1. The problem I’m having:
I’m trying to setup a reverse proxy to go from my public IP to localhost:22023. I run it successfully, but curl -v 151.74.122.201
is failing to verify the legitimacy of the server, so it closes the connection.
Previously I issued the certificate using ZeroSSL to that IP by hosting an HTTP server using XAMPP. I got ca_bundle.crt, certificate.crt and private.key
To tell caddy to use it, I provided the certificate and the private key using tls fullchain.pem privkey.pem
I got by running these two commands.
copy /b certificate.crt+ca_bundle.crt fullchain.pem
rename private.key privkey.pem
The files are next to Caddyfile, that’s where I run all the caddy commands from.
2. Error messages and/or full log output:
I:\Impostor-Server_1.10.3_win-x64\ReverseProxy>caddy adapt && caddy run
2025/07/29 01:01:42.810 INFO using adjacent Caddyfile
{"apps":{"http":{"servers":{"srv0":{"listen":[":443"],"routes":[{"match":[{"host":["151.74.122.201"]}],"handle":[{"handler":"subroute","routes":[{"handle":[{"handler":"reverse_proxy","upstreams":[{"dial":":22023"}]}]}]}],"terminal":true}],"tls_connection_policies":[{"match":{"sni":["151.74.122.201"]},"certificate_selection":{"any_tag":["cert0"]}},{}]}}},"tls":{"certificates":{"load_files":[{"certificate":"fullchain.pem","key":"privkey.pem","tags":["cert0"]}]}}}}
2025/07/29 01:01:42.893 INFO maxprocs: Leaving GOMAXPROCS=32: CPU quota undefined
2025/07/29 01:01:42.893 INFO GOMEMLIMIT is updated {"package": "github.com/KimMachineGun/automemlimit/memlimit", "GOMEMLIMIT": 59584617676, "previous": 9223372036854775807}
2025/07/29 01:01:42.894 INFO using adjacent Caddyfile
2025/07/29 01:01:42.895 INFO adapted config to JSON {"adapter": "caddyfile"}
2025/07/29 01:01:42.902 INFO admin admin endpoint started {"address": "localhost:2019", "enforce_origin": false, "origins": ["//[::1]:2019", "//127.0.0.1:2019", "//localhost:2019"]}
2025/07/29 01:01:42.903 INFO tls.cache.maintenance started background certificate maintenance {"cache": "0xc0005fc180"}
2025/07/29 01:01:42.904 INFO http.auto_https skipping automatic certificate management because one or more matching certificates are already loaded {"domain": "151.74.122.201", "server_name": "srv0"}
2025/07/29 01:01:42.904 INFO http.auto_https enabling automatic HTTP->HTTPS redirects {"server_name": "srv0"}
2025/07/29 01:01:42.904 WARN http HTTP/2 skipped because it requires TLS {"network": "tcp", "addr": ":80"}
2025/07/29 01:01:42.904 WARN http HTTP/3 skipped because it requires TLS {"network": "tcp", "addr": ":80"}
2025/07/29 01:01:42.905 INFO http.log server running {"name": "remaining_auto_https_redirects", "protocols": ["h1", "h2", "h3"]}
2025/07/29 01:01:42.905 INFO http enabling HTTP/3 listener {"addr": ":443"}
2025/07/29 01:01:42.905 INFO http.log server running {"name": "srv0", "protocols": ["h1", "h2", "h3"]}
2025/07/29 01:01:42.906 INFO autosaved config (load with --resume flag) {"file": "C:\\Users\\Jeki\\AppData\\Roaming\\Caddy\\autosave.json"}
2025/07/29 01:01:42.906 INFO serving initial configuration
2025/07/29 01:01:42.910 INFO tls storage cleaning happened too recently; skipping for now {"storage": "FileStorage:C:\\Users\\Jeki\\AppData\\Roaming\\Caddy", "instance": "53ba76f6-863d-43e0-b181-1da8619eff11", "try_again": "2025/07/30 01:01:42.910", "try_again_in": 86400}
2025/07/29 01:01:42.911 INFO tls finished cleaning storage units
C:\Users\Jeki>curl -v https://151.74.122.201
* Trying 151.74.122.201:443...
* Connected to 151.74.122.201 (151.74.122.201) port 443
* schannel: disabled automatic use of client certificate
* schannel: using IP address, SNI is not supported by OS.
* ALPN: curl offers http/1.1
* schannel: SEC_E_UNTRUSTED_ROOT (0x80090325) - The certificate chain was issued by an authority that is not trusted.
* Closing connection
* schannel: shutting down SSL/TLS connection with 151.74.122.201 port 443
curl: (60) schannel: SEC_E_UNTRUSTED_ROOT (0x80090325) - The certificate chain was issued by an authority that is not trusted.
More details here: https://curl.se/docs/sslcerts.html
curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.
3. Caddy version:
C:\Users\Jeki>caddy -v
v2.10.0 h1:fonubSaQKF1YANl8TXqGcn4IbIRUDdfAkpcsfI/vX5U=
4. How I installed and ran Caddy:
I install it using scoop, so scoop caddy
a. System environment:
C:\Users\Jeki>systeminfo | findstr /B /C:"OS Name" /C:"OS Version"
OS Name: Microsoft Windows 10 Pro
OS Version: 10.0.19045 N/A Build 19045
b. Command:
caddy run
d. My complete Caddy config:
151.74.122.201 {
tls fullchain.pem privkey.pem
reverse_proxy :22023
}