pritunl zero giving 502 error while uses 443 port with loadbalancer

recently we started using pritunl zero enterprise version for our internal services as extra layer of security, so there were already application load balancer listening on port 443 and configured multiple targets based on rules but when i am trying to access service its giving http 502 error, with same configuration if i use load-balancer with port 80 its not happening, i am unable to understand this behaviour.

we are using aws for certificates and load balancer also.
here is simplified configuration we have done which giving 502 error.
internal-service-dns → pritunl-zero → application-loadbalancer:443.

1 Like

Check the logs tab for errors. If the service is forwarding to an HTTPS port. It must be set to HTTPS mode and use an IP address for the internal server. If a domain is used for the internal server it must have a valid signed certificate.

so basically what i am doing is routing dns domain ( lets say subdomain.example.com ) to load balancer which is A name record so in aws *.example.com is the certificate i am suppose to attach with load balancer, but in pritunl zero it showing error in logs that you have certificate for *.example.com but not for loadbalancer-dns (for example internal-service-alb.elb.amazonaws.com), so even if i am using prot 443 with https it should check for certificate of dns rather than loadbalancer’s own certificate?
i have also tried adding dns in hostname but still getting same error.

here are logs :
domain: “subdomain.example.com

err: “http: proxy error: tls: failed to verify certificate: x509: certificate is valid for *.example.com, example.com, not xyz.elb.ap-south-1.amazonaws.com\n”
server: “https://xyz.elb.ap-south-1.amazonaws.com:443
service: “demo”

Certificate verification can be disabled by running sudo pritunl-zero set router skip_verify true

thank you, its working as expected now.