Can't register headscale as an alternate server

[europacafe]

Is this a support request?

• [x] This is not a support request

Is there an existing issue for this?

• [x] I have searched the existing issues

Current Behavior

Headscale 0.27.1 I've been running Headscale and tailscale clients for years on my Android phone without problems. Lately, I had to reinstall Tailscale 1.90.9 from scratch, and when I entered my https://headscale.mydomain.com as an alternate server on my Android phone, the app didn't register it. No error message.

Below are headscale log entries when I tried to add headscale server to Tailscale on Android phone.

I tried downgrading Tailscale client to 1.88.4, but it still behaves the same

Expected Behavior

When entering https://headscale.mydomain.com as an alternate server on Tailscale client app, the server should be registered so that I can proceed with adding my phone as a new node.

Steps To Reproduce

1. open Tailscale app on Android phone
2. Settings-->Account, use an alternate server
3. Enter headscale url https://headscale.mydomain.com
4. press "Add account" button

I've tried clearing app data, but it didn't help.

Environment

- OS: Android 12 SKQ1.211006.001
- Headscale version: 0.27.1
- Tailscale version: 1.90.4, 1.88.4
- Number of nodes: 18

Runtime environment

• [x] Headscale is behind a (reverse) proxy
• [x] Headscale runs in a container

Debug information

[kpalang]

I too am seeing similar behavior, although haven't yet tried downgrading headscale.

So, I'm running Headscale 0.27.1 using the official .deb package downloaded from GH Releases. I've set up my TLS config, but I have a feeling Headscale is not requesting a TLS cert as the ./cache directory mentioned in tls_letsencrypt_cache_dir: /var/lib/headscale/cache is not created.

Further debug info:

• server_url: https://tailscale.mydomain.com:443
• tls_letsencrypt_hostname: "tailscale.mydomain.com"

Nov 29 17:03:32 headscale systemd[1]: Started headscale.service - headscale coordination server for Tailscale.
Nov 29 17:03:33 headscale headscale[10423]: 2025-11-29T17:03:33Z INF Opening database database=sqlite3 path=/var/lib/headscale/db.sqlite
Nov 29 17:03:33 headscale headscale[10423]: 2025-11-29T17:03:33Z INF Starting Headscale commit=f658a8eacd4d86edc65424b50635afed46ca4b2a version=v0.27.1+dirty
Nov 29 17:03:33 headscale headscale[10423]: 2025-11-29T17:03:33Z INF Clients with a lower minimum version will be rejected minimum_version=v1.64.0
Nov 29 17:03:33 headscale headscale[10423]: 2025-11-29T17:03:33Z INF Enabling remote gRPC at 127.0.0.1:50443
Nov 29 17:03:33 headscale headscale[10423]: 2025-11-29T17:03:33Z INF listening and serving gRPC on: 127.0.0.1:50443
Nov 29 17:03:33 headscale headscale[10423]: 2025-11-29T17:03:33Z INF listening and serving HTTP on: 127.0.0.1:8080
Nov 29 17:03:33 headscale headscale[10423]: 2025-11-29T17:03:33Z INF listening and serving debug and metrics on: 127.0.0.1:9090

[nblock]

Nov 29 17:03:33 headscale headscale[10423]: 2025-11-29T17:03:33Z INF Enabling remote gRPC at 127.0.0.1:50443 Nov 29 17:03:33 headscale headscale[10423]: 2025-11-29T17:03:33Z INF listening and serving gRPC on: 127.0.0.1:50443 Nov 29 17:03:33 headscale headscale[10423]: 2025-11-29T17:03:33Z INF listening and serving HTTP on: 127.0.0.1:8080 Nov 29 17:03:33 headscale headscale[10423]: 2025-11-29T17:03:33Z INF listening and serving debug and metrics on: 127.0.0.1:9090

It seems that no client connected? Otherwise, on 0.27.x, you'd see something like Starting node registration using …. Can you successfully connect to your Headscale with a browser / curl?

[nblock]

Lately, I had to reinstall Tailscale 1.90.9 from scratch, and when I entered my https://headscale.mydomain.com as an alternate server on my Android phone, the app didn't register it. No error message.

What happens when you accept the node registration key that is printed in the logs?