Handshake error #2739

Moved from github issue

What happened:
Could not login with GitHub credentials. See the following error in logs:

2019/05/24 22:57:22 http: TLS handshake error from 98.213.49.79:52614: remote error: tls: unknown certificate

I assume you need a public certificate for this to work properly. Opening issue to confirm. I can login using a “local” account.
What you expected to happen:
Expected to login successfull.
How to reproduce it (as minimally and precisely as possible):

Environment:

  • Teleport version (use teleport version):
    Teleport v3.2.4 git:v3.2.4-0-g339827c-dirty go1.9.7-g.1

  • Tsh version (use tsh version):

  • OS (e.g. from /etc/os-release):
    Linux 4.14.114-105.126.amzn2.x86_64 #1 SMP x86_64 x86_64 x86_64 GNU/Linux

Browser environment

  • Browser Version (for UI-related issues):
  • Install tools:
  • Others:

Relevant Debug Logs If Applicable

  • tsh --debug
  • teleport --debug
May 24 22:57:22 ip-192-168-10-170.ec2.internal teleport[30241]: 2019/05/24 22:57:22 http: TLS handshake error from 98.213.49.79:52616: remote error: tls: unknown certificate
May 24 22:57:22 ip-192-168-10-170.ec2.internal teleport[30241]: 2019/05/24 22:57:22 http: TLS handshake error from 98.213.49.79:52615: remote error: tls: unknown certificate
May 24 22:57:22 ip-192-168-10-170.ec2.internal teleport[30241]: 2019/05/24 22:57:22 http: TLS handshake error from 98.213.49.79:52613: remote error: tls: unknown certificate
May 24 22:57:22 ip-192-168-10-170.ec2.internal teleport[30241]: WARN             http: named cookie not present request:GET /web/newuser/9003bc4164df7769945fb74d9cf972eb web/apiserver.go:1966
May 24 22:57:22 ip-192-168-10-170.ec2.internal teleport[30241]: 2019/05/24 22:57:22 http: TLS handshake error from 98.213.49.79:52611: remote error: tls: unknown certificate
~

tls bad certificate errors are most likely due to external health checkers hitting from the load balancer and generating noise. What actual error are you getting on the server? Also, could you please move your question to the https://community.gravitational.com forum?