Forem Creators and Builders 🌱

Shreehari
Shreehari

Posted on

TLS Handshake Error

Hi, we have selfhosted forem. It is successfully deployed. But its not accepting any requests.
All docker containers are running:

$ foremctl status
CONTAINER ID  IMAGE                                    COMMAND               CREATED         STATUS             PORTS                                     NAMES
6fc5253b94ea  localhost/podman-pause:4.1.0-1653926608                        14 minutes ago  Up 14 minutes ago  0.0.0.0:80->80/tcp, 0.0.0.0:443->443/tcp  4719db0dfc7c-infra
e62dc8f1914b  docker.io/library/redis:6.0.1            redis-server --ap...  14 minutes ago  Up 14 minutes ago  0.0.0.0:80->80/tcp, 0.0.0.0:443->443/tcp  forem-redis
7333b7a38b4d  docker.io/darthsim/imgproxy:v2           imgproxy              14 minutes ago  Up 14 minutes ago  0.0.0.0:80->80/tcp, 0.0.0.0:443->443/tcp  forem-imgproxy
23e34507c6c0  docker.io/library/postgres:11            postgres              14 minutes ago  Up 14 minutes ago  0.0.0.0:80->80/tcp, 0.0.0.0:443->443/tcp  forem-postgresql
e83c37ad54f8  localhost/forem/forem:current            bundle exec rails...  14 minutes ago  Up 14 minutes ago  0.0.0.0:80->80/tcp, 0.0.0.0:443->443/tcp  forem-rails
10ad91e23630  localhost/forem/forem:current            bundle exec sidek...  14 minutes ago  Up 14 minutes ago  0.0.0.0:80->80/tcp, 0.0.0.0:443->443/tcp  forem-worker
5fc33f2c8640  quay.io/forem/openresty:1.17.8.2         /usr/bin/openrest...  13 minutes ago  Up 13 minutes ago  0.0.0.0:80->80/tcp, 0.0.0.0:443->443/tcp  forem-openresty
99c423caaec0  docker.io/library/traefik:2.3.0          traefik               9 minutes ago   Up 9 minutes ago   0.0.0.0:80->80/tcp, 0.0.0.0:443->443/tcp  forem-traefik
Enter fullscreen mode Exit fullscreen mode

When we checked the status of traefik, it was showing Unable to obtain ACME certificate for domains

This is the output of the logs

forem-traefik.service - Forem Traefik Service
     Loaded: loaded (/etc/systemd/system/forem-traefik.service; enabled; vendor preset: enabled)
     Active: active (running) since Wed 2022-07-13 13:38:09 UTC; 6min ago
    Process: 2337 ExecStartPre=/usr/bin/podman pull $TRAEFIK_CONTAINER_IMAGE (code=exited, status=0/SUCCESS)
    Process: 2364 ExecStartPost=/usr/bin/chmod 0600 /opt/forem/configs/traefik/acme.json (code=exited, status=0/SUCCESS)
   Main PID: 2355 (conmon)
      Tasks: 2 (limit: 2209)
     Memory: 1.2M
        CPU: 229ms
     CGroup: /machine.slice/machine-forem.slice/machine-forem-pod.slice/forem-traefik.service
             └─ 2355 /usr/bin/conmon --api-version 1 -c 757e7b2a8018333d4ff3f3f0f979335cc568e32d371851fde99ed967a87c9042 -u 757e7b2a8018333d4ff3f3f0f979335cc568e32d371851fde99ed967a87c9042 -r /usr/bin/crun -b /var/lib/containers/storage/overlay-containers/757e7b2a8018333d4ff3f3f0f979335cc568e32d371851fde99ed967a87c9042/userdata -p /run/containers/storage/overlay-containers/757e7b2a8018333d4ff3f3f0f979335cc568e32d371851fde99ed967a87c9042/userdata/pidfile -n forem-traefik --exit-dir /run/libpod/exits --full-attach -s -l journald --log-level warning --runtime-arg --log-format=json --runtime-arg --log --runtime-arg=/run/containers/storage/overlay-containers/757e7b2a8018333d4ff3f3f0f979335cc568e32d371851fde99ed967a87c9042/userdata/oci-log --conmon-pidfile /run/containers/storage/overlay-containers/757e7b2a8018333d4ff3f3f0f979335cc568e32d371851fde99ed967a87c9042/userdata/conmon.pid --exit-command /usr/bin/podman --exit-command-arg --root --exit-command-arg /var/lib/containers/storage --exit-command-arg --runroot --exit-command-arg /run/containers/storage --exit-command-arg --log-level --exit-command-arg warning --exit-command-arg --cgroup-manager --exit-command-arg systemd --exit-command-arg --tmpdir --exit-command-arg /run/libpod --exit-command-arg --network-config-dir --exit-command-arg "" --exit-command-arg --network-backend --exit-command-arg netavark --exit-command-arg --volumepath --exit-command-arg /var/lib/containers/storage/volumes --exit-command-arg --runtime --exit-command-arg crun --exit-command-arg --storage-driver --exit-command-arg overlay --exit-command-arg --storage-opt --exit-command-arg overlay.mountopt=nodev,metacopy=on --exit-command-arg --events-backend --exit-command-arg journald --exit-command-arg container --exit-command-arg cleanup --exit-command-arg --rm --exit-command-arg 757e7b2a8018333d4ff3f3f0f979335cc568e32d371851fde99ed967a87c9042

