Configuring Caddy with TailScale to access a 3000 port app

Help
1

1. The problem I’m having:

I have a mac server. I have tailscale already configured and caddy installed… I want to be able to access an app on my server at port 3000 via https externally (or via tailscale VPN at least).

I have the following caddyfile configuration:

{
    debug
}

my-mac-mini.tailxxxxx.ts.net{
    reverse_proxy localhost:3000
}

I can access the app locally by running http://localhost:3000. Accessing https://localhost:3000 nor my-mac-mini.tailxxxxx.ts.net works.

2. Error messages and/or full log output:

❯ curl -v https://localhost:3000
* Host localhost:3000 was resolved.
* IPv6: ::1
* IPv4: 127.0.0.1
*   Trying [::1]:3000...
* Connected to localhost (::1) port 3000
* ALPN: curl offers h2,http/1.1
* (304) (OUT), TLS handshake, Client hello (1):
*  CAfile: /etc/ssl/cert.pem
*  CApath: none
* LibreSSL/3.3.6: error:1404B42E:SSL routines:ST_CONNECT:tlsv1 alert protocol version
* Closing connection
curl: (35) LibreSSL/3.3.6: error:1404B42E:SSL routines:ST_CONNECT:tlsv1 alert protocol version.

3. Caddy version:

4. How I installed and ran Caddy:

It was installed using homebrew.

a. System environment:

Not running