SSL error on branch deploy when using underscores in site name

[tanc]

First of all thanks for this project, it looks really great! As I'm new to it and just testing it out to see whether it suits my needs I may have missed something in the set up. I'm seeing an issue when trying to view a branch on a site. Curl tells me there is the following SSL error:

error:14094438:SSL routines:ssl3_read_bytes:tlsv1 alert internal error

Chrome reports:

ERR_SSL_PROTOCOL_ERROR

I've set up a wildcard domain which resolves fine but there appears to be something wrong at the Caddy stage.

The branch/site I'm trying to look at is: https://main.tanc_me.meli.jampony.net/

Meli is set up following the docs on a fresh Ubuntu 20.04 server with no other services running.

Looking at the docker logs I'm seeing the following errors from letsencrypt:

{"level":"debug","ts":1613740447.9163651,"logger":"tls.issuance.acme.acme_client","msg":"http request","method":"HEAD","url":"https://acme.zerossl.com/v2/DV90/newNonce","headers":{"User-Agent":["Caddy/2.3.0 CertMagic acmez (linux; amd64)"]},"status_code":200,"response_headers":{"Access-Control-Allow-Origin":["*"],"Cache-Control":["max-age=-1"],"Content-Type":["application/octet-stream"],"Date":["Fri, 19 Feb 2021 13:14:07 GMT"],"Link":["<https://acme.zerossl.com/v2/DV90>;rel=\"index\""],"Replay-Nonce":["JvuPCaUS9gPItnTHBMgpTd_5RQ4pb501yXfG18Oqr2I"],"Server":["nginx"],"Strict-Transport-Security":["max-age=15552000"]}}
{"level":"debug","ts":1613740447.9933982,"logger":"tls.issuance.acme.acme_client","msg":"http request","method":"POST","url":"https://acme.zerossl.com/v2/DV90/newOrder","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.3.0 CertMagic acmez (linux; amd64)"]},"status_code":400,"response_headers":{"Access-Control-Allow-Origin":["*"],"Cache-Control":["max-age=0, no-cache, no-store","max-age=-1"],"Content-Length":["130"],"Content-Type":["application/problem+json"],"Date":["Fri, 19 Feb 2021 13:14:07 GMT"],"Link":["<https://acme.zerossl.com/v2/DV90>;rel=\"index\""],"Replay-Nonce":["y4__AsuK_pTlWqf6NulkTUurVzs4LAo-_tSNPZpfC7c"],"Server":["nginx"]}}
{"level":"error","ts":1613740447.9936416,"logger":"tls.obtain","msg":"will retry","error":"[tanc_me.meli.jampony.net] Obtain: [tanc_me.meli.jampony.net] creating new order: request to https://acme.zerossl.com/v2/DV90/newOrder failed after 1 attempts: HTTP 400 urn:ietf:params:acme:error:rejectedIdentifier - Invalid DNS identifier [tanc_me.meli.jampony.net] (ca=https://acme.zerossl.com/v2/DV90)","attempt":1,"retrying_in":60,"elapsed":7.688670099,"max_duration":2592000}

Any ideas?

[tanc]

So it turns out that the underscore in the site name was causing the problem. Creating a new site called tanc which ended up with the domains main.tanc.meli.jampony.net and tanc.meli.jampony.net worked fine.

So maybe this is a bug report to change the regex on the site name field to stop any underscores? Or find out whether underscores are valid and report the issue upstream if they are.

[gempain]

@tanc thanks for the kind words and for the report ! It's strange that underscores aren't supported. In the meantime, you can use dashes, which are working fine as you can see here.

We'll experiment a bit with underscores and see if we need to fix the Caddy configuration or just update the site regex. Thanks so much for doing your research and updating the issues - greatly appreciated.

[gempain]

This is fixed in next and will be released in the next beta version.

[gempain]

This was released on beta. I'm closing, but feel free to comment and we'll reopen if needed.