ngrok
ngrok copied to clipboard
inconshreveable
Certificate is valid for tunnel.us.ngrok.com, not korgn.su.lennut.com
I had my ngrok setup working for months, haven't modified anything in the config, and suddenly is not getting connected anymore.
Here are the logs:
lvl=eror msg="failed to reconnect session" obj=csess id=3671f6535a91 err="read tcp xxx.xxx.xxx.xxx:54796->xxx.xxx.xxx.xxx:443: wsarecv: An existing connection was forcibly closed by the remote host."
lvl=eror msg="failed to reconnect session" obj=csess id=3671f6535a91 err="read tcp xxx.xxx.xxx.xxx:54798->xxx.xxx.xxx.xxx:443: wsarecv: An existing connection was forcibly closed by the remote host."
lvl=eror msg="failed to reconnect session" obj=csess id=3671f6535a91 err="read tcp xxx.xxx.xxx.xxx:54801->xxx.xxx.xxx:443: wsarecv: An existing connection was forcibly closed by the remote host."
lvl=eror msg="failed to reconnect session" obj=csess id=3671f6535a91 err="dial tcp xxx.xxx.xxx:443: i/o timeout"
lvl=eror msg="failed to reconnect session" obj=csess id=3671f6535a91 err="resolved tunnel.us.ngrok.com has no records"
lvl=eror msg="failed to reconnect session" obj=csess id=3671f6535a91 err="x509: certificate is valid for tunnel.us.ngrok.com, not korgn.su.lennut.com"
lvl=eror msg="failed to reconnect session" obj=csess id=3671f6535a91 err="x509: certificate is valid for tunnel.us.ngrok.com, not korgn.su.lennut.com"
lvl=eror msg="failed to reconnect session" obj=csess id=3671f6535a91 err="dial tcp xxx.xxx.xxx:443: i/o timeout"
I've also tried different ngrok regions, same thing.
Please help
We are having this exact same issue from a specific network including the "certificate is valid for tunnel.us.ngrok.com, not korgn.su.lennut.com" message (note that "korgn.su.lennut" is "tunnel.us.ngrok" backwards).
We're executing commands equivalent to this: ngrok http 8080. We've tried both free and paid ngrok accounts.
Does anyone have any ideas what's going on here?
(note that "korgn.su.lennut" is "tunnel.us.ngrok" backwards). 🤯
I have a business account too, haven't got any reply from support yet.
I have a business account as well and also reached out to support with the same issue. Will post when feedback is received :)
Seems like firewall software like Palo Alto have recieved an update that added both ngrok.com and ngrok.io to a blacklist as a "proxy avoidance and anonymizer". In my case, once I managed to talk the network manager into adding both domains into the firewall whitelist (For reference, I asked them to add a subdomain wildcard too: *.ngrok.com, *.ngrok.io), the problem was gone.
Both of those domains could actually be accessed before and the network managers told me they haven't manually added any restrictions, so it's definitely a new thing.
Seems like firewall software like Palo Alto have recieved an update that added both ngrok.com and ngrok.io to a blacklist as a "proxy avoidance and anonymizer". In my case, once I managed to talk the network manager into adding both domains into the firewall whitelist (For reference, I asked them to add a subdomain wildcard too: *.ngrok.com, *.ngrok.io), the problem was gone.
Both of those domains could actually be accessed before and the network managers told me they haven't manually added any restrictions, so it's definitely a new thing.
In my case, those domains were always blocked when tried to open them with the browser, and yet I was able to expose my tunnels using the CLI. I believe that's what ngrok is all about, to be able to use it regardless you are behind a NAT or a firewall. If the solution is to ask the network manager to add ngrok to the whitelist then is useless to me.
Bumping this because it is still an active issue. Is there any reason the cert can't be updated?
@Polantaris This is a firewall issue and nothing to do with ngrok. There was an update that went out to most major firewall software programs July 2020 to start blocking nrgok. If you want to get around this issue, you will need an enterprise account from ngrok or use different tunneling software. Ngrok made an update to their enterprise version to get around this issue.
