Caddy not recognizing duckdns domain

1. Output of caddy version:

2. How I run Caddy:

v2.6.2 h1:wKoFIxpmOJLGl3QXoo6PNbYvGW4xLEgo32GPBEjWL8o=

(I’m using one of the built ones for duckdns compatibility)

a. System environment:

Ubuntu Server 20.04 (could be 22?), running on the server not on Docker. Systemd starts and stops caddy as needed.

b. Command:

sudo systemctl start caddy
sudo systemctl restart caddy

c. Service/unit/compose file:

[Unit]
Description=Caddy Server Startup

[Service]
User=caddy
Group=caddy
ExecStart=/usr/bin/bash /etc/caddy/caddystart.sh

[Install]
WantedBy=multi-user.target

d. My complete Caddy config:

subd.duckdns.org {
	log {
		output file /var/lib/caddy/caddy.log
	}
	file_server browse
	tls {
		dns duckdns {env.DUCKDNS_API_KEY}
	}
}

192.168.1.100:1832 {
	file_server browse
}

(the second directive is just for testing to make sure it is actually pulling a server up/listening. Not actually needed)

3. The problem I’m having:

I’m trying to setup DuckDNS to have a domain I can access externally. When I curl -v subd.duckdns.org though, it entirely times out and I cannot figure out why.

4. Error messages and/or full log output:

Oct 27 21:48:27 homesrv caddy[170813]: {"level":"info","ts":1666907307.4337976,"msg":"using provided configuration","config_file":"/etc/caddy/Caddyfile","config_adapter":""}
Oct 27 21:48:27 homesrv caddy[170813]: {"level":"warn","ts":1666907307.4356751,"msg":"Caddyfile input is not formatted; run the 'caddy fmt' command to fix inconsistencies","adapter":"caddyfile","file":"/etc/caddy/Caddyfile","line":14}
Oct 27 21:48:27 homesrv caddy[170813]: {"level":"info","ts":1666907307.4367824,"logger":"admin","msg":"admin endpoint started","address":"localhost:2019","enforce_origin":false,"origins":["//localhost:2019","//[::1]:2019","//127.0.0.1:2019"]}
Oct 27 21:48:27 homesrv caddy[170813]: {"level":"info","ts":1666907307.4371047,"logger":"http","msg":"enabling automatic HTTP->HTTPS redirects","server_name":"srv0"}
Oct 27 21:48:27 homesrv caddy[170813]: {"level":"info","ts":1666907307.4371262,"logger":"http","msg":"server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS","server_name":"srv1","https_port":443}
Oct 27 21:48:27 homesrv caddy[170813]: {"level":"info","ts":1666907307.4371347,"logger":"http","msg":"enabling automatic HTTP->HTTPS redirects","server_name":"srv1"}
Oct 27 21:48:27 homesrv caddy[170813]: {"level":"info","ts":1666907307.4372017,"logger":"tls.cache.maintenance","msg":"started background certificate maintenance","cache":"0xc000251260"}
Oct 27 21:48:27 homesrv caddy[170813]: {"level":"info","ts":1666907307.4377127,"logger":"tls","msg":"cleaning storage unit","description":"FileStorage:/var/lib/caddy/.local/share/caddy"}
Oct 27 21:48:27 homesrv caddy[170813]: {"level":"info","ts":1666907307.4388268,"logger":"tls","msg":"finished cleaning storage units"}
Oct 27 21:48:27 homesrv caddy[170813]: {"level":"info","ts":1666907307.4543984,"logger":"pki.ca.local","msg":"root certificate is already trusted by system","path":"storage:pki/authorities/local/root.crt"}
Oct 27 21:48:27 homesrv caddy[170813]: {"level":"info","ts":1666907307.4546928,"logger":"http.log","msg":"server running","name":"remaining_auto_https_redirects","protocols":["h1","h2","h3"]}
Oct 27 21:48:27 homesrv caddy[170813]: {"level":"info","ts":1666907307.454734,"logger":"http","msg":"enabling HTTP/3 listener","addr":":1832"}
Oct 27 21:48:27 homesrv caddy[170813]: {"level":"info","ts":1666907307.4549508,"msg":"failed to sufficiently increase receive buffer size (was: 208 kiB, wanted: 2048 kiB, got: 416 kiB). See https://github.com/lucas-clemente/quic-go/wiki/UDP-Receive-Buffer-Size for details."}
Oct 27 21:48:27 homesrv caddy[170813]: {"level":"info","ts":1666907307.4550729,"logger":"http.log","msg":"server running","name":"srv0","protocols":["h1","h2","h3"]}
Oct 27 21:48:27 homesrv caddy[170813]: {"level":"info","ts":1666907307.4551122,"logger":"http","msg":"enabling HTTP/3 listener","addr":":443"}
Oct 27 21:48:27 homesrv caddy[170813]: {"level":"info","ts":1666907307.455192,"logger":"http.log","msg":"server running","name":"srv1","protocols":["h1","h2","h3"]}
Oct 27 21:48:27 homesrv caddy[170813]: {"level":"info","ts":1666907307.4552002,"logger":"http","msg":"enabling automatic TLS certificate management","domains":["192.168.1.100","homehosted.duckdns.org"]}
Oct 27 21:48:27 homesrv caddy[170813]: {"level":"warn","ts":1666907307.455622,"logger":"tls","msg":"stapling OCSP","error":"no OCSP stapling for [192.168.1.100]: no OCSP server specified in certificate","identifiers":["192.168.1.100"]}
Oct 27 21:48:27 homesrv caddy[170813]: {"level":"info","ts":1666907307.4571497,"msg":"autosaved config (load with --resume flag)","file":"/var/lib/caddy/.config/caddy/autosave.json"}
Oct 27 21:48:27 homesrv caddy[170813]: {"level":"info","ts":1666907307.4572194,"msg":"serving initial configuration"}
Oct 27 21:53:32 homesrv caddy[170813]: {"level":"info","ts":1666907612.5953991,"logger":"http.log.access","msg":"handled request","request":{"remote_ip":"183.158.76.24","remote_port":"36008","proto":"HTTP/1.0","method":"GET","host":"","uri":"/boaform/admin/formLogin?username=ec8&psd=ec8","headers":{}},"user_id":"","duration":0.000101655,"size":0,"status":308,"resp_headers":{"Server":["Caddy"],"Connection":["close"],"Location":["https:///boaform/admin/formLogin?username=ec8&psd=ec8"],"Content-Type":[]}}

And my curl command:

*   Trying 1.2.3.4:443...
* connect to 1.2.3.4 port 443 failed: Connection timed out
* Failed to connect to subd.duckdns.org port 443 after 130223 ms: Connection timed out
* Closing connection 0
curl: (28) Failed to connect to subd.duckdns.org port 443 after 130223 ms: Connection timed out

5. What I already tried:

I’ve already tried a myriad of things, including nmap scans to make sure the port is open (it is) as well as making sure my VPN doesn’t conflict with the port forwarding. I use Mullvad VPN and have followed their guide to set nftables rules to allow some traffic to go through my home domain.

6. Links to relevant resources:

The caddy “Get Started” page

None of this will be relevant; view my first comment on this post.

I figured it out and I am really dumb. When I was setting up my nft rulesets to enable split tunneling, I forgot to open port 443. This meant that 443 was running through my VPN and nothing was working correctly. Once I made this simple fix to my nft config, things started to work.

I am leaving this post up however just in case someone happens to have this issue. Documentation is where it’s at!

2 Likes

Thank you for the follow-up!

This topic was automatically closed after 30 days. New replies are no longer allowed.