browsing to https gives error #35

eltyBelgium · 2025-02-05T16:05:07Z

If you setup a forward (domainA.com) and you forward (domainB.com)

and you browse to https://domainA.com you will receive a Privacy error.
Is there a way to fix this?

willnode · 2025-02-07T13:35:15Z

I notice sometimes this service ran out rate limit given by let's encrypt. Sometimes even let's encrypt totally refuse until I followed their notice link.

I have no alert set up to tell if SSL fails unless retroactively see logs. You can try to self host this service if it urgent.

eltyBelgium · 2025-02-07T13:36:46Z

We are self-hosting it.

willnode · 2025-02-07T13:40:08Z

Do you use this service behind NGINX? If it yes, do not use http, use stream module.
Try to visit HTTP part of the domain, usually incorrect config can be catched up.
Try to dig some logs so I can know why.

eltyBelgium · 2025-02-07T13:48:03Z

this service is just runnend on node server on linux in azure and is using pm2 for multi process management.
I'll search for the logs

eltyBelgium · 2025-02-07T14:17:00Z

Where can i find the logs?

willnode · 2025-02-07T14:30:07Z

PM2 should save some stdout logs. I use systemd and I casually search logs there.

eltyBelgium · 2025-02-07T14:31:52Z

hmm how did you run the project through systemd?

willnode · 2025-02-07T14:38:50Z

I just wrote this file

> cat /usr/lib/systemd/system/r.service
[Unit]
Description=Forward Domain Daemon
Documentation=https://forwarddomain.net
After=network.target

[Service]
Type=simple
User=r
WorkingDirectory=/home/r/public_html
ExecStart=/home/r/.local/opt/node/bin/node --env-file=.env app.js
Restart=always

[Install]
WantedBy=multi-user.target

And setup it up on top of nginx config

https://gist.github.com/willnode/7e6f1779d28828954c9b25cf9a7c4161

eltyBelgium · 2025-02-10T12:45:38Z

this is one of the errors:

app | at Client.pollAuthz (file:///forward-domain/forward-domain/src/certnode/lib/client.js:332:23)
0|app | at process.processTicksAndRejections (node:internal/process/task_queues:95:5)
0|app | at async Client.generateCertificate (file:///forward-domain/forward-domain/src/certnode/lib/client.js:77:9)
0|app | at async file:///forward-domain/forward-domain/src/sni.js:76:35
0|app | Error: pollAuthz() authorization is invalid: {
0|app | "challenge": {
0|app | "type": "http-01",
0|app | "url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall/180089154/16014523314/XEimqw",
0|app | "status": "invalid",
0|app | "validated": "2025-02-10T12:45:19Z",
0|app | "error": {
0|app | "type": "urn:ietf:params:acme:error:caa",
0|app | "detail": "During secondary validation: While processing CAA for www.werkzaam.be: CAA record for werkzaam.be prevents issuance"
0|app | },
0|app | "token": "LJNL-PvXVRHrfG5bfF03NsU8KUiKnv0FLiXl6K5CctM",
0|app | "validationRecord": [
0|app | {
0|app | "url": "http://www.werkzaam.be/.well-known/acme-challenge/LJNL-PvXVRHrfG5bfF03NsU8KUiKnv0FLiXl6K5CctM",
0|app | "hostname": "www.werkzaam.be",
0|app | "port": "80",
0|app | "addressesResolved": [
0|app | ""
0|app | ],
0|app | "addressUsed": "*"
0|app | }
0|app | ]
0|app | },
0|app | "domain": "www.werkzaam.be",
0|app | "status": "invalid",
0|app | "expires": "2025-02-17T12:45:18Z"
0|app | }
0|app | at Client.pollAuthz (file:///forward-domain/forward-domain/src/certnode/lib/client.js:332:23)
0|app | at process.processTicksAndRejections (node:internal/process/task_queues:95:5)
0|app | at async Client.generateCertificate (file:///forward-domain/forward-domain/src/certnode/lib/client.js:77:9)
0|app | at async file:///forward-domain/forward-domain/src/sni.js:76:35

eltyBelgium · 2025-02-10T12:51:13Z

eltyBelgium commented

Feb 10, 2025

this is one of the errors:

app | at Client.pollAuthz (file:///forward-domain/forward-domain/src/certnode/lib/client.js:332:23) 0|app | at process.processTicksAndRejections (node:internal/process/task_queues:95:5) 0|app | at async Client.generateCertificate (file:///forward-domain/forward-domain/src/certnode/lib/client.js:77:9) 0|app | at async file:///forward-domain/forward-domain/src/sni.js:76:35 0|app | Error: pollAuthz() authorization is invalid: { 0|app | "challenge": { 0|app | "type": "http-01", 0|app | "url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall/180089154/16014523314/XEimqw", 0|app | "status": "invalid", 0|app | "validated": "2025-02-10T12:45:19Z", 0|app | "error": { 0|app | "type": "urn:ietf:params:acme:error:caa", 0|app | "detail": "During secondary validation: While processing CAA for www.werkzaam.be: CAA record for werkzaam.be prevents issuance" 0|app | }, 0|app | "token": "LJNL-PvXVRHrfG5bfF03NsU8KUiKnv0FLiXl6K5CctM", 0|app | "validationRecord": [ 0|app | { 0|app | "url": "http://www.werkzaam.be/.well-known/acme-challenge/LJNL-PvXVRHrfG5bfF03NsU8KUiKnv0FLiXl6K5CctM", 0|app | "hostname": "www.werkzaam.be", 0|app | "port": "80", 0|app | "addressesResolved": [ 0|app | "172.211.161.18" 0|app | ], 0|app | "addressUsed": "172.211.161.18" 0|app | } 0|app | ] 0|app | }, 0|app | "domain": "www.werkzaam.be", 0|app | "status": "invalid", 0|app | "expires": "2025-02-17T12:45:18Z" 0|app | } 0|app | at Client.pollAuthz (file:///forward-domain/forward-domain/src/certnode/lib/client.js:332:23) 0|app | at process.processTicksAndRejections (node:internal/process/task_queues:95:5) 0|app | at async Client.generateCertificate (file:///forward-domain/forward-domain/src/certnode/lib/client.js:77:9) 0|app | at async file:///forward-domain/forward-domain/src/sni.js:76:35

this was a CAA record problem. But if i surf to https://domainA.be I got a invalid cert problem.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

browsing to https gives error #35

browsing to https gives error #35

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

browsing to https gives error #35

browsing to https gives error #35

Comments

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!