Proxy TLS Troubleshooting
When using the proxy there may be a few hiccups with the TLS setup along the way that this documentation page addresses.
Error: "x509: certificate is not valid for any names" in daemon.log
If you see this error in daemon.log logfile, then this means that the certificate the proxy uses is not generated with a hostname to match against.
With older version of Go, this was not a problem and when you had the proxy generate a certificate with an old version of the Proxy, then this error may appear when you updated to a daemon that uses a recent version of Go to compile
In this case there are two steps to fix this error:
-
Make sure that you start the proxy with the
--hostname=matching the host that the daemons have configured in--serverflag. -
Let the proxy regenerate the certificates by deleting the old ones
/etc/tideways-proxy/procy.crtandproxy.key, then restarting the proxy. -
Copy the new
proxy.crtto all daemons and overwrite the old ones.
See the proxy installation page for more information on how to setup TLS.
Error: "remote error: tls: bad certificate" in proxy.log
This error is the server-side version of the prevoius "x509: certificate" error in the daemon.log. The same steps apply to remedy the situation.