Hi all,
I’ve deployed OpenStack using Juju and I’m currently encountering an SSL SNI (Server Name Indication) issue when accessing the Magnum API endpoint.
Issue Summary:
After deploying Magnum via Juju, accessing the Magnum API via its FQDN (e.g., https://magnum.dev.in8.com) results in SSL handshake problems. The logs indicate that the SSL configuration does not match the requested hostname.
Error Log (from /var/log/apache2/error.log inside the Magnum LXC container):
pgsql
CopyEdit
[ssl:error] [pid 625:tid 140139682592320] [client 10.2.25.97:50802] AH02032: Hostname 10.2.25.236 (default host as no SNI was provided) and hostname magnum.dev.in8.com provided via HTTP have no compatible SSL setup
Troubleshooting Steps Taken:
- I attempted to remove and re-add the Vault relation to regenerate the SSL certificates:
bash
CopyEdit
juju remove-relation magnum:certificates vault:certificates
juju add-relation magnum:certificates vault:certificates
- SSL certificates appeared to be re-issued successfully, but the issue persists when accessing the endpoint.
- The FQDN resolves correctly, and the Vault unit appears healthy.
Environment Details:
- Deployment: Juju with Charmed OpenStack
- Magnum charm: stable channel
- SSL backend: Vault
- Network: LXD containers bridged via Fan networking
- Domain used:
*.dev.in8.com
Questions:
- Has anyone faced a similar SSL SNI mismatch issue with Magnum or other OpenStack APIs in a Juju-deployed environment?
- Is there a correct way to verify if SNI and Apache virtual host configs are properly aligned after re-issuing certificates via Vault?
- Could this be a limitation of Apache’s default behavior when no SNI is presented?
- Should I manually adjust
magnum.conf, Apache vhost, or re-trigger certificate updates somehow?
Any help or suggestions would be greatly appreciated!
Thanks in advance!