Can't get HTTPS / port 443 to work for reverse-proxy

Ike · October 25, 2021, 4:37am

1. Caddy version (`caddy version`):

v2.4.5 - package from regular Manjaro Repositories

2. How I run Caddy:

a. System environment:

OS: “Manjaro Linux; Build ID: rolling”
- Use Caddy as systemd service
ISP: Google Fiber
- Use provided “Multi-Gig Router” required for 2 Gig service
- Used online cloud config to port forward 80 and 443 with “TCP & UDP”
Firewall: Disabled, but also tried enabling and with incoming and outgoing set to “Allow”
DNS/Domain provider: Google Domains
- Using ddclient to auto-update my dynamic IP to Google Domains

b. Command:

To start caddy:

sudo systemctl start caddy

After adjusting Caddyfile

sudo systemctl reload caddy

or if needed:

sudo systemctl stop caddy
sudo systemctl start caddy

c. Service/unit/compose file:

# caddy.service
#
# For using Caddy with a config file.
#
# Make sure the ExecStart and ExecReload commands are correct
# for your installation.
#
# See https://caddyserver.com/docs/install for instructions.
#
# WARNING: This service does not use the --resume flag, so if you
# use the API to make changes, they will be overwritten by the
# Caddyfile next time the service is restarted. If you intend to
# use Caddy's API to configure it, add the --resume flag to the
# `caddy run` command or use the caddy-api.service file instead.

[Unit]
Description=Caddy web server
Documentation=https://caddyserver.com/docs/
After=network-online.target
Wants=network-online.target systemd-networkd-wait-online.service
StartLimitIntervalSec=14400
StartLimitBurst=10

[Service]
User=caddy
Group=caddy
Environment=XDG_DATA_HOME=/var/lib
Environment=XDG_CONFIG_HOME=/etc
ExecStartPre=/usr/bin/caddy validate --config /etc/caddy/Caddyfile
ExecStart=/usr/bin/caddy run --environ --config /etc/caddy/Caddyfile
ExecReload=/usr/bin/caddy reload --config /etc/caddy/Caddyfile
ExecStopPost=/usr/bin/rm -f /run/caddy/admin.socket

# Do not allow the process to be restarted in a tight loop. If the
# process fails to start, something critical needs to be fixed.
Restart=on-abnormal

# Use graceful shutdown with a reasonable timeout
TimeoutStopSec=5s

LimitNOFILE=1048576
LimitNPROC=512

# Hardening options
AmbientCapabilities=CAP_NET_BIND_SERVICE
CapabilityBoundingSet=CAP_NET_BIND_SERVICE
DevicePolicy=closed
LockPersonality=true
MemoryAccounting=true
MemoryDenyWriteExecute=true
NoNewPrivileges=true
PrivateDevices=true
PrivateTmp=true
ProcSubset=pid
ProtectClock=true
ProtectControlGroups=true
ProtectHome=true
ProtectHostname=true
ProtectKernelLogs=true
ProtectKernelModules=true
ProtectKernelTunables=true
ProtectProc=invisible
ProtectSystem=strict
RemoveIPC=true
ReadWritePaths=/var/lib/caddy /var/log/caddy /run/caddy
RestrictNamespaces=true
RestrictRealtime=true
RestrictSUIDSGID=true

[Install]
WantedBy=multi-user.target

d. My complete Caddyfile or JSON config:

Note: the domain is a joke so I can make my mother have to type it in to see my media which is mostly my professional photography & videography, there’s not really filthy pictures lol

{
    acme_ca https://acme-staging-v02.api.letsencrypt.org/directory
}

https://filthy.pictures {
	reverse_proxy localhost:8096
}

3. The problem I’m having:

I’m attempting my first caddy deployment to allow my Jellyfin media server to be accessible remotely. I am unable to get https:// to work. I’m not sure really what to do. The browser says it refuses to connect. Seems like there’s issue with access to port 443 possibly. Any help would be really appreciated, and apologies if I’m just being stupid and missing something obvious.

