Failed to complete security handshake: tls: first record does not look like a TLS handshake

Hello Everyone,

I have followed this instruction to enable TLS for chirpstack servers

While creating the new network server from the application server web interface, I am facing the following issue

chirpstack-application-server_1 | 2022/10/28 07:30:08 http: TLS handshake error from 172.22.0.1:60586: remote error: tls: unknown certificate
chirpstack-application-server_1 | time=“2022-10-28T07:30:08.653723307Z” level=warning msg=“creating insecure network-server client” server=“chirpstack-network-server:8000”
chirpstack-network-server_1 | time=“2022-10-28T07:30:08.657156207Z” level=warning msg="[core] grpc: Server.Serve failed to complete security handshake from “172.22.0.6:51786”: tls: first record does not look like a TLS handshake"
chirpstack-application-server_1 | time=“2022-10-28T07:30:09.157306029Z” level=error msg=“finished unary call with code Unknown” ctx_id=68a13901-8922-4f33-8b04-89c97dc85bf6 error=“rpc error: code = Unknown desc = context deadline exceeded” grpc.code=Unknown grpc.method=Create grpc.service=api.NetworkServerService grpc.start_time=“2022-10-28T07:30:08Z” grpc.time_ms=505.863 peer.address=“127.0.0.1:60496” span.kind=server system=grpc

network-server configuration
[postgresql]
dsn=“postgres://chirpstack_ns:chirpstack_ns@postgresql/chirpstack_ns?sslmode=disable”

[redis]
url=“redis://redis:6379”

[network_server]
net_id=“000000”

[network_server.band]
name=“US915”

[network_server.network_settings]
enabled_uplink_channels=[0, 1, 2, 3, 4, 5, 6, 7, 64]

[network_server.gateway.backend.mqtt]
server=“tcp://mosquitto:1883”

[network_server.gateway]
ca_cert="/certs/ca/ca.pem"
ca_key="/certs/ca/ca-key.pem"
client_cert_lifetime=“8760h0m0s”

event_topic=“gateway/+/event/+”
command_topic_template=“gateway/{{ .GatewayID }}/command/{{ .CommandType }}”
qos=0

[join_server.default]
server=“https://chirpstack-application-server:8003

async=false
ca_cert="/certs/ca/ca.pem"
tls_cert="/certs/chirpstack-application-server/join-api/client/chirpstack-application-server-join-api-client.pem"
tls_key="/certs/chirpstack-application-server/join-api/client/chirpstack-application-server-join-api-client-key.pem"

[network_server.api]
bind=“0.0.0.0:8000”
ca_cert="/certs/ca/ca.pem"
tls_cert="/certs/chirpstack-network-server/api/server/chirpstack-network-server-api-server.pem"
tls_key="/certs/chirpstack-network-server/api/server/chirpstack-network-server-api-server-key.pem"

application-server configuration
[postgresql]
dsn=“postgres://chirpstack_as:chirpstack_as@postgresql/chirpstack_as?sslmode=disable”

[redis]
url=“redis://redis:6379”

[application_server.integration.mqtt]
server=“tcp://mosquitto:1883”

[application_server.integration.mqtt.client]
ca_cert="/certs/ca/ca.pem"
ca_key="/certs/ca/ca-key.pem"

[application_server.api]
public_host=“chirpstack-application-server:8001”
ca_cert="/certs/ca/ca.pem"
tls_cert="/certs/chirpstack-application-server/api/server/chirpstack-application-server-api-server.pem"
tls_key="/certs/chirpstack-application-server/api/server/chirpstack-application-server-api-server-key.pem"

[application_server.external_api]
bind=“0.0.0.0:8080”
jwt_secret=“LWXK71ys0ZqxlsxEeRvS3s4fxHKlu4PvKhYyAJQtIjw=”
tls_cert="/certs/https/app-server/app-server-cert.pem"
tls_key="/certs/https/app-server/app-server-key.pem"

[join_server]
bind=“0.0.0.0:8003”
ca_cert="/certs/ca/ca.pem"
tls_cert="/certs/chirpstack-application-server/join-api/server/chirpstack-application-server-join-api-server.pem"
tls_key="/certs/chirpstack-application-server/join-api/server/chirpstack-application-server-join-api-server-key.pem"

I am not sure what may the reason for this issue, Please help me to find the solution to fix this issue.

Many thanks in advance

Hello @brocaar
Could you please look into this issue.

Thank you

Hello All,

When I try to browse the network server URL, following is the error I am getting

chirpstack-network-server_1      | time="2022-10-30T09:47:13.716618818Z" level=warning msg="[core] grpc: Server.Serve failed to complete security handshake from \"172.26.0.1:39762\": tls: first record does not look like a TLS handshake"
chirpstack-network-server_1      | time="2022-10-30T09:47:13.726755839Z" level=warning msg="[core] grpc: Server.Serve failed to complete security handshake from \"172.26.0.1:39766\": tls: first record does not look like a TLS handshake"
chirpstack-network-server_1      | time="2022-10-30T09:47:18.754885914Z" level=warning msg="[core] grpc: Server.Serve failed to complete security handshake from \"172.26.0.1:39772\": tls: first record does not look like a TLS handshake"
chirpstack-network-server_1      | time="2022-10-30T09:47:18.756727099Z" level=warning msg="[core] grpc: Server.Serve failed to complete security handshake from \"172.26.0.1:39774\": tls: first record does not look like a TLS handshake"
chirpstack-network-server_1      | time="2022-10-30T09:47:18.769477804Z" level=warning msg="[core] grpc: Server.Serve failed to complete security handshake from \"172.26.0.1:39778\": tls: first record does not look like a TLS handshake"
chirpstack-network-server_1      | time="2022-10-30T09:47:26.059384045Z" level=warning msg="[core] grpc: Server.Serve failed to complete security handshake from \"172.26.0.1:39782\": remote error: tls: unknown certificate"
chirpstack-network-server_1      | time="2022-10-30T09:47:26.070310211Z" level=warning msg="[core] grpc: Server.Serve failed to complete security handshake from \"172.26.0.1:39786\": remote error: tls: unknown certificate"
chirpstack-network-server_1      | time="2022-10-30T09:47:26.756152932Z" level=warning msg="[core] grpc: Server.Serve failed to complete security handshake from \"172.26.0.1:39790\": remote error: tls: unknown certificate"
chirpstack-network-server_1      | time="2022-10-30T09:47:26.774725323Z" level=warning msg="[core] grpc: Server.Serve failed to complete security handshake from \"172.26.0.1:39794\": remote error: tls: unknown certificate"
chirpstack-network-server_1      | time="2022-10-30T09:47:26.789097344Z" level=warning msg="[core] grpc: Server.Serve failed to complete security handshake from \"172.26.0.1:39798\": EOF"
chirpstack-network-server_1      | time="2022-10-30T09:47:26.808947094Z" level=warning msg="[core] grpc: Server.Serve failed to complete security handshake from \"172.26.0.1:39802\": tls: client didn't provide a certificate"

Can anyone help me out to fix this issue.

Thank you.