Let's Encrypt with Mattermost Server - Connecting from Windows via Cold Fusion HTTP Library

We are getting this error when making an API request from windows server to linux.

Letsencrypt installed on windows server using ACME

Linux server log:

This is what I am getting when making an API request from windows server to linux

Example Test script URL: https://yourdomain.com/sage/test/test_impro.cfm

Jun 2 08:16:19 ubuntu platform[23001]: 2017/06/02 08:16:19 [INFO][] acme: Obtaining bundled SAN certificate
Jun 2 08:16:19 ubuntu platform[23001]: 2017/06/02 08:16:19 http: TLS handshake error from 172.96.13.67:61733: map[:acme: Error 400 - urn:acme:error:malformed - Error creating new authz :: DNS name was empty]
Jun 2 08:16:28 ubuntu platform[23001]: 2017/06/02 08:16:28 http: TLS handshake error from 172.96.13.67:61740: map[:acme: Error 400 - urn:acme:error:malformed - Error creating new authz :: DNS name was empty]

how can we fix this issue?

hi @vickyjey

You are going to have to explain a bit more.

I can’t make out what you are trying to do

Andrei

We couldn’t able to connect mattermost server (linux) from windows web server through CFHTTP(coldfusion using API function)- which results that Connection failure. But the same CFHTTP connection from other windows servers to mattermost server works well.

However, If I provide google.com URL in the test script on the problematical server instead of matterhost linux server URL, It works fine.

Failed:

struct
Charset [empty string]
ErrorDetail I/O Exception: Received fatal alert: internal_error
Filecontent Connection Failure
Header [empty string]
Mimetype Unable to determine MIME type of file.
Responseheader
struct [empty]
Statuscode Connection Failure. Status code unavailable.
Text YES

hi @vinckle

I am still finding it difficult to understand your train of logic

A)

  • why is this relevant

Letsencrypt installed on windows server using ACME

B)

Items below are LEGO client - why is this included?

Jun 2 08:16:19 ubuntu platform 08:16:19 [INFO][] acme: Obtaining bundled SAN certificate
Jun 2 08:16:19 ubuntu platform 08:16:19 http: TLS handshake error from 172.96.13.67:61733: map[:acme: Error 400 - urn:acme:error:malformed - Error creating new authz :: DNS name was empty]
Jun 2 08:16:28 ubuntu platform 08:16:28 http: TLS handshake error from 172.96.13.67:61740: map[:acme: Error 400 - urn:acme:error:malformed - Error creating new authz :: DNS name was empty]

You are describing one problem but providing information which doesn’t seem to be relevant to the problem you have.

Please take a few minutes to articulate what you are actually having issues with

A) Why are you providing output for a verifciation from LEGO client? How does this impact windows to linux communications
B) Do you currently have a SSL Certificate installed on your Mattermost Server?
C) If so have you done TLS checks on the server that is not working outisde of Cold Fusion
D) Are you aware of this: https://colorblindprogramming.com/cfhttp-calling-https-urls

Apologies for being a bit blunt but you should follow a systematic troubleshooting pattern and provide relevant information so others can help :smiley:

Also please stop pasting output without explaining where it comes from and how you obtained it and how it is relevant to the problem at hand

Andrei

to explain a bit more

Usually you want to have a baseline that you work of to solve you problem

Suggested baseline for this issue

A) Your mattermost server with PowerShells’ Invoke-WebRequest
B) https://www,google.com with PowerShells’ Invoke-WebRequest

Test one:

Invoke-WebRequest -URI “https://www.google.com

Test Two:

Invoke-WebRequest -URI “your mattermost server”

If both of these return a 200 then you know you do not have a network or TLS handshake issue

You are using a specific library (HTTP from Cold Fusion) - test with that library on both and if you have an issue then it narrows it down to the library and how it deals with HTTPS

What you will most likely find is that the Google Intermediate is present in the Cold Fusion Truststore JKS while the Let’s Encrypt one is not.

Also most likely someone fixed this on the other servers but not the one you are having issues with :smiley:

Andrei

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.