~ >>> curl -v filthy.pictures:443                                                                                                              
*   Trying 136.35.97.6:443...
* connect to 136.35.97.6 port 443 failed: Connection refused
* Failed to connect to filthy.pictures port 443 after 3 ms: Connection refused
* Closing connection 0
curl: (7) Failed to connect to filthy.pictures port 443 after 3 ms: Connection refused
~ >>> curl -v filthy.pictures:80                                                                                                            [7]
*   Trying 136.35.97.6:80...
* Connected to filthy.pictures (136.35.97.6) port 80 (#0)
> GET / HTTP/1.1
> Host: filthy.pictures
> User-Agent: curl/7.79.1
> Accept: */*
> 
* Mark bundle as not supporting multiuse
< HTTP/1.1 308 Permanent Redirect
< Connection: close
< Location: https://filthy.pictures/
< Server: Caddy
< Date: Mon, 25 Oct 2021 04:13:59 GMT
< Content-Length: 0
< 
* Closing connection 0

4. Error messages and/or full log output:

Oct 24 12:12:09 TwinCity systemd[1]: Starting Caddy web server...
Oct 24 12:12:09 TwinCity caddy[53866]: {"level":"info","ts":1635095529.752518,"msg":"using provided configuration","config_file":"/etc/caddy/Caddyfile","config_adapter":""}
Oct 24 12:12:09 TwinCity caddy[53866]: {"level":"warn","ts":1635095529.7530625,"msg":"input is not formatted with 'caddy fmt'","adapter":"caddyfile","file":"/etc/caddy/Caddyfile","line":2}
Oct 24 12:12:09 TwinCity caddy[53866]: {"level":"info","ts":1635095529.753181,"logger":"http","msg":"server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS","server_name":"srv0","https_port":443}
Oct 24 12:12:09 TwinCity caddy[53866]: {"level":"info","ts":1635095529.7531905,"logger":"http","msg":"enabling automatic HTTP->HTTPS redirects","server_name":"srv0"}
Oct 24 12:12:09 TwinCity caddy[53866]: {"level":"info","ts":1635095529.7534306,"logger":"tls.cache.maintenance","msg":"started background certificate maintenance","cache":"0xc0002c7810"}
Oct 24 12:12:09 TwinCity caddy[53866]: {"level":"info","ts":1635095529.7536497,"logger":"tls.cache.maintenance","msg":"stopped background certificate maintenance","cache":"0xc0002c7810"}
Oct 24 12:12:09 TwinCity caddy[53866]: Valid configuration
Oct 24 12:12:09 TwinCity systemd[1]: Started Caddy web server.
Oct 24 12:12:09 TwinCity caddy[53878]: caddy.HomeDir=/var/lib/caddy
Oct 24 12:12:09 TwinCity caddy[53878]: caddy.AppDataDir=/var/lib/caddy
Oct 24 12:12:09 TwinCity caddy[53878]: caddy.AppConfigDir=/etc/caddy
Oct 24 12:12:09 TwinCity caddy[53878]: caddy.ConfigAutosavePath=/var/lib/caddy/autosave.json
Oct 24 12:12:09 TwinCity caddy[53878]: caddy.Version=v2.4.5
Oct 24 12:12:09 TwinCity caddy[53878]: runtime.GOOS=linux
Oct 24 12:12:09 TwinCity caddy[53878]: runtime.GOARCH=amd64
Oct 24 12:12:09 TwinCity caddy[53878]: runtime.Compiler=gc
Oct 24 12:12:09 TwinCity caddy[53878]: runtime.NumCPU=8
Oct 24 12:12:09 TwinCity caddy[53878]: runtime.GOMAXPROCS=8
Oct 24 12:12:09 TwinCity caddy[53878]: runtime.Version=go1.17
Oct 24 12:12:09 TwinCity caddy[53878]: os.Getwd=/
Oct 24 12:12:09 TwinCity caddy[53878]: LANG=en_US.UTF-8
Oct 24 12:12:09 TwinCity caddy[53878]: LC_ADDRESS=en_US.UTF-8
Oct 24 12:12:09 TwinCity caddy[53878]: LC_IDENTIFICATION=en_US.UTF-8
Oct 24 12:12:09 TwinCity caddy[53878]: LC_MEASUREMENT=en_US.UTF-8
Oct 24 12:12:09 TwinCity caddy[53878]: LC_MONETARY=en_US.UTF-8
Oct 24 12:12:09 TwinCity caddy[53878]: LC_NAME=en_US.UTF-8
Oct 24 12:12:09 TwinCity caddy[53878]: LC_NUMERIC=en_US.UTF-8
