Caddy(docker) reverse proxy with dns-01 on Cloudflare

I retried this and now the response is “curl: (60) SSL certificate problem: unable to get local issuer certificate”

How about:

curl -kIL --resolve gorcy.domain.x:10000:127.0.0.1 https://gorcy.domain.x:10000

(Note the addition of the k flag)

1 Like

HTTP/2 502
server: Caddy
date: Mon, 18 Oct 2021 08:03:06 GMT

So i have problem with ssl?

And with the upstream server, apparently.

This could means that your local root certificate store has issues of some kind.

I’m not sure how to proceed on a raspberry pi, exactly, but I’d probably look into troubleshooting your ca-certificates next?

1 Like

I’m trying with cloudflare origin CA and dns01 challenge, but neither can resolve the problem. So i decided to try all from the start without cloudflared and with the 10000 port opened on my router, but When i try to connect it says “ERR_NAME_NOT_RESOLVED”

This is the configuration

gorcy.mydomain.x:10000 {
	tls /cert/certificate.pem /cert/key.pem
	reverse_proxy http://127.0.0.1:9283
}

And on DNS Cloudflare:
A | mydomain.x–>> my ip
CNAME | gorcy → mydomain.x

with this “curl -IL --resolve gorcy.domain.x:10000:127.0.0.1 https://gorcy.domain.x:10000
curl: (7) Failed to connect to gorcy.domain.x port 10000: Connection refused

I’m using origin cloudflare cert. And now with dns-01 i’m not able to get the cert : “timed out waiting for record to fully propagate; verify DNS provider configuration is correct”
:frowning:

What is the meaning of this error?

tls     stapling OCSP   {"error": "no OCSP stapling for [cloudflare origin certificate *.home04.cloud home04.cloud]: no URL to issuing certificate"}

That’s harmless, Caddy’s just saying that the certificate should have an OCSP stapling URL, because it’s best-practice, but for various reasons, Cloudflare’s doesn’t. You can ignore that.

Now that i have time, i decided to start all over.
But now i have a new error from cloudflare “Error 525 SSL handshake failed”
what does mean?

https://gorcy.domain.x { 
	tls {
		dns cloudflare aaabbccddd
		alpn disable_tlsalpn_challenge
	}	
  	respond "TEST"
  	file_server
}

That means Cloudflare couldn’t trust the cert that Caddy served it.

What are in your logs? Please give as much detail as possible.

What modes do you have set on Cloudflare?

ssl complete mode.
A record to my ip and CNAME record “gorcy” to my A record

How can i get accurate logs?

Can someone help me?

We’re not quite sure how to help you because we don’t have a good picture of what’s actually happening.

I’m not sure what you mean specifically by accurate logs - I’m not sure I’d describe any of Caddy’s log output as particularly inaccurate, definitely never purposefully so… The best I can do is point you to How Logging Works — Caddy Documentation.

1 Like