loop icon indicating copy to clipboard operation
loop copied to clipboard

Published 20 hours ago verified publisher icon lightninglabs

Loopd fails to start on lnd TLS: failed certificate signed by unknown authority

Open redstorm1 opened this issue 1 year ago • 4 comments
trafficstars

start up log:

2024-05-07 15:40:33.843 [INF] LOOPD: Version: 0.28.1-beta commit=
2024-05-07 15:40:33.843 [INF] LNDC: Creating lnd connection to localhost:10009
2024-05-07 15:40:33.844 [INF] LNDC: Connected to lnd
2024-05-07 15:40:33.846 [INF] LNDC: Waiting for lnd to unlock
2024-05-07 15:40:33.846 [INF] LNDC: Wallet state of lnd is now: Lnd main server is ready for requests
2024-05-07 15:40:33.851 [INF] LNDC: lnd version: v0.17.5-beta, build tags 'autopilotrpc,signrpc,walletrpc,chainrpc,invoicesrpc,watchtowerrpc,neutrinorpc,monitoring,peersrpc,kvdb_postgres,kvdb_etcd,kvdb_sqlite'
2024-05-07 15:40:33.851 [INF] LNDC: Using network testnet
2024-05-07 15:40:33.852 [INF] LNDC: Waiting for lnd to be fully synced to its chain backend, this might take a while
2024-05-07 15:40:33.856 [INF] LNDC: lnd is now fully synced to its chain backend
2024-05-07 15:40:33.856 [INF] LOOPD: Protocol version: MuSig2
2024-05-07 15:40:33.856 [INF] LOOPD: Swap server address: localhost:10009
2024-05-07 15:40:33.856 [INF] LOOPD: Found sqlite db at /home/zzzz/.loop/testnet/loop_sqlite.db, skipping migration
2024-05-07 15:40:33.856 [INF] LOOPD: Opening sqlite3 database at: /home/zzzz/.loop/testnet/loop_sqlite.db
2024-05-07 15:40:33.904 [INF] LOOPD: Starting swap client
2024-05-07 15:40:33.904 [INF] LOOPD: Starting liquidity manager
2024-05-07 15:40:33.904 [INF] LOOPD: Starting gRPC listener
2024-05-07 15:40:33.904 [INF] LOOPD: Waiting for updates
2024-05-07 15:40:33.904 [INF] LOOP: Connected to lnd node 'Geektech lnd 🐙🏴‍☠️' with pubkey 03ee83ec25fc43cf1d683be47fd5e2ac39713a489b03fed4350d9623be1ff0d817 (version v0.17.5-beta, build tags 'autopilotrpc,signrpc,walletrpc,chainrpc,invoicesrpc,watchtowerrpc,neutrinorpc,monitoring,peersrpc,kvdb_postgres,kvdb_etcd,kvdb_sqlite')
2024-05-07 15:40:33.905 [INF] LOOPD: Liquidity manager stopped
2024-05-07 15:40:33.905 [ERR] LOOPD: Runtime error in daemon, shutting down: rpc error: code = Unavailable desc = connection error: desc = "transport: authentication handshake failed: tls: failed to verify certificate: x509: certificate signed by unknown authority"
2024-05-07 15:40:33.905 [INF] LOOPD: Stopping gRPC server
2024-05-07 15:40:33.905 [INF] LOOPD: Stopping REST server
2024-05-07 15:40:33.905 [DBG] LNDC: Closing lnd connection
2024-05-07 15:40:33.905 [INF] LOOPD: Swap client stopped
2024-05-07 15:40:33.905 [DBG] LNDC: Wait for client to finish
2024-05-07 15:40:33.905 [DBG] LNDC: Wait for chain notifier to finish
2024-05-07 15:40:33.905 [DBG] LNDC: Wait for invoices to finish
2024-05-07 15:40:33.905 [DBG] LNDC: Wait for router to finish
2024-05-07 15:40:33.905 [DBG] LNDC: Lnd services finished
2024-05-07 15:40:33.905 [DBG] LNDC: Lnd services finished
2024-05-07 15:40:33.905 [INF] LOOPD: Starting REST proxy listener
2024-05-07 15:40:33.905 [INF] LOOPD: REST proxy listening on 127.0.0.1:8081
2024-05-07 15:40:33.905 [INF] LOOPD: RPC server listening on 127.0.0.1:11010

loopd.conf

network=testnet
debuglevel=debug
server.host=localhost:10009
macaroonpath=/home/zzzz/.loop/testnet/loop.macaroon
lnd.macaroonpath=/home/zzzz/.lnd/data/chain/bitcoin/testnet/admin.macaroon
lnd.tlspath=/home/zzzz/.lnd/tls.cert
tlscertpath=/home/zzzz/.loop/testnet/tls.cert
tlskeypath= /home/zzzz/.loop/testnet/tls.key

I have stopped and deleted the tls certificates and keys and restarted both lnd and loopd on testnet but the issue remains that the tls.cert that lnd generates is rejected by loopd as not being signed by a known authority. adding both certs to the ca certificate store did not change the behaviour.

redstorm1 avatar May 08 '24 00:05 redstorm1

If you don't start loop with the configfile flag could you try to set the right value in your config file here?

; Path to configuration file.
; configfile=~/.loop/mainnet/loopd.conf

hieblmi avatar May 08 '24 08:05 hieblmi

daemon config is pointing to the right config file. This is testnet not mainnet..

# LOOP: systemd unit for loopd
# /etc/systemd/system/loopd.service

[Unit]
Description=Loopd daemon
Wants=lnd.service
After=lnd.service

[Service]
ExecStart=/home/zzzz/lnd/loop/loop-linux-amd64-v0.28.1-beta/./loopd --configfile=/home/zzzz/.loop/testnet/loopd.conf
User=zzzz
Restart=always
TimeoutSec=120
RestartSec=30

[Install]
WantedBy=multi-user.target

redstorm1 avatar May 08 '24 09:05 redstorm1

Do you have any extra tls configs in your lnd.conf?

sputn1ck avatar May 08 '24 10:05 sputn1ck

lnd.conf

[Application Options]
listen=0.0.0.0:9745
rpclisten=localhost:10009
restlisten=127.0.0.1:8888
externalip=203.86.204.88:9745

alias=Geektech lnd 🐙🏴‍☠️
color=#6600cc

[Bitcoin]
bitcoin.active=1
bitcoin.testnet=1
bitcoin.node=bitcoind
[Btcd]

[Bitcoind]

bitcoind.rpcuser=zzzzzzz
bitcoind.rpcpass=
bitcoind.zmqpubrawblock=tcp://127.0.0.1:28332
bitcoind.zmqpubrawtx=tcp://127.0.0.1:28333

[neutrino]

[Litecoin]
[Ltcd]
[autopilot]
autopilot.active=1
autopilot.maxchannels=5
autopilot.allocation=0.6

[tor]

[watchtower]

[wtclient]

only non standard setting is the port 9745 instead of the default 9735

redstorm1 avatar May 08 '24 19:05 redstorm1

Solved, added lnds selfsigned cert to the the ca-certificates store and updated certificates.

redstorm1 avatar Jun 12 '24 21:06 redstorm1