When requesting a TLS certificate via tscert for a *.ts.net hostname that does not match the local Tailscale machine name, certificate issuance fails with:
unexpected output: no delimiter
This happens when tailscaled.sock is accessible and Tailscale itself is running correctly.
The error appears to originate from tscert (around here), and was observed via Traefik’s Tailscale certificate resolver.
This prevents using tscert for reverse proxies and dynamic services where hostnames don’t map 1:1 to a Tailscale machine.
Unless I'm missing something that I couldn't find in the docs?
Original issue: traefik/traefik#9772 + traefik/traefik#10663 (comment)
When requesting a TLS certificate via tscert for a *.ts.net hostname that does not match the local Tailscale machine name, certificate issuance fails with:
This happens when
tailscaled.sockis accessible and Tailscale itself is running correctly.The error appears to originate from tscert (around here), and was observed via Traefik’s Tailscale certificate resolver.
This prevents using
tscertfor reverse proxies and dynamic services where hostnames don’t map 1:1 to a Tailscale machine.Unless I'm missing something that I couldn't find in the docs?
Original issue: traefik/traefik#9772 + traefik/traefik#10663 (comment)