Go autocert acme/autocert: missing server name

Question

I use library autocert in my application for generating an SSL certificate. The problem is 30% of users have a problem with my application. My current code is:

fmt.Println("Starting server on " + this.Params.Bind)
if this.Params.SSL {
    fmt.Println("SSL Enabled")
    m := autocert.Manager{
        Prompt:     autocert.AcceptTOS,
        HostPolicy: autocert.HostWhitelist(this.Params.HostsWhitelist...),
        Cache:      autocert.DirCache(this.Params.CertCache),
    }

    log.Fatal(autotls.RunWithManager(r, &m))
} else {
    r.Run(this.Params.Bind)
}

The errors are:

2018/12/03 12:37:33 http: TLS handshake error from 68.71.48.249:55885: acme/autocert: missing server name
2018/12/03 12:37:33 http: TLS handshake error from 209.213.121.223:38284: acme/autocert: missing server name
2018/12/03 12:37:33 http: TLS handshake error from 209.213.121.223:38283: acme/autocert: missing server name
2018/12/03 12:37:33 http: TLS handshake error from 68.71.48.249:55887: acme/autocert: missing server name
2018/12/03 12:37:33 http: TLS handshake error from 68.71.48.249:55888: acme/autocert: missing server name
2018/12/03 12:37:33 http: TLS handshake error from 209.237.150.145:56842: acme/autocert: missing server name

How can I fix the error with the missing server name?

Looks like your clients don't support [SNI](https://en.wikipedia.org/wiki/Server_Name_Indication). If you want to host multiple domains on the same IP:port pair, that's nothing you can fix on the server. — Peter, Dec 03 '18 at 15:29

score -1 · Answer 1 · answered Jul 28 '23 at 12:17

-1

Based on issue created on the repository https://github.com/suyashkumar/ssl-proxy/issues/45. This problem happens when your golang.org/x/crypto package is not up to date. Try updating the package and try again

answered Jul 28 '23 at 12:17

Mohammad Safakhou

170
9

score -3 · Answer 2 · edited Jul 30 '23 at 21:19

-3

Maybe my blog will help you find a difference in your code vs the code I show in my blog.

https://marcofranssen.nl/build-a-go-webserver-on-http-2-using-letsencrypt/

Furthermore, I figured out there is a much better library available to manage certificates via Let's Encrypt:

https://marcofranssen.nl/use-the-acme-dns-challenge-to-get-a-tls-certificate/

In this second blog post, I utilize https://go-acme.github.io/lego/ which is supporting more of the ACME challenges. It ships with a CLI, but it can also be used as a library in your web server. In fact, it is used in Træfik as well the Caddy web server project.

You also should not use the SNI challenge anymore as it is considered insecure. Instead use the ALPN challenge.

edited Jul 30 '23 at 21:19

Peter Mortensen

30,738
21
105
131

answered Apr 15 '20 at 07:49

Marco

4,817
5
34
75

4

This doesn't really answer the question at all. – James Mills Feb 06 '22 at 01:53
Not an accurate answer indeed, but it should at least point into a different solution direction. Especially as the SNI challenge is considered insecure, which is used in the question @james-mills. – Marco Feb 10 '22 at 15:49
The blog links are broken now (404). – Peter Mortensen Jul 30 '23 at 20:56

Go autocert acme/autocert: missing server name

2 Answers2