Error "http: TLS handshake error from"

Por favor, complete los campos del siguiente formulario para que podamos ayudarle de la mejor forma posible. Nota: debe proporcionar su nombre de dominio para obtener ayuda. Los nombres de dominio de los certificados emitidos se hacen públicos en los registros de Transparencia de Certificados (por ejemplo, crt.sh | example.com), por lo que esconder aquí su nombre de dominio no sirve de nada, únicamente nos dificulta prestarle la ayuda solicitada.

Puedo leer las respuestas en Inglés (sí o no): SI

Mi dominio es: influx.w2.enkrott.com

Ejecuté este comando:

Produjo esta salida:

Mi servidor web es (incluya la versión): influxdb 2.6.1

El sistema operativo en el que se ejecuta mi servidor web es (incluya la versión): Ubuntu 22.04

Mi proveedor de alojamiento web (si aplica) es:

Puedo iniciar una sesión en una shell root en mi servidor (sí, no o no lo sé):

Estoy usando un panel de control para administrar mi sitio (no o proporcione el nombre y la versión del panel de control):

La versión de mi cliente es (por ejemplo, si usa certbot, muestre la salida de certbot --version o certbot-auto --version): 2.6.0

Instale cerbot para acceder mediante SSL a influxdb y en el log de influxdb da siempre el siguente mensaje cada pocos segundos.
│May 17 13:37:07 influxdb influxd-systemd-start.sh[1069111]: ts=2023-05-17T13:37:07.939909Z lvl=info msg="http: TLS handshake error from X.X.X.X:YYYYY: read tcp 10.132.0.10:8086->35.233.167.246:58083: i/o timeout" log_id=0hrKf~o0000 service=http donde X.X.X.X es una direccion IP e YYYYY es un puerto y ambos van cambiando...

Sí que accedo en el navegador https://influx.w2.enkrott.com

¿por que me da estos mensajes? ¿solucion?

Gracias y un saludo

Welcome @sergioaema

That looks like a communications timeout error and not a problem with the certs. Most likely some sort of firewall maybe blocking port 443 from the public internet?

You say you can reach the website with https://influx.w2.enkrott.com/ but I cannot. Could this be the problem? See this SSL Checker website which also cannot see that domain using HTTPS

3 Likes

I’m sorry, https://influx.w2.enkrott.com:8086

I run SSL Checker and All is Ok.

Do you recognize that "X.X.X.X" IP?
It may be some hacker/scanner IP.

3 Likes

Supplemental

$ nmap -Pn -p80,443,8086 influx.w2.enkrott.com
Starting Nmap 7.80 ( https://nmap.org ) at 2023-05-17 18:46 UTC
Nmap scan report for influx.w2.enkrott.com (35.187.89.122)
Host is up (0.15s latency).
rDNS record for 35.187.89.122: 122.89.187.35.bc.googleusercontent.com

PORT     STATE    SERVICE
80/tcp   closed   http
443/tcp  filtered https
8086/tcp open     d-s-n

Nmap done: 1 IP address (1 host up) scanned in 2.46 seconds
1 Like

Is there some analytics, from say a CDN, that are not able handle the TLS levels and Ciphers you have available for client services and apps to connect with?

Some security scanning services?

1 Like

They are all ips from google; My proyect is in Google Cloud.
am i being attacked by hacker on google?
how can I solve that?

I dont know; My proyect is in Google Cloud and I am receiving many request of IPs of Google..
Hacker?

Q#1: Do you have a firewall?
Q#2: Do you know how to use the firewall?

2 Likes

I can close port 80, but Cerbot uses it for the certificate, right?

4 Likes

Yes, I have two Firewalls: Google Cloud y ufw in linux Linux.
I have open ports 80, 8086 (server inflxudb), 1883 (mqtt), 22 (ssh) icmp, all port for virtual machine for my proyect in GCP

Why?
[you are allowing them to connect]

2 Likes

Because I connect to https://influx.wave2.enkrott.com:8086. This port is the default port for influxdb

That's an influxdb "info" level entry. You should ask about this on an influxdb forum.

Many services have nearly useless "info" level entries and adjusting the log level suppresses the messages. And, many times they are just nuisance messages. Now, this does seem like something that might be a problem. But, again, a forum of influxdb experts are best to advise you.

I don't have any trouble accessing that domain:port which shows the certs are fine. A timeout problem can be caused by a wide variety of things.

curl -I https://influx.w2.enkrott.com:8086
HTTP/2 200
last-modified: Wed, 28 Dec 2022 21:04:13 GMT
x-influxdb-build: OSS
x-influxdb-version: v2.6.1

openssl s_client -connect influx.w2.enkrott.com:8086
Certificate chain
 0 s:CN = influx.w2.enkrott.com
   i:C = US, O = Let's Encrypt, CN = R3
   a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256
   v:NotBefore: Apr  7 16:36:30 2023 GMT; NotAfter: Jul  6 16:36:29 2023 GMT
 1 s:C = US, O = Let's Encrypt, CN = R3
   i:C = US, O = Internet Security Research Group, CN = ISRG Root X1
   a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256
   v:NotBefore: Sep  4 00:00:00 2020 GMT; NotAfter: Sep 15 16:00:00 2025 GMT
 2 s:C = US, O = Internet Security Research Group, CN = ISRG Root X1
   i:O = Digital Signature Trust Co., CN = DST Root CA X3
   a:PKEY: rsaEncryption, 4096 (bit); sigalg: RSA-SHA256
   v:NotBefore: Jan 20 19:14:03 2021 GMT; NotAfter: Sep 30 18:14:03 2024 GMT
4 Likes