20:24 <topiairy> hey everyone, I've just setup a new sandstorm instance using the sandcats dns and lets encrypt. I got auth and everything working except for after i load a a grain like ethpad and try to use it, there is an error connecting to "ui-f0d701691476e82acb98e1704f4871e3.sitename.sandcats.io." leading me to believe the wildcard dns isn't setup correctly,

20:24 <topiairy> however I've double checked the .conf file, added a DNS zone entry, and tested foo.sitename.sandcats.io with dig and it shows the correct ip. any idea what could cause this type of issue? server log is included in paste

20:24 <topiairy> https://justpaste.it.com/6oaomfslyf

21:22 <TimMc> topiairy: hmm, let me take a look...

21:23 <topiairy> ok thank you

21:23 <TimMc> Any chance you can share the site name? Would make debugging much easier if you're OK with it.

21:24 <topiairy> yea sure its argonauto.sandcats.io

21:24 <TimMc> It *does* sound like a wildcard DNS issue from your description.

21:25 <TimMc> Well, the wildcard DNS appears to work properly.

21:26 <topiairy> so if wildcard dns wasn't working, then would foo.argonauto.sandcats.io still load to the sandstorm error page or would it return a browser error

21:26 <topiairy> ok yea i thought so

21:26 <TimMc> Yeah, dig +short foo.argonauto.sandcats.io gives the same as without the foo.

21:27 <TimMc> And wildcard TLS seems to be working too.

21:28 <TimMc> It's routed properly, because when I visit that ui-... subdomain I get an auth error specific to Sandstorm.

21:30 <topiairy> yea  the only thing not loading is the grains with the subdomain. i checked and the subdomain ui # has a proc associated with it on the server running, all the services, like http-bridge appear up, updated the kernel and all packages. i was reading that even with https set up there are some http interconnections i was wondering if the browser

21:30 <topiairy> could be blocking it because its not https or something. also i installed docker and am not sure if that could have messed with something in the settings that i'm unaware of as i don't really use docker

21:32 <TimMc> I'm not clear on exactly where the error you're seeing is appearing. If you paste a sharing link I'd be happy to look directly.

21:33 <topiairy> https://imgur.com/a/V5l89Yc

21:34 <topiairy> ui-f0d701691476e82acb98e1704f4871e3.argonauto.sandcats.io

21:34 <topiairy> it's the frame that loads the app ui

21:35 <TimMc> OK yeah, is that iframe loading with http:// ? (Right click on it, view frame in new tab.)

21:36 <topiairy> no it appears to be https

21:36 <topiairy> https://ui-f0d701691476e82acb98e1704f4871e3.argonauto.sandcats.io/_sandstorm-init?sessionid=9d6868d3de81eaff7277ece1ba97c054b3ee6c8978443ba18bb916ca4dc140e5&path=/

21:38 <topiairy> https://argonauto.sandcats.io/shared/BFXY4xyGJHwMC392RmSankIKmY-7IRomKW6PZd8ckFP

21:38 <topiairy> thats the share link sorry i misunderstood what you meant

21:40 <TimMc> Ugh, why is the browser being so cagey about what's actually wrong...

21:41 <TimMc> HTTPS, TLSv1.3, right CN (where's the SAN? but that's not the issue), vaguely correct-looking cert...

21:45 <TimMc> OK, *without* the cookie, the URL loads. *With* the cookie, we get "Empty reply from server" from curl.

21:46 <TimMc> So the server is hanging up on the client, which makes the TLS handshake fail to complete, and that's being called "Secure Connection Failed".

21:46 <topiairy> Error while fetching an original source: unsupported protocol for sourcemap request meteor://%F0%9F%92%BBapp/app/global-imports.js

21:46 <topiairy> Source URL: meteor://%F0%9F%92%BBapp/app/global-imports.js i found this error in js debug

21:46 <topiairy> does that mean it's failing to load one of the libraries ?

21:46 <TimMc> Sourcemap is just a debugging tool, so it's probably a symptom rather than a cause.

21:47 <topiairy> oh ok

21:47 <TimMc> (browser asks the server "hey, can I get the original version of this Javascript?")

21:49 <TimMc> ...but then that server log you showed looks like "the browser hung up on us". So the stream is dying and both sides think it's the other's fault? :-/

21:49 <TimMc> Do other grain types fail the same way? I would expect so, just... you know, just in case.

21:49 <topiairy> they all do

21:50 <topiairy> same errors in logs

21:50 <topiairy> no data in the grain log though

21:50 <topiairy> only the server log

21:53 <TimMc> Well, this is definitely unfamiliar. :-/ I guess hang around in the channel and see if one of the other regulars (who know more about the Meteor side of things) has any idea.

21:53 <TimMc> There's also a mailing list.

21:58 <topiairy> ok i might try a reinstall. i was just trying to check on the grain process to confirm it's running since there is no log

22:02 <topiairy> # ps aux | grep sandstorm-grain

22:02 <topiairy> root        3522  0.0  0.1   7080  2048 pts/0    S+   21:52   0:00 grep --color=auto sandstorm-grain

22:02 <topiairy> root@ubuntu-s-1vcpu-2gb-nyc1-01:/etc/bind/zones# cat /proc/3522/status

22:02 <topiairy> cat: /proc/3522/status: No such file or directory

22:02 <topiairy> it's weird it shows up but it's not there