IDP ssl cert times out

After attempting to upgrade my tsidp instance to v0.0.9, I can't seem to obtain a valid TLS cert key.

```
2025-12-24T21:03:36.156812473-05:00 stderr F 2025/12/25 02:03:36 INFO tsidp server started server_url=https://idp.rufous-monster.ts.net
2025-12-24T21:03:39.947261696-05:00 stderr F 2025/12/25 02:03:39 AuthLoop: state is Running; done
2025-12-24T21:05:21.935547338-05:00 stderr F 2025/12/25 02:05:21 http: TLS handshake error from 100.102.24.9:33996: Get "http://local-tailscaled.sock/localapi/v0/cert/idp.rufous-monster.ts.net?type=pair&min_validity=0s": context deadline exceeded
2025-12-24T21:05:22.051449556-05:00 stderr F 2025/12/25 02:05:22 http: TLS handshake error from 100.102.24.9:42030: 500 Internal Server Error: acme.GetReg: Get "https://acme-v02.api.letsencrypt.org/directory": unexpected EOF
2025-12-24T21:05:26.977822830-05:00 stderr F 2025/12/25 02:05:26 http: TLS handshake error from 100.102.24.9:42046: Get "http://local-tailscaled.sock/localapi/v0/cert/idp.rufous-monster.ts.net?type=pair&min_validity=0s": context deadline exceeded
2025-12-24T21:05:26.980709716-05:00 stderr F 2025/12/25 02:05:26 http: TLS handshake error from 100.102.24.9:42036: Get "http://local-tailscaled.sock/localapi/v0/cert/idp.rufous-monster.ts.net?type=pair&min_validity=0s": context deadline exceeded
2025-12-24T21:13:36.157206532-05:00 stderr F 2025/12/25 02:13:36 DEBUG Cleaned up expired tokens
2025-12-24T21:18:42.617065485-05:00 stderr F 2025/12/25 02:18:42 http: TLS handshake error from 100.102.24.9:50118: Get "http://local-tailscaled.sock/localapi/v0/cert/idp.rufous-monster.ts.net?type=pair&min_validity=0s": context deadline exceeded
2025-12-24T21:18:42.619203447-05:00 stderr F 2025/12/25 02:18:42 http: TLS handshake error from 100.102.24.9:50122: Get "http://local-tailscaled.sock/localapi/v0/cert/idp.rufous-monster.ts.net?type=pair&min_validity=0s": context deadline exceeded
```

I thought it might have something to do with the container user id change, but I've verified that the `1001` user can write the state directory.

Directory Listing:
```
[idp@fresno ~]$ podman exec -ti systemd-idp sh
/app $ cd /data
/data $ ls -l
total 8
drwx------    2 app      app             34 Dec 25 01:51 certs
-rw-------    1 app      app            209 Dec 25 01:50 tailscaled.log.conf
-rw-------    1 app      app              0 Dec 25 02:32 tailscaled.log1.txt
-rw-------    1 app      app              0 Dec 25 02:33 tailscaled.log2.txt
-rw-------    1 app      app           2323 Dec 25 02:03 tailscaled.state
/data $ tree
.
├── certs
│   └── acme-account.key.pem
├── tailscaled.log.conf
├── tailscaled.log1.txt
├── tailscaled.log2.txt
└── tailscaled.state

1 directories, 5 files
```

I am running this as a quadlet with podman.

```idp.container
[Unit]
Description=TS IDP Service
After=network-online.target

[Container]
Image=ghcr.io/tailscale/tsidp:v0.0.9
# Image=ghcr.io/tailscale/tsidp:latest
AutoUpdate=registry
SecurityLabelDisable=true
Volume=idp.volume:/data
# Mount=type=bind,source=%h/data,target=/data
EnvironmentFile=%h/idp.env
Environment=TAILSCALE_USE_WIP_CODE=1
Environment=TSIDP_HOSTNAME=idp
Environment=TSIDP_STATE_DIR=/data
Environment=TS_HOSTNAME=idp
Environment=TS_STATE_DIR=/data
Environment=TSIDP_LOG=debug
Environment=TSIDP_ENABLE_STS=1
AddCapability=NET_RAW

LogDriver=json-file
LogOpt=path=%h/tsidp.log
LogOpt=max-size=12mb
# User=root:root

[Service]
Restart=always

[Install]
WantedBy=default.target
```

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

IDP ssl cert times out #141

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

IDP ssl cert times out #141

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions