pull down to refresh

Calling all Zeus experts. I can't seem to connect Zeus to my Start9 CLN node after the latest update. I tried all the usual solutions, including restarting the node and server. I typically make this connection through CLNRest Quick Connect. Any advice is appreciated.

Here is the error:

I am still reviewing this part - as it narrowed. I assume you're using tor + self-signed TLS certs?

reply

Correct

reply

There's definitely something changed there. I have been really nervous to update because of the switch to react-native-nitro-tor because I have a million process findings on that repo.

Are you on v13.1.1? or .0?

reply
reply
1169 sats \ 5 replies \ @optimism 26 Jun

Okay. v13.1.1 is tagged but not marked as release yet for me. That supposedly will fix this issue.

From the commit in there:

scope TLS bypass to .onion HTTPS endpoints

And from the PR @evankaloudis did to the tor dependency I mention above:

Adds a trust_invalid_certs: boolean field to HttpGetParamsHttpPostParamsHttpPutParams, and HttpDeleteParams. When true, the underlying reqwest::Client is built with .danger_accept_invalid_certs(true) so connections to endpoints with self-signed certificates succeed. Defaults to false, so existing callers are unaffected.

Perhaps Evan can advice on release timing / downgrading back to v13.0.2

reply

Damn, you are good! Thank you

reply

Maybe one thing you could try in the meantime (this is how I deal with it on my own PKI) is to import your cert into Android and trust it there. Then it should not throw. However, I do this with an actual private CA, not a self-signed thing, and mTLS, so it may be that for simple self-signed, there are issues. Maybe a stacker that uses self-signed certs on Android knows more.

reply

I don't know. If it matters, I run graphene.It's no big deal. The desktop CLN GUI wallet is fine for now

Haha thanks. I review Zeus like I review Signal because I really want to use it again (current live LN wallets are Blixt) so it is my duty to my own security to know everything, because it would touch my money, directly.

Right now it's still too unstable, but I have hope. Evan is doing an awesome job.

reply

deleted by author

I just updated to .1, and it is resolved.

reply

Awesome!

reply

You know what's strange? I didn't run into any issues with Zeus on my LND node.

reply

Hmm also connected as backend via tor+self-signed cert? Because that has exactly the same patch.

reply

Oh, I misspoke. I connect my LND node to Zeus through LNC via Lightning Terminal.

reply

Through a let's encrypt cert as recommended? Because that is a much better way to do this than with a self-signed cert (and doesn't have "invalid cert" issues because that CA is in the global trust chain.)

reply

Yes.
Edit: wait, I'm not sure. I used Let's Encrypt for something but maybe not this.

reply

Then that's why.

Release v13.1.1 · ZeusLN/zeus
#1515394

reply