I've been connecting for a while with the client version without problems with my Ubuntu 20.4. Recently it gave one of either errors:
-
err="x509: certificate signed by unknown authority" -
x509: certificate is valid for tunnel.us.ngrok.com, not korgn.su.lennut.com
Reading through some of the comments here and in other issues posted, there was a claim that some update to firewall rules / list have "blacklisted" ngrok.io, ...
My initial thought was that it could be an ISP automated list, to roll this out, I tested in the same network with another Mac OS computer, which managed to connect without problems.
To me the issue then doesn't come from firewall (which I confirmed I disabled temporary in Ubuntu machine).
I also confirmed the both versions on the Mac and Ubuntu machine are ngrok version 2.3.40
This leaves 2 options... either something changed in the network definitions of my Ubuntu machine which is causing this... (don't remember meddling with something, but possible...) or there's something different in the build for Linux than Mac OS
I'm having this issue right now. Couple hours ago everything was working fine. I'm using a mac.
t=2021-11-14T01:50:09+0200 lvl=info msg="starting web service" obj=web addr=127.0.0.1:4040
t=2021-11-14T01:50:09+0200 lvl=eror msg="failed to reconnect session" obj=csess id=8a9b64f1cadb err="x509: certificate signed by unknown authority"
t=2021-11-14T01:50:10+0200 lvl=eror msg="failed to reconnect session" obj=csess id=8a9b64f1cadb err="x509: certificate signed by unknown authority"
t=2021-11-14T01:50:10+0200 lvl=info msg=start pg=/grpc/agent.Web/State id=3ea21477f62a16f0
t=2021-11-14T01:50:10+0200 lvl=eror msg="failed to reconnect session" obj=csess id=8a9b64f1cadb err="x509: certificate signed by unknown authority"
t=2021-11-14T01:50:12+0200 lvl=eror msg="failed to reconnect session" obj=csess id=8a9b64f1cadb err="x509: certificate signed by unknown authority"
t=2021-11-14T01:50:14+0200 lvl=eror msg="failed to reconnect session" obj=csess id=8a9b64f1cadb err="resolved tunnel.eu.ngrok.com has no records"
t=2021-11-14T01:50:16+0200 lvl=eror msg="failed to reconnect session" obj=csess id=8a9b64f1cadb err="x509: certificate is valid for tunnel.eu.ngrok.com, not korgn.ue.lennut.com"
^Ct=2021-11-14T01:50:18+0200 lvl=info msg="received stop request" obj=app stopReq="{err:<nil> restart:false}"
t=2021-11-14T01:50:18+0200 lvl=info msg="session closing" obj=tunnels.session err=nil
@Townsheriff It also started happening for me about 60 mins ago. Still giving you issues?
@Townsheriff It also started happening for me about 60 mins ago. Still giving you issues?
2 minutes after I posted it started working.
still have the issue today, only from yesterday though for me. after a windows 10 update. maybe a cause of that.
@dustinpeng sounds like when updating windows it changed some firewall stuff? Worth a check and also wouldn't hurt to reinstall. If you have already tried this then I'm not sure. I just tested all the regions and they work for me.
@dustinpeng sounds like when updating windows it changed some firewall stuff? Worth a check and also wouldn't hurt to reinstall. If you have already tried this then I'm not sure. I just tested all the regions and they work for me.
finally, I changed region from ap to au solved the problem. i cannot make it work on ap region anyway.
Thank you for opening this issue! As of April 2016, the ngrok service has permanently moved to https://ngrok.com/. To join the community and file bug reports or feature enhancements for the ngrok agent, please go to https://github.com/ngrok/ngrok.
This repository is no longer actively maintained and will be archived soon to reduce confusion with the latest ngrok versions. We thank you for the continued support of ngrok and look forward to seeing you over at ngrok.com and the ngrok Community Repo.
