Comments (6)
mholt
commented on July 21, 2024
1
Thank you! Will look into it as soon as the weekend is over and we get over the sickness in the house 😷
from certmagic.
mholt
commented on July 21, 2024
1
Ok, finally had a chance to run this. Sorry for the delay.
I think this makes sense, now that I see it for myself and have tinkered with it a bit.
Ideally, I'd like to solve the problem and know how to connect to that port. Any ideas?
But a better error message is definitely a good start.
from certmagic.
mholt
commented on July 21, 2024
Huh, interesting -- thanks for the info.
What OS are you using?
I used to be pretty sure that you could bind to both :443 and host:443, as the OS would choose the more specific interface... 🤔
from certmagic.
oliverpool
commented on July 21, 2024
What OS are you using?
Debian GNU/Linux 11 (bullseye)
Linux debian 5.10.0-18-amd64
from certmagic.
oliverpool
commented on July 21, 2024
Output of sudo netstat -tnlp | grep :443:
tcp 0 0 167.235.XXX.XXX:443 0.0.0.0:* LISTEN 3638206/snid
tcp6 0 0 1234:4567:::443 :::* LISTEN 3638173/redacted
I have snid listening on the IPv4 and my program on IPv6.
from certmagic.
oliverpool
commented on July 21, 2024
Please find below a minimal reproducer:
https://git.sr.ht/~oliverpool/exp/tree/main/item/mre/certmagic/main.go
package main
import (
"errors"
"fmt"
"log"
"net"
"strings"
)
func main() {
if err := run(); err != nil {
log.Fatal(err)
}
}
func run() error {
ip, err := GetOutboundIP()
if err != nil {
return err
}
port := "1965"
serverLn, err := net.Listen("tcp", net.JoinHostPort(ip, port))
if err != nil {
return err
}
defer serverLn.Close()
fmt.Println("own server listening on", serverLn.Addr().String())
// certmagic logic
addr := ":" + port
ln, listenErr := net.Listen("tcp", addr)
if listenErr == nil {
ln.Close()
return errors.New("certmagic: could listen on " + addr)
}
fmt.Println("certmagic: could not listen on", addr, listenErr)
conn, connectErr := net.Dial("tcp", addr)
if connectErr == nil {
conn.Close()
return errors.New("certmagic: could dial " + addr)
}
fmt.Println("certmagic: could not dial", addr, connectErr)
if strings.Contains(listenErr.Error(), "address already in use") {
fmt.Printf("[WARNING] OS reports a contradiction: %v - but we cannot connect to it, with this error: %v; continuing anyway 🤞\n", listenErr, connectErr)
}
return nil
}
// Get preferred outbound ip of this machine
// adapted from https://stackoverflow.com/a/37382208/3207406
func GetOutboundIP() (string, error) {
conn, err := net.Dial("udp", "8.8.8.8:80")
if err != nil {
return "", err
}
defer conn.Close()
localAddr := conn.LocalAddr().(*net.UDPAddr)
return localAddr.IP.String(), nil
}Output on my machine:
own server listening on 192.168.179.4:1965
certmagic: could not listen on :1965 listen tcp :1965: bind: address already in use
certmagic: could not dial :1965 dial tcp :1965: connect: connection refused
[WARNING] OS reports a contradiction: listen tcp :1965: bind: address already in use - but we cannot connect to it, with this error: dial tcp :1965: connect: connection refused; continuing anyway 🤞
I think the error message could be changed to something like:
%v, be sure to set certmagic.DefaultACME.ListenHost to the IP you are listening on (ONLY the IP, not port)
certmagic assumes the conflicting listener is correctly configured and will continue
See #250 for more information
from certmagic.
Related Issues (20)
- How to extend cache to behave as LRU Cache HOT 5
- Consider performing sanity check on newly obtained certificates
- Higher-level storage implementations HOT 20
- Clarifications about storage interface HOT 10
- Feature request: exported variable for the "no OCSP server specified in certificate" error HOT 3
- Renewal op retries when an expired certificate cannot be renewed HOT 12
- Handling canceled contexts in `Unlock` in custom storage implementations HOT 8
- Question: About `ACMEIssuer.AltTLSALPNPort` parameter HOT 3
- Feature Request: Use `log/slog` instead of Zap HOT 8
- Using Certmagic with pebble HOT 1
- DecisionFunc and certificate clean up HOT 2
- Gandi dns-01 challenge fail: 400 Absolute rrset_name must end with mydomain.org HOT 1
- How do I use CacheUnmanagedTLSCertificate correctly? HOT 6
- Support zerossl IP cert HOT 3
- Support customizable certificate validity period HOT 2
- Add: Deactivating an Authorization (7.5.2) HOT 4
- Certificate Import HOT 16
- Add proxy option for OCSP stapling requests HOT 6
- Ability to disable logs with `no information found to solve challenge for identifier` HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from certmagic.