TTN Stack v3 with private certificate / Internal Server Error

I’ve tried to configure the TTN v3 stack with the official getting started guide.

I’ve been able to setup everything so the server runs, but I have an Internal Server Error after login (web console). Regarding other issues it may come from the certificate. I’m currently using a self-signed certificate that I’ve added as trusted certificate on the server running the TTNv3 containers.

After login, I have an error 500 on the following request:


The server doen’t say much more, event with TTN_LW_LOG_LEVEL=debug:

stack_1 | ERROR Request error duration=7.925911ms method=GET namespace=web remote_addr=:63544 request_id=01DTPKH4R24D122KRY81C59HK8 response_size=2434 status=500 url=/console/oauth/callback?code=MF2XI.WDLOFKWLPVSOM3XKN6P3ZCJ4YPN3W6USYBPUOGA.LGCSDZFJEHRMMHVFKMU6MYBU6RNT35ACESKNAY2DCIZ5AVI2PQIQ&state=EhDEjjOKmKUCH7d2

Multiple issues are referencing a similar problem, but none of them have been concluded in an intelligible way. It looks like most of them just abandoned to use something else than a Let’s Encrypt certificate.

My questions:

  • Is a configuration with self-signed certificate known to work?
  • Is there a way to diagnose the internal server error?

Similar issues:

It is possible to use self-signed certificates. we use them in our development environments, they are generated when you make init.

We don’t recommend using such certificates for any other purpose than development, which is also why the Getting Started guide explicitly says that it won’t explain how to do that.

In case you’re using your own private CA, you’ll need to make sure it’s not only trusted on the host, but also in the containers.

What does the frontend of the Console show about the error? Can you check with the web developer tools of your browser what the value of window.PAGE_DATA is?

Hi Hiylke,

Thanks for your answer. My certificate is not added to the trusted roots of the containers. This is probably the problem. I’ll check this and come back here. Of course this certificate is only for testing.

The frontend GUI doe only shows:

Internal Server Error
Internal Server Error
Refresh page

window.PAGE_DATA contains a generic error:pkg/errors/web:unknown error, containing a having a specific message as attribute that really helps: “Post https://domain/oauth/token: x509: certificate is valid for …, not …”.

I was not able to find this error myself. I think it should be reported in a more visible way. What I did is look the stack server log, so I think it would be a good place to unwrap these errors and show them.

There’s already work in progress on improving how errors are displayed in the frontend (for starters by taking that error in window.PAGE_DATA and displaying it).

Having every error (response body) in the server logs would explode pretty quickly. We already have support for reporting internal errors to Sentry, that would probably be sufficient for this problem