Jul 13 13:38:11 www.hello.gary.tech forem-traefik[2355]: time="2022-07-13T13:38:11Z" level=debug msg="legolog: [INFO] [www.hello.gary.tech] acme: Obtaining bundled SAN certificate"
Jul 13 13:38:11 www.hello.gary.tech forem-traefik[2355]: time="2022-07-13T13:38:11Z" level=debug msg="legolog: [INFO] [www.hello.gary.tech] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/130113226486"
Jul 13 13:38:11 www.hello.gary.tech forem-traefik[2355]: time="2022-07-13T13:38:11Z" level=debug msg="legolog: [INFO] [www.hello.gary.tech] acme: Could not find solver for: tls-alpn-01"
Jul 13 13:38:11 www.hello.gary.tech forem-traefik[2355]: time="2022-07-13T13:38:11Z" level=debug msg="legolog: [INFO] [www.hello.gary.tech] acme: use http-01 solver"
Jul 13 13:38:11 www.hello.gary.tech forem-traefik[2355]: time="2022-07-13T13:38:11Z" level=debug msg="legolog: [INFO] [www.hello.gary.tech] acme: Trying to solve HTTP-01"
Jul 13 13:38:18 www.hello.gary.tech forem-traefik[2355]: time="2022-07-13T13:38:18Z" level=debug msg="legolog: [INFO] Deactivating auth: https://acme-v02.api.letsencrypt.org/acme/authz-v3/130113226486"
Jul 13 13:38:18 www.hello.gary.tech forem-traefik[2355]: time="2022-07-13T13:38:18Z" level=error msg="Unable to obtain ACME certificate for domains \"www.hello.gary.tech\": unable to generate a certificate for the domains [www.hello.gary.tech]: error: one or more domains had a problem:\n[www.hello.gary.tech] acme: error: 400 :: urn:ietf:params:acme:error:dns :: DNS problem: NXDOMAIN looking up A for www.hello.gary.tech - check that a DNS record exists for this domain; DNS problem: NXDOMAIN looking up AAAA for www.hello.gary.tech - check that a DNS record exists for this domain, url: \n" routerName=forem@file rule="Host(`www.hello.gary.tech`) && Method(`GET`, `POST`, `PUT`, `DELETE`, `PATCH`, `HEAD`)" providerName=forem.acme
Jul 13 13:39:47 www.hello.gary.tech forem-traefik[2355]: time="2022-07-13T13:39:47Z" level=debug msg="http: TLS handshake error from 212.102.58.164:34338: strict SNI enabled - No certificate found for domain: \"34.245.222.176\", closing connection"
Jul 13 13:40:21 www.hello.gary.tech forem-traefik[2355]: time="2022-07-13T13:40:21Z" level=debug msg="http: TLS handshake error from 212.102.58.164:51478: strict SNI enabled - No certificate found for domain: \"34.245.222.176\", closing connection"
Jul 13 13:41:58 www.hello.gary.tech forem-traefik[2355]: time="2022-07-13T13:41:58Z" level=debug msg="http: TLS handshake error from 164.92.64.200:48120: strict SNI enabled - No certificate found for domain: \"\", closing connection"
Enter fullscreen mode Exit fullscreen mode

It would be great if we can get some suggestions or help here.
Thank You

Top comments (5)

Collapse
 
surgbc profile image
Brian Onang'o • Edited

Could you try installing it using dokku. Then there will be fewer things to watch. Only one known issue using that method. You can find its fix here

Though the problem I am seeing with your setup is with the domain hello.gary.tech not having any dns records.

Collapse
 
gary profile image
Shreehari

Yes, the problem is with the dns records. Though there is DNS records, it says it does not exist.

