I’ve just installed Mattermost 3.10 Team Edition in my local server, currently login to it using http://:8065.
I wish to encrypt all conversations in Mattermost due to security concern and I followed the instructions in here and here for the SSL installation (I’m using self-signed certificate, not using Let’s Encrypt).
Now login using https://:8065 seems working fine in my desktop app and chrome, but when I tried to login using Mattermost Classic app downloaded from AppStore, there will be error message like “Please check connection, Mattermost unreachable. If issue persist, ask administrator to check WebSocket port”.
And I login to Mattermost server side, execute “service mattermost status”, with the error message displayed:
root@mmclone bin]# service mattermost status
Redirecting to /bin/systemctl status mattermost.service
● mattermost.service - Mattermost is an open source, self-hosted Slack-alternative
Loaded: loaded (/etc/systemd/system/mattermost.service; enabled; vendor preset: disabled)
Active: active (running) since Wed 2017-08-09 15:52:30 +08; 20min ago
Main PID: 2623 (platform)
CGroup: /system.slice/mattermost.service
└─2623 /opt/mattermost/bin/platform
Aug 09 16:05:32 mmclone platform[2623]: 2017/08/09 16:05:32 http: TLS handshake error from 192.168.2.1:55792: EOF
Aug 09 16:06:25 mmclone platform[2623]: 2017/08/09 16:06:25 http: TLS handshake error from 192.168.2.1:55794: EOF
Aug 09 16:06:41 mmclone platform[2623]: 2017/08/09 16:06:41 http: TLS handshake error from 192.168.2.1:49576: EOF
Aug 09 16:07:32 mmclone platform[2623]: 2017/08/09 16:07:32 http: TLS handshake error from 192.168.2.1:49577: EOF
Aug 09 16:07:57 mmclone platform[2623]: 2017/08/09 16:07:57 http: TLS handshake error from 192.168.2.1:55797: EOF
Is there something wrong with my SSL installation? Any suggestion to fix this issue?
I’ve no issue logging in with http in all platforms (desktop app, iOS, Android)
I tried with the steps you provided earlier, but I don’t have a FQDN for nginx setup, is this causing the websocket error as well? I have the same issue in safari and iOS native apps, but it just working fine in chrome and mozilla firefox. Or is it iOS or apple tried to block the untrusted https access?
I don’t have a FQDN for my mattermost, basically I login to mattermost using http://192.168.x.x:8065, is it possible to install Letsencrypt SSL using IP or port forwarding address?
I think the current Baseline Requirements norm is not to issue certificates for private (RFC 1918-reserved) IP addresses, while certificates for public IP addresses are still permitted. However, Let’s Encrypt has decided not to issue certificates for bare IP addresses even if this would be permitted by the Baseline Requirements.
In resume they don’t do certificates for IPs.
But from your example IP it seems to be a local network, are you forwarding it to an external public IP at any point? If you are the simplest thing I can think of would be to buy the cheapest domain around, some will cost you cents and use that with Let’s Encrypt.
I have a ddns.net domain setup for my server, which is http://xxx.ddns.net:8065, which is pointing to my mattermost server, and the xxx.ddns.net is pointing to a public IP. Is it possible for Letsencrypt to setup the trusted SSL for it?
