1. The problem I’m having:
I am attempting to set Caddy with TLS Client Auth, but also have it get a Letsencrypt certificate via ALPN.
I don’t really have a problem, as it just works, isn’t TLS Client Auth supposed to make the ALPN check fail? HTTP-01 is disabled, port 80 is firewalled. Am I just ignorant about how it should work or is there any tunable for this? I wish to know why it succeded and how to make it fail (not that I am stupid, I just wish to know what allowed it to succeed).
TIA!
2. Error messages and/or full log output:
"challenge_type":"tls-alpn-01","ca":"https://acme-staging-v02.api.letsencrypt.org/directory"}
3. Caddy version:
2.10.0
4. How I installed and ran Caddy:
apt repo
a. System environment:
b. Command:
PASTE OVER THIS, BETWEEN THE ``` LINES.
Please use the preview pane to ensure it looks nice.
c. Service/unit/compose file:
PASTE OVER THIS, BETWEEN THE ``` LINES.
Please use the preview pane to ensure it looks nice.
d. My complete Caddy config:
This is mostly a test caddyfile, some things may not make much sense, I am just test-driving TLS Client auth, I redacted the server's IP and the domain names.
{
auto_https disable_redirects
order abort before handle
}
https://PLAIN IP ADDRESS:443 {
log syslog {
output file /var/log/caddy/sys.log {
mode 660
roll_size 100MiB
roll_keep 100
roll_keep_for 30d
}
format console
level info
}
}
https://DOMAIN NAME:443 {
tls {
protocols tls1.3
client_auth {
mode require_and_verify
trust_pool file {
pem_file /ca/cert_name.crt
}
}
}
respond / "root"
handle /cert {
respond "handler"
}
log certlog {
output file /var/log/caddy/cert.log {
mode 660
roll_size 100MiB
roll_keep 100
roll_keep_for 30d
#roll_local_time 23:59
}
format console
level debug
}
}