Oct 24 12:12:09 TwinCity caddy[53878]: LC_PAPER=en_US.UTF-8
Oct 24 12:12:09 TwinCity caddy[53878]: LC_TELEPHONE=en_US.UTF-8
Oct 24 12:12:09 TwinCity caddy[53878]: LC_TIME=en_US.UTF-8
Oct 24 12:12:09 TwinCity caddy[53878]: PATH=/usr/local/sbin:/usr/local/bin:/usr/bin:/var/lib/snapd/snap/bin
Oct 24 12:12:09 TwinCity caddy[53878]: XDG_DATA_DIRS=/var/lib/flatpak/exports/share:/usr/local/share/:/usr/share/
Oct 24 12:12:09 TwinCity caddy[53878]: _WSREP_START_POSITION=
Oct 24 12:12:09 TwinCity caddy[53878]: HOME=/var/lib/caddy
Oct 24 12:12:09 TwinCity caddy[53878]: LOGNAME=caddy
Oct 24 12:12:09 TwinCity caddy[53878]: USER=caddy
Oct 24 12:12:09 TwinCity caddy[53878]: INVOCATION_ID=01bd0a224a5c4306a41508ea36feeb1d
Oct 24 12:12:09 TwinCity caddy[53878]: JOURNAL_STREAM=8:207509
Oct 24 12:12:09 TwinCity caddy[53878]: SYSTEMD_EXEC_PID=53878
Oct 24 12:12:09 TwinCity caddy[53878]: XDG_DATA_HOME=/var/lib
Oct 24 12:12:09 TwinCity caddy[53878]: XDG_CONFIG_HOME=/etc
Oct 24 12:12:09 TwinCity caddy[53878]: {"level":"info","ts":1635095529.800548,"msg":"using provided configuration","config_file":"/etc/caddy/Caddyfile","config_adapter":""}
Oct 24 12:12:09 TwinCity caddy[53878]: {"level":"warn","ts":1635095529.8010812,"msg":"input is not formatted with 'caddy fmt'","adapter":"caddyfile","file":"/etc/caddy/Caddyfile","line":2}
Oct 24 12:12:09 TwinCity caddy[53878]: {"level":"info","ts":1635095529.8022342,"logger":"admin","msg":"admin endpoint started","address":"tcp/localhost:2019","enforce_origin":false,"origins":["localhost:2019","[::1]:2019","127.0.0.1:2019"]}
Oct 24 12:12:09 TwinCity caddy[53878]: {"level":"info","ts":1635095529.80231,"logger":"http","msg":"server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS","server_name":"srv0","https_port":443}
Oct 24 12:12:09 TwinCity caddy[53878]: {"level":"info","ts":1635095529.8023193,"logger":"http","msg":"enabling automatic HTTP->HTTPS redirects","server_name":"srv0"}
Oct 24 12:12:09 TwinCity caddy[53878]: {"level":"info","ts":1635095529.8023744,"logger":"tls.cache.maintenance","msg":"started background certificate maintenance","cache":"0xc00053c460"}
Oct 24 12:12:09 TwinCity caddy[53878]: {"level":"info","ts":1635095529.8024924,"logger":"http","msg":"enabling automatic TLS certificate management","domains":["filthy.pictures"]}
Oct 24 12:12:09 TwinCity caddy[53878]: {"level":"info","ts":1635095529.8025265,"logger":"tls","msg":"cleaning storage unit","description":"FileStorage:/var/lib/caddy"}
Oct 24 12:12:09 TwinCity caddy[53878]: {"level":"info","ts":1635095529.8026655,"msg":"autosaved config (load with --resume flag)","file":"/var/lib/caddy/autosave.json"}
Oct 24 12:12:09 TwinCity caddy[53878]: {"level":"info","ts":1635095529.8026764,"msg":"serving initial configuration"}
Oct 24 12:12:09 TwinCity caddy[53878]: {"level":"info","ts":1635095529.8027651,"logger":"tls.obtain","msg":"acquiring lock","identifier":"filthy.pictures"}
Oct 24 12:12:09 TwinCity caddy[53878]: {"level":"info","ts":1635095529.8028321,"logger":"tls","msg":"finished cleaning storage units"}
Oct 24 12:12:09 TwinCity caddy[53878]: {"level":"info","ts":1635095529.804803,"logger":"tls.obtain","msg":"lock acquired","identifier":"filthy.pictures"}
Oct 24 12:12:10 TwinCity caddy[53878]: {"level":"info","ts":1635095530.1754358,"logger":"tls.issuance.acme","msg":"waiting on internal rate limiter","identifiers":["filthy.pictures"],"ca":"https://acme-staging-v02.api.letsencrypt.org/directory","account":""}
