Mattermost Peer-to-Peer Forum

Issue with TLS connectivity

#1

Hi

I am able to connect to my mattermost server no problem when connecting to port 8065. I have then changed the config as the document says using the system console.

This is my config.

{
“ServiceSettings”: {
“SiteURL”: “https://myserver.com”,
“WebsocketURL”: “”,
“LicenseFileLocation”: “”,
“ListenAddress”: “:443”,
“ConnectionSecurity”: “TLS”,
“TLSCertFile”: “”,
“TLSKeyFile”: “”,
“UseLetsEncrypt”: true,
“LetsEncryptCertificateCacheFile”: “./config/letsencrypt.cache”,
“Forward80To443”: true,

I then restart the server but I can’t connect to port 443. I have looked at the mattermost.log file and this is what I find:

{“level”:“info”,“ts”:1553614868.050396,“caller”:“http/server.go:1763”,“msg”:“http: TLS handshake error from 172.16.1.40:2745: acme/autocert: missing server name”,“source”:“httpserver”}
{“level”:“info”,“ts”:1553614868.0865338,“caller”:“http/server.go:1763”,“msg”:“http: TLS handshake error from 172.16.1.40:24791: acme/autocert: missing server name”,“source”:“httpserver”}
{“level”:“info”,“ts”:1553614869.8381982,“caller”:“http/server.go:1763”,“msg”:“http: TLS handshake error from 172.16.1.40:14260: acme/autocert: missing server name”,“source”:“httpserver”}

I have checked and there is no ./config/letsencrypt.cache file, but it doesn’t say anywhere that I should create it.

Also, I have not signed up with Let’s encrypt, but I don’t think I need to either…

Any help would be appreciated.

Thank you.

#2

Would somebody please help me with this? I need some guidance on how to proceed.

Thank you.

#3

Hi @Miguel,

I’ve reached out to our team earlier to look at this but haven’t heard feedback yet, I’ll let you know as soon as I have more details.

#4

Hi @Miguel,

Your client does not use SNI. However, without it Mattermost does not know which certificate it should use. (Somewhat related.) Did you try with different browsers?

#5

Hi Amy, I just tried with Chrome and I get the error ERR_SSL_PROTOCOL_ERROR, and when I try with Firefox I get the error SSL_ERROR_INTERNAL_ERROR_ALERT.

I am not even sure if the server is picking up a certificate from LetsEncrypt. Could that be the error?

Thanks for all the help.

#6

Hi @Miguel,

Would you be open to joining our Peer-to-Peer Help channel on our community server for more help on this issue?

I’m not sure what the solution is and I haven’t received feedback from our team in the past few days on this yet.

#7

Thanks Amy, I’ve created an account and I will post it there as well.

Miguel