-
Notifications
You must be signed in to change notification settings - Fork 8.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
SSL setup fails with: CONNECT_CR_SRVR_HELLO:wrong version number #3556
Comments
That means you are sending TCP content (HTTPS) to an HTTP port. Are you using an ELB? Please check the port mappings |
Holy moly, I'm so sorry for this. And thanks a lot for the pointer! Turns out the container configuration for the ingress controller had two ports: |
That is not valid for https request (actually a request with SNI). You need to run something like:
Using the host header in TLS connections is not going to fulfill that requirement |
Hah, you were too quick for me. I realised my mistake in writing that second comment, and deleted it. Anyway, thanks for the heads up! |
Could you elaborate a bit more? What exactly do you mean and what would you suggest to solve this issue? Is the problem in the ingress, load balancer or service? |
Hello, I have a similar issue but this time the traffic initiated from a pod in the same k8s cluster with ingress-nginx I am running ingress-nginx on digital ocean k8s managed cluster.
If I access this URL from out of k8s cluster it works fine. But I access from a pod in the eks cluster, It fails
Is there any config/parameter to allow this HTTPS termination inside k8s? well, you may ask why I don't connect to service over port 80! |
I see that this problem is related to DigitalOcean kubernetes The details are at digitalocean/DOKS#8 |
For followers I once got this message downloading a file from one computer but not another, on the same network. Hunch/suspicion: anti virus or somehow corporate something or other got in the way... |
Thanks @aledbf ! My issue happened when I used curl to communicate with vault. It turns out that my vault was disabled tls. I just redeployed the vault with tls enabled and it works perfectly now! Thanks |
NGINX Ingress controller version: 0.20.0
Kubernetes version (use
kubectl version
): 1.10.3Environment: AWS
uname -a
): Linux ip-x-y-z-a 4.4.121-k8s Basic structure #1 SMP Sun Mar 11 19:39:47 UTC 2018 x86_64 GNU/LinuxWhat happened:
Followed the ingress TLS instructions: put my wildcard certificate key and crt files in a secret, and annotated my ingress thusly:
After applying this configuration, my service fails:
Additionally, I see encrypted garbage in the logs:
What you expected to happen:
A valid HTTP response to come back.
How to reproduce it (as minimally and precisely as possible):
I can't really give you my certificate key, so I'm hoping this will help without explicit reproduction instructions.
Anything else we need to know:
I peeked at the generated Nginx config, and it looks right. I pulled down the pem-files generated by the ingress controller and copied the SSL part of the Nginx config, and ran it all in a local Nginx, and it worked as expected, so the key and certificate is alright.
The text was updated successfully, but these errors were encountered: