Caddy cannot serve HTTPS. HELP

1. The problem I’m having:

server is listening only on the HTTP port, so no automatic HTTPS will be applied to this server

2. Error messages and/or full log output:

 {"level":"warn","ts":1689265490.6836839,"logger":"http","msg":"server is listening only on the HTTP port, so no automatic HTTPS will be applied>
{"level":"info","ts":1689265490.6862156,"logger":"http","msg":"enabling HTTP/3 listener","addr":":443"}
 {"level":"info","ts":1689265490.6875458,"logger":"http.log","msg":"server running","name":"srv0","protocols":["h1","h2","h3"]}
 {"level":"info","ts":1689265490.6878133,"logger":"http.log","msg":"server running","name":"srv1","protocols":["h1","h2","h3"]}
 {"level":"info","ts":1689265490.6891966,"logger":"tls.cache.maintenance","msg":"started background certificate maintenance","cache":"0xc0002619>
{"level":"info","ts":1689265490.6895435,"logger":"tls","msg":"cleaning storage unit","description":"FileStorage:/var/lib/caddy/.local/share/cad>
 {"level":"info","ts":1689265490.6905928,"logger":"tls","msg":"finished cleaning storage units"}
 {"level":"info","ts":1689265490.6911364,"msg":"autosaved config (load with --resume flag)","file":"/var/lib/caddy/.config/caddy/autosave.json"}
Jul 13 16:24:50 localhost.localdomain systemd[1]: Started Caddy.
Jul 13 16:24:50 localhost.localdomain caddy[28293]: {"level":"info","ts":1689265490.6959107,"msg":"serving initial configuration"}

3. Caddy version:

v2.6.1 h1:EDqo59TyYWhXQnfde93Mmv4FJfYe00dO60zMiEt+pzo=

4. How I installed and ran Caddy:

Running in Ubuntu 20

a. System environment:

Ubuntu 20

b. Command:

systemctl restart caddy

c. Service/unit/compose file:

d. My complete Caddy config:


{
  order forward_proxy before file_server
}
:443, testwebsite.space:443 {
  tls xkcsss@gmail.com
  forward_proxy {
    basic_auth username pwdtest
    hide_ip
    hide_via
    probe_resistance
  }
  file_server {
    root /var/www/xkc-html
  }
}

:80 {
        # Set this path to your site's directory.
        root * /usr/share/caddy

        # Enable the static file server.
        file_server

        # Another common task is to set up a reverse proxy:
        # reverse_proxy localhost:8080

        # Or serve a PHP site through php-fpm:
        # php_fastcgi localhost:9000
}


5. Links to relevant resources:

Remove this. This is the default Caddyfile, but keeping it prevents HTTP->HTTPS redirects from working properly.

That’s a warning, not an error. It’s saying your :80 site is HTTP only, which is obvious.

Your logs are truncated, notice the > character. Please review the instructions in the help topic template, it explains how to get your full, untruncated logs.

Thanks for your reply! :grinning:

It seems that it still has not obtained the certificate, after I deleted the default configuration part of “80{}”
and this is full logs after enable debug mode:

root@localhost:~# service caddy status
● caddy.service - Caddy
     Loaded: loaded (/lib/systemd/system/caddy.service; enabled; vendor preset: enabled)
     Active: active (running) since Fri 2023-07-14 00:13:52 UTC; 13s ago
       Docs: https://caddyserver.com/docs/
   Main PID: 29922 (caddy)
      Tasks: 5 (limit: 489)
     Memory: 9.9M
     CGroup: /system.slice/caddy.service
             └─29922 /usr/bin/caddy run --environ --config /etc/caddy/Caddyfile

Jul 14 00:13:52 localhost.localdomain caddy[29922]: {"level":"info","ts":1689293632.9291348,"logger":"http.log","msg":"server running","name":"remaining_auto_https_redirects","protocols":["h1","h2","h3"]}
Jul 14 00:13:52 localhost.localdomain caddy[29922]: {"level":"info","ts":1689293632.9293563,"logger":"http","msg":"enabling HTTP/3 listener","addr":":443"}
Jul 14 00:13:52 localhost.localdomain caddy[29922]: {"level":"debug","ts":1689293632.9305685,"logger":"http","msg":"starting server loop","address":"[::]:443","tls":true,"http3":true}
Jul 14 00:13:52 localhost.localdomain caddy[29922]: {"level":"info","ts":1689293632.9307702,"logger":"http.log","msg":"server running","name":"srv0","protocols":["h1","h2","h3"]}
Jul 14 00:13:52 localhost.localdomain caddy[29922]: {"level":"info","ts":1689293632.931165,"msg":"autosaved config (load with --resume flag)","file":"/var/lib/caddy/.config/caddy/autosave.json"}
Jul 14 00:13:52 localhost.localdomain systemd[1]: Started Caddy.
Jul 14 00:13:52 localhost.localdomain caddy[29922]: {"level":"info","ts":1689293632.9358482,"msg":"serving initial configuration"}
Jul 14 00:13:52 localhost.localdomain caddy[29922]: {"level":"info","ts":1689293632.937598,"logger":"tls.cache.maintenance","msg":"started background certificate maintenance","cache":"0xc00041f9d0"}
Jul 14 00:13:52 localhost.localdomain caddy[29922]: {"level":"info","ts":1689293632.937896,"logger":"tls","msg":"cleaning storage unit","description":"FileStorage:/var/lib/caddy/.local/share/caddy"}
Jul 14 00:13:52 localhost.localdomain caddy[29922]: {"level":"info","ts":1689293632.9387236,"logger":"tls","msg":"finished cleaning storage units"}


