TLS handshake error map acme: Could not determine solvers] Could not find solver for: dns-01 Could not find solver for: http-01

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: chat.mountain-software.eu

I ran this command: sudo systemctl status mattermost -l

It produced this output:
2018/01/22 10:00:44 [INFO][chat.mountain-software.eu] acme: Obtaining bundled SAN certificate
2018/01/22 10:00:44 [INFO][chat.mountain-software.eu] AuthURL: https://acme-v01.api.letsencrypt.org/acme/authz/xzPCIN1AAv4l6HleikzQynaIJQ4nyAF396konhmmDgI
2018/01/22 10:00:44 [INFO][chat.mountain-software.eu] acme: Could not find solver for: dns-01
2018/01/22 10:00:44 [INFO][chat.mountain-software.eu] acme: Could not find solver for: http-01
2018/01/22 10:00:45 http: TLS handshake error from 192.168.1.254:50850: map[chat.mountain-software.eu:[chat.mountain-software.eu] acme: Could not determine solvers]
2018/01/22 10:00:45 http: TLS handshake error from 80.154.65.20:44531: map[chat.mountain-softwaare.eu:[chat.mountain-software.eu] acme: Could not determine solvers]

My web server is (include version):

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:
Vodafone
I can login to a root shell on my machine (yes or no, or I don’t know):
yes

Identifier status is deactivated, why, can someone explain me :

{
“identifier”: {
“type”: “dns”,
“value”: “chat.mountain-software.eu
},
“status”: “deactivated”,
“expires”: “2018-01-29T09:04:28Z”,
“challenges”: [
{
“type”: “dns-01”,
“status”: “pending”,
“uri”: “https://acme-v01.api.letsencrypt.org/acme/challenge/xzPCIN1AAv4l6HleikzQynaIJQ4nyAF396konhmmDgI/3187876570”,
“token”: “EakVigq5L-c2VzUd4bHphmB24PFW6ddhtShNSnuosGE”
},
{
“type”: “http-01”,
“status”: “pending”,
“uri”: “https://acme-v01.api.letsencrypt.org/acme/challenge/xzPCIN1AAv4l6HleikzQynaIJQ4nyAF396konhmmDgI/3187876571”,
“token”: “sDhIw65GnOXNjcf_Jj1ZdF93lA8RGCQL8K0gWj2_GAo”
}
],
“combinations”: [
[
0
],
[
1
]
]
}

Hi @electronix001,

This is probably a result of this issue:

If Mattermost has its own internal support for obtaining certificates, it may be hardcoded to use the TLS-SNI-01 method, which is no longer available. If that’s so, you should let the Mattermost developers know about this problem because they’ll need to switch over to one of the other methods now.

1 Like

Based on the log output, I’m guessing that Mattermost is written in Go (because the log output matches Go’s style). From that I’m further guessing that it may use the Go autocert package. If so, that package recently incorporated some changes to switch to the HTTP-01 challenge. So, try updating your Mattermost install. If that doesn’t work, notify the Mattermost developers that they need to update their Let’s Encrypt integration, and if that happens to be autocert, there’s an update ready to be incorporated into their project.

1 Like

Thank’s for your answer, already wrote them about.

1 Like

This is the thread, for anyone also having the issue (like me!). Please include it the next time :slight_smile:

1 Like

Thanks for sharing that thread. Here’s another one I found from links there, that promises a hotfix release this week: https://forum.mattermost.org/t/workaround-for-broken-lets-encrypt-certificates-on-mattermost-servers/4459

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.