Caddy - duckdns for internal only on Synology NAS

1. Caddy version:


2. How I installed, and run Caddy:

Downloaded from with duckdns add on

a. System environment:

Synology DSM 7.1.1-42962 Update 4 using Docker

b. Command:

sudo docker-compose up -d

c. Service/unit/compose file:

version: '3'

    image: vaultwarden/server:latest
    container_name: vaultwarden
    restart: always
      WEBSOCKET_ENABLED: "true"  # Enable WebSocket notifications.
      - ./vw-data:/data

    image: caddy:2
    container_name: caddy
    restart: always
      - ${CADDY_HTTP_PORT}:80
      - ${CADDY_HTTPS_PORT}:443
      - ./caddy:/usr/bin/caddy  # Your custom build of Caddy.
      - ./Caddyfile:/etc/caddy/Caddyfile:ro
      - ./caddy-config:/config
      - ./caddy-data:/data
      DOMAIN: $DUCKDNS_DOMAIN  # Your domain.
      EMAIL: $EMAIL                 # The email address to use for ACME registration.
      TOKEN: $DUCKDNS_TOKEN                   # Your Duck DNS token.
      LOG_FILE: "/data/access.log"

d. My complete Caddy config:

{$DOMAIN}:443 {
  log {
    level INFO
    output file {$LOG_FILE} {
      roll_size 10MB
      roll_keep 10

  # Use the ACME DNS-01 challenge to get a cert for the configured domain.
  tls {
    dns duckdns {$TOKEN}

  # This setting may have compatibility issues with some browsers
  # (e.g., attachment downloading on Firefox). Try disabling this
  # if you encounter issues.
  encode gzip

  # Notifications redirected to the WebSocket server
  reverse_proxy /notifications/hub vaultwarden:3012

  # Proxy everything else to Rocket
  reverse_proxy vaultwarden:80

3. The problem I’m having:

Everything appears to go well but I am unable to open the web page with the following error:

This site can’t provide a secure connection sent an invalid response.


4. Error messages and/or full log output:

{"level":"warn","ts":1676558976.7078424,"logger":"http.acme_client","msg":"HTTP request failed; retrying","url":"","error":"performing request: Get \"\": dial tcp: lookup on read udp> i/o timeout"}

{"level":"error","ts":1676558997.2154634,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"","issuer":"","error":"registering account [] with server: provisioning client: performing request: Get \"\": dial tcp: lookup on read udp> i/o timeout"}

{"level":"warn","ts":1676558997.2156646,"logger":"tls.issuance.zerossl","msg":"missing email address for ZeroSSL; it is strongly recommended to set one for next time"}

{"level":"error","ts":1676559007.2246764,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"","issuer":"","error":"account pre-registration callback: performing EAB credentials request: Post \"\": dial tcp: lookup on read udp> i/o timeout"}

5. What I already tried:

I have uninstalled docker completely and reinstalled everything. I’m still getting the same error.

6. Links to relevant resources:

My issue has been resolved. Firewall was blocking port 80.

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.