This is my caddy config:

{
  order forward_proxy before file_server
  debug
}
:443, testwebsite.space:443 {
  tls xkcsss@gmail.com
  forward_proxy {
    basic_auth username pwdtest
    hide_ip
    hide_via
    probe_resistance
  }
  file_server {
    root /var/www/xkc-html
  }
}

i am a novice, hope to get your further professional help

I’m not seeing any problems in the logs. That’s entirely normal output.

I think the problem is your site block though. I think because you have both :443 and testwebsite.space:443, the Caddyfile adapter drops the testwebsite.space matcher because they overlap, and this causes Automatic HTTPS to not trigger because the host matcher is missing.

Remove :443 from your site block, it doesn’t make sense to use in this case. Change it to just this:

testwebsite.space {

Thank you for your continued attention! :smiley:

But it doesn’t work after I remove the “:443,” like this :

{
  order forward_proxy before file_server
  debug
}
testwebsite.space:443 {
  tls xkcsss@gmail.com
  forward_proxy {
    basic_auth username pwdtest
    hide_ip
    hide_via
    probe_resistance
  }
  file_server {
    root /var/www/xkc-html
  }
}

And restart the caddy service , i got the new logs :

● caddy.service - Caddy
     Loaded: loaded (/lib/systemd/system/caddy.service; enabled; vendor preset: enabled)
     Active: active (running) since Fri 2023-07-14 08:18:08 UTC; 2s ago
       Docs: https://caddyserver.com/docs/
   Main PID: 33613 (caddy)
      Tasks: 7 (limit: 489)
     Memory: 8.6M
     CGroup: /system.slice/caddy.service
             └─33613 /usr/bin/caddy run --environ --config /etc/caddy/Caddyfile

Jul 14 08:18:08 localhost.localdomain caddy[33613]: {"level":"info","ts":1689322688.6850507,"logger":"http.log","msg":"server running","name":"srv0","protocols":["h1","h2","h3"]}
Jul 14 08:18:08 localhost.localdomain caddy[33613]: {"level":"debug","ts":1689322688.6853065,"logger":"http","msg":"starting server loop","address":"[::]:80","tls":false,"http3":false}
Jul 14 08:18:08 localhost.localdomain caddy[33613]: {"level":"info","ts":1689322688.685482,"logger":"http.log","msg":"server running","name":"remaining_auto_https_redirects","protocols":["h1","h2","h3"]}
Jul 14 08:18:08 localhost.localdomain caddy[33613]: {"level":"info","ts":1689322688.6856594,"logger":"http","msg":"enabling automatic TLS certificate management","domains":["testwebsite.space"]}
Jul 14 08:18:08 localhost.localdomain caddy[33613]: {"level":"debug","ts":1689322688.6865556,"logger":"tls","msg":"loading managed certificate","domain":"testwebsite.space","expiration":1697032300,"issuer_key":"acme-v02.api.letsencrypt.org-directory>
Jul 14 08:18:08 localhost.localdomain caddy[33613]: {"level":"debug","ts":1689322688.6873915,"logger":"tls.cache","msg":"added certificate to cache","subjects":["testwebsite.space"],"expiration":1697032300,"managed":true,"issuer_key":"acme-v02.api.l>
Jul 14 08:18:08 localhost.localdomain caddy[33613]: {"level":"debug","ts":1689322688.687638,"logger":"events","msg":"event","name":"cached_managed_cert","id":"9e2feb44-07dd-43b9-be01-b6aa86b8a9f9","origin":"tls","data":{"sans":["testwebsite.space"]}}
Jul 14 08:18:08 localhost.localdomain caddy[33613]: {"level":"info","ts":1689322688.6888955,"msg":"autosaved config (load with --resume flag)","file":"/var/lib/caddy/.config/caddy/autosave.json"}
Jul 14 08:18:08 localhost.localdomain systemd[1]: Started Caddy.
Jul 14 08:18:08 localhost.localdomain caddy[33613]: {"level":"info","ts":1689322688.6930206,"msg":"serving initial configuration"}

strange :thinking:

Well, it looks like you have a certificate now, which is good. I don’t see any problem in the logs, there’s no errors.

