1. The problem I’m having:
I have had Caddy running in HA for a while now with no issues. Yesterday I woke up and all of my sites behind caddy2 show deceptive. This is not just an HA issue, I have plex, synology, radarr, sonarr, tdarr, frigate, overseer all behind caddy. I have looked through many docs online and even requested a review by google for my domain (still waiting to hear from them) If I continue through the deceptive piece and get to my sites, all the certs show fine, they dont expire until April 14
2. Error messages and/or full log output:
Common Name (CN) liquiduni.somename.com
Organization (O) <Not Part Of Certificate>
Organizational Unit (OU) <Not Part Of Certificate>
Common Name (CN) R3
Organization (O) Let's Encrypt
Organizational Unit (OU) <Not Part Of Certificate>
Issued On Saturday, January 14, 2023 at 9:07:45 AM
Expires On Friday, April 14, 2023 at 10:07:44 AM
s6-rc: info: service s6rc-oneshot-runner: starting
s6-rc: info: service s6rc-oneshot-runner successfully started
s6-rc: info: service base-addon-banner: starting
-----------------------------------------------------------
Add-on: Caddy 2
Open source web and proxy server with automatic HTTPS
-----------------------------------------------------------
Add-on version: 1.4.1
You are running the latest version of this add-on.
System: Home Assistant OS 9.5 (amd64 / generic-x86-64)
Home Assistant Core: 2023.3.2
Home Assistant Supervisor: 2023.03.1
-----------------------------------------------------------
Please, share the above information when looking for help
or support in, e.g., GitHub, forums or the Discord chat.
-----------------------------------------------------------
s6-rc: info: service base-addon-banner successfully started
s6-rc: info: service fix-attrs: starting
s6-rc: info: service base-addon-log-level: starting
s6-rc: info: service fix-attrs successfully started
Log level is set to DEBUG
s6-rc: info: service base-addon-log-level successfully started
s6-rc: info: service legacy-cont-init: starting
s6-rc: info: service legacy-cont-init successfully started
s6-rc: info: service caddy: starting
s6-rc: info: service caddy successfully started
s6-rc: info: service legacy-services: starting
s6-rc: info: service legacy-services successfully started
INFO: Prepare Caddy...
INFO: Use built-in Caddy
v2.6.4 h1:2hwYqiRwk1tf3VruhMpLcYTg+11fCdr8S3jhNAdnPy8=
INFO: Prepare Caddyfile...
INFO: Caddyfile found at /share/caddy/Caddyfile
INFO: Run Caddy...
DEBUG: '/usr/bin/caddy' run --config '/share/caddy/Caddyfile' ''
{"level":"info","ts":1678386807.1660428,"msg":"using provided configuration","config_file":"/share/caddy/Caddyfile","config_adapter":""}
{"level":"warn","ts":1678386807.1714633,"msg":"Caddyfile input is not formatted; run the 'caddy fmt' command to fix inconsistencies","adapter":"caddyfile","file":"/share/caddy/Caddyfile","line":2}
{"level":"info","ts":1678386807.1734118,"logger":"admin","msg":"admin endpoint started","address":"localhost:2019","enforce_origin":false,"origins":["//localhost:2019","//[::1]:2019","//127.0.0.1:2019"]}
{"level":"info","ts":1678386807.1742423,"logger":"tls.cache.maintenance","msg":"started background certificate maintenance","cache":"0xc00053ed20"}
{"level":"info","ts":1678386807.1743808,"logger":"http","msg":"server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS","server_name":"srv0","https_port":443}
{"level":"info","ts":1678386807.1744885,"logger":"http","msg":"enabling automatic HTTP->HTTPS redirects","server_name":"srv0"}
{"level":"info","ts":1678386807.175892,"logger":"http","msg":"enabling HTTP/3 listener","addr":":443"}
{"level":"info","ts":1678386807.175901,"logger":"tls","msg":"cleaning storage unit","description":"FileStorage:/ssl/caddy"}
{"level":"info","ts":1678386807.1760845,"logger":"http.log","msg":"server running","name":"srv0","protocols":["h1","h2","h3"]}
{"level":"info","ts":1678386807.1761444,"logger":"http.log","msg":"server running","name":"remaining_auto_https_redirects","protocols":["h1","h2","h3"]}
{"level":"info","ts":1678386807.1761906,"logger":"http","msg":"enabling automatic TLS certificate management","domains":["homeassistant.somename.com","search.somename.com","liquiduni.somename.com","music.somename.com","haportainer.somename.com","sonarr.somename.com","liquidxpe.somename.com","sab.somename.com","liquidrt.somename.com","transcode.somename.com","automate-myhome.com","read.somename.com","watch.somename.com","frigate.somename.com","radarr.somename.com","homeaccess.somename.com"]}
{"level":"info","ts":1678386807.184296,"logger":"tls","msg":"finished cleaning storage units"}
{"level":"info","ts":1678386807.1890695,"msg":"autosaved config (load with --resume flag)","file":"/data/caddy/autosave.json"}
{"level":"info","ts":1678386807.1890872,"msg":"serving initial configuration"}
3. Caddy version:
-----------------------------------------------------------
Add-on: Caddy 2
Open source web and proxy server with automatic HTTPS
-----------------------------------------------------------
Add-on version: 1.4.1
You are running the latest version of this add-on.
