2

My app has 1:1 video calling feature and for that I set up my own turnserver. The turnserver was running perfectly till yesterday. When I try to call from app, turnserver rejects. I tried turnserver url from browser, it shows something like this, enter image description here

Immediately, I logged collidermain, it shows

root@<machine_name>:~# <timestamp> Starting collider: tls = true, port = 8443, room-server=https://<mydomain>.com
<timestamp> http: TLS handshake error from 182.160.105.186:43243: remote error: tls: unknown certificate

And this kept showing up everytime, my app try to connect with turnserver.

Thought, ssl certificates got something to do with it, replaced ssl certificates, tried re-installing collidermain, restarting google-cloud-sdk, turnserver, collidermain. Still no luck.

Got two similar questions on stakoverflow.

WebSocket open error: WebSocket error, This is not chrome bug, because I got other two turnserver running perfectly fine at the time I am writing this and server health is pretty good

Websocket open error, websocket register error This is not working too. I re-installed collider. No luck

My question is, what is the root cause of this error and how to fix it?

System spces:

  • OS: Ubuntu 20.04

  • AppRTC code running with Google-cloud-sdk, version: 330.0.0

  • Turnserver version: 4.4.3

  • Signalling server: collidermain

  • Certificate issued with let's encrypt certbot
Azad Mamun
  • 69
  • 2
  • 7
  • update: I destroyed the server and tried fresh install in another instance. Same result but it's not giving ```TLS handshake``` error this time. – Azad Mamun Oct 16 '21 at 13:00

1 Answers1

0

It's solved! Here's what happend.

I copied the certificates issued by certbot into another directory /cert/ and in turnserver.conf file, I pointed certificate path to /cert/ directory. So it worked fine for a while. Certbot certificates are valid for 3 months and it's renew automatically when validity expires. So, certbot renewed certificates and put it into /etc/letsencrypt/live/:domain_name/. turnserver.conf still pointing to outdated certificates resides in /cert/ directory. That's why when I try to join a room, turnserver using outdated certificates and shows TLS handshake error

So, I just changed certificate path from /cert/ to /etc/letsencrypt/live/:domain_name/ in turnserver.conf, it's back online! Yay!!

Azad Mamun
  • 69
  • 2
  • 7