You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@apisix.apache.org by "MirtoBusico (via GitHub)" <gi...@apache.org> on 2023/05/20 17:59:48 UTC

[GitHub] [apisix] MirtoBusico opened a new issue, #9518: help request: Error: "failed to find any SSL certificate by SNI" when in dashboard SNI exists

MirtoBusico opened a new issue, #9518:
URL: https://github.com/apache/apisix/issues/9518

   ### Description
   
   I have a route, upstream and SNI for the host "www.h.net"
   But when I try to access the URL I receive an error and looking at the logs the last lines are:
   ```
   127.0.0.6 - - [20/May/2023:15:57:56 +0000] apisix-admin.apisix.svc.cluster.local:9180 "GET /apisix/admin/upstreams/6d394703 HTTP/1.1" 404 39 0.002 "-" "Go-http-client/1.1" - - - "http://apisix-admin.apisix.svc.cluster.local:9180"
   127.0.0.6 - - [20/May/2023:15:57:56 +0000] apisix-admin.apisix.svc.cluster.local:9180 "GET /apisix/admin/upstreams/93400b20 HTTP/1.1" 404 39 0.002 "-" "Go-http-client/1.1" - - - "http://apisix-admin.apisix.svc.cluster.local:9180"
   127.0.0.6 - - [20/May/2023:15:57:56 +0000] apisix-admin.apisix.svc.cluster.local:9180 "GET /apisix/admin/upstreams/3b59d238 HTTP/1.1" 404 39 0.001 "-" "Go-http-client/1.1" - - - "http://apisix-admin.apisix.svc.cluster.local:9180"
   127.0.0.6 - - [20/May/2023:16:17:53 +0000] 192.168.151.10 "GET / HTTP/1.1" 404 47 0.000 "-" "curl/7.88.1" - - - "http://192.168.151.10"
   2023/05/20 16:28:28 [error] 50#50: *325034 [lua] radixtree_sni.lua:176: match_and_set(): failed to find any SSL certificate by SNI: www.h.net, context: ssl_certificate_by_lua*, client: 127.0.0.6, server: 0.0.0.0:9443
   2023/05/20 16:28:28 [error] 53#53: *325036 [lua] radixtree_sni.lua:176: match_and_set(): failed to find any SSL certificate by SNI: www.h.net, context: ssl_certificate_by_lua*, client: 127.0.0.6, server: 0.0.0.0:9443
   ``` 
   
   What I'm doing wrong?
   
   The route definition is:
   ```
   {
     "uri": "/*",
     "name": "www",
     "desc": "www.h.net primary route",
     "methods": [
       "GET",
       "POST",
       "PUT",
       "DELETE",
       "PATCH",
       "HEAD",
       "OPTIONS",
       "CONNECT",
       "TRACE",
       "PURGE"
     ],
     "host": "www.h.net",
     "plugins": {
       "redirect": {
         "http_to_https": true
       }
     },
     "upstream_id": "461493987803398719",
     "status": 1
   }
   ```
   
   The upstream definition is:
   ```
   {
     "timeout": {
       "connect": 6,
       "send": 6,
       "read": 6
     },
     "type": "roundrobin",
     "scheme": "http",
     "discovery_type": "dns",
     "pass_host": "pass",
     "name": "productpage",
     "service_name": "productpage.bookinfo.svc.cluster.local:9080",
     "keepalive_pool": {
       "idle_timeout": 60,
       "requests": 1000,
       "size": 320
     }
   }
   ```
   
   The SNI (copied from the Apisix-dashboard) is:
   ```
   SNI                                             Expiration Time         Update Time             Operation
   www www.h.net www.ext.h.net www.int.h.net       2032-11-23 13:08:26     2023-05-20 19:25:44
   ```
   
   BTW in the previous installation it worked with Apisix installed with chart:
   
   ```
   sysop@hdev:~/H/software/apisisx$ helm show chart apisix/apisix
   annotations:
     artifacthub.io/prerelease: "false"
   apiVersion: v2
   appVersion: 2.15.1
   dependencies:
   - condition: etcd.enabled
     name: etcd
     repository: https://charts.bitnami.com/bitnami
     version: 8.3.4
   - alias: dashboard
     condition: dashboard.enabled
     name: apisix-dashboard
     repository: https://charts.apiseven.com
     version: 0.6.1
   - alias: ingress-controller
     condition: ingress-controller.enabled
     name: apisix-ingress-controller
     repository: https://charts.apiseven.com
     version: 0.10.1
   description: A Helm chart for Apache APISIX
   icon: https://apache.org/logos/res/apisix/apisix.png
   maintainers:
   - name: tao12345666333
   name: apisix
   sources:
   - https://github.com/apache/apisix-helm-chart
   type: application
   version: 0.11.3
   ``` 
   Dashboard version was 2.13.0
   
   ### Environment
   
   - APISIX version (run `apisix version`): 3.3.0
   - Operating system (run `uname -a`):  `Linux apisix-694d5589cc-l2948 5.10.0-23-amd64 #1 SMP Debian 5.10.179-1 (2023-05-12) x86_64 GNU/Linux`
   - OpenResty / Nginx version (run `openresty -V` or `nginx -V`):
   - etcd version, if relevant (run `curl http://127.0.0.1:9090/v1/server_info`):
   - APISIX Dashboard version, if relevant: 3.0.0
   - Plugin runner version, for issues related to plugin runners:
   - LuaRocks version, for installation issues (run `luarocks --version`):
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [apisix] shreemaan-abhishek commented on issue #9518: help request: Error: "failed to find any SSL certificate by SNI" when in dashboard SNI exists

