Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

"no viable challenge type found" when using autocert #37489

Closed
ijt opened this issue Feb 27, 2020 · 1 comment
Closed

"no viable challenge type found" when using autocert #37489

ijt opened this issue Feb 27, 2020 · 1 comment

Comments

@ijt
Copy link
Contributor

ijt commented Feb 27, 2020

What version of Go are you using (go version)?

$ go version
go version go1.14 darwin/amd64

Does this issue reproduce with the latest release?

Yes.

What operating system and processor architecture are you using (go env)?

I'm cross compiling for GOOS=linux GOARCH=amd64.

What did you do?

I ran this program on my Ubuntu server:

package main

import (
	"fmt"
	"log"
	"net/http"

	"golang.org/x/crypto/acme/autocert"
)

func main() {
	mux := http.NewServeMux()
	mux.HandleFunc("/", func(w http.ResponseWriter, r *http.Request) {
		fmt.Fprintf(w, "Hello, TLS user! Your config: %+v", r.TLS)
	})
	log.Fatal(http.Serve(autocert.NewListener("mydomain.work"), mux))
}

and visited https://mydomain.work in Chrome (not really with "mydomain.work" but similar).

What did you expect to see?

I expected to see "Hello, TLS user! ...".

What did you see instead?

In the browser I saw a Cloudflare error saying Error 525 SSL handshake failed. The output of the Go program was

2020/02/27 00:44:10 http: TLS handshake error from 172.69.22.250:26624: acme/autocert: unable to satisfy "https://acme-v02.api.letsencrypt.org/acme/authz-v3/3031814088" for domain "mydomain.work": no viable challenge type found
@ijt
Copy link
Contributor Author

ijt commented Feb 27, 2020

I had CloudFlare's feature enabled that only allows HTTPS, so that would have been blocking the http-01 challenge. (https://letsencrypt.org/docs/challenge-types/)

I set CloudFlare's SSL/TLS encryption mode to "Off", but for some reason it was still not working.

When I fell back to using NameCheap's basic DNS, autocert started working.

@ijt ijt closed this as completed Feb 27, 2020
@golang golang locked and limited conversation to collaborators Feb 26, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
Development

No branches or pull requests

2 participants