Proxy TLS Troubleshooting

When using the proxy there may be a few hiccups with the TLS setup along the way that this documentation page addresses.

Error: "x509: certificate is not valid for any names" in daemon.log

If you see this error in daemon.log logfile, then this means that the certificate the proxy uses is not generated with a hostname to match against.

With older version of Go, this was not a problem and when you had the proxy generate a certificate with an old version of the Proxy, then this error may appear when you updated to a daemon that uses a recent version of Go to compile

In this case there are two steps to fix this error:

  1. Make sure that you start the proxy with the --hostname= matching the host that the daemons have configured in --server flag.

  2. Let the proxy regenerate the certificates by deleting the old ones /etc/tideways-proxy/procy.crt and proxy.key, then restarting the proxy.

  3. Copy the new proxy.crt to all daemons and overwrite the old ones.

See the proxy installation page for more information on how to setup TLS.

Error: "remote error: tls: bad certificate" in proxy.log

This error is the server-side version of the prevoius "x509: certificate" error in the daemon.log. The same steps apply to remedy the situation.

Still need help? Email [email protected]