Collapse
 
surgbc profile image
Brian Onang'o

I can't see anything from my side.

dig hello.gary.tech
Enter fullscreen mode Exit fullscreen mode
; <<>> DiG 9.16.1-Ubuntu <<>> hello.gary.tech
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 45634
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;hello.gary.tech.       IN  A

;; AUTHORITY SECTION:
tech.           1800    IN  SOA ns0.centralnic.net. hostmaster.centralnic.net. 330419 900 1800 6048000 3600

;; Query time: 176 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Thu Aug 04 10:47:47 EAT 2022
;; MSG SIZE  rcvd: 109
Enter fullscreen mode Exit fullscreen mode
Thread Thread
 
gary profile image
Shreehari

Sorry for that, had deleted the record recently. I will be adding it back again a bit later as i was occupied with some work related stuffs.

Thread Thread
 
gary profile image
Shreehari • Edited

Hi @surgbc , As per your recommendation i tried installing forem with dokku. Currently im not able to successfully deploy it. I can see the following error during deployment.

        from /app/bin/bundle:3:in `<main>'
       /app/vendor/bundle/ruby/3.0.0/gems/pg-1.4.2/lib/pg/connection.rb:598:in `async_connect_or_reset': connection to server at "127.0.0.1", port 6000 failed: ERROR:  server login failed: wrong password type (PG::ConnectionBad)
        from /app/vendor/bundle/ruby/3.0.0/gems/pg-1.4.2/lib/pg/connection.rb:750:in `connect_internal'
        from /app/vendor/bundle/ruby/3.0.0/gems/pg-1.4.2/lib/pg/connection.rb:726:in `block (2 levels) in connect_to_hosts'
        from /app/vendor/bundle/ruby/3.0.0/gems/pg-1.4.2/lib/pg/connection.rb:724:in `each'
        from /app/vendor/bundle/ruby/3.0.0/gems/pg-1.4.2/lib/pg/connection.rb:724:in `block in connect_to_hosts'
        from /app/vendor/bundle/ruby/3.0.0/gems/pg-1.4.2/lib/pg/connection.rb:710:in `each'
        from /app/vendor/bundle/ruby/3.0.0/gems/pg-1.4.2/lib/pg/connection.rb:710:in `each_with_index'
        from /app/vendor/bundle/ruby/3.0.0/gems/pg-1.4.2/lib/pg/connection.rb:710:in `connect_to_hosts'
        from /app/vendor/bundle/ruby/3.0.0/gems/pg-1.4.2/lib/pg/connection.rb:661:in `new'
        from /app/vendor/bundle/ruby/3.0.0/gems/pg-1.4.2/lib/pg.rb:69:in `connect'
        from /app/vendor/bundle/ruby/3.0.0/gems/activerecord-7.0.3.1/lib/active_record/connection_adapters/postgresql_adapter.rb:78:in `new_client'
        from /app/vendor/bundle/ruby/3.0.0/gems/activerecord-7.0.3.1/lib/active_record/connection_adapters/postgresql_adapter.rb:37:in `postgresql_connection'
        from /app/vendor/bundle/ruby/3.0.0/gems/activerecord-7.0.3.1/lib/active_record/connection_adapters/abstract/connection_pool.rb:656:in `public_send'
        from /app/vendor/bundle/ruby/3.0.0/gems/activerecord-7.0.3.1/lib/active_record/connection_adapters/abstract/connection_pool.rb:656:in `new_connection'
        from /app/vendor/bundle/ruby/3.0.0/gems/activerecord-7.0.3.1/lib/active_record/connection_adapters/abstract/connection_pool.rb:700:in `checkout_new_connection'
        from /app/vendor/bundle/ruby/3.0.0/gems/activerecord-7.0.3.1/lib/active_record/connection_adapters/abstract/connection_pool.rb:679:in `try_to_checkout_new_connection'
        from /app/vendor/bundle/ruby/3.0.0/gems/activerecord-7.0.3.1/lib/active_record/connection_adapters/abstract/connection_pool.rb:640:in `acquire_connection'
        from /app/vendor/bundle/ruby/3.0.0/gems/activerecord-7.0.3.1/lib/active_record/connection_adapters/abstract/connection_pool.rb:341:in `checkout'
        from /app/vendor/bundle/ruby/3.0.0/gems/activerecord-7.0.3.1/lib/active_record/connection_adapters/abstract/connection_pool.rb:181:in `connection'
