The Auto TLS recipe authorize error (trying tls-sni)


#1

I am testing HTTPS with the recipe https://echo.labstack.com/cookbook/auto-tls, but I am getting an error

acme/autocert: unable to authorize "domain.com"; tried ["tls-sni-02" "tls-sni-01"]

I am not sure what the problem can be. I went through this discussion and updated my crypto/acme dependancy this morning. Any help will be appreciated!


#2

I’m facing the same issue. Have you solved it in some way?


#3

Not with Echo. I manually installed my certificates and used Go’s httpsServer.ListenAndServeTLS(certFile, keyFile)


#4

TLS-SNI-02 and 01 are disabled on Let’s Encrypt’s side.

In order for AutoTLS to work, you can do the following:

  1. Update the Go acme package (autocert).
  2. Create a :80 server with the Labstack Echo AutoTLSManager HTTP Handler:
       s := &http.Server{
			Handler: e.AutoTLSManager.HTTPHandler(nil),
			Addr: httpAddress,
		}

This should work temporarily.

I’ll create an issue on GitHub to see if there’s a better way to do this since we have to use HTTP-01 or DNS-01 till Let’s Encrypt deals with the TLS-SNI issues and provides a better way to get authorization.


#5

Like @adrianlungu mentioned tls-sni-* is disabled by Let’s Encrypt. The only option today we have is http-01. Let me spend sometime to see if we can add a new API or update the auto tls recipe.