Strange problem with Lets encrypt certificates

[TheQue42]

Hi,

I just stumbled onto the most strange issue with the controller. I was cleaning up among containers, updating the host, etc, and then, when starting unifi again, home assistant starting complaining on TLS errors towards unifi.

I did update my letsencrypt certs about a week (without restarting the containers), but I've backed up to old certs, removed the containers, created completely clean ones, but whatever the F*** I do, the unifi contains TLS connection, is completely effed-up.

Connecting from firefox I get "SSL_ERROR_NO_CYPHER_OVERLAP", and openssls s_client returns:

#> openssl s_client -showcerts vimes.disc-world.se:8443
CONNECTED(00000003)
140138114179520:error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure:ssl/record/rec_layer_s3.c:1544:SSL alert number 40
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 7 bytes and written 321 bytes
Verification: OK

Now, afaik, you mainly package the unifi stuff, and don't know the inner workings of the code, but since I am grasping for straws, I still want to ask if have any clue what could be going on, or have run into something similar.
If I create a brand new container, WITHOUT adding the lets encrypt certs, unifi creates its own, self signed certs, and THOSE work...????

(As a side note: The new refresh certificates, work fine for both portainer and home assistant)

[TheQue42]

I found the cause! The java code doesnt seem to like the ECDSA certs from Letsencrypt! I created new certs with --key-type RSA, and that solved it. I assume that the failure to use certs based on ECDSA public keys, is something that has to be fixed by Unifi, and cant be solved in the packaging?