Issues when connecting a tentacle installed on linux

We migrated to docker on linux and we wanted to manage docker through octpus but i got this error
Connection initialization failed while connecting to Halibut.Transport.Protocol.ConnectionInitializationFailedException: Unable to receive the remote identity; the identity line was empty.
—> Halibut.Transport.Protocol.ProtocolException: Unable to receive the remote identity; the identity line was empty.
at Halibut.Transport.Protocol.MessageExchangeStream.ReadRemoteIdentity()
at Halibut.Transport.Protocol.MessageExchangeStream.ExpectServerIdentity()
at Halibut.Transport.Protocol.MessageExchangeStream.IdentifyAsClient()
at Halibut.Transport.Protocol.MessageExchangeProtocol.PrepareExchangeAsClient()
— End of inner exception stack trace —
at Halibut.Transport.Protocol.MessageExchangeProtocol.PrepareExchangeAsClient()
at Halibut.Transport.Protocol.MessageExchangeProtocol.ExchangeAsClient(RequestMessage request)
at Halibut.HalibutRuntime.<>c__DisplayClass45_0.b__0(MessageExchangeProtocol protocol)
at Halibut.Transport.SecureListeningClient.ExecuteTransaction(ExchangeAction protocolHandler, CancellationToken

and the following are the logs of the tentacle

System.Security.Authentication.AuthenticationException: Authentication failed, see inner exception.
—> Interop+OpenSsl+SslException: SSL Handshake failed with OpenSSL error - SSL_ERROR_SSL.
—> Interop+Crypto+OpenSslCryptographicException: error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown
— End of inner exception stack trace —
at Interop.OpenSsl.DoSslHandshake(SafeSslHandle context, Byte[] recvBuf, Int32 recvOffset, Int32 recvCount, Byte[]& sendBuf, Int32& sendCount)
at System.Net.Security.SslStreamPal.HandshakeInternal(SafeFreeCredentials credential, SafeDeleteContext& context, ArraySegment`1 inputBuffer, Byte[]& outputBuffer, SslAuthenticationOptions sslAuthenticationOptions)
— End of inner exception stack trace —
at System.Net.Security.SslStream.StartSendAuthResetSignal(ProtocolToken message, AsyncProtocolRequest asyncRequest, ExceptionDispatchInfo exception)
at System.Net.Security.SslStream.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslStream.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslStream.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslStream.PartialFrameCallback(AsyncProtocolRequest asyncRequest)
“OctopusTentacle.txt” [readonly] 201L, 25719B

Hi @simon1,

Thanks for reaching out and welcome to the Octopus Community!

Typically we see the error Unable to receive the remote identity; the identity line was empty caused by proxies performing SSL offloading however looking at the Tentacle error also, it seems like the Server is rejecting the SSL certificate used by the Tentacle. This could be due to the certificate authority not being installed or not sharing a cipher suit that was negotiated.

Could you please expand on how your instance has been configured? Are you using a reverse proxy or other network appliance to route requests? In our Kubernetes guide, we reference a section regarding SSL certificates which outlines the recommended approach for configuring HTTPS.

Let me know if that helps narrow down the possible causes or if you have any questions at all!

Best Regards,

This topic was automatically closed 31 days after the last reply. New replies are no longer allowed.