Cannot get caddy https server to work properly

seineo · April 14, 2022, 10:58am

1. Caddy version (`caddy version`):

caddy 2.4.6

2. How I run Caddy:

a. System environment:

OS: centos 7.6.1810 in cloud servers, windows 10 as client

b. Command:

sudo caddy start

c. Service/unit/compose file:

none

d. My complete Caddyfile or JSON config:

seineo.top {
        log {
                output file access.log
        }
        file_server
}

3. The problem I’m having:

I want to set up a https server, but it doesn’t work. The output of curl -v https://seineo.top in windows 10:

  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0*   Trying 8.142.80.180:443...
* Connected to seineo.top (8.142.80.180) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*  CAfile: D:/ProgramFiles/Git/mingw64/ssl/certs/ca-bundle.crt
*  CApath: none
} [5 bytes data]
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
} [512 bytes data]
  0     0    0     0    0     0      0      0 --:--:--  0:00:59 --:--:--     0* OpenSSL SSL_connect: Connection was reset in connection to seineo.top:443
  0     0    0     0    0     0      0      0 --:--:--  0:01:00 --:--:--     0
* Closing connection 0
curl: (35) OpenSSL SSL_connect: Connection was reset in connection to seineo.top:443

4. Error messages and/or full log output:

The output of sudo caddy start:

2022/04/14 15:52:03.125 INFO    using adjacent Caddyfile
2022/04/14 15:52:03.129 INFO    admin   admin endpoint started  {"address": "tcp/localhost:2019", "enforce_origin": false, "origins": ["localhost:2019", "[::1]:2019", "127.0.0.1:2019"]}
2022/04/14 15:52:03.129 INFO    http    server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS {"server_name": "srv0", "https_port": 443}
2022/04/14 15:52:03.129 INFO    http    enabling automatic HTTP->HTTPS redirects        {"server_name": "srv0"}
2022/04/14 15:52:03.129 DEBUG   http    starting server loop    {"address": "[::]:443", "http3": false, "tls": true}
2022/04/14 15:52:03.129 DEBUG   http    starting server loop    {"address": "[::]:80", "http3": false, "tls": false}
2022/04/14 15:52:03.129 INFO    http    enabling automatic TLS certificate management   {"domains": ["seineo.top"]}
2022/04/14 15:52:03.130 DEBUG   tls     loading managed certificate     {"domain": "seineo.top", "expiration": "2022/07/13 23:59:59.000", "issuer_key": "acme.zerossl.com-v2-DV90", "storage": "FileStorage:/root/.local/share/caddy"}
2022/04/14 15:52:03.140 DEBUG   tls.cache       added certificate to cache      {"subjects": ["seineo.top"], "expiration": "2022/07/13 23:59:59.000", "managed": true, "issuer_key": "acme.zerossl.com-v2-DV90", "hash": "9902d9a2a52d342255820deb42588fb67994bfbbb5a56160cfac3822fcd2679a", "cache_size": 1, "cache_capacity": 10000}
2022/04/14 15:52:03.140 INFO    autosaved config (load with --resume flag)      {"file": "/root/.config/caddy/autosave.json"}
2022/04/14 15:52:03.140 INFO    serving initial configuration
2022/04/14 15:52:03.141 INFO    tls.cache.maintenance   started background certificate maintenance      {"cache": "0xc000578d20"}
2022/04/14 15:52:03.141 INFO    tls     cleaning storage unit   {"description": "FileStorage:/root/.local/share/caddy"}
2022/04/14 15:52:03.142 INFO    tls     finished cleaning storage units
Successfully started Caddy (pid=21514) - Caddy is running in the background

5. What I already tried:

The output of curl -v https://seineo.top in my server:

* About to connect() to seineo.top port 443 (#0)
*   Trying 8.142.80.180...
* Connected to seineo.top (8.142.80.180) port 443 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
*   CAfile: /etc/pki/tls/certs/ca-bundle.crt
  CApath: none
* SSL connection using TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
* Server certificate:
*       subject: CN=seineo.top
*       start date: Apr 14 00:00:00 2022 GMT
*       expire date: Jul 13 23:59:59 2022 GMT
*       common name: seineo.top
*       issuer: CN=ZeroSSL ECC Domain Secure Site CA,O=ZeroSSL,C=AT
> GET / HTTP/1.1
> User-Agent: curl/7.29.0
> Host: seineo.top
> Accept: */*
>
< HTTP/1.1 200 OK
< Accept-Ranges: bytes
< Content-Length: 13
< Content-Type: text/html; charset=utf-8
< Etag: "rabrebd"
< Last-Modified: Thu, 14 Apr 2022 10:20:35 GMT
< Server: Caddy
< Date: Thu, 14 Apr 2022 10:49:18 GMT
<
hello world!
* Connection #0 to host seineo.top left intact

Besides, I can access the server using the ip https://xx.xx.xx.xx, output is:

curl: (35) error:14094438:SSL routines:ssl3_read_bytes:tlsv1 alert internal error

6. Links to relevant resources:

none.

system · May 14, 2022, 10:59am

This topic was automatically closed after 30 days. New replies are no longer allowed.