Can't use any certificate

[Loooooouuuuu]

Before submitting this issue, please acknowledge that you have done the following:

• I've at least skimmed through the README
• I have checked that I am running the latest version of MumbleDJ (use mumbledj --version when starting the bot or use the MumbleDJ version command in Mumble)
• I have searched through the existing issues to see if my issue has been answered already

---

What type of issue is this?

• Bug report (encountered problems with MumbleDJ)
• Feature request (request for a new functionality)
• Question
• Other:

---

Log output of bot with --debug flag (likely only for bug reports):

./mumbledj_linux_amd64
WARN[0000] A startup check discovered an issue. The service will be disabled.  error=No SoundCloud API key has been provided service=SoundCloud
WARN[0000] aria2 is not installed or is not discoverable in $PATH. The bot will still partially work, but some services will not work properly.
FATA[0000] An error occurred while connecting to the server.  error=crypto/tls: found a certificate rather than a key in the PEM for the private key

---

Description of your issue:

Hello !

Thanks for correcting the first bug report I've posted. This one is another problem, but it's probably not a bug.

Here's the config file :

# Filepath to certificate file.
# NOTE: If no certificate file is needed, set to empty string ("").
cert: "/home/perdouille/.config/mumbledj/mumbledj.crt"

# Filepath to certificate key file.
# NOTE: If no key is needed, set to empty string ("").
key: "/home/perdouille/.config/mumbledj/mumbledj.key"

It used to work perfectly with the old version of MumbleDJ

Edit: Another weird problem, not really related so I can make another issue report if you want : If I compile MumbleDJ myself, It doesn't use the config file. It does read it (If I put random things in I get warnings) but it doesn't use anything I set in it. Even if I force it with --port, --ip, ...

Any idea ?

Thanks !

[matthieugrieger]

Looks like I made a typo which likely caused this issue. Can you try out the newest release and let me know if it fixed it?

[matthieugrieger]

Also, I haven't come across the second issue you are having... If you continue to have that issue please open another issue and I'll take a look.

[Loooooouuuuu]

I don't have the same message :

error=x509: cannot validate certificate for 127.0.0.1 because it doesn't contain any IP SANs

[matthieugrieger]

Alright, I'll have to do a bit more testing on my end. I might know what the issue is.

[Loooooouuuuu]

Alright, thanks !

[matthieugrieger]

@Perdouille: Can you try out the newest release? I don't have any certs set up to test this myself. I'm hoping the change I made will fix this issue.

[Loooooouuuuu]

Still seems to be the same :/

Someone else should try with other certificate to see if the problem is not on my end

By the way, I just tried something else: Putting my server domain name in the hosts file to redirect to 127.0.0.1, and connect to it. It gives me a different message:
FATA[0000] An error occurred while connecting to the server. error=x509: certificate is valid for Murmur Autogenerated Certificate v2, not [MyDomain]

[matthieugrieger]

I'll have to investigate a little more then.

I'll reopen the issue so I don't forget.

[matthieugrieger]

Alright, so I just set up a fresh Mumble server and installed certs on it. I can confirm that the current implementation is working.

Some things to note:
1) Switch off of the autogenerated Murmur certificate by providing paths to your own certs in /etc/mumble-server.ini or /etc/murmur.ini.
2) Make sure your certs are signed correctly (LetsEncrypt provides a very easy way to do this).
3) Give MumbleDJ access to these certs and pass the filepaths to the certs in ~/.config/mumbledj/config.yaml. These certs are NOT the .p12 certs that you can generate for an individual user, but the certs for the server itself.

Hope this helps.

NOTE: If you can't seem to get the certs to work, you can always substitute a bit of security for convenience by using the --insecure flag.

[Loooooouuuuu]

I'm sorry, but I don't understand

What are the certificates for ? In the old version of MumbleDJ, I could set certificates for MumbleDJ so I could register it on the server

[matthieugrieger]

Ah, I see.

I'll have to add support for that in. I must have forgotten to include it when I was refactoring the bot...

For clarification, the connection.cert and connection.key fields in the configuration file are for verifying the connection with the server, not for logging in as a particular registered user. It verifies the connection by comparing the cert/key given to MumbleDJ with the cert that the server uses. If they don't match, the connection doesn't go through. This is to protect against man-in-the-middle attacks, and the authors of the Go TLS library recommend that you verify the certificates whenever possible.

Sorry about the confusion! I hope to have an update out soon for using .p12 certs to log the bot in to the server if it is registered.

[Loooooouuuuu]

Oh alright, thanks ! :)

[matthieugrieger]

@Perdouille: Check out the latest release for .p12 certificate support. :)

Let me know if you come across any issues.

[Loooooouuuuu]

Hey !

Sorry, I forgot to let you know that everything was working well, thanks a lot for this feature !

[matthieugrieger]

Awesome, I'm glad it works!