When i open the domain e.g. https://site.com caddy sends the IP address â/check?domain=172.31.40.160â it should send the domain name
4. Error messages and/or full log output:
2022/04/25 19:34:04.968 DEBUG tls.handshake no matching certificates and no custom selection logic {âidentifierâ: â172.31.40.160â}
2022/04/25 19:34:04.973 DEBUG http.stdlib http: TLS handshake error from 172.31.44.175:22832: certificate for hostname â172.31.40.160â not allowed; non-2xx status code 401 returned from http://localhost:2501/check
5. What I already tried:
I tried to debug in everyway itâs not working. When I send the request directly to my golang app I can clearly get the hostname fine fmt.Println("The URL: ", c.Request.Host+c.Request.URL.Path) but when I send request using Caddy to my golang app it sends the IP address not the domain name
That doesnât sound right, can you show us evidence of that? Paste a curl-v command (and its output) like the instructions recommend, please. Only very old clients these days donât send SNI with domain names.
Are you using ELB in TCP mode? If not, you should. ELB shouldnât be terminating TLS.
Are you sure the clients making requests with IP addresses are legitimate? If youâre seeing some requests with IP addresses and others with domains, then itâs likely because youâre getting hit by bots crawling the internet. You can safely ignore those.
Looks like this site is serving a certificate for producttutor.com, not its own domain. Are you sure you have DNS properly configured to point to the right server?
$ curl -v https://a3.jeoga.com/
* Trying 54.156.251.8:443...
* Connected to a3.jeoga.com (54.156.251.8) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: /etc/ssl/certs/ca-certificates.crt
* CApath: /etc/ssl/certs
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256
* ALPN, server accepted to use h2
* Server certificate:
* subject: CN=producttutor.com
* start date: Apr 25 00:00:00 2022 GMT
* expire date: May 24 23:59:59 2023 GMT
* subjectAltName does not match a3.jeoga.com
* SSL: no alternative certificate subject name matches target host name 'a3.jeoga.com'
* Closing connection 0
* TLSv1.2 (OUT), TLS alert, close notify (256):
curl: (60) SSL: no alternative certificate subject name matches target host name 'a3.jeoga.com'
Itâs totally a new server setup so there is no bots or crawling issue
I am using ELB in HTTP Model let me try setup Network Load Balancer in TCP Mode
Yes DNS is properly configured 100% itâs just a default certificate required by AWS without adding any Default Certificate we cannot create a load balancer.
Your logs are truncated. Find the right command to check your logs here:
When running as a service, the caddy user needs permission for the files. If you ran as a different user or as root with caddy run then the files will have been created with the wrong user.
Donât mix running as a service and running directly.