I use AutoSTL like this docs https://echo.labstack.com/cookbook/auto-tls, but it doesn't work as my expectation. If I change the func startTLS() to below ,it works.
func (e *Echo) startTLS(address string) error {
s := e.TLSServer
s.Addr = address
if !e.DisableHTTP2 {
s.TLSConfig.NextProtos = append(s.TLSConfig.NextProtos, "h2")
}
s.TLSConfig.NextProtos = append(s.TLSConfig.NextProtos, acme.ALPNProto)
return e.StartServer(e.TLSServer)
}
Print in browser:
Welcome to Echo!
TLS certificates automatically installed from Let's Encrypt :)
When I use my code like docs https://echo.labstack.com/cookbook/auto-tls, it logs below:
echo: http: TLS handshake error from 27.224.146.107:20889: acme/autocert: unable to authorize "mydomain.cn"; challenge "tls-alpn-01" failed with error: acme: authorization error for mydomain.cn: 403 urn:acme:error:unauthorized: Cannot negotiate ALPN protocol "acme-tls/1" for tls-alpn-01 challenge
But if I change the func startTLS(), I can visit mydomain.cn and it print what I set.
$ dep ensure
$ CGO_ENABLED=0 go build -a -installsuffix cgo -o build/https-test main.go
$ docker-compose up -d --build
package main
func main() {
e := echo.New()
e.Pre(middleware.HTTPSRedirect())
e.AutoTLSManager.HostPolicy = autocert.HostWhitelist("mydomain.cn")
// Cache certificates
// e.AutoTLSManager.Cache = autocert.DirCache("/var/www/.cache")
e.Use(middleware.Recover())
e.Use(middleware.Logger())
e.GET("/", func(c echo.Context) error {
return c.HTML(http.StatusOK, `
<h1>Welcome to Echo!</h1>
<h3>TLS certificates automatically installed from Let's Encrypt :)</h3>
`)
})
e.Logger.Fatal(e.StartAutoTLS(":443"))
}
FROM alpine:latest
RUN mkdir -p /usr/app
WORKDIR /usr/app
RUN apk --update add ca-certificates
COPY build/https-test app
RUN mkdir -p /var/www/.cache
ENTRYPOINT [ "./app" ]
version: '3'
services:
app:
build: .
container_name: https-test
ports:
- "443:443"
CGO_ENABLED=0 go build -a -installsuffix cgo -o build/https-test main.gogo version
go version go1.10.1 linux/amd64
dep status
PROJECT CONSTRAINT VERSION REVISION LATEST PKGS USED
github.com/dgrijalva/jwt-go v3.2.0 v3.2.0 06ea103 v3.2.0 1
github.com/labstack/echo ^3.3.8 v3.3.8 c7eb8da v3.3.8 2
github.com/labstack/gommon v0.2.8 v0.2.8 7fd9f68 v0.2.8 4
github.com/mattn/go-colorable v0.0.9 v0.0.9 167de6b v0.0.9 1
github.com/mattn/go-isatty v0.0.4 v0.0.4 6ca4dbf v0.0.4 1
github.com/valyala/bytebufferpool v1.0.0 v1.0.0 e746df9 v1.0.0 1
github.com/valyala/fasttemplate branch master branch master dcecefd dcecefd 1
golang.org/x/crypto branch master branch master 3d3f9f4 eb0de9b 2
golang.org/x/sys branch master branch master 62eef0e 4ed8d59 1
The fix proposed by @wangxianzhuo worked for me also.
the proposed fix activates acme also for standard TLS. the correct way is:
// StartAutoTLS starts an HTTPS server using certificates automatically installed from https://letsencrypt.org.
func (e *Echo) StartAutoTLS(address string) error {
s := e.TLSServer
s.TLSConfig = new(tls.Config)
s.TLSConfig.GetCertificate = e.AutoTLSManager.GetCertificate
s.TLSConfig.NextProtos = append(s.TLSConfig.NextProtos, acme.ALPNProto)
return e.startTLS(address)
}
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.
I'm running into this issue as well. Can I just submit a PR for this?
Most helpful comment
the proposed fix activates acme also for standard TLS. the correct way is: