandlerFunc(func (w http.ResponseWriter, r *http.Request) {
http.Redirect(w, r, "https://" + app.Cfg.S_HOST + ":443" + r.RequestURI, http.StatusMovedPermanently)
}))
if err := http.ListenAndServe(":80", nil); err != nil {
errs <- err
}
}()
log.Printf("Staring HTTPS service on %s ...", ":443")
http.HandleFunc("/hello", http.HandlerFunc(func (w http.ResponseWriter, r *http.Request) {
w.Header().Set("Content-Type", "text/plain")
w.Write([]byte("This is an example server.\n"))
}))
certManager := autocert.Manager{
Prompt: autocert.AcceptTOS,
HostPolicy: autocert.HostWhitelist(app.Cfg.S_HOST), //your domain here
Cache: autocert.DirCache("certs"), //folder for storing certificates
}
server := &http.Server{
Addr: ":443",
TLSConfig: &tls.Config{
ServerName: app.Cfg.S_HOST,
GetCertificate: certManager.GetCertificate,
},
}
if err := server.ListenAndServeTLS("", ""); err != nil {
print(err.Error())
} //key and cert are comming from Let's Encrypt
I get those errors:
http: TLS handshake error from (ip):59451: read tcp (myserver IP):443->(ip):59451: read: connection reset by peer
hello.ServerName empty:2017/04/01 17:14:38 http: TLS handshake error from (ip):58193: acme/autocert: missing server name
http: TLS handshake error from (ip):45822: acme/autocert: host not configured
http: TLS handshake error from (ip):58440: EOF
Then I tried also creating the certificate manually (succesfully) and simply using that code and I get errors again and again:
The server code is:
go func() {
log.Printf("Staring HTTP service on %s ...", ":80")
http.HandleFunc("/*", http.HandlerFunc(func (w http.ResponseWriter, r *http.Request) {
http.Redirect(w, r, "https://" + app.Cfg.S_HOST + ":443" + r.RequestURI, http.StatusMovedPermanently)
}))
if err := http.ListenAndServe(":80", nil); err != nil {
errs <- err
}
}()
log.Printf("Staring HTTPS service on %s ...", ":443")
http.HandleFunc("/hello", http.HandlerFunc(func (w http.ResponseWriter, r *http.Request) {
w.Header().Set("Content-Type", "text/plain")
w.Write([]byte("This is an example server.\n"))
}))
// ssl["cert"] and ssl["key"] are the cert and key path (letsencrypt/live...)
if err := http.ListenAndServeTLS(sslAddr, ssl["cert"], ssl["key"], nil); err != nil {
errs <- err
}
Errors:
http2: server: error reading preface from client (ip):10319: bogus greeting "POST / HTTP/1.1\r\nHost: 4"
http: TLS handshake error from (ip):10322: EOF
http: TLS handshake error from (ip):13504: read tcp (my server ip):443->(ip):13504: read: connection reset by peer
http2: server: error reading preface from client (ip):9672: timeout waiting for client preface
Can someone help me please? Thanks
回答1:
As JimB and others said in the comments, this can be the result of bad requests. Invalid requests will be logged when using https://www.ssllabs.com/ssltest/ to test a site's https configuration. A good test score can give you confidence the log messages are benign and can be safely ignored.
Also the acme/autocert package is evolving rapidly (at Jan 2018), please check your version is up to date.
来源:https://stackoverflow.com/questions/43161559/setting-up-lets-encrypt-with-go-handshake-errors