        from /app/vendor/bundle/ruby/3.0.0/gems/activerecord-7.0.3.1/lib/active_record/connection_adapters/abstract/connection_handler.rb:211:in `retrieve_connection'
        from /app/vendor/bundle/ruby/3.0.0/gems/activerecord-7.0.3.1/lib/active_record/connection_handling.rb:313:in `retrieve_connection'
        from /app/vendor/bundle/ruby/3.0.0/gems/activerecord-7.0.3.1/lib/active_record/connection_handling.rb:280:in `connection'
        from /app/config/initializers/hypershield.rb:11:in `<main>'
        from /app/vendor/bundle/ruby/3.0.0/gems/railties-7.0.3.1/lib/rails/engine.rb:667:in `load'
        from /app/vendor/bundle/ruby/3.0.0/gems/railties-7.0.3.1/lib/rails/engine.rb:667:in `block in load_config_initializer'
        from /app/vendor/bundle/ruby/3.0.0/gems/activesupport-7.0.3.1/lib/active_support/notifications.rb:208:in `instrument'
        from /app/vendor/bundle/ruby/3.0.0/gems/railties-7.0.3.1/lib/rails/engine.rb:666:in `load_config_initializer'
        from /app/vendor/bundle/ruby/3.0.0/gems/railties-7.0.3.1/lib/rails/engine.rb:620:in `block (2 levels) in <class:Engine>'
        from /app/vendor/bundle/ruby/3.0.0/gems/railties-7.0.3.1/lib/rails/engine.rb:619:in `each'
        from /app/vendor/bundle/ruby/3.0.0/gems/railties-7.0.3.1/lib/rails/engine.rb:619:in `block in <class:Engine>'
        from /app/vendor/bundle/ruby/3.0.0/gems/railties-7.0.3.1/lib/rails/initializable.rb:32:in `instance_exec'
        from /app/vendor/bundle/ruby/3.0.0/gems/railties-7.0.3.1/lib/rails/initializable.rb:32:in `run'
        from /app/vendor/bundle/ruby/3.0.0/gems/railties-7.0.3.1/lib/rails/initializable.rb:61:in `block in run_initializers'
        from /app/vendor/ruby-3.0.2/lib/ruby/3.0.0/tsort.rb:228:in `block in tsort_each'
        from /app/vendor/ruby-3.0.2/lib/ruby/3.0.0/tsort.rb:350:in `block (2 levels) in each_strongly_connected_component'
        from /app/vendor/ruby-3.0.2/lib/ruby/3.0.0/tsort.rb:422:in `block (2 levels) in each_strongly_connected_component_from'
        from /app/vendor/ruby-3.0.2/lib/ruby/3.0.0/tsort.rb:431:in `each_strongly_connected_component_from'
        from /app/vendor/ruby-3.0.2/lib/ruby/3.0.0/tsort.rb:421:in `block in each_strongly_connected_component_from'
        from /app/vendor/bundle/ruby/3.0.0/gems/railties-7.0.3.1/lib/rails/initializable.rb:50:in `each'
        from /app/vendor/bundle/ruby/3.0.0/gems/railties-7.0.3.1/lib/rails/initializable.rb:50:in `tsort_each_child'
        from /app/vendor/ruby-3.0.2/lib/ruby/3.0.0/tsort.rb:415:in `call'
        from /app/vendor/ruby-3.0.2/lib/ruby/3.0.0/tsort.rb:415:in `each_strongly_connected_component_from'
        from /app/vendor/ruby-3.0.2/lib/ruby/3.0.0/tsort.rb:349:in `block in each_strongly_connected_component'
        from /app/vendor/ruby-3.0.2/lib/ruby/3.0.0/tsort.rb:347:in `each'
        from /app/vendor/ruby-3.0.2/lib/ruby/3.0.0/tsort.rb:347:in `call'
        from /app/vendor/ruby-3.0.2/lib/ruby/3.0.0/tsort.rb:347:in `each_strongly_connected_component'
        from /app/vendor/ruby-3.0.2/lib/ruby/3.0.0/tsort.rb:226:in `tsort_each'
        from /app/vendor/ruby-3.0.2/lib/ruby/3.0.0/tsort.rb:205:in `tsort_each'
        from /app/vendor/bundle/ruby/3.0.0/gems/railties-7.0.3.1/lib/rails/initializable.rb:60:in `run_initializers'
        from /app/vendor/bundle/ruby/3.0.0/gems/railties-7.0.3.1/lib/rails/application.rb:372:in `initialize!'
        from /app/config/environment.rb:5:in `<top (required)>'
        from config.ru:3:in `require_relative'
        from config.ru:3:in `block in <main>'
