Let's Encrypt / ACME #590

New Issue

adam · 2025-12-29T02:20:54+01:00

adam commented

2025-12-29 02:20:54 +01:00

Originally created by @unknown1818 on GitHub (Dec 8, 2023).

Hi,

Im trying to figure out how to configure ssl via acme.sh

acme.sh ssl generate

acme.sh --issue --dns dns_dynu -d domain.com
acme.sh --install-cert --domain domain.com \
--cert-file /home/admin/headscale/cert.pem \
--key-file /home/admin/headscale/key.pem \
--fullchain-file /home/admin/headscale/fullchain.pem

headscale config.yaml

tls_cert_path: "cert.pem"
tls_key_path: "key.pem"

but i got error when linux client try to connect

TLS handshake error from xxxx:18483: remote error: tls: bad certificate

Do i need SSL in Headscale? The Keys will be not visible in MiTM Attacks?

I found answer the SSL Chain is wrong
https://whatsmychaincert.com/

Originally created by @unknown1818 on GitHub (Dec 8, 2023). Hi, Im trying to figure out how to configure ssl via acme.sh acme.sh ssl generate ``` acme.sh --issue --dns dns_dynu -d domain.com acme.sh --install-cert --domain domain.com \ --cert-file /home/admin/headscale/cert.pem \ --key-file /home/admin/headscale/key.pem \ --fullchain-file /home/admin/headscale/fullchain.pem ``` headscale config.yaml ``` tls_cert_path: "cert.pem" tls_key_path: "key.pem" ``` but i got error when linux client try to connect `TLS handshake error from xxxx:18483: remote error: tls: bad certificate` Do i need SSL in Headscale? The Keys will be not visible in MiTM Attacks? I found answer the SSL Chain is wrong https://whatsmychaincert.com/

adam added the bug label 2025-12-29 02:20:54 +01:00

adam closed this issue

2025-12-29 02:20:54 +01:00

adam referenced this issue

2025-12-29 02:30:18 +01:00

[PR #590] [MERGED] typo #1503

Sign in to join this conversation.

Branches Tags

main

update_flake_lock_action

gh-pages

kradalby/release-v0.27.2

dependabot/go_modules/golang.org/x/crypto-0.45.0

dependabot/go_modules/github.com/opencontainers/runc-1.3.3

copilot/investigate-headscale-issue-2788

copilot/investigate-visibility-issue-2788

copilot/investigate-issue-2833

copilot/debug-issue-2846

copilot/fix-issue-2847

dependabot/go_modules/github.com/go-viper/mapstructure/v2-2.4.0

dependabot/go_modules/github.com/docker/docker-28.3.3incompatible

kradalby/cli-experiement3

doc/0.26.1

doc/0.25.1

doc/0.25.0

doc/0.24.3

doc/0.24.2

doc/0.24.1

doc/0.24.0

kradalby/build-docker-on-pr

topic/docu-versioning

topic/docker-kos

juanfont/fix-crash-node-id

juanfont/better-disclaimer

update-contributors

topic/prettier

revert-1893-add-test-stage-to-docs

add-test-stage-to-docs

remove-node-check-interval

fix-empty-prefix

fix-ephemeral-reusable

bug_report-debuginfo

autogroups

logs-to-stderr

revert-1414-topic/fix_unix_socket

rename-machine-node

port-embedded-derp-tests-v2

port-derp-tests

duplicate-word-linter

update-tailscale-1.36

warn-against-apache

ko-fi-link

more-acl-tests

fix-typo-standalone

parallel-nolint

tparallel-fix

rerouting

ssh-changelog-docs

oidc-cleanup

web-auth-flow-tests

kradalby-gh-runner

fix-proto-lint

remove-funding-links

go-1.19

enable-1.30-in-tests

0.16.x

cosmetic-changes-integration

tmp-fix-integration-docker

fix-integration-docker

configurable-update-interval

show-nodes-online

hs2021

acl-syntax-fixes

ts2021-implementation

fix-spurious-updates

unstable-integration-tests

mandatory-stun

embedded-derp

prtemplate-fix

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: starred/headscale#590