Acme_server implementation

Help
7

I tried to add mTLS to a working http setup and when I browse (Firefox) to the local node at https://192.168.2.50 it returns

Secure Connection Failed

An error occurred during a connection to 192.168.2.50. Peer reports it experienced an internal error.

Error code: SSL_ERROR_INTERNAL_ERROR_ALERT

log is showing following:

{"level":"info","ts":1611778553.4474347,"logger":"http","msg":"enabling automatic HTTP->HTTPS redirects","server_name":"srv0"}
{"level":"info","ts":1611778553.4475944,"logger":"http","msg":"enabling strict SNI-Host matching because TLS client auth is configured","server_name":"srv0"}
{"level":"info","ts":1611778553.4514475,"msg":"autosaved config","file":"/config/caddy/autosave.json"}
{"level":"info","ts":1611778553.4514616,"msg":"serving initial configuration"}
{"level":"info","ts":1611778553.4544322,"logger":"tls.cache.maintenance","msg":"started background certificate maintenance","cache":"0xc000218e00"}
{"level":"info","ts":1611778553.4545352,"logger":"tls","msg":"cleaned up storage units"}

There are 2 nodes;

  1. Caddy on Debian (192.168.2.2) acting as ACME Server and reverse proxy for the outside world
  2. Caddy in docker on Debian (192.168.2.50) acting as ACME client and webserver for Nextcloud

1.Caddyfile

#
# ACME Server
acme.localhost {
   acme_server
}

# Reverse proxy
#
nextcloud.intranet.nl {
   reverse_proxy https://192.168.2.50
}

2.Caddyfile:

:443 {

        root    * /var/www/html
        tls robbert@intranet.nl {
           ca https://192.168.2.2/acme/local/directory
           client_auth {
              trusted_ca_cert_file /data/root.crt
              }
        }
        file_server

        php_fastcgi app:9000
        header {
                # enable HSTS
                # Strict-Transport-Security max-age=31536000;
        }

        redir /.well-known/carddav /remote.php/dav 301
        redir /.well-known/caldav /remote.php/dav 301

        # .htaccess / data / config / ... shouldn't be accessible from outside
        @forbidden {
                path    /.htaccess
                path    /data/*
                path    /config/*
                path    /db_structure
                path    /.xml
                path    /README
                path    /3rdparty/*
                path    /lib/*
                path    /templates/*
                path    /occ
                path    /console.php
        }

        respond @forbidden 404

}

So I think I am making connection with the 2nd Caddy node (Nextcloud) but there is something wrong with the generated certificate?