Posted by "shreemaan-abhishek (via GitHub)" <gi...@apache.org>.
shreemaan-abhishek commented on issue #9518:
URL: https://github.com/apache/apisix/issues/9518#issuecomment-1642982226

   That being said, **If yes, please give this a shot with the admin API* and let us know if the bug still exists.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [apisix] shreemaan-abhishek commented on issue #9518: help request: Error: "failed to find any SSL certificate by SNI" when in dashboard SNI exists

Posted by "shreemaan-abhishek (via GitHub)" <gi...@apache.org>.
shreemaan-abhishek commented on issue #9518:
URL: https://github.com/apache/apisix/issues/9518#issuecomment-1642978211

   @MirtoBusico, it's not `actively` maintained. It seems the maintainers are not that active, essentially it's a community project so anyone can contribute anytime.
   
   > What are your plans for a tool to manage and change in realtime apisix configurations?
   
   The admin API!


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [apisix] shreemaan-abhishek commented on issue #9518: help request: Error: "failed to find any SSL certificate by SNI" when in dashboard SNI exists

Posted by "shreemaan-abhishek (via GitHub)" <gi...@apache.org>.
shreemaan-abhishek commented on issue #9518:
URL: https://github.com/apache/apisix/issues/9518#issuecomment-1642429544

   @MirtoBusico, are you using the dashboard to manage SNIs? If yes, please give this a shot with the API, the dashboard is not maintained actively and it has compatibility issues with APISIX.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [apisix] MirtoBusico commented on issue #9518: help request: Error: "failed to find any SSL certificate by SNI" when in dashboard SNI exists

Posted by "MirtoBusico (via GitHub)" <gi...@apache.org>.
MirtoBusico commented on issue #9518:
URL: https://github.com/apache/apisix/issues/9518#issuecomment-1652922597

   Waiting the new release


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [apisix] MirtoBusico commented on issue #9518: help request: Error: "failed to find any SSL certificate by SNI" when in dashboard SNI exists

Posted by "MirtoBusico (via GitHub)" <gi...@apache.org>.
MirtoBusico commented on issue #9518:
URL: https://github.com/apache/apisix/issues/9518#issuecomment-1642600392

   > @MirtoBusico, are you using the dashboard to manage SNIs? If yes, please give this a shot with the API, the dashboard is not maintained actively and it has compatibility issues with APISIX.
   
   Hi @shreemaan-abhishek it makes me sad that the dashboard is no more maintained. 
   
   When I had to select an Api Gateway (that was open source) my choice was Apisix because it was the only Api Gateway with a dashboard included in the open source version.
   
   What are your plans for a tool to manage and change in realtime apisix configurations?
   
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [apisix] MirtoBusico commented on issue #9518: help request: Error: "failed to find any SSL certificate by SNI" when in dashboard SNI exists

Posted by "MirtoBusico (via GitHub)" <gi...@apache.org>.
MirtoBusico commented on issue #9518:
URL: https://github.com/apache/apisix/issues/9518#issuecomment-1557641708

   Mybe it is related to the #8663 bug (that is marked as closed)?


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [apisix] shreemaan-abhishek commented on issue #9518: help request: Error: "failed to find any SSL certificate by SNI" when in dashboard SNI exists

Posted by "shreemaan-abhishek (via GitHub)" <gi...@apache.org>.
shreemaan-abhishek commented on issue #9518:
URL: https://github.com/apache/apisix/issues/9518#issuecomment-1643079232

   You can refer the mTLS documentation if you need any help: https://apisix.apache.org/docs/apisix/mtls/


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [apisix] MirtoBusico commented on issue #9518: help request: Error: "failed to find any SSL certificate by SNI" when in dashboard SNI exists

Posted by "MirtoBusico (via GitHub)" <gi...@apache.org>.
MirtoBusico commented on issue #9518:
URL: https://github.com/apache/apisix/issues/9518#issuecomment-1643242956

   Thanks @shreemaan-abhishek I'll try to learn how to manage Apisix using the Admin API and I'll verify if the bug exists (probably not).
   
   In the meantime I think you can close this request, because (if the bug still exist) I'll have to file a request for the Admin API
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [apisix] MirtoBusico closed issue #9518: help request: Error: "failed to find any SSL certificate by SNI" when in dashboard SNI exists

Posted by "MirtoBusico (via GitHub)" <gi...@apache.org>.
MirtoBusico closed issue #9518: help request: Error: "failed to find any SSL certificate by SNI" when in dashboard SNI exists
URL: https://github.com/apache/apisix/issues/9518


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [apisix] Revolyssup commented on issue #9518: help request: Error: "failed to find any SSL certificate by SNI" when in dashboard SNI exists

Posted by "Revolyssup (via GitHub)" <gi...@apache.org>.
Revolyssup commented on issue #9518:
URL: https://github.com/apache/apisix/issues/9518#issuecomment-1652869652

   > Thanks @shreemaan-abhishek I'll try to learn how to manage Apisix using the Admin API and I'll verify if the bug exists (probably not).
   > 
   > In the meantime I think you can close this request, because (if the bug still exist) I'll have to file a request for the Admin API
   
   @MirtoBusico You can close this issue in that case.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org