0 votes

Problem: HttpClient connects to host and just freezes / keeps trying to connect to host; fails to connect / can't connect to host via HTTPS with certificate, did before regular HTTP.

Hello, I am having some difficulty getting SSL certificates / HTTPS connection to host to work. I am using a certbot / LetsEncrypt free certificate on my ubuntu 18.04 nginx server.

I have SSL certificate set in my Project>SSL settings to the .cert file that contains the certificates from my server under /etc/ssl/certs/ca-certificates.crt on my ubuntu server.

I've tried changing the server name to contain https:// but that doesn't work either.

HTTPS works on the server, I've tested via browser.

This is how i connect to the host:

   print("Connecting to host...")
    IP.clear_cache()
    http.close()
    err = http.connect_to_host( "client.mydomain.com, 443,true,true)

    if err != OK:
        print("connection error: " + str(err))
        bOffline = true
        prompt_to_connect()
    else:
        while http.get_status() == HTTPClient.STATUS_CONNECTING or http.get_status() == HTTPClient.STATUS_RESOLVING:
            print("Connecting to host...")
            http.poll()
            tries += 1
            OS.delay_msec(10)
            if tries == 10:
                info_text("Failed to connect to server.")
                prompt_to_connect()
        print("status: " + str(http.get_status()))
        if http.get_status() != 5:
            print("response code: " + str(http.get_response_code()))
            print("Connection to host failed.")
            prompt_to_connect()
        else:
            bOffline = false
            print("Connected to host.")
`

my log as it runs through connecting
Establishing connection...
Connecting to host... # try 1
Connecting to host...
Connecting to host...
Connecting to host...
Connecting to host...
Connecting to host... #...last try
status: 4 # failed.
response code: 0
Connection to host failed.

Am I supposed to do something else the .crt file? I just copied the certificates file and used that as my godot's SSL, is this correct? Thanks guys for the help.

asked Nov 9, 2018 in Engine by hughes1992 (18 points)
edited Nov 9, 2018 by hughes1992

2 Answers

0 votes

The crt file is for your server alone - it's will hand out the parts clients need it self.

The clients will choose to trust the certificate base on their chain of trust/root CA, given that letsencrypt is crosssigned by idenTrust both your os and browser should trust it.

I don't know the exact details but I imagine that godot will pull the OS certificates chain and use that.

One thing that I imdiately notice is that you only wait 10ms between each retry - try bumping that to 25 or 50 and see if it makes a difference.
Even a simple page such a google.com served by one of the world most optimized servers needs 116ms for the client to get the first byte ( TTFB in the chrome network inspecter if your interested ) your own server is properly going to be just tad slower :)

answered Nov 9, 2018 by guppy42 (364 points)

I don't know the exact details but I imagine that godot will pull the OS certificates chain and use that.

Godot does not currently support using the OS-provided certificate store. However, starting from Godot 3.1, a SSL certificate bundle will be included in export templates which will make HTTPS requests work out of the box.

So what's the point of the SSL cert in the project files now? Do i just leave it blank now since the SSL certificate bundle is now here?

Update: I removed the .crt file from my SSL Project settings and changed the delay from 10 ms to 50 ms, still can't connect.

Another Update ( sorry for multiple comments, I really want to get this fixed)

Connecting to google.com with HTTPS gives this error

Cause: unable to get local issuer certificate

Here is a few things to try
try adding letsencrypts root certificate;
https://letsencrypt.org/certs/isrgrootx1.pem.txt

if that doesn't work that I would suggest waiting for 3.1 or using nightlies

I've been trying that, still not working. I've tried connecting to google.com and that worked, though not my server.

0 votes

Did u make sure to add .crt extension in the export filter dialog as shown here ?
This is needed to embed the certificate in the executable.

answered Nov 10, 2018 by GameVisitor (814 points)

Yes, that I have that as shown.

Welcome to Godot Engine Q&A, where you can ask questions and receive answers from other members of the community.

Please make sure to read How to use this Q&A? before posting your first questions.