Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
BTCPay Server LND Integration - Getting: Err: connection error: desc = "transport: authentication handshake failed: x509: certificate is valid for 20dd29e00e8f
See original GitHub issueExpected behavior
Issue could be similar to this one, but appears that there is an issue with the TLS cert only, so raising a new one.
Have setup lightning terminal as per this docker-compose file. LND is already running in the same docker-compose stack and its volume is mounted at lnd_bitcoin_datadir: - this is part of a standard BTCPay Server installation. I would like to intregrate into that, and eventually make a PR to make this standard in BTCPay Server after I get it working here.
After reading all the docs, I would expect this compose file to work well:
version: "3.7"
x-logging:
&default-logging
driver: journald
services:
lightning_terminal:
container_name: lightning_terminal
image: lightninglabs/lightning-terminal:v0.4.1-alpha@sha256:624376ebaf286cf7118ca271ed43fb852be4aad814c1f4f6a56634f673671a4a
#user: "1000:1000"
logging: *default-logging
restart: on-failure
stop_grace_period: 1m
ports:
- "3004:3004"
volumes:
- lightningterminaldir:/data
- lnd_bitcoin_datadir:/lnd:ro
environment:
HOME: "/data"
command:
- --insecure-httplisten=0.0.0.0:3004
- --network="mainnet"
- --lnd-mode="remote"
- --uipassword=REDACTED
- --remote.lnd.rpcserver=btcpayserver_lnd_bitcoin:10009
- --remote.lnd.macaroonpath="/lnd/admin.macaroon"
- --remote.lnd.tlscertpath="/lnd/tls.cert"
# Need 10009 for RPC connection, so this will expose port 10009 on the BTCPay LND instance
lnd_bitcoin:
expose:
- "10009"
# use docker native volumes
volumes:
lightningterminaldir:
lnd_bitcoin_datadir:
Actual behavior
Connection to LND node fails with error displaying startup info: error querying remote node : rpc error: code = Unavailable desc = connection error: desc = "transport: authentication handshake failed: x509: certificate is valid for 20dd29e00e8f, localhost, lnd_bitcoin, unix, unixpacket, bufconn, not btcpayserver_lnd_bitcoin"
It seems that the TLS cert is being read, but is invalid, and only valid for the container name itself, and not for the docker container IP address, but I am not sure, and would like help as to how to overcome this.
To reproduce
Run latest LND (my version is docker image btcpayserver/lnd:v0.12.1-beta-15s ), and try to use the above compose file to connect to it.
System information
LND is the latest one in BTCPay Server (standard latest BTCPay stack)
Debian 10
Full log:
error displaying startup info: error querying remote node : rpc error: code = Unavailable desc = connection error: desc = "transport: Error while dialing dial tcp 172.18.0.49:10009: connect: connection refused"
2021-04-30 12:45:27.472 [INF] LITD: Dialing lnd gRPC server at btcpayserver_lnd_bitcoin:10009
2021-04-30 12:45:27.481 [WRN] GRPC: grpc: addrConn.createTransport failed to connect to {btcpayserver_lnd_bitcoin:10009 <nil> 0 <nil>}. Err: connection error: desc = "transport: authentication handshake failed: x509: certificate is valid for 20dd29e00e8f, localhost, lnd_bitcoin, unix, unixpacket, bufconn, not btcpayserver_lnd_bitcoin". Reconnecting...
2021-04-30 12:45:27.709 [INF] LITD: Listening for http_tls on: 127.0.0.1:8443
2021-04-30 12:45:27.709 [INF] LITD: Listening for http on: [::]:3004
error displaying startup info: error querying remote node : rpc error: code = Unavailable desc = connection error: desc = "transport: authentication handshake failed: x509: certificate is valid for 20dd29e00e8f, localhost, lnd_bitcoin, unix, unixpacket, bufconn, not btcpayserver_lnd_bitcoin"
2021-04-30 12:45:27.713 [WRN] GRPC: grpc: addrConn.createTransport failed to connect to {btcpayserver_lnd_bitcoin:10009 <nil> 0 <nil>}. Err: connection error: desc = "transport: authentication handshake failed: x509: certificate is valid for 20dd29e00e8f, localhost, lnd_bitcoin, unix, unixpacket, bufconn, not btcpayserver_lnd_bitcoin". Reconnecting...
2021-04-30 12:45:27.713 [INF] SGNL: Received shutdown request.
2021-04-30 12:45:27.713 [INF] SGNL: Shutting down...
2021-04-30 12:45:27.713 [INF] SGNL: Gracefully shutting down.
Issue Analytics
- State:
- Created 2 years ago
- Comments:7 (2 by maintainers)
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
You need to add the following flag to
lndand re-create the TLS key/cert:--tlsextradomain=btcpayserver_lnd_bitcoin. If you have a config file only, add it there astlsextradomain=btcpayserver_lnd_bitcoin.To re-create the TLS key/cert, either delete the
tls.keyandtls.certfiles oflndmanually and restart or use--tlsautorefresh(tlsautorefresh=truein the config file) in combination with the extra domain param.Ah, it all worked now, I had an error in my yml file.
So, will close this issue (thank you for your help @guggero !!), but for anyone else wanting lightning terminal on their BTCPay instance, here is my full docker-compose.yml file for the custom fragment.
I’ll make a PR so it is an official fragment when I have a chance.