        from /app/vendor/bundle/ruby/3.0.0/gems/rack-2.2.4/lib/rack/builder.rb:116:in `eval'
        from /app/vendor/bundle/ruby/3.0.0/gems/rack-2.2.4/lib/rack/builder.rb:116:in `new_from_string'
        from /app/vendor/bundle/ruby/3.0.0/gems/rack-2.2.4/lib/rack/builder.rb:105:in `load_file'
        from /app/vendor/bundle/ruby/3.0.0/gems/rack-2.2.4/lib/rack/builder.rb:66:in `parse_file'
        from /app/vendor/bundle/ruby/3.0.0/gems/puma-5.6.4/lib/puma/configuration.rb:348:in `load_rackup'
        from /app/vendor/bundle/ruby/3.0.0/gems/puma-5.6.4/lib/puma/configuration.rb:270:in `app'
        from /app/vendor/bundle/ruby/3.0.0/gems/puma-5.6.4/lib/puma/runner.rb:150:in `load_and_bind'
        from /app/vendor/bundle/ruby/3.0.0/gems/puma-5.6.4/lib/puma/cluster.rb:357:in `run'
        from /app/vendor/bundle/ruby/3.0.0/gems/puma-5.6.4/lib/puma/launcher.rb:182:in `run'
        from /app/vendor/bundle/ruby/3.0.0/gems/puma-5.6.4/lib/puma/cli.rb:81:in `run'
        from /app/vendor/bundle/ruby/3.0.0/gems/puma-5.6.4/bin/puma:10:in `<top (required)>'
        from /app/vendor/bundle/ruby/3.0.0/bin/puma:23:in `load'
        from /app/vendor/bundle/ruby/3.0.0/bin/puma:23:in `<top (required)>'
        from /app/vendor/bundle/ruby/3.0.0/gems/bundler-2.3.10/lib/bundler/cli/exec.rb:58:in `load'
        from /app/vendor/bundle/ruby/3.0.0/gems/bundler-2.3.10/lib/bundler/cli/exec.rb:58:in `kernel_load'
        from /app/vendor/bundle/ruby/3.0.0/gems/bundler-2.3.10/lib/bundler/cli/exec.rb:23:in `run'
        from /app/vendor/bundle/ruby/3.0.0/gems/bundler-2.3.10/lib/bundler/cli.rb:483:in `exec'
        from /app/vendor/bundle/ruby/3.0.0/gems/bundler-2.3.10/lib/bundler/vendor/thor/lib/thor/command.rb:27:in `run'
        from /app/vendor/bundle/ruby/3.0.0/gems/bundler-2.3.10/lib/bundler/vendor/thor/lib/thor/invocation.rb:127:in `invoke_command'
        from /app/vendor/bundle/ruby/3.0.0/gems/bundler-2.3.10/lib/bundler/vendor/thor/lib/thor.rb:392:in `dispatch'
        from /app/vendor/bundle/ruby/3.0.0/gems/bundler-2.3.10/lib/bundler/cli.rb:31:in `dispatch'
        from /app/vendor/bundle/ruby/3.0.0/gems/bundler-2.3.10/lib/bundler/vendor/thor/lib/thor/base.rb:485:in `start'
        from /app/vendor/bundle/ruby/3.0.0/gems/bundler-2.3.10/lib/bundler/cli.rb:25:in `start'
        from /app/vendor/bundle/ruby/3.0.0/gems/bundler-2.3.10/exe/bundle:48:in `block in <top (required)>'
        from /app/vendor/bundle/ruby/3.0.0/gems/bundler-2.3.10/lib/bundler/friendly_errors.rb:103:in `with_friendly_errors'
        from /app/vendor/bundle/ruby/3.0.0/gems/bundler-2.3.10/exe/bundle:36:in `<top (required)>'
        from /app/bin/bundle:3:in `load'
        from /app/bin/bundle:3:in `<main>'
       buildpack=pgbouncer at=app-end
       buildpack=pgbouncer at=exit process=app
       buildpack=pgbouncer at=kill-app pid=247
       buildpack=pgbouncer at=wait-app pid=247
       2022-08-08 06:44:28.213 UTC [248] LOG Got SIGTERM, ignoring!
       buildpack=pgbouncer at=kill-aux name=pgbouncer pid=246 signal=SIGINT
       2022-08-08 06:44:28.213 UTC [248] LOG got SIGINT, shutting down
       buildpack=pgbouncer at=pgbouncer-end
=====> End of nforem container output (web.1)
parallel: This job failed:
/var/lib/dokku/plugins/available/scheduler-docker-local/bin/scheduler-deploy-process-container nforem herokuish dokku/nforem:latest latest web 1 1
Enter fullscreen mode Exit fullscreen mode

It would be great if you can help me with it. I have not made any changes to the environment variables. Hence not sure what is the issue.
Also, the postgres docker container is running(sudo docker ps).