[Resolved] QUIC is not started, missing <certFile> in <listener>

Status
Not open for further replies.
#1
  1. Get LiteSpeed server from Amazon marketplace, it runs on EC2 instance
  2. Upgraded to version 5.2.1
  3. Configured to use QUIC
    1. Server->Tuning->QUIC->Enable QUIC->Yes
    2. Added new listener (port 8443) , then in SSL->Allow Quic->Yes
    3. Mapped virtual host Examples-> new listener and eneble QUIC there as well:Vitrual Host->SSL->Security&Features->Enable QUIC->yes
  4. Opened UDP port 8443 in EC2 security group
  5. Checked that it's opened: nc -ul 8443 able to receive data from another machine
  6. Restarted server via admin console
  7. Problem: netstat -lupn doesn't show that listener on this port is started
  8. In the server log I see following messages
    Code:
    2017-10-05 20:04:51.524 ERROR [config:server:listener:quic_listener] missing <certFile> in <listener>2017-10-05 20:04:51.524 WARN [config:server:listener:quic_listener] failed to create SSL context for listener *:8443, turn SSL off.
    2017-10-05 20:04:51.525 ERROR [config:vhost:Example] missing <certFile> in <vhssl>
Can you please point me on the instructions how to deploy certFile
 
Last edited by a moderator:

Jon K

Administrator
Staff member
#2
QUIC requires there to be an SSL certificate signed by a certificate authority setup before it will work.

Under the listener and vhost you will need to have the certificates setup and will need to point the vhost to the new listener.
 
#5
Thank you for pointing out to wiki.
  1. Added CA and certificate
  2. Restarted server and I can see that there is a listener on my UDP port (netstat -lu)
  3. In my chrome browser checked that QUIC is enabled (chrome://flags/). Restarted browser
  4. Started Chrome->Developer Tools to check protocol and navigated to my web site (https://host:8443/)
  5. Problem: protocol is h2 (before it was http/1.1 so some progress) , but still not quic
 

Jon K

Administrator
Staff member
#8
You can pm it to either or both of us.

If you check headers do you see a header like this: alt-svc: quic=":443"; ma=2592000; v="35,37,38,39" ?
If you type netstat -ltpun | grep litespeed do you see a LiteSpeed process listening on UDP 8443?
 
Last edited by a moderator:
#9
Yes, I see
alt-svc: quic=":8443"; ma=2592000; v="35,37,38,39"
Code:
netstat -ltpun | grep litespeed
tcp        0      0 0.0.0.0:7080            0.0.0.0:*               LISTEN      6251/litespeed (lsh
tcp        0      0 127.0.0.1:80            0.0.0.0:*               LISTEN      6251/litespeed (lsh
tcp        0      0 10.165.155.197:80       0.0.0.0:*               LISTEN      6251/litespeed (lsh
tcp        0      0 0.0.0.0:8088            0.0.0.0:*               LISTEN      6251/litespeed (lsh
tcp        0      0 0.0.0.0:8443            0.0.0.0:*               LISTEN      6251/litespeed (lsh
udp        0      0 0.0.0.0:8443            0.0.0.0:*                           6251/litespeed (lsh
 
Last edited by a moderator:

Jon K

Administrator
Staff member
#11
Solved via private message. Make sure everything is properly signed by a certificate authority and do not use any self signed certificates.
 
Status
Not open for further replies.
Top