Backend SSL

After the update, anytime I attempt to connect into the official realm, I get the Backend SSL Connection Error. I have gone through every step mentioned in as well as checked and nothing has worked. I even tried doing a re-install. For a few days now flushing the DNS worked to get onto official, however, today that stopped working. Another user on the same network is able to login to the official servers with no problem. Throughout this entire thing by the way, I have been able to login to the modded realms with no problems.

console-2019-08-11-18.36.51-80767145-80ea-4e8e-ab33-35c477c69704.log (39.9 KB)

So I was able to login last night no issues, but now I am back to not being able to get on the official servers. Even with flushing the DNS and forcing to the Google public one as is advised in

When you checked did it resolve correctly with the secure notification?

Yes, the website loads with a blank white screen and a secure connection.

That’s super weird then. Do you have a VPN you can try to test a connection via that?

I only have one VPN that is specifically for work that also blocks access to most things. However, that is not running anytime I am attempting to connect to the servers. Keep in mind, this only happens when I attempt to connect to the official realm. And even then, it does not always happen. Sometimes I can connect with no issues, sometimes I have to do a DNS flush, sometimes literally nothing works.

I am having this same issue. I unfortunately have not been able to get it to work through any methods and I am currently in the process of reinstalling it.

Below are the IPs for the three servers used by PlayFab for Vermintide 2, resolves to these IP addresses (currently, PlayFab are using dynamic IPs so might change anytime):

(Note the https, and don’t click on links from strangers without validating what they are, in this case you can write nslookup in a terminal to double check the IPs ( to use Cloudflare instead of your default DNS-provider, since your default DNS could be the issue))

Do they all “work” for you?

With “work” I mean that something answers and your browser complains about a bad certificate. The certificate is per se not bad, but should be issued to * by Amazon (i.e. an AWS certificate).

Below is how it should look (Safari on OSX, and should with a grain of salt) for all of those IPs:

I.e., if it works you get a warning like above about a bad certificate (since certificates are not issued per IP but rather per hostname), and if it doesn’t work you get no answer. Below is how how Safari handles hosts which don’t answer / exist from your perspective ( as in this case):

If some of them work but some of them don’t the issue is with your ISP / your country’s view of the Internet. I know that Russia and China block some AWS IP-prefixes which can cause this kind of behaviour.

And if that is the case the only viable solution (AFAIK) is to reimplement the https stack used in Vermintide (currently using luasec/https unless I’m misinformed, which does not adhere to proper DNS usage, and use the first IP returned rather than checking all of them).

As I mentioned above, when I go to my screen loads in as a blank white page with a secure connection. I checked the certificate itself and everything shows as you have indicated. I am running Chrome on a Windows 10 PC.

I did also load up my VPN and tested the same website, everything loaded the exact same.

Sorry if I was unclear, skip the DNS-stage (i.e. writing the name), go directly to routing issues, by writing the IP-address instead. Try with the 3 IP-addresses (or just click the links directly) and see if they all work. Your browser is significantly smarter than the HTTPS module in Lua when it comes to name resolution combined with certificates, so we have to explicitly skip name resolution in the browser.

Your results could be:

  • all work (i.e. show up with * certificates but complain due to IP-address and not FQDN)
  • one or two work
  • (not possible) none work (i.e. shows “no route to host”, “can’t open page” or similar)
1 Like

To further elaborate on my theory; Lua https module just tries the first IP returned in the DNS request (according to my testing), and if that one fails you get an SSL-error, even though the error per se is not an SSL error (i.e. issues with SSL) but rather connection issues (such as ISP blocking AWS IP-addresses). Therefore, if the ISP only block some of the IPs it “sometimes work”, and “sometimes does not”, depending on which IP gets returned first by the recursive DNS resolver.

These issues are hard to diagnose and can be even harder to solve if the DNS implementation lies far from the implementation of the software itself.

And for avoidance of doubt, I have encountered similar issues professionally were certain regimes filter certain IP-prefixes/ranges and you have to do tunnelling or break DNS (problematic with DNSSEC) to get proper name resolution. The best solution, of course, is a proper DNS / HTTPS implementation, but many HTTPS implementations are too eager and just try the first IP associated with a FQDN rather than all IPs associated with said FQDN, and could also, as luasec https seems to do, throw SSL errors even though the error is at another layer (IP or TCP in this case depending on implementation of filtering).

I get the same message and appearance on all three IP addresses listed.

There goes my theory :-/
Do you still have issues?

Sometimes yes, sometimes no. I am unable to login as of right now, I did also attempt to login to the game with my work VPN active, and no luck there either. Also, I did do that nslookup and got this as the response. Annotation%202019-08-21%20083635

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.