Caddy keeps on trying to obtain a localhost certificate

darsh12 · June 4, 2020, 6:07am

1. Caddy version (`caddy version`):

v2.0.0 h1:pQSaIJGFluFvu8KDGDODV8u4/QRED/OPyIR+MWYYse8=

2. How I run Caddy:

a. System environment:

Distributor ID: Ubuntu
Description:    Ubuntu 18.04.4 LTS
Release:        18.04
Codename:       bionic

Direct install from apt

b. Command:

caddy run

c. Service/unit/compose file:

NONE

d. My complete Caddyfile or JSON config:

{
  debug
  acme_ca "https://acme-staging-v02.api.letsencrypt.org/directory"
  email "<email>"
  experimental_http3
}

sub1.domain.com  {
  reverse_proxy 192.168.1.2:1000
  
}


sub2.domain.com {
  reverse_proxy 192.168.1.2:1001
}

sub3.domain.com {
  reverse_proxy 192.168.1.2:1003
}

3. The problem I’m having:

Despite no explicit statement of localhost, caddy will keep on trying to get a tls certificate for localhost or 127.0.0.1

4. Error messages and/or full log output:

root in /etc/caddy took 2s [I] ➜ caddy run                                                                                                                                    ✘1
2020/06/04 06:01:01.114  INFO     using adjacent Caddyfile
2020/06/04 06:01:01.116 INFO     admin   admin endpoint started  {"address": "tcp/localhost:2019", "enforce_origin": false, "origins": ["[::1]:2019", "127.0.0.1:2019", "localhost:2019"]}
2020/06/04 06:01:01.116 INFO     http    server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS {"server_name": "srv0", "https_port": 443}
2020/06/04 06:01:01.117 INFO     http    enabling automatic HTTP->HTTPS redirects        {"server_name": "srv0"}
2020/06/04 06:01:01.119 INFO     tls     cleaned up storage units
2020/06/04 06:01:01.119 INFO     http    enabling experimental HTTP/3 listener   {"addr": ":443"}
2020/06/04 06:01:01.120 DEBUG    http    starting server loop    {"address": "[::]:443", "http3": true, "tls": true}
2020/06/04 06:01:01.120 DEBUG    http    starting server loop    {"address": "[::]:80", "http3": false, "tls": false}
2020/06/04 06:01:01.120 INFO     http    enabling automatic TLS certificate management   {"domains": ["sub1.domain.com","sub2.domain.com","sub3.domain.com"]}
2020/06/03 23:01:01 [INFO][cache:0xc0006cf950] Started certificate maintenance routine
2020/06/04 06:01:01.420 INFO     autosaved config        {"file": "/root/.config/caddy/autosave.json"}
2020/06/04 06:01:01.420 INFO     serving initial configuration
2020/06/03 23:01:07 http: TLS handshake error from 127.0.0.1:50198: no certificate available for '127.0.0.1'
2020/06/03 23:01:10 http: TLS handshake error from [::1]:40566: no certificate available for 'localhost'
2020/06/03 23:01:17 http: TLS handshake error from 127.0.0.1:50208: no certificate available for '127.0.0.1'
2020/06/03 23:01:20 http: TLS handshake error from [::1]:40576: no certificate available for 'localhost'
2020/06/03 23:01:27 http: TLS handshake error from 127.0.0.1:50218: no certificate available for '127.0.0.1'
2020/06/03 23:01:30 http: TLS handshake error from [::1]:40586: no certificate available for 'localhost'
2020/06/03 23:01:37 http: TLS handshake error from 127.0.0.1:50228: no certificate available for '127.0.0.1'
2020/06/03 23:01:40 http: TLS handshake error from [::1]:40596: no certificate available for 'localhost'
2020/06/03 23:01:47 http: TLS handshake error from 127.0.0.1:50238: no certificate available for '127.0.0.1'
2020/06/03 23:01:50 http: TLS handshake error from [::1]:40608: no certificate available for 'localhost'
^C2020/06/04 06:01:53.038       INFO     shutting down   {"signal": "SIGINT"}
2020/06/03 23:01:53 [DEBUG] Fake-closing underlying packet conn
2020/06/03 23:01:53 [INFO][cache:0xc0006cf950] Stopped certificate maintenance routine
2020/06/04 06:01:53.038 INFO     admin   stopped previous server
2020/06/04 06:01:53.038 INFO     shutdown done   {"signal": "SIGINT"}

5. What I already tried:

I tried explicitly adding a :80 and a :443 directive, but kept on getting an error
Also tried searching the forums, but did not find a relevant question/answer

francislavoie · June 4, 2020, 1:03pm

That’s not Caddy trying to get a cert for localhost, that’s Caddy receiving requests for localhost but not being able to serve those requests. Something on your system must be trying to make requests to localhost or 127.0.0.1 but Caddy can’t handle it because it hasn’t been configured to.

darsh12 · June 4, 2020, 3:05pm

Thank you, it was driving me mad. Apparently the metricbeat instance was trying to communicate with nginx to gather metrics, but I had stopped nginx since im trying to migrate to caddy

francislavoie · June 4, 2020, 3:09pm

Nice! Glad you figured it out.

FYI, Caddy supports metrics with Prometheus via this plugin: GitHub - hairyhenderson/caddyprom: ⚠️ DEPRECATED - use the core metrics supported in Caddy v2.2.0-rc.2+

You can find the list of supported Caddy modules (including how to compile with them) here for the time being: https://caddy.community/t/list-of-caddy-2-modules/7839

system · July 4, 2020, 6:08am

This topic was automatically closed after 30 days. New replies are no longer allowed.