How do I solve certificate problems? #27
Description
sudo certbot certonly --manual --preferred-challenges dns -d example.com
docker run -d --network derper-net --name derper -p 8443:8443 -p 3478:3478/udp --restart=always -v /etc/letsencrypt/live/example.com:/app/certs -v /var/run/tailscale/tailscaled.sock:/var/run/tailscale/tailscaled.sock -e DERP_DOMAIN=example.com -e DERP_CERT_MODE=manual -e DERP_CERT_DIR=/app/certs -e DERP_ADDR=:8443 -e DERP_STUN=true -e DERP_VERIFY_CLIENTS=true fredliang/derper
worker_processes 1;
events {
worker_connections 1024;
}
http {
server {
listen 80;
server_name example.com;
location /.well-known/acme-challenge/ {
root /var/www/letsencrypt;
}
location / {
return 301 https://$host$request_uri;
}
}
server {
listen 443 ssl;
server_name example.com;
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
location / {
proxy_pass https://derper:8443;
# proxy_ssl_verify off;
proxy_ssl_server_name on;
proxy_ssl_name example.com;
proxy_set_header Host example.com;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
client_max_body_size 5M;
}
}
The server URL works fine when opened in a PC browser.
The derper logs will record: http: TLS handshake error from 3.134.148.59:58828: client sent an HTTP request to an HTTPS server
The mobile app will display: ERR_SSL_PROTOCOL_ERROR
TailScale will display a message indicating it cannot connect to the relay server.