Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SSL Certificate generated by Hiddify is not valid #3359

Closed
amirsaam opened this issue Oct 26, 2023 · 4 comments
Closed

SSL Certificate generated by Hiddify is not valid #3359

amirsaam opened this issue Oct 26, 2023 · 4 comments

Comments

@amirsaam
Copy link

Describe the bug
SSL certificate generated by Hiddify manager is not installed correctly and doesn't let me to open my admin or even sub links are not valid any longer after this. while ssl is generated correctly checked by DNS Checker and is valid until 2033 but when I open my link or share the link via that domain it is not valid.

To Reproduce
There is no steps for reproduce, it is not something to be reproduced. I tried more than 3 sub domains and all didn't get a valid certificate installed.
I even tried to rebuild my Hiddify
Reseted the VPS
Installed Ubuntu 22
Installed Hiddify
Added my Domain while another VPN was on to let me access the panel because even default sslip.io domain didn't get a valid cert installed or even http version of IP address panel was not opening)
Updated to Develop (because my backup is from develop branch)
Restored my backup
And still no chance to access w/o VPN

Then tried to put domain behind Cloudflare proxy to use their SSL
Left Domain to be Direct
Turned on Cloudflare
Now I can access the panel w/o VPN with correct SSL
But it doesn't help me because configs are all down but only WebSocket protocol
Then I changed the main domain that I shared links to people to Sub Link Only
Added a new domain for Direct
But even that domain didn't get its SSL correctly installed
Now I have a Sub Link Only - Direct - Reality
Nothing works but only WebSocket on Sub Link Only and SSH config on Direct domain
Screenshot 1402-08-04 at 15 16 06
I even tried to manually remove certs in opt/hiddify-manager/ssl to force Hiddify to get SSL certs again when Reinstall/Apply Config actions but it didn't help again.

Expected behavior
When added a domain, Hiddify should have get a valid certificate and install it correctly to let user open sub links or the admin page or even user profiles opened by users w/o issue

Screenshots
browser and apps error:
Screenshot 1402-08-04 at 13 51 24
valid ssl check:
Screenshot 1402-08-04 at 14 55 34

Desktop (please complete the following information):

  • OS: macOS
  • Browser: Firefox - Safari - Chrome
  • Version 14

Smartphone (please complete the following information):

  • Device: iPhone and Android
  • OS: iOS 15 up to 17 - Android 11 and up
  • Browser: Chrome - Safari - Android Browser
  • Version: Mentioned above

Additional context
I mentioned this issue on Telegram and MrClock gave me warns and banned for 3 days because they think it's a Skill Issue and I am spamming.
It's not a correct way to behave with users.
@amirsaam
Copy link
Author 

[Fri Oct 27 04:10:47 +0330 2023] code='401'
[Fri Oct 27 04:10:47 +0330 2023] original='{"type":"urn:ietf:params:acme:error:unauthorized","status":401,"detail":"A requested identifier is not permitted [دامنه]"}'
[Fri Oct 27 04:10:47 +0330 2023] response='{"type":"urn:ietf:params:acme:error:unauthorized","status":401,"detail":"A requested identifier is not permitted [دامنه]"}'
[Fri Oct 27 04:10:47 +0330 2023] Le_LinkOrder
[Fri Oct 27 04:10:47 +0330 2023] Le_OrderFinalize
[Fri Oct 27 04:10:47 +0330 2023] Create new order error. Le_OrderFinalize not found. {"type":"urn:ietf:params:acme:error:unauthorized","status":401,"detail":"A requested identifier is not permitted [دامنه]"}
[Fri Oct 27 04:10:47 +0330 2023] pid
[Fri Oct 27 04:10:47 +0330 2023] No need to restore nginx, skip.
[Fri Oct 27 04:10:47 +0330 2023] _clearupdns
[Fri Oct 27 04:10:47 +0330 2023] dns_entries
[Fri Oct 27 04:10:47 +0330 2023] skip dns.
[Fri Oct 27 04:10:47 +0330 2023] _on_issue_err
[Fri Oct 27 04:10:47 +0330 2023] Please check log file for more details: /opt/hiddify-manager/acme.sh/../log/system/acme.log
[Fri Oct 27 04:10:47 +0330 2023] _chk_vlist
[Fri Oct 27 04:10:47 +0330 2023] LE_WORKING_DIR='/opt/hiddify-config/acme.sh/lib'
[Fri Oct 27 04:10:47 +0330 2023] Running cmd: installcert
[Fri Oct 27 04:10:47 +0330 2023] Using config home:/opt/hiddify-config/acme.sh/lib/data
[Fri Oct 27 04:10:47 +0330 2023] default_acme_server
[Fri Oct 27 04:10:47 +0330 2023] ACME_DIRECTORY='https://acme.zerossl.com/v2/DV90'
[Fri Oct 27 04:10:47 +0330 2023] _ACME_SERVER_HOST='acme.zerossl.com'
[Fri Oct 27 04:10:47 +0330 2023] _ACME_SERVER_PATH='v2/DV90'
[Fri Oct 27 04:10:47 +0330 2023] The domain 'دامنه' seems to have a ECC cert already, lets use ecc cert.
[Fri Oct 27 04:10:47 +0330 2023] DOMAIN_PATH='/opt/hiddify-config/acme.sh/lib/certs/دامنه_ecc'
[Fri Oct 27 04:10:47 +0330 2023] Installing key to: ../ssl/دامنه.crt.key
[Fri Oct 27 04:10:47 +0330 2023] Installing full chain to: ../ssl/دامنه.crt

@amirsaam amirsaam mentioned this issue Oct 27, 2023
Closed
@amirsaam
Copy link
Author

No answer?

@amirsaam
Copy link
Author

Ok, so I found why.
ZeroSSL is following sanctions and cannot issue a certificate for "Dot IR" domains.
Why you guys are not switching to Let's Encrypt?

@lymanjre lymanjre moved this to Todo in Hiddify Panel Jan 25, 2024
@lymanjre
Copy link
Contributor

This is issue is transformed to the project to be debugged. I close it here now.

@github-project-automation github-project-automation bot moved this from Todo to Done in Hiddify Panel Jan 25, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
Hiddify Panel
Status: Done
Milestone
No milestone
Development

No branches or pull requests
2 participants
@amirsaam @lymanjre