Oct 24 12:12:10 TwinCity caddy[53878]: {"level":"info","ts":1635095530.1755018,"logger":"tls.issuance.acme","msg":"done waiting on internal rate limiter","identifiers":["filthy.pictures"],"ca":"https://acme-staging-v02.api.letsencrypt.org/directory","account":""}
Oct 24 12:12:10 TwinCity caddy[53878]: {"level":"info","ts":1635095530.304622,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"filthy.pictures","challenge_type":"http-01","ca":"https://acme-staging-v02.api.letsencrypt.org/directory"}
Oct 24 12:12:10 TwinCity caddy[53878]: {"level":"info","ts":1635095530.6410556,"logger":"tls.issuance.acme","msg":"served key authentication","identifier":"filthy.pictures","challenge":"http-01","remote":"18.222.145.89:46090","distributed":false}
Oct 24 12:12:10 TwinCity caddy[53878]: {"level":"info","ts":1635095530.7241101,"logger":"tls.issuance.acme","msg":"served key authentication","identifier":"filthy.pictures","challenge":"http-01","remote":"3.67.34.92:22208","distributed":false}
Oct 24 12:12:10 TwinCity caddy[53878]: {"level":"info","ts":1635095530.7909553,"logger":"tls.issuance.acme","msg":"served key authentication","identifier":"filthy.pictures","challenge":"http-01","remote":"34.219.64.153:11992","distributed":false}
Oct 24 12:12:10 TwinCity caddy[53878]: {"level":"info","ts":1635095530.961607,"logger":"tls.issuance.acme","msg":"served key authentication","identifier":"filthy.pictures","challenge":"http-01","remote":"66.133.109.36:17534","distributed":false}
Oct 24 12:12:11 TwinCity caddy[53878]: {"level":"info","ts":1635095531.2705374,"logger":"tls.issuance.acme.acme_client","msg":"validations succeeded; finalizing order","order":"https://acme-staging-v02.api.letsencrypt.org/acme/order/31182708/845888548"}
Oct 24 12:12:14 TwinCity caddy[53878]: {"level":"info","ts":1635095534.015133,"logger":"tls.issuance.acme.acme_client","msg":"successfully downloaded available certificate chains","count":1,"first_url":"https://acme-staging-v02.api.letsencrypt.org/acme/cert/fab3a04691f81b7e184f3fd79afb7a7d927e"}
Oct 24 12:12:14 TwinCity caddy[53878]: {"level":"info","ts":1635095534.0154188,"logger":"tls.obtain","msg":"certificate obtained successfully","identifier":"filthy.pictures"}
Oct 24 12:12:14 TwinCity caddy[53878]: {"level":"info","ts":1635095534.0154288,"logger":"tls.obtain","msg":"releasing lock","identifier":"filthy.pictures"}
Oct 24 12:26:35 TwinCity caddy[53878]: {"level":"error","ts":1635096395.721754,"logger":"tls.issuance.acme","msg":"looking up info for HTTP challenge","host":"filthy.pictures","error":"no information found to solve challenge for identifier: filthy.pictures"}
Oct 24 12:39:00 TwinCity caddy[53878]: {"level":"error","ts":1635097140.8797295,"logger":"tls.issuance.acme","msg":"looking up info for HTTP challenge","host":"filthy.pictures","error":"no information found to solve challenge for identifier: filthy.pictures"}
Oct 24 12:47:53 TwinCity caddy[53878]: {"level":"error","ts":1635097673.9903932,"logger":"tls.issuance.acme","msg":"looking up info for HTTP challenge","host":"filthy.pictures","error":"no information found to solve challenge for identifier: filthy.pictures"}
Oct 24 13:15:58 TwinCity caddy[53878]: {"level":"error","ts":1635099358.9045045,"logger":"tls.issuance.acme","msg":"looking up info for HTTP challenge","host":"filthy.pictures","error":"no information found to solve challenge for identifier: filthy.pictures"}
Oct 24 13:42:52 TwinCity caddy[53878]: {"level":"error","ts":1635100971.9999073,"logger":"tls.issuance.acme","msg":"looking up info for HTTP challenge","host":"filthy.pictures","error":"no information found to solve challenge for identifier: filthy.pictures"}
