Capital letters in domain names - ssl failed

[ezbik]

Hi, sure, it is not your fault, but Capital letters in domain names won't work.

Curl output:

 curl -v  https://a.caddy.tanatos.orG
* Rebuilt URL to: https://a.caddy.tanatos.orG/
*   Trying 35.231.206.108...
* Connected to a.caddy.tanatos.orG (35.231.206.108) port 443 (#0)
* found 150 certificates in /etc/ssl/certs/ca-certificates.crt
* found 614 certificates in /etc/ssl/certs
* ALPN, offering http/1.1
* SSL connection using TLS1.2 / ECDHE_RSA_AES_128_GCM_SHA256
* server certificate verification failed. CAfile: /etc/ssl/certs/ca-certificates.crt CRLfile: none
* Closing connection 0
curl: (60) server certificate verification failed. CAfile: /etc/ssl/certs/ca-certificates.crt CRLfile: none
More details here: http://curl.haxx.se/docs/sslcerts.html

Docker container output:

2019/05/11 13:11:57 [error] 24#24: *18 lua entry thread aborted: runtime error: ...sty/luajit/share/lua/5.1/resty/auto-ssl/servers/hook.lua:40: assertion failed!
stack traceback:
coroutine 0:
	[C]: in function 'assert'
	...sty/luajit/share/lua/5.1/resty/auto-ssl/servers/hook.lua:40: in function 'server'
	.../local/openresty/luajit/share/lua/5.1/resty/auto-ssl.lua:84: in function 'hook_server'
	content_by_lua(resty-http.conf:48):2: in main chunk, client: 127.0.0.1, server: , request: "POST /deploy-cert HTTP/1.1", host: "127.0.0.1:8999"
127.0.0.1 - - [11/May/2019:13:11:57 +0000] "POST /deploy-cert HTTP/1.1" 500 186 "-" "curl/7.61.1"
2019/05/11 13:11:57 [error] 24#24: *15 [lua] lets_encrypt.lua:71: issue_cert(): auto-ssl: dehydrated manual hook.sh failed: env HOOK_SECRET=2aa77d26bcb8c553c7ff0e10604bd286dcdc5a1ab8ac7d988f1c234b65075dcb HOOK_SERVER_PORT=8999 /usr/local/openresty/luajit/bin/resty-auto-ssl/letsencrypt_hooks deploy_cert a.caddy.tanatos.orG /etc/resty-auto-ssl/letsencrypt/certs/a.caddy.tanatos.orG/privkey.pem /etc/resty-auto-ssl/letsencrypt/certs/a.caddy.tanatos.orG/cert.pem /etc/resty-auto-ssl/letsencrypt/certs/a.caddy.tanatos.orG/fullchain.pem /etc/resty-auto-ssl/letsencrypt/certs/a.caddy.tanatos.orG/chain.pem 1557580317 status: 256 out: nil err: curl: (22) The requested URL returned error: 500 Internal Server Error
hook request (deploy_cert) failed
, context: ssl_certificate_by_lua*, client: 80.211.246.107, server: 0.0.0.0:443
2019/05/11 13:11:57 [error] 24#24: *15 [lua] ssl_certificate.lua:92: issue_cert(): auto-ssl: issuing new certificate failed: dehydrated failure, context: ssl_certificate_by_lua*, client: 80.211.246.107, server: 0.0.0.0:443
2019/05/11 13:11:57 [error] 24#24: *15 [lua] ssl_certificate.lua:256: auto-ssl: could not get certificate for a.caddy.tanatos.orG - using fallback - failed to get or issue certificate, context: ssl_certificate_by_lua*, client: 80.211.246.107, server: 0.0.0.0:443

Docker run :

docker run  --rm -it -p 80:80 -p 443:443  valian/docker-nginx-auto-ssl

[Valian]

Hi @ezbik. I've never encountered this problem, but once I've checked it looks like for NGINX (or at least for lua-resty-ssl) domain name is case sensitive when it comes to deciding which certificate should be used.

So you are right, I can't do anything about this :( probably you should write this issue in lua-resty-ssl repository. On the other hand, this issue seems to be the edge case, not really making any impact.