System: Home Assistant OS 9.5 (amd64 / generic-x86-64)
Home Assistant Core: 2023.3.2
Home Assistant Supervisor: 2023.03.1
-----------------------------------------------------------
4. How I installed and ran Caddy:
a. System environment:
b. Command:
PASTE OVER THIS, BETWEEN THE ``` LINES.
Please use the preview pane to ensure it looks nice.
c. Service/unit/compose file:
PASTE OVER THIS, BETWEEN THE ``` LINES.
Please use the preview pane to ensure it looks nice.
d. My complete Caddy config:
{
email someemail@gmail.com
}
# Synology
https://liquidxpe.somename.com {
reverse_proxy https://XX.XX.XX.48:5001 {
transport http {
tls_insecure_skip_verify
}
}
}
# Unifi
https://liquiduni.somename.com {
reverse_proxy https://XX.XX.XX.240:8443 {
transport http {
tls_insecure_skip_verify
}
}
}
# Edgerouter
https://liquidrt.somename.com {
reverse_proxy https://XX.XX.XX.1:8440 {
transport http {
tls_insecure_skip_verify
}
}
}
# DSM Portainer
https://dsmportainer.somename.com {
reverse_proxy https://XX.XX.XX.48:9443 {
transport http {
tls_insecure_skip_verify
}
}
}
# HA Portainer
https://haportainer.somename.com {
reverse_proxy http://XX.XX.XX.240:9000 {
transport http
}
}
# Radarr
https://radarr.somename.com {
reverse_proxy http://XX.XX.XX.48:7878 {
transport http
}
}
# Sonarr
https://sonarr.somename.com {
reverse_proxy http://XX.XX.XX.48:8989 {
transport http
}
}
# Readarr
https://read.somename.com {
reverse_proxy http://XX.XX.XX.48:8787 {
transport http
}
}
# Lidarr
https://music.somename.com {
reverse_proxy http://XX.XX.XX.48:8686 {
transport http
}
}
# SabNZBD
https://sab.somename.com {
reverse_proxy http://XX.XX.XX.48:8080 {
transport http
}
}
# automate-myhome
https://automate-myhome.com {
reverse_proxy http://XX.XX.XX.240:49153 {
transport http
}
}
# HomeAssist
https://homeaccess.somename.com {
reverse_proxy https://XX.XX.XX.220:8123 {
transport http {
tls_insecure_skip_verify
}
}
}
#Frigate
https://frigate.somename.com {
reverse_proxy http://XX.XX.XX.75:5000 {
transport http
}
}
#Search
https://search.somename.com {
reverse_proxy http://XX.XX.XX.48:5055 {
transport http
}
}
#Transcode
https://transcode.somename.com {
reverse_proxy http://XX.XX.XX.75:8265 {
transport http
}
}
#Plex
https://watch.somename.com {
reverse_proxy http://XX.XX.XX.75:32400 {
transport http
}
}