Haven't been able to access Web-UI: ERR_SSL_PROTOCOL_ERROR

_m.a-x · 3 September 2024 06:43

I’ve been able to access Duplicacy via 10.10.69.6:3875. I haven’t accessed it in a while.
Recently I tried to and got the following error in the browser: ERR_SSL_PROTOCOL_ERROR.

Opened the logs.
First I noticed these Warnings that occur at Docker restart:
Failed to get the value from the keyring: keyring/dbus: Error connecting to dbus session, not registering SecretService provider: exec: “dbus-launch”: executable file not found in $PATH

Followed by: http: TLS handshake error from 10.10.10.112:60131: acme/autocert: missing server name

The first reaction was to define a name in my local DNS for the Duplicacy’s IP, I went with backup.mydomain.net. (mydomain.net for the sake of example, using my own domain).

When I attempt to log into Duplicacy now via https://backup.mydomain.net:3875 the logs show:
TLS handshake error from 10.10.10.112:59965: acme/autocert: host “backup.mydomain.net” not configured in HostWhitelist.

So I thought I had to match the hostname to “backup.mydomain.net” becasue previous hostname was just “backup”.

I renamed --hostname from “backup” to “backup.mydomain.net” and logged into the License portal to transfer the license from backup to backup.mydomain.net.

Now when I restart the container, I get 2 more warning messages:
Failed to decrypt the value from the keyring file: cipher: message authentication failed
Failed to decrypt the testing data using the password from KeyChain/Keyring: crypto/aes: invalid key size 0

I also checked the licenses.json file and the entries are for the “OLD” hostname: “backup”. hasn’t changed to bacup.mydomain.net.

I think I am making it worse. I hope that the forum members can help.

License expiration:
Wed May 17 01:00:00 UTC 2028
Docker container for UnRaid.

_m.a-x · 3 September 2024 06:57

I went ahead and altered the file settings.json by changing the
“https_domain”: “10.10.69.6”,
to
“https_domain”: “backup.mydomain.net”.

Now I am getting this in the logs:
http: TLS handshake error from 10.10.10.112:61727: acme/autocert: unable to satisfy “https://acme-v02.api.letsencrypt.org/acme/authz-v3/398706537056” for domain “backup.mydomain.net”: no viable challenge type found
http: TLS handshake error from 10.10.10.112:61730: acme/autocert: missing certificate

I’ll revert this one back and wait for assistance.

gchen · 3 September 2024 17:17

The autocert library used by Duplicacy (autocert package - golang.org/x/crypto/acme/autocert - Go Packages) supports “tls-alpn-01” or “http-01” challenge types, both of which require the web server to be reachable by let’s encrypt servers.

So it is difficult if the web server is using a local ip and can’t be visited from outside. You can create the certificate and key (backup.mydomain.net.crt and backup.mydomain.net.key) and place them under ~/.duplicacy-web. When these 2 files exist, Duplicacy won’t ask let’s encrypt servers for the certificate.

_m.a-x · 3 September 2024 18:27

Thanks for the reply, gchen.

Can you please explain what has changed that at some point I was able to access the Duplicacy site over IP, and now I cannot anymore?
I am not too concerned about the missing signed certs, I just don’t understand why I cannot access the web side at all. The connection is refused due to the protocol error.

As a side note, I’ve cleared the https_address and https_domain parameters in the settings.json file manually and restarted the container.
Then I went to http://10.10.69.6:3875 and site finally opened (!!), but greeted me with the following prompt:
Please enter the password to encrypt/decrypt the passwords/credentials stored in the configuration file.
I do have a record in my password manager saved for Duplicacy, no username, just a password. But I believe it’s for the Web portal access, not the encryption password. I don’t have any other passwords. Can you please explain what this prompt is, and will I be getting the same prompt if I manage to fix the cert issue and access the Duplicacy-Web via https?

Cheers!

gchen · 3 September 2024 19:24

It is possible that you set up the https access properly at some point but then the certificate issued by let’s crypt expired.

Did you try that password? It is probably the one that Duplicacy was asking for.

_m.a-x · 3 September 2024 20:06

I did try it, yes. No luck:
Failed to decrypt the testing data using the supplied password: cipher: message authentication failed
I normally save all the passwords. Not sure why it’s not working.

Edit: Will I be prompted to enter the same password even if I address the HTTPS issue? It would be nice to know ahead of time if it’s worth even trying to resolve the certificate issue. Alternatively I would need to reinstall Duplicacy and configure it from scratch. Which leads to another question - does this mean brand new full backup?