Hi all,
I have just started a new instance of OpenBalena, using the ./scripts/quickstart -c … command with a custom domain.
Everything seems to have gone through ok, no errors, although when I access https://api.mydomain.com my browser tells me it can’t establish a secure connection. More specifically:
Cannot communicate securely with peer: no common encryption algorithm(s).
Error code: SSL_ERROR_NO_CYPHER_OVERLAP
When I visit vpn.mydomain.com; s3.mydomain.com; registry.mydomain.com it accesses the pages no problem, and I get a nice shiny padlock sign that shows the Let’s encrypt certificates behind it.
I have tried compose up and compose stop from the scripts folder, rebuilt from scratch removing images and volumes before doing the quickstart script again, and tried removing the api folder from the /config/certs/ folder and redoing the quickstart, followed by a compose stop and compose up but still no change.
The api folder in the config/certs folder has a .crt, .kid and .pem file in it. Significantly less in this folder than the vpn and root folder in config/certs but nevertheless appears to have these keys.
When I try to login to OpenBalena from my local machine via the CLI, I get the following error message:
EPROTO: request to https://api.mydomain.com/login_ failed, reason: write EPROTO: request to https://api.mydomain.com/login_ failed, reason: write EPROTO 4524355008:error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure:../deps/openssl/openssl/ssl/record/rec_layer_s3.c:1536:SSL alert number 40
I have just built this server, so it is the most up to date OpenBalena and containers.
On the first compose up it runs through a whole bunch of tasks, and doesn’t appear to have any error messages. I see a generated key, I see it trying to verify the api domain and shows success, and haproxy detects certificate changes and restarts.
Any ideas?