Oct 24 14:14:36 TwinCity caddy[53878]: {"level":"error","ts":1635102876.0873759,"logger":"tls.issuance.acme","msg":"looking up info for HTTP challenge","host":"filthy.pictures","error":"no information found to solve challenge for identifier: filthy.pictures"}
Oct 24 15:19:17 TwinCity caddy[53878]: {"level":"error","ts":1635106757.6452563,"logger":"tls.issuance.acme","msg":"looking up info for HTTP challenge","host":"filthy.pictures","error":"no information found to solve challenge for identifier: filthy.pictures"}
Oct 24 15:21:02 TwinCity caddy[53878]: {"level":"error","ts":1635106862.5702853,"logger":"tls.issuance.acme","msg":"looking up info for HTTP challenge","host":"filthy.pictures","error":"no information found to solve challenge for identifier: filthy.pictures"}
Oct 24 15:50:24 TwinCity caddy[53878]: {"level":"error","ts":1635108624.3859866,"logger":"tls.issuance.acme","msg":"looking up info for HTTP challenge","host":"filthy.pictures","error":"no information found to solve challenge for identifier: filthy.pictures"}
Oct 24 16:09:44 TwinCity caddy[53878]: {"level":"error","ts":1635109784.9891996,"logger":"tls.issuance.acme","msg":"looking up info for HTTP challenge","host":"filthy.pictures","error":"no information found to solve challenge for identifier: filthy.pictures"}
Oct 24 16:12:02 TwinCity caddy[53878]: {"level":"error","ts":1635109922.015979,"logger":"tls.issuance.acme","msg":"looking up info for HTTP challenge","host":"filthy.pictures","error":"no information found to solve challenge for identifier: filthy.pictures"}
Oct 24 16:14:52 TwinCity caddy[53878]: {"level":"error","ts":1635110092.7527184,"logger":"tls.issuance.acme","msg":"looking up info for HTTP challenge","host":"filthy.pictures","error":"no information found to solve challenge for identifier: filthy.pictures"}
Oct 24 17:04:45 TwinCity caddy[53878]: {"level":"error","ts":1635113085.010954,"logger":"tls.issuance.acme","msg":"looking up info for HTTP challenge","host":"filthy.pictures","error":"no information found to solve challenge for identifier: filthy.pictures"}
Oct 24 17:22:15 TwinCity caddy[53878]: {"level":"error","ts":1635114135.2557843,"logger":"tls.issuance.acme","msg":"looking up info for HTTP challenge","host":"filthy.pictures","error":"no information found to solve challenge for identifier: filthy.pictures"}
Oct 24 17:25:18 TwinCity caddy[53878]: {"level":"error","ts":1635114318.470276,"logger":"tls.issuance.acme","msg":"looking up info for HTTP challenge","host":"filthy.pictures","error":"no information found to solve challenge for identifier: filthy.pictures"}
Oct 24 17:25:18 TwinCity caddy[53878]: {"level":"error","ts":1635114318.6145294,"logger":"tls.issuance.acme","msg":"looking up info for HTTP challenge","host":"filthy.pictures","error":"no information found to solve challenge for identifier: filthy.pictures"}
Oct 24 17:28:39 TwinCity caddy[53878]: {"level":"error","ts":1635114519.9970846,"logger":"tls.issuance.acme","msg":"looking up info for HTTP challenge","host":"filthy.pictures","error":"no information found to solve challenge for identifier: filthy.pictures"}
Oct 24 17:35:40 TwinCity caddy[53878]: {"level":"error","ts":1635114940.3969002,"logger":"tls.issuance.acme","msg":"looking up info for HTTP challenge","host":"filthy.pictures","error":"no information found to solve challenge for identifier: filthy.pictures"}
Oct 24 17:36:02 TwinCity caddy[53878]: {"level":"error","ts":1635114962.348431,"logger":"tls.issuance.acme","msg":"looking up info for HTTP challenge","host":"filthy.pictures","error":"no information found to solve challenge for identifier: filthy.pictures"}
Oct 24 17:37:55 TwinCity caddy[53878]: {"level":"error","ts":1635115075.6054077,"logger":"tls.issuance.acme","msg":"looking up info for HTTP challenge","host":"filthy.pictures","error":"no information found to solve challenge for identifier: filthy.pictures"}
Oct 24 17:38:47 TwinCity caddy[53878]: {"level":"error","ts":1635115127.57747,"logger":"tls.issuance.acme","msg":"looking up info for HTTP challenge","host":"filthy.pictures","error":"no information found to solve challenge for identifier: filthy.pictures"}
Oct 24 17:40:31 TwinCity caddy[53878]: {"level":"error","ts":1635115231.693247,"logger":"tls.issuance.acme","msg":"looking up info for HTTP challenge","host":"filthy.pictures","error":"no information found to solve challenge for identifier: filthy.pictures"}
Oct 24 17:41:22 TwinCity caddy[53878]: {"level":"error","ts":1635115282.3370697,"logger":"tls.issuance.acme","msg":"looking up info for HTTP challenge","host":"filthy.pictures","error":"no information found to solve challenge for identifier: filthy.pictures"}
Oct 24 17:45:27 TwinCity caddy[53878]: {"level":"error","ts":1635115527.4046974,"logger":"tls.issuance.acme","msg":"looking up info for HTTP challenge","host":"filthy.pictures","error":"no information found to solve challenge for identifier: filthy.pictures"}
Oct 24 17:47:55 TwinCity caddy[53878]: {"level":"error","ts":1635115675.2892206,"logger":"tls.issuance.acme","msg":"looking up info for HTTP challenge","host":"filthy.pictures","error":"no information found to solve challenge for identifier: filthy.pictures"}
Oct 24 17:48:07 TwinCity caddy[53878]: {"level":"error","ts":1635115687.311823,"logger":"tls.issuance.acme","msg":"looking up info for HTTP challenge","host":"filthy.pictures","error":"no information found to solve challenge for identifier: filthy.pictures"}
Oct 24 17:48:31 TwinCity caddy[53878]: {"level":"error","ts":1635115711.8815198,"logger":"tls.issuance.acme","msg":"looking up info for HTTP challenge","host":"filthy.pictures","error":"no information found to solve challenge for identifier: filthy.pictures"}
Oct 24 17:52:55 TwinCity caddy[53878]: {"level":"error","ts":1635115975.399609,"logger":"tls.issuance.acme","msg":"looking up info for HTTP challenge","host":"filthy.pictures","error":"no information found to solve challenge for identifier: filthy.pictures"}
Oct 24 17:53:38 TwinCity caddy[53878]: {"level":"error","ts":1635116018.5167673,"logger":"tls.issuance.acme","msg":"looking up info for HTTP challenge","host":"filthy.pictures","error":"no information found to solve challenge for identifier: filthy.pictures"}
Oct 24 17:53:49 TwinCity caddy[53878]: {"level":"error","ts":1635116029.543505,"logger":"tls.issuance.acme","msg":"looking up info for HTTP challenge","host":"filthy.pictures","error":"no information found to solve challenge for identifier: filthy.pictures"}
Oct 24 17:55:44 TwinCity caddy[53878]: {"level":"error","ts":1635116144.9539,"logger":"tls.issuance.acme","msg":"looking up info for HTTP challenge","host":"filthy.pictures","error":"no information found to solve challenge for identifier: filthy.pictures"}
Oct 24 19:35:54 TwinCity caddy[53878]: {"level":"error","ts":1635122154.864844,"logger":"tls.issuance.acme","msg":"looking up info for HTTP challenge","host":"filthy.pictures","error":"no information found to solve challenge for identifier: filthy.pictures"}

