I can put this to bed myself. The host started blocking access to port 8444 because it's used by Chia Mining. They didn't tell me this until I'd spent around 9 hours trying to debug this though. I've moved the service to another port and can confirm stunnel is working as reliably as before. Thanks !

On 22/05/2021 22:33, Alastair @ Expert Geeks via stunnel-users wrote:
Hi all,

I've been happily using stunnel for the same purpose and the same config for over year but it's suddenly stopped working. I was using it to wrap http shoutcast (port 8000) to https (port 8444). I'm using a letsencrypt cert.

config:

client = no

[shoutcast]
accept = 8444
connect = 127.0.0.1:8000
cert = /etc/letsencrypt/live/*server name*/fullchain.pem
key = /etc/letsencrypt/live/*server name*/privkey.pem

This keeps getting repeated in the log:

2021.05.22 22:18:27 LOG7[main]: Found 1 ready file descriptor(s)
2021.05.22 22:18:27 LOG7[main]: FD=4 events=0x2001 revents=0x0
2021.05.22 22:18:27 LOG7[main]: FD=9 events=0x2001 revents=0x1
2021.05.22 22:18:27 LOG7[main]: Service [shoutcast] accepted (FD=3) from *server ip*:40506
2021.05.22 22:18:27 LOG7[4]: Service [shoutcast] started
2021.05.22 22:18:27 LOG7[4]: Setting local socket options (FD=3)
2021.05.22 22:18:27 LOG7[4]: Option TCP_NODELAY set on local socket
2021.05.22 22:18:27 LOG5[4]: Service [shoutcast] accepted connection from *server ip*:40506
2021.05.22 22:18:27 LOG6[4]: Peer certificate not required
2021.05.22 22:18:27 LOG7[4]: TLS state (accept): before SSL initialization
2021.05.22 22:18:27 LOG3[4]: SSL_accept: ../ssl/record/ssl3_record.c:322: error:1408F09C:SSL routines:ssl3_get_record:http request
2021.05.22 22:18:27 LOG5[4]: Connection reset: 0 byte(s) sent to TLS, 0 byte(s) sent to socket
2021.05.22 22:18:27 LOG7[4]: Local descriptor (FD=3) closed
2021.05.22 22:18:27 LOG7[4]: Service [shoutcast] finished (0 left)

(server ip & server name removed)

Suggestions and recommendations gratefully received! Thanks.


_______________________________________________
stunnel-users mailing list -- stunnel-users@stunnel.org
To unsubscribe send an email to stunnel-users-leave@stunnel.org
--
Expert Geeks - Trust us, we've got it covered.
Tel: (0117) 2303118
Web: ExpertGeeks.co.uk
Leave a Google review