Caddy / Localhost / HTTPS = "This site can’t provide a secure connection"

williams.enc · April 8, 2020, 7:22pm

1. My Caddy version (`caddy version`):

v2.0.0-rc.1 h1:DxUlg4kMisXwXVnWND7KEPl1f+vjFpIOzYpKpfmwyj8=

2. How I run Caddy:

a. System environment:

Windows 10

b. Command:

caddy run

c. Service/unit/compose file:

paste full file contents here

d. My complete Caddyfile or JSON config:

localhost

respond "Hello, world!"

3. The problem I’m having:

Just trying to get started with the very first example here:

I can’t get it working over HTTPS?

4. Error messages and/or full log output:

run: loading initial config: loading new config: http app module: start: tcp: listening on :80: listen tcp :80: bind: An attempt was made to access a socket in a way forbidden by its access permissions.
start: caddy process exited with error: exit status 1

5. What I already tried:

The above error happens any time I include localhost or 127.0.0.1. If I use just a port number (implied localhost?) the error goes away

Tried changing Caddyfile to:

:2016 {
respond “Hello, world!”
}

which works over HTTP but HTTPS errors with:
Chrome: This site can’t provide a secure connection - ERR_SSL_PROTOCOL_ERROR
CURL: error:1408F10B:SSL routines:ssl3_get_record:wrong version number

Also tried

https://:2016 {
respond “Hello, world!”
}

with the same results.

The Caddy certificate is installed in Trusted Root Certification Authorities

It would seem the RC (or the documentation) has a bug since the example doesn’t work. How do I specify the address in a way that allows HTTPS to work without using port 443?

matt · April 8, 2020, 7:28pm

The first error:

run: loading initial config: loading new config: http app module: start: tcp: listening on :80: listen tcp :80: bind: An attempt was made to access a socket in a way forbidden by its access permissions.
start: caddy process exited with error: exit status 1

Means that caddy doesn’t have permission to bind to port 80 (or 443, presumably). On some systems, low ports are privileged so you need to add permissions to do that – how you do that is up to you and depends on your OS, and isn’t really unique to Caddy.

This is because automatic HTTPS does not get activated because there is no hostname in the address, which is necessary for a certificate.

This is because, again, there is no hostname, so there is no automatic certificate available.

Basically, just change the address in your config to localhost:2016 for HTTPS, or just :2016 if you want to use HTTP. Or http://localhost:2016 for roughly the same thing.

I guess I should add a note in that tutorial about the permissions thing. I kind of thought most people knew that when running a web server (since it’s not special to Caddy).

williams.enc · April 8, 2020, 7:35pm

Hi! Thanks for the fast reply

I just tried the options you suggested:
localhost:2016 - “run: loading initial config: loading new config: http app module: start: tcp: listening on :80: listen tcp :80: bind: An attempt was made to access a socket in a way forbidden by its access permissions.”

http://localhost:2016 - Works for HTTP. Fails for HTTPS: “This site can’t provide a secure connection - ERR_SSL_PROTOCOL_ERROR”

So I still have the same problem

matt · April 8, 2020, 7:37pm

Oh, right – that’s because of the automatic HTTP->HTTPS redirects. You also have to change the HTTP port:

{
    http_port 8080
}

or whatever you choose.

matt · April 8, 2020, 7:42pm

By the way, this will never work with HTTPS because you’ve set the scheme to http://.

williams.enc · April 8, 2020, 8:01pm

SUCCESS! Thanks Matt.

system · May 8, 2020, 8:01pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.