1. Caddy version (caddy version
):
caddy 2.4.6
2. How I run Caddy:
a. System environment:
OS: centos 7.6.1810 in cloud servers, windows 10 as client
b. Command:
sudo caddy start
c. Service/unit/compose file:
none
d. My complete Caddyfile or JSON config:
seineo.top {
log {
output file access.log
}
file_server
}
3. The problem I’m having:
I want to set up a https server, but it doesn’t work. The output of curl -v https://seineo.top
in windows 10:
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0* Trying 8.142.80.180:443...
* Connected to seineo.top (8.142.80.180) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: D:/ProgramFiles/Git/mingw64/ssl/certs/ca-bundle.crt
* CApath: none
} [5 bytes data]
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
} [512 bytes data]
0 0 0 0 0 0 0 0 --:--:-- 0:00:59 --:--:-- 0* OpenSSL SSL_connect: Connection was reset in connection to seineo.top:443
0 0 0 0 0 0 0 0 --:--:-- 0:01:00 --:--:-- 0
* Closing connection 0
curl: (35) OpenSSL SSL_connect: Connection was reset in connection to seineo.top:443
4. Error messages and/or full log output:
The output of sudo caddy start
:
2022/04/14 15:52:03.125 INFO using adjacent Caddyfile
2022/04/14 15:52:03.129 INFO admin admin endpoint started {"address": "tcp/localhost:2019", "enforce_origin": false, "origins": ["localhost:2019", "[::1]:2019", "127.0.0.1:2019"]}
2022/04/14 15:52:03.129 INFO http server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS {"server_name": "srv0", "https_port": 443}
2022/04/14 15:52:03.129 INFO http enabling automatic HTTP->HTTPS redirects {"server_name": "srv0"}
2022/04/14 15:52:03.129 DEBUG http starting server loop {"address": "[::]:443", "http3": false, "tls": true}
2022/04/14 15:52:03.129 DEBUG http starting server loop {"address": "[::]:80", "http3": false, "tls": false}
2022/04/14 15:52:03.129 INFO http enabling automatic TLS certificate management {"domains": ["seineo.top"]}
2022/04/14 15:52:03.130 DEBUG tls loading managed certificate {"domain": "seineo.top", "expiration": "2022/07/13 23:59:59.000", "issuer_key": "acme.zerossl.com-v2-DV90", "storage": "FileStorage:/root/.local/share/caddy"}
2022/04/14 15:52:03.140 DEBUG tls.cache added certificate to cache {"subjects": ["seineo.top"], "expiration": "2022/07/13 23:59:59.000", "managed": true, "issuer_key": "acme.zerossl.com-v2-DV90", "hash": "9902d9a2a52d342255820deb42588fb67994bfbbb5a56160cfac3822fcd2679a", "cache_size": 1, "cache_capacity": 10000}
2022/04/14 15:52:03.140 INFO autosaved config (load with --resume flag) {"file": "/root/.config/caddy/autosave.json"}
2022/04/14 15:52:03.140 INFO serving initial configuration
2022/04/14 15:52:03.141 INFO tls.cache.maintenance started background certificate maintenance {"cache": "0xc000578d20"}
2022/04/14 15:52:03.141 INFO tls cleaning storage unit {"description": "FileStorage:/root/.local/share/caddy"}
2022/04/14 15:52:03.142 INFO tls finished cleaning storage units
Successfully started Caddy (pid=21514) - Caddy is running in the background
5. What I already tried:
The output of curl -v https://seineo.top
in my server:
* About to connect() to seineo.top port 443 (#0)
* Trying 8.142.80.180...
* Connected to seineo.top (8.142.80.180) port 443 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
* CAfile: /etc/pki/tls/certs/ca-bundle.crt
CApath: none
* SSL connection using TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
* Server certificate:
* subject: CN=seineo.top
* start date: Apr 14 00:00:00 2022 GMT
* expire date: Jul 13 23:59:59 2022 GMT
* common name: seineo.top
* issuer: CN=ZeroSSL ECC Domain Secure Site CA,O=ZeroSSL,C=AT
> GET / HTTP/1.1
> User-Agent: curl/7.29.0
> Host: seineo.top
> Accept: */*
>
< HTTP/1.1 200 OK
< Accept-Ranges: bytes
< Content-Length: 13
< Content-Type: text/html; charset=utf-8
< Etag: "rabrebd"
< Last-Modified: Thu, 14 Apr 2022 10:20:35 GMT
< Server: Caddy
< Date: Thu, 14 Apr 2022 10:49:18 GMT
<
hello world!
* Connection #0 to host seineo.top left intact
Besides, I can access the server using the ip https://xx.xx.xx.xx
, output is:
curl: (35) error:14094438:SSL routines:ssl3_read_bytes:tlsv1 alert internal error
6. Links to relevant resources:
none.