Automatic HTTPS redirect doesn't work with custom certificate

1. Caddy version (caddy version):

v2.5.1 h1:bAWwslD1jNeCzDa+jDCNwb8M3UJ2tPa8UZFFzPVmGKs=

2. How I run Caddy:

a. System environment:

Debian 11.

b. Command:

/usr/bin/caddy run --config /etc/caddy/caddy-config.json

c. Service/unit/compose file:

not applicable.

d. My complete Caddyfile or JSON config:

{
  "apps": {
    "http": {
      "servers": {
        "app_name_here": {
          "automatic_https": {
            "disable_certificates": true
          },
          "listen": [
            ":80",
            ":443"
          ],
          "routes": [
            {
              "handle": [
                {
                  "body": "yo bruh, this worky!",
                  "handler": "static_response"
                }
              ],
              "match": [
                {
                  "host": [
                    "domain.example.net"
                  ]
                }
              ]
            }
          ],
          "tls_connection_policies": [
            {
              "match": {
                "sni": [
                  "domain.example.net"
                ]
              }
            }
          ]
        }
      }
    },
    "tls": {
      "certificates": {
        "load_files": [
          {
            "certificate": "/etc/caddy/certificates/star.example.com.bundle",
            "key": "/etc/caddy/certificates/star.example.com.privkey"
          },
          {
            "certificate": "/etc/caddy/certificates/star.example.net.bundle",
            "key": "/etc/caddy/certificates/star.example.net.privkey"
          }
        ]
      }
    }
  }
}

3. The problem I’m having:

I expect the port 80 to redirect to 443 because I set disable_certificates to true, which should only disable automatic generation, but not the redirect.

4. Error messages and/or full log output:

2022/06/23 13:09:49.454 INFO    using provided configuration    {"config_file": "/etc/caddy/caddy-config.json", "config_adapter": ""}
2022/06/23 13:09:49.456 INFO    admin   admin endpoint started  {"address": "tcp/localhost:2019", "enforce_origin": false, "origins": ["//localhost:2019", "//[::1]:2019", "//127.0.0.1:2019"]}
2022/06/23 13:09:49.457 WARN    http    skipping automated certificate management for server because it is disabled{"server_name": "app_name_here"}
2022/06/23 13:09:49.457 INFO    http    enabling automatic HTTP->HTTPS redirects        {"server_name": "app_name_here"}
2022/06/23 13:09:49.457 INFO    autosaved config (load with --resume flag)      {"file": "/root/.config/caddy/autosave.json"}
2022/06/23 13:09:49.457 INFO    serving initial configuration
2022/06/23 13:09:49.457 INFO    tls.cache.maintenance   started background certificate maintenance      {"cache": "0xc000445260"}
2022/06/23 13:09:49.457 INFO    tls     cleaning storage unit   {"description": "FileStorage:/root/.local/share/caddy"}
2022/06/23 13:09:49.458 INFO    tls     finished cleaning storage units

5. What I already tried:

Running with automatic HTTPS via example Caddyfile, where the redirect works. Automatic HTTPS redirect doesn’t work with custom certificate


Somehow my setup only works when using automatic mode. I’d appreciate any help. What can I do besides creating a route for every HTTP → HTTPS redirection? I’d like to keep the config as minimal as possible. Automatic HTTPS redirect doesn’t work with custom certificate

Remove this from your config. If you explicitly tell Caddy to listen on port 80, then it will override any HTTP->HTTPS redirects.

Caddy will add a server which listens on port 80 automatically as part of the Automatic HTTPS functionality.

Thank you. I didn’t get this from the documentation, maybe it should be made more clear :slight_smile:

For now everything seems to be working fine, but I’m sure I’ll do a dumb mistake like this again. Thread can be closed.

Caddy is cool :slight_smile:

1 Like