iPadOS unable to connect to custom DERP "tls: bad certificate"

Tailscale version: iPadOS 1.12.3
derper version(tailscale version): 1.14.3
tailscale commit: a5b1456410a24519fc11cb49d4f43b7b7befbee4
go version: go1.17.1
Your operating system & version:
Client: iPadOS 14.7.1
DERP: ArchLinux 5.14.6-arch1-1

I use a custom DERP as stun and reply traffic, and I get the SSL cert from “ZeroSSL”.
Initially, only Windows nodes can connect to the custom DERP. When other nodes, including Linux and Android nodes, trying to connect, the log of the derper said “http: TLS handshake error from xxx.xxx.xxx.xxx:xxx remote error: tls: bad certificate”. However after I install the “ca-bundle.crt” of ZeroSSL, they all work.

However, this problem can’t be solve on iPadOS, I managed to install the CA into my iPad, but I still cannot connect, and experiencing the same error from derper “http: TLS handshake error from xxx.xxx.xxx.xxx:xxx: remote error: tls: bad certificate”

1 Like

That means the root CA for ZeroSSL is still not quite properly installed on the iPad, doesn’t it?

It sounds like zerocert’s root cert is not very widely supported, or else that you have some intermediate certs that need to be “stapled” in your http server.

Why not use letsencrypt instead?

I’ve tried LetsEncrtpt, the same error.

After change to letencrtpt, Android can’t connect, but I don’t think I should add the CA to Android…
btw I get my cert from certbot, dns chanllenge, is there any problem?

I would expect LetsEncrypt to work, though LetsEncrypt certs are blocked from some areas. China seems to block LetsEncrypt certs using some of the stronger cipher suites, for example.

Did you set up certbot on your own, or using Provision TLS certificates for your internal Tailscale services · Tailscale ?
If you’re using the cert mechanism Tailscale provides, that is probably not what you want: those certs are issued for a domain name where we’ve only set up DNS resolution inside the Tailnet. Your application needs them to work on the public Internet in order to connect to DERP.

I get the cert using certbot, DNS challenge. And I live in China.

I tried to access my DERP by the chrome in Android and Windows:
Windows Chrome shows “This is a Tailscale DERP server.”
Android Chrome shows “NET:ERR_CERT_INVALID”

Then I tried to get a cert from Aliyun, Windows trust it, Android and Linux not trust it at first, And after I install the chain.crt, Linux can work, Android Chome can show the “This is a Tailscale DERP server.”, BUT Android’s tailscale still can’t work, " tls: bad certificate" still happen on derper log. I have not tried on iPad, I guess it will not work?

Update by myself.

I SOLVED this problem.

My solution:

  1. Use https://whatsmychaincert.com/ to check the DERP with https://hostname:port, then it shows hostname:port is misconfigured. This is the chain it should be using.
  2. Follow the link and download the hostname.chain.crt, rename it to hostname.crt
  3. Replacing the old crt file with the file in step 2.
  4. Restart DERP, everything should be work fine!


  • My DERP is set behind a NAT, so I set port forwarding on my router.
  • I only have dynamic public IP address, so I use ddns.net to dynamic change the dns.
  • I can’t sign a SSL for ddns.net, so I sign another domain, and use CNAME to point to the host.ddns.net
  • Servers mentioned above is in China.

I don’t know whether my misconfiguration caused the problem or the wired network setting, but it works new

1 Like

It works!
Thank you old brother 成功了谢谢你 :two_hearts:

TLS handshake error: error:14160098:SSL routines:read_state_machine:excessive message size SSL Labs might be able to tell you what went wrong

Several users in China have reported this, I’d suggest subscribing to Derper TLS handshake error: remote error: tls: internal error · Issue #4082 · tailscale/tailscale · GitHub for updates.

As it seems like a GFW interaction, it isn’t clear what can be done about it.