You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@apisix.apache.org by "MirtoBusico (via GitHub)" <gi...@apache.org> on 2023/05/20 17:59:48 UTC
[GitHub] [apisix] MirtoBusico opened a new issue, #9518: help request: Error: "failed to find any SSL certificate by SNI" when in dashboard SNI exists
MirtoBusico opened a new issue, #9518:
URL: https://github.com/apache/apisix/issues/9518
### Description
I have a route, upstream and SNI for the host "www.h.net"
But when I try to access the URL I receive an error and looking at the logs the last lines are:
```
127.0.0.6 - - [20/May/2023:15:57:56 +0000] apisix-admin.apisix.svc.cluster.local:9180 "GET /apisix/admin/upstreams/6d394703 HTTP/1.1" 404 39 0.002 "-" "Go-http-client/1.1" - - - "http://apisix-admin.apisix.svc.cluster.local:9180"
127.0.0.6 - - [20/May/2023:15:57:56 +0000] apisix-admin.apisix.svc.cluster.local:9180 "GET /apisix/admin/upstreams/93400b20 HTTP/1.1" 404 39 0.002 "-" "Go-http-client/1.1" - - - "http://apisix-admin.apisix.svc.cluster.local:9180"
127.0.0.6 - - [20/May/2023:15:57:56 +0000] apisix-admin.apisix.svc.cluster.local:9180 "GET /apisix/admin/upstreams/3b59d238 HTTP/1.1" 404 39 0.001 "-" "Go-http-client/1.1" - - - "http://apisix-admin.apisix.svc.cluster.local:9180"
127.0.0.6 - - [20/May/2023:16:17:53 +0000] 192.168.151.10 "GET / HTTP/1.1" 404 47 0.000 "-" "curl/7.88.1" - - - "http://192.168.151.10"
2023/05/20 16:28:28 [error] 50#50: *325034 [lua] radixtree_sni.lua:176: match_and_set(): failed to find any SSL certificate by SNI: www.h.net, context: ssl_certificate_by_lua*, client: 127.0.0.6, server: 0.0.0.0:9443
2023/05/20 16:28:28 [error] 53#53: *325036 [lua] radixtree_sni.lua:176: match_and_set(): failed to find any SSL certificate by SNI: www.h.net, context: ssl_certificate_by_lua*, client: 127.0.0.6, server: 0.0.0.0:9443
```
What I'm doing wrong?
The route definition is:
```
{
"uri": "/*",
"name": "www",
"desc": "www.h.net primary route",
"methods": [
"GET",
"POST",
"PUT",
"DELETE",
"PATCH",
"HEAD",
"OPTIONS",
"CONNECT",
"TRACE",
"PURGE"
],
"host": "www.h.net",
"plugins": {
"redirect": {
"http_to_https": true
}
},
"upstream_id": "461493987803398719",
"status": 1
}
```
The upstream definition is:
```
{
"timeout": {
"connect": 6,
"send": 6,
"read": 6
},
"type": "roundrobin",
"scheme": "http",
"discovery_type": "dns",
"pass_host": "pass",
"name": "productpage",
"service_name": "productpage.bookinfo.svc.cluster.local:9080",
"keepalive_pool": {
"idle_timeout": 60,
"requests": 1000,
"size": 320
}
}
```
The SNI (copied from the Apisix-dashboard) is:
```
SNI Expiration Time Update Time Operation
www www.h.net www.ext.h.net www.int.h.net 2032-11-23 13:08:26 2023-05-20 19:25:44
```
BTW in the previous installation it worked with Apisix installed with chart:
```
sysop@hdev:~/H/software/apisisx$ helm show chart apisix/apisix
annotations:
artifacthub.io/prerelease: "false"
apiVersion: v2
appVersion: 2.15.1
dependencies:
- condition: etcd.enabled
name: etcd
repository: https://charts.bitnami.com/bitnami
version: 8.3.4
- alias: dashboard
condition: dashboard.enabled
name: apisix-dashboard
repository: https://charts.apiseven.com
version: 0.6.1
- alias: ingress-controller
condition: ingress-controller.enabled
name: apisix-ingress-controller
repository: https://charts.apiseven.com
version: 0.10.1
description: A Helm chart for Apache APISIX
icon: https://apache.org/logos/res/apisix/apisix.png
maintainers:
- name: tao12345666333
name: apisix
sources:
- https://github.com/apache/apisix-helm-chart
type: application
version: 0.11.3
```
Dashboard version was 2.13.0
### Environment
- APISIX version (run `apisix version`): 3.3.0
- Operating system (run `uname -a`): `Linux apisix-694d5589cc-l2948 5.10.0-23-amd64 #1 SMP Debian 5.10.179-1 (2023-05-12) x86_64 GNU/Linux`
- OpenResty / Nginx version (run `openresty -V` or `nginx -V`):
- etcd version, if relevant (run `curl http://127.0.0.1:9090/v1/server_info`):
- APISIX Dashboard version, if relevant: 3.0.0
- Plugin runner version, for issues related to plugin runners:
- LuaRocks version, for installation issues (run `luarocks --version`):
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] shreemaan-abhishek commented on issue #9518: help request: Error: "failed to find any SSL certificate by SNI" when in dashboard SNI exists
Posted by "shreemaan-abhishek (via GitHub)" <gi...@apache.org>.
shreemaan-abhishek commented on issue #9518:
URL: https://github.com/apache/apisix/issues/9518#issuecomment-1642982226
That being said, **If yes, please give this a shot with the admin API* and let us know if the bug still exists.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] shreemaan-abhishek commented on issue #9518: help request: Error: "failed to find any SSL certificate by SNI" when in dashboard SNI exists
Posted by "shreemaan-abhishek (via GitHub)" <gi...@apache.org>.
shreemaan-abhishek commented on issue #9518:
URL: https://github.com/apache/apisix/issues/9518#issuecomment-1642978211
@MirtoBusico, it's not `actively` maintained. It seems the maintainers are not that active, essentially it's a community project so anyone can contribute anytime.
> What are your plans for a tool to manage and change in realtime apisix configurations?
The admin API!
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] shreemaan-abhishek commented on issue #9518: help request: Error: "failed to find any SSL certificate by SNI" when in dashboard SNI exists
Posted by "shreemaan-abhishek (via GitHub)" <gi...@apache.org>.
shreemaan-abhishek commented on issue #9518:
URL: https://github.com/apache/apisix/issues/9518#issuecomment-1642429544
@MirtoBusico, are you using the dashboard to manage SNIs? If yes, please give this a shot with the API, the dashboard is not maintained actively and it has compatibility issues with APISIX.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] MirtoBusico commented on issue #9518: help request: Error: "failed to find any SSL certificate by SNI" when in dashboard SNI exists
Posted by "MirtoBusico (via GitHub)" <gi...@apache.org>.
MirtoBusico commented on issue #9518:
URL: https://github.com/apache/apisix/issues/9518#issuecomment-1652922597
Waiting the new release
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] MirtoBusico commented on issue #9518: help request: Error: "failed to find any SSL certificate by SNI" when in dashboard SNI exists
Posted by "MirtoBusico (via GitHub)" <gi...@apache.org>.
MirtoBusico commented on issue #9518:
URL: https://github.com/apache/apisix/issues/9518#issuecomment-1642600392
> @MirtoBusico, are you using the dashboard to manage SNIs? If yes, please give this a shot with the API, the dashboard is not maintained actively and it has compatibility issues with APISIX.
Hi @shreemaan-abhishek it makes me sad that the dashboard is no more maintained.
When I had to select an Api Gateway (that was open source) my choice was Apisix because it was the only Api Gateway with a dashboard included in the open source version.
What are your plans for a tool to manage and change in realtime apisix configurations?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] MirtoBusico commented on issue #9518: help request: Error: "failed to find any SSL certificate by SNI" when in dashboard SNI exists
Posted by "MirtoBusico (via GitHub)" <gi...@apache.org>.
MirtoBusico commented on issue #9518:
URL: https://github.com/apache/apisix/issues/9518#issuecomment-1557641708
Mybe it is related to the #8663 bug (that is marked as closed)?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] shreemaan-abhishek commented on issue #9518: help request: Error: "failed to find any SSL certificate by SNI" when in dashboard SNI exists
Posted by "shreemaan-abhishek (via GitHub)" <gi...@apache.org>.
shreemaan-abhishek commented on issue #9518:
URL: https://github.com/apache/apisix/issues/9518#issuecomment-1643079232
You can refer the mTLS documentation if you need any help: https://apisix.apache.org/docs/apisix/mtls/
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] MirtoBusico commented on issue #9518: help request: Error: "failed to find any SSL certificate by SNI" when in dashboard SNI exists
Posted by "MirtoBusico (via GitHub)" <gi...@apache.org>.
MirtoBusico commented on issue #9518:
URL: https://github.com/apache/apisix/issues/9518#issuecomment-1643242956
Thanks @shreemaan-abhishek I'll try to learn how to manage Apisix using the Admin API and I'll verify if the bug exists (probably not).
In the meantime I think you can close this request, because (if the bug still exist) I'll have to file a request for the Admin API
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] MirtoBusico closed issue #9518: help request: Error: "failed to find any SSL certificate by SNI" when in dashboard SNI exists
Posted by "MirtoBusico (via GitHub)" <gi...@apache.org>.
MirtoBusico closed issue #9518: help request: Error: "failed to find any SSL certificate by SNI" when in dashboard SNI exists
URL: https://github.com/apache/apisix/issues/9518
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] Revolyssup commented on issue #9518: help request: Error: "failed to find any SSL certificate by SNI" when in dashboard SNI exists
Posted by "Revolyssup (via GitHub)" <gi...@apache.org>.
Revolyssup commented on issue #9518:
URL: https://github.com/apache/apisix/issues/9518#issuecomment-1652869652
> Thanks @shreemaan-abhishek I'll try to learn how to manage Apisix using the Admin API and I'll verify if the bug exists (probably not).
>
> In the meantime I think you can close this request, because (if the bug still exist) I'll have to file a request for the Admin API
@MirtoBusico You can close this issue in that case.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org