netmaker icon indicating copy to clipboard operation
netmaker copied to clipboard

Published 20 hours ago verified publisher icon gravitl

[Bug]: Digital Ocean 1 Click Install Fails - Unsupported SSL

Open tomtom215 opened this issue 2 years ago • 4 comments

Contact Details

No response

What happened?

I used the 1 Click Install for Digital Ocean in the readme and used my own domain (via CloudFlare with an A record pointed at my droplet before login).

Side note -- I did notice that in the Digital Ocean deployment, the 1 click install uses Netmaker V0.8.5. Perhaps this needs to changed centrally. However when I run docker ps on the droplet, it shows v0.9.1 is installed. I did not try to update to troubleshoot as I expected the 1 click install to be deploying the latest version

After the installation was completed in the CLI I tried to open the dashboard in both Chrome and Safari but it failed with this message:

Chrome - This site can’t provide a secure connection dashboard.netmaker.DOMAIN.com uses an unsupported protocol. ERR_SSL_VERSION_OR_CIPHER_MISMATCH

I also tried running all APT updates and upgrades on the droplet as well as disabling Cloudflare proxying with no change.

This seems to be the same issue as #783 but hopefully this provides more info

Version

v0.9.1

What OS are you using?

Linux

Relevant log output

No response

Contributing guidelines

  • [X] Yes, I did.

tomtom215 avatar Apr 27 '22 13:04 tomtom215

Apologies if this is too obvious but you mention Cloudflare, you don't have the cloudflare proxy on for the domain? That will interfere with Caddy and Let's Encrypt, you will have to do some extra configuration if you want Cloudflare to proxy the dashboard. See this: Using Caddy with Cloudflare.

Also, it's probably unrelated to the dashboard SSL error, but if you're using the older version in the DO one clip app be aware apparently they switched from gRPC to MQTT at some point (not sure when exactly), so if you follow instructions for the gRPC version and manually create a grpc subdomain in your DNS, you'll have an issue if the version you're using expects it to be called broker (or just use a wildcard).

entertwined avatar May 03 '22 16:05 entertwined

Fair question - no, I made sure CF proxying was disabled.

I'll give the one click Digital Ocean install again when I have a free day and see if it's any different

tomtom215 avatar May 05 '22 13:05 tomtom215

The Digital Ocean one-click app has been updated to v0.14.6. Are you still having this issue?

mattkasun avatar Sep 26 '22 15:09 mattkasun

I too have tried the Digital Ocean 1 Click Install, and it fails Testing the Caddy setup "Caddy is having an issue setting up certificates" Reviewing the docker-compose.yml it seems as Caddy v2.6.2 is hard coded, but 2.6.4 is the latest that seems to address some request_buffers and responce_buffers that may help?

I also tried to update a v0.17.1 to v0.18.6 and had the same issue.

clintonmarshall avatar Apr 20 '23 00:04 clintonmarshall