lnd: authentication handshake failed: x509: cannot validate certificate for 127.0.0.1 because it doesn\'t contain any IP SANs"

I just learned about lightning network.

i start by this cmd

lnd --rpclisten=localhost:10001 --listen=localhost:10011 --restlisten=localhost:8001 --datadir=data --logdir=log --debuglevel=info --bitcoin.simnet --bitcoin.active --bitcoin.node=btcd --btcd.rpcuser=kek --btcd.rpcpass=kek

then

lncli --rpcserver=localhost:10001 --macaroonpath=data/chain/bitcoin/simnet/admin.macaroon create

then

lncli --rpcserver=localhost:10001 --macaroonpath=data/chain/bitcoin/simnet/admin.macaroon getinfo

It works very well with gRPC

But when i try to connect using REST and node it doesn’t work

var fs = require('fs');
var request = require('request');
var macaroon = fs.readFileSync('./data/chain/bitcoin/simnet/admin.macaroon').toString('hex');

var options = {
  url: 'https://localhost:8001/v1/getinfo',
  // Work-around for self-signed certificates.
  rejectUnauthorized: false,
  json: true,
  headers: {
    'Grpc-Metadata-macaroon': macaroon
  }
};

request.get(options, function(error, response, body) {
  console.log(body);
});

it return

{ error:
   'all SubConns are in TransientFailure, latest connection error: connection error: desc = "transport: authentication handshake failed: x509: cannot validate certificate for 127.0.0.1 because it doesn\'t contain any IP SANs"',
  code: 14,
  message:
   'all SubConns are in TransientFailure, latest connection error: connection error: desc = "transport: authentication handshake failed: x509: cannot validate certificate for 127.0.0.1 because it doesn\'t contain any IP SANs"' }

what should i do to connect using REST API . Thanks !!!

About this issue

  • Original URL
  • State: closed
  • Created 5 years ago
  • Comments: 15 (1 by maintainers)

Most upvoted comments

I’m not sure about REST is working .

We use a package called grpc-gateway that translates REST calls into gRPC calls. That’s why it says gRPC proxy started instead of REST server listening. It should work that way.

What version of lnd are you using?

Can you please try the following:

  1. Stop lnd
  2. Delete the tls.key and tls.cert file in your lnd data directory (most likely ~/.lnd/)
  3. Start lnd again, with the following extra argument: --tlsextraip 127.0.0.1
  4. Try REST again
+3
guggero on Nov 11, 2019

as soon as i can Thank you again for everything you’ve done

+1
vinhyenvodoi98 on Nov 12, 2019

You’re welcome!

Well, talking from experience, optimizing the code of a tutorial before you get it fully working is usually a bad idea. And now you know why we didn’t use the proto-loader before. If you want to update the docs/tutorial, PRs are welcome!

+1
guggero on Nov 12, 2019

Ok, I figured it out. The problem is the @grpc/proto-loader. It changes the field names from snake_case to camelCase. So you either change all fields to camel case or tell it to not change the case:

const packageDefinition = protoLoader.loadSync('./rpc.proto', {keepCase: true});
+1
guggero on Nov 12, 2019

I would be interested to know if the above steps would help. So if you ever find time to try, I’d appreciate it.

You don’t need to provide all parameters, some are optional. The node_pubkey only needs to be provided in one format, either as byte array or hex encoded. Yes, it is the identity_pubkey of the other node.

I think something like this should work for you (untested):

var otherNodePubkeyString = '03xxx'; // could also start with 02...
var channelSizeInSatoshi = 500000;
var request = { 
    node_pubkey_string: otherNodePubkeyString, 
    local_funding_amount: channelSizeInSatoshi, 
    push_sat: 0, 
    target_conf: 1, 
    private: false, 
    min_confs: 3, 
    spend_unconfirmed: false, 
  }
+1
guggero on Nov 11, 2019
Read more comments on GitHub
← taproot-assets: transaction rejected: output already spent
lnd: A LND worked very slowly and the endless repetition of log lines →