Go 1.17 strict TLS APLN breaks Let's Encrypt #116

New Issue

Closed

opened 2026-01-19 18:29:01 +00:00 by michael · 2 comments

michael commented 2026-01-19 18:29:01 +00:00

Owner

Copy Link

Originally created by @BenHarris on GitHub.

More information and a fix noted here: https://github.com/traefik/traefik/issues/8376

Logs

transfer    | 2022/03/14 15:26:18 http: TLS handshake error from 18.192.36.99:37146: tls: client requested unsupported application protocols ([acme-tls/1])
transfer    | 2022/03/14 15:26:18 http: TLS handshake error from 34.221.255.206:22562: tls: client requested unsupported application protocols ([acme-tls/1])
transfer    | 2022/03/14 15:26:18 http: TLS handshake error from 18.116.86.117:55338: tls: client requested unsupported application protocols ([acme-tls/1])
transfer    | 2022/03/14 15:26:18 http: TLS handshake error from 64.78.149.164:29096: tls: client requested unsupported application protocols ([acme-tls/1])
transfer    | 2022/03/14 15:26:19 http: TLS handshake error from xx.xx.xx.xx:39743: acme/autocert: unable to satisfy "https://acme-v02.api.letsencrypt.org/acme/authz-v3/9999999999" for domain "xxxx.xxx": no viable challenge type found
transfer    | 2022/03/14 15:26:19 http: TLS handshake error from xx.xx.xx.xx:39751: acme/autocert: missing certificate

Originally created by @BenHarris on GitHub. More information and a fix noted here: https://github.com/traefik/traefik/issues/8376 Logs ``` transfer | 2022/03/14 15:26:18 http: TLS handshake error from 18.192.36.99:37146: tls: client requested unsupported application protocols ([acme-tls/1]) transfer | 2022/03/14 15:26:18 http: TLS handshake error from 34.221.255.206:22562: tls: client requested unsupported application protocols ([acme-tls/1]) transfer | 2022/03/14 15:26:18 http: TLS handshake error from 18.116.86.117:55338: tls: client requested unsupported application protocols ([acme-tls/1]) transfer | 2022/03/14 15:26:18 http: TLS handshake error from 64.78.149.164:29096: tls: client requested unsupported application protocols ([acme-tls/1]) transfer | 2022/03/14 15:26:19 http: TLS handshake error from xx.xx.xx.xx:39743: acme/autocert: unable to satisfy "https://acme-v02.api.letsencrypt.org/acme/authz-v3/9999999999" for domain "xxxx.xxx": no viable challenge type found transfer | 2022/03/14 15:26:19 http: TLS handshake error from xx.xx.xx.xx:39751: acme/autocert: missing certificate ```

michael closed this issue 2026-01-19 18:29:01 +00:00

michael commented 2026-01-19 18:29:02 +00:00

Author

Owner

Copy Link

@docweirdo commented on GitHub:

I do have the same issue, although I do not believe it has anything to do with TLS ALPN like @BenHarris suggested. The documentation of the tls package states that leaving conf.NextProtos empty just skips the ALPN step.

I suspect it has something to do with the HTTPHandler function provided by the autocert package. If it is not called and the handler not employed, the http-01 challenge cannot be processed.

@docweirdo commented on GitHub: I do have the same issue, although I do not believe it has anything to do with TLS ALPN like @BenHarris suggested. The documentation of the `tls` package states that leaving `conf.NextProtos` empty just skips the ALPN step. I suspect it has something to do with the `HTTPHandler` function provided by the autocert package. If it is not called and the [handler not employed](https://pkg.go.dev/golang.org/x/crypto/acme/autocert#Manager.HTTPHandler), the http-01 challenge cannot be processed.

michael commented 2026-01-19 18:29:02 +00:00

Author

Owner

Copy Link

@paolafrancesca commented on GitHub:

fixed by #474

@paolafrancesca commented on GitHub: fixed by #474

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

main

dependabot/go_modules/golang.org/x/crypto-0.45.0

dependabot/go_modules/golang.org/x/net-0.38.0

revert-646-main

dependabot/go_modules/golang.org/x/oauth2-0.27.0

check-ci-20241026

aspacca-patch-1

seed-rand

fix-basic-auth

fix-header-map-change-after-writeheader-call

issue-503

issue-487

gpg-encryption-support

lint-accept-range

bump-min-go-version-and-include-tip

accept-range

local-google-fonts

parallel-range-requests

issue-485

sb/storj-bump

fix-perform-clamav-prescan

revert-389-clamav-prescan

clamav-prescan

changes-in-front-end

ISSUE-440

revert-422-main

master

golint

ISSUE-398

multiple-fixes

ISSUE-382-take2

ISSUE-382

fix-workflows

fixes-20210521

ISSUE-371

ISSUE-38-WEB

ISSUE-313

ISSUE-296

fuzz

BINARY-RELEASES

ISSUE-256

v1.6.1

v1.6.0

v1.5.0

v1.4.0

v1.3.1

v1.3.0

v1.2.6

v1.2.4

v1.2.3

v1.2.2

v1.2.1

v1.2.0

v1.1.7

v1.1.6

v1.1.5

v1.1.4

v1.1.3

v1.1.2

v1.1.1

v1.1.0

v1.0.0

Labels

Clear labels

bug

docker

enhancement

hacktoberfest

help wanted

invalid

question

storage provider

No Label

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

michael

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: dutchcoders/transfer.sh#116