5. What I already tried:

Verified on Google Domains that A record was updated via ddclient to point to my IP
Verified ports were forwarded in Google Fiber router config
I was succesful once with only http:// (specified in caddyfile) on making filthy.pictures go to Jellyfin. However upon trying again just now it still won’t connect even with http:// only.
I tried deleting the local files and trying again a couple times, which was stupid, and I believe i hit a rate limit, so you can see from my caddyfile I am currently using the staging

6. Links to relevant resources:

idk sorry

francislavoie · October 25, 2021, 10:51am

These messages indicate that Caddy received requests from Let’s Encrypt to try and solve the HTTP challenge, but you no longer have the challenge information stored on disk to solve it. I don’t think you’ve been rate limited. Either way, ZeroSSL has no rate limits at all currently, so even if you do get rate limited by LE, it should still work with ZeroSSL.

Is it possible that your ISP blocks or prevents connections on port 443? It’s not uncommon, unfortunately.

Ike · October 25, 2021, 3:39pm

OK so in searching if Google Fiber might be causing problems, I found there’s a known issue with this specific router (edit: the multi-gig router provided for 2gig customers) and port forwarding. I confirmed via https://portchecker.co/ that 443 is closed. There are some workaround for the router i need to try and if needed I’ll switch to the “Bring Your Own Router” plan and hook up something else. This should be closed since it seems to not be caddy related.

Thanks for your response

matt · October 25, 2021, 4:10pm

Odd, when I had Google Fiber I was able to forward port 443… in fact I developed Caddy almost exclusively behind Google Fiber. They must have broken something with their router

Ike · October 25, 2021, 5:05pm

Yes it’s specifically a problem with the “multi-gig router” required for 2 gig. It can work with it but it’s very buggy apparently.

Ike · October 25, 2021, 5:55pm

Following up and consolidating solution. This is a router bug, nothing related to Caddy. After doing workaround steps for the know issue with Google Fiber’s GFRG300 box found on reddit, all is working now. If anyone has Google Fiber 2 Gig, or is using the 2 Gig GFRG300 router with any plan, do the following:

Log in to fiber.google.com and access the router settings
Select the router, visit Advanced > Admin
Reset the network settings
Restart the router from the same screen (Or unplug for a bit then plug back in if it doesn’t go through)
Once back up, redo your reserved IP and port settings
Wait a bit and all should be open
If it happens again in the future, which has been reported to happen, then rinse and repeat, and hope the bug is fixed

system · November 24, 2021, 4:38am

This topic was automatically closed after 30 days. New replies are no longer allowed.