Tls: no cipher suite supported by both client and server

Magnet · May 9, 2023, 10:43pm

I get a TLS error when attempting to set Let's Encrypt per website instructions.
How do I fix this problem?

bluepuma77 · May 10, 2023, 5:20am

Share your Traefik static and dynamic config, and docker-compose.yml when used.

Magnet · May 10, 2023, 4:16pm

Thanks for the reply.
I just followed the doc example. My docker-compose.yaml is shown below.
Do I need additional files and what would they look like?

After further error review...

TLS handshake error from 95.216.188.234:49998: tls: client requested unsupported application protocols ([hq h2c spdy/3 spdy/2 spdy/1 http/1.0 http/0.9])

version: "3.3"

services:

  traefik:
    image: "traefik:v2.10"
    container_name: "traefik"
    command:
      - "--log.level=DEBUG"
      - "--api.insecure=true"
      - "--providers.docker=true"
      - "--providers.docker.exposedbydefault=false"
      - "--entrypoints.web.address=:80"
      - "--entrypoints.websecure.address=:443"
      - "--certificatesresolvers.myresolver.acme.httpchallenge=true"
      - "--certificatesresolvers.myresolver.acme.httpchallenge.entrypoint=web"
      #- "--certificatesresolvers.myresolver.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory"
      - "--certificatesresolvers.myresolver.acme.email=davidh@MyDomain.com"
      - "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json"
    ports:
      - "80:80"
      - "443:443"
      - "8080:8080"
    volumes:
      - "./letsencrypt:/letsencrypt"
      - "/var/run/docker.sock:/var/run/docker.sock:ro"

  whoami:
    image: "traefik/whoami"
    container_name: "simple-service"
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.whoami.rule=Host(`whoami.MyDomain.com`)"
      - "traefik.http.routers.whoami.entrypoints=websecure"
      - "traefik.http.routers.whoami.tls.certresolver=myresolver"

bluepuma77 · May 10, 2023, 7:38pm

Config looks ok to me. Maybe enable and check Traefik dashboard.

What kind of client is trying to access the website?

Maybe compare your config to a simple Traefik example.

Magnet · May 10, 2023, 7:48pm

It is the Traefik example

bluepuma77 · May 10, 2023, 7:52pm

Maybe try tlsChallenge?

Magnet · May 10, 2023, 8:07pm

The DNS challenge will do a wild card so that is the best. I am generating the acme.json file,
does anybody what to put in the DNS txt record?

bluepuma77 · May 10, 2023, 8:27pm

DnsChallenge is more complicated, it needs to communicate with your DNS provider. There is a manual option as provider at the end of the list. But then you need to do the manual process every 2 months. Docs.

Magnet · May 10, 2023, 9:07pm

At the moment I would be good with the manual 2 month process. The link you provided states that this can be done with a CNAME record. Unfortunately it does not appear to show enough information to make the proper CNAME record. I was told by my DNS provider that I would need to create a _acme-challenge txt record. I assume the txt will be from the acme.json file unfortunately I really do not know what information to use.

Topic		Replies	Views
Traefik V2 TLS LetsEncrypt Issue with Installed Plesk Traefik v2 (latest) docker	1	1397	July 24, 2020
V2, TLS, Let's Encrypt and http --> https - SUCCESS! Traefik v2 (latest) docker	3	852	November 12, 2019
How do I use a TLS certificate within docer-compose Traefik v2 (latest) docker	3	816	January 16, 2021
TLS handshake error - unknown certificate Traefik v2 (latest) docker-swarm	6	29720	April 25, 2020
TLS Handshake Error with Let's Encrypt Certificate via DNS Challenge Traefik v2 (latest) docker , letsencrypt-acme	2	1961	July 28, 2022

Tls: no cipher suite supported by both client and server

Related Topics