Let's Encrypt Handshake Fails

jeremybise · August 28, 2018, 3:58pm

Hi folks,

Managed to get Drone going great without https, but in trying to get https working, I’m hitting a road block. I’m trying the Let’s Encrypt route. I think my configs are right based on the docs, but when I cURL I get this:

    curl -iv 'https://drone.thosegeeks.com'
* Rebuilt URL to: https://drone.thosegeeks.com/
*   Trying 142.93.56.170...
* Connected to drone.thosegeeks.com (142.93.56.170) port 443 (#0)
* found 148 certificates in /etc/ssl/certs/ca-certificates.crt
* found 592 certificates in /etc/ssl/certs
* ALPN, offering http/1.1
* gnutls_handshake() failed: Internal error
* Closing connection 0
curl: (35) gnutls_handshake() failed: Internal error

And in the browser, I get SSL_ERROR_INTERNAL_ERROR_ALERT

So here’s my docker-compose.yml

version: '2'

services:
  drone-server:
    image: drone/drone:0.8

    ports:
      - 80:8000
      - 443:443
      - 9000
    volumes:
      - /var/lib/drone:/var/lib/drone/
    restart: always
    environment:
      - DRONE_HOST=https://drone.thosegeeks.com
      - DRONE_LETS_ENCRYPT=true
      - DRONE_GITHUB=true
      - DRONE_GITHUB_CLIENT=(redacted)
      - DRONE_GITHUB_SECRET=(redacted)
      - DRONE_SECRET=(redacted)
      - DRONE_ADMIN=jeremybise

  drone-agent:
    image: drone/agent:0.8

    command: agent
    restart: always
    depends_on:
      - drone-server
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
    environment:
      - DRONE_SERVER=drone-server:9000
      - DRONE_SECRET=(redacted)

UFW shows 443 and 80 open.

I have https:// in the URL in the Github OAuth app.

I’m not behind a Apache or NGINX.

What in the world is this handshake error and does it haunt me?

Many thanks in advance for your time!

jeremybise · August 28, 2018, 4:54pm

And now it’s magically working an hour later. No, I didn’t make any DNS changes. Maybe it just takes that long to get the cert from Let’s Encrypt sometimes? My apologies for the premature post.

bradrydzewski · August 28, 2018, 5:17pm

I’m surprised it worked since when you enable lets encrypt the container listens on port 80 and not port 8000 [1] and needs to be adjusted accordingly.

services:
  drone-server:
    image: drone/drone:0.8

    ports:
+     - 80:80
+     - 443:443
      - 9000:9000
    volumes:
      - /var/lib/drone:/var/lib/drone/
    restart: always
    environment:
      - DRONE_OPEN=true
      - DRONE_HOST=${DRONE_HOST}
      - DRONE_GITHUB=true
      - DRONE_GITHUB_CLIENT=${DRONE_GITHUB_CLIENT}
      - DRONE_GITHUB_SECRET=${DRONE_GITHUB_SECRET}
      - DRONE_SECRET=${DRONE_SECRET}
+     - DRONE_LETS_ENCRYPT=true

[1] http://docs.drone.io/configure-lets-encrypt/

jeremybise · August 28, 2018, 5:29pm

Actually that’s one thing I did correct after posting…still took awhile. Idk. Thank you for replying!

bradrydzewski · August 28, 2018, 5:32pm

I did notice recently that it took a long time to issue the initial certificate when I setup a new Drone installation recently (with a new hostname). So this could definitely be what you’ve experienced.

Topic		Replies	Views
Let’s Encrypt Handshake Fails Drone Support	1	649	October 4, 2018
Drone Server docker image cannot make SSL requests Drone Support	5	624	August 5, 2020
[Solved] Let's Encrypt not working on latest? Drone Support	0	483	May 4, 2018
[solved]Let's Encrypt Certs Drone Support	0	821	January 29, 2017
Issue with Let'sEncrypt and SSL certificates in old drone-git Drone Support	7	894	December 5, 2021

Let's Encrypt Handshake Fails

Related topics