But once again, your logs are truncated. Like I said earlier, don’t use systemctl status caddy to look at your logs, use the command in the docs: Keep Caddy Running — Caddy Documentation

Show an example request with curl -v. What’s not working, specifically? Show evidence of a problem.

Embarrassing! I should have read the docs more carefully :smiley:
Thank you for your patience with me as a beginner

This should be the log you want to view :

root@localhost:~# journalctl -u caddy --no-pager | less +G
8","identifier":"www.testwebsite.space","cipher_suites":[14906,4865,4866,4867,49195,49199,49196,49200,52393,52392,49171,49172,156,157,47,53],"cert_cache_fill":0.0001,"load_if_necessary":true,"obtain_if_necessary":true,"on_demand":false}
Jul 14 13:17:55 localhost.localdomain caddy[34553]: {"level":"debug","ts":1689340675.0422082,"logger":"http.stdlib","msg":"http: TLS handshake error from 139.149.19.135:36358: no certificate available for 'www.testwebsite.space'"}
Jul 14 13:17:55 localhost.localdomain caddy[34553]: {"level":"debug","ts":1689340675.2510004,"logger":"events","msg":"event","name":"tls_get_certificate","id":"3eaed6a7-8c44-48b4-993d-63683b3785c9","origin":"tls","data":{"client_hello":{"CipherSuites":[6682,4865,4866,4867,49195,49199,49196,49200,52393,52392,49171,49172,156,157,47,53],"ServerName":"www.testwebsite.space","SupportedCurves":[27242,29,23,24],"SupportedPoints":"AA==","SignatureSchemes":[1027,2052,1025,1283,2053,1281,2054,1537,513],"SupportedProtos":["h2","http/1.1"],"SupportedVersions":[56026,772,771],"Conn":{}}}}
Jul 14 13:17:55 localhost.localdomain caddy[34553]: {"level":"debug","ts":1689340675.2520278,"logger":"tls.handshake","msg":"no matching certificates and no custom selection logic","identifier":"www.testwebsite.space"}
Jul 14 13:17:55 localhost.localdomain caddy[34553]: {"level":"debug","ts":1689340675.2522652,"logger":"tls.handshake","msg":"no matching certificates and no custom selection logic","identifier":"*.testwebsite.space"}
Jul 14 13:17:55 localhost.localdomain caddy[34553]: {"level":"debug","ts":1689340675.2524374,"logger":"tls.handshake","msg":"no matching certificates and no custom selection logic","identifier":"*.*.space"}
Jul 14 13:17:55 localhost.localdomain caddy[34553]: {"level":"debug","ts":1689340675.2526114,"logger":"tls.handshake","msg":"no matching certificates and no custom selection logic","identifier":"*.*.*"}
Jul 14 13:17:55 localhost.localdomain caddy[34553]: {"level":"debug","ts":1689340675.2527835,"logger":"tls.handshake","msg":"all external certificate managers yielded no certificates and no errors","remote_ip":"139.149.19.135","remote_port":"36359","sni":"www.testwebsite.space"}
Jul 14 13:17:55 localhost.localdomain caddy[34553]: {"level":"debug","ts":1689340675.2529705,"logger":"tls.handshake","msg":"no certificate matching TLS ClientHello","remote_ip":"139.149.19.135","remote_port":"36359","server_name":"www.testwebsite.space","remote":"139.149.19.135:36359","identifier":"www.testwebsite.space","cipher_suites":[6682,4865,4866,4867,49195,49199,49196,49200,52393,52392,49171,49172,156,157,47,53],"cert_cache_fill":0.0001,"load_if_necessary":true,"obtain_if_necessary":true,"on_demand":false}
Jul 14 13:17:55 localhost.localdomain caddy[34553]: {"level":"debug","ts":1689340675.2532744,"logger":"http.stdlib","msg":"http: TLS handshake error from 139.149.19.135:36359: no certificate available for 'www.testwebsite.space'"}

Use curl to get the response information :

curl: (35) Recv failure: Connection was reset

Please show the full command and logs for curl, not just the last line.

It seems like you probably made a request for www.testwebsite.space and not for testwebsite.space. You configured Caddy to serve testwebsite.space only. If you need to serve www.testwebsite.space as well, then add that as another site in your Caddyfile.

3 Likes

Thank you so much for your professionalism and patience!!!
It works fine now! :smiley:

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.