Does your secondary Caddy server have a valid certificate? The primary server doesn’t seem to think so, because 502 means a problem connecting to upstream (almost certainly because of the certificate) but 403 means we connected OK (but the secondary server didn’t want to give us anything).
Both machines share the same .caddy folder, I’m on windows and the documentation isn’t very clear on this. I guess certs are there as the second machine doesn’t give an error about certs. Nothing shows up on the logs anyway…
What do you get from running curl -IH "Host:example.com" https://192.168.1.153:443 (swapping example.com out for your real domain)?
While we’re at it, this line, if you’re running on Windows…:
…is probably going to cause problems. I’m not even sure how this one works when you need to specify a drive letter in order to start an absolute path. But if the Caddy server doesn’t have permissions to access whatever’s in the root, that would explain the 403 errors.