docker-ejabberd icon indicating copy to clipboard operation
docker-ejabberd copied to clipboard

Published 20 hours ago verified publisher icon rroemhild

Failed to secure c2s connection: TLS failed: no_certfile during client connect

Open BrianJVarley opened this issue 7 years ago • 3 comments

hi @rroemhild

Issue:

Connecting to ejabberd server container from XMPP client throws a TLS cert error, causing the connection to close.

ejb-con-err

Error

18:04:15.437 [error] (tcp | <0.640.0>) Failed to secure c2s connection: TLS failed : no_certfile

Debugging

Checking the logs for the ejabberd container there are no installation err logs entries relating to a no_certfile entry.

I've tried multiple connection from the PIDGIN client onto the server but get the same no_certfile TLS error.

Docker args

docker run -d \
    --name "ejabberd" \
    -p 5222:5222 \
    -p 5269:5269 \
    -p 5280:5280 \
    -h 'dockertesting-Virtual-Machine' \
    -e "XMPP_DOMAIN=dockertesting-Virtual-Machine" \
    -e "ERLANG_NODE=ejabberd" \
    -e "EJABBERD_ADMINS=admin@dockertesting-Virtual-Machine admin2@dockertesting-Virtual-Machine" \
    -e "EJABBERD_USERS=admin@dockertesting-Virtual-Machine:password1234 [email protected]" \
    -e "TZ=Europe/Berlin" \
    rroemhild/ejabberd

Question

Is this an extra configuration required on the ejabberd server to accept the TLS connection or missing some detail during setup?

BrianJVarley avatar Nov 09 '17 17:11 BrianJVarley

Hi @BrianJVarley, it seems that the automatic certificate generation breaks by using hostnames with a dash. Try dockertestingvm as a hostname and it should work.

rroemhild avatar Nov 10 '17 09:11 rroemhild

Hi @rroemhild editing my host and hostname file to dockertestingvm instead of dockertestin-Virtual-Machine fixed the issue. I'm now getting a valid self signed certificate for the ejabberd instance and connections are accepted.

Should the automatic certificate generation module be able to handle hostname with - symbols? According to this reference Linux uses the RFC952 spec for hostname definitions which defines a valid host as:

A "name" (Net, Host, Gateway, or Domain name) is a text string up to 24 characters drawn from the alphabet (A-Z), digits (0-9), minus sign (-), and period (.). Note that periods are only allowed when they serve to delimit components of "domain style names". [...] No blank or space characters are permitted as part of a name. No distinction is made between upper and lower case. The first character must be an alpha character. The last character must not be a minus sign or period.

In any case removing the dash from the hostname works but may be an enhancement to think about.

https://askubuntu.com/a/123489

BrianJVarley avatar Nov 10 '17 10:11 BrianJVarley

I'll let this open until I find the time to fix this issue or maybe someone else has the time.

rroemhild avatar Nov 20 '17 15:11 rroemhild