Greetings. We are developing a client called tlstunnel which is designed to register certificates for incoming TLS connections on-demand, then proxy the connections to non-TLS services elsewhere. This is not designed to be a web server, and the http-01 challenge is not an option for us.
We have had success with the tls-alpn-01 challenge before, but this particular deployment is causing us esoteric problems. We are trying to register a certificate for
pages.sr.ht and receiving the error in the topic subject, but little else:
DNS is set up correctly and port 443 faces the internet directly, not through any kind of firewall or reverse proxy. I've confirmed that ALPN is working in general via
The config file we're using is the following:
In case anyone wants to try to reproduce this issue. We're using the master branch of tlstunnel and running it as root on Alpine Linux w/musl libc and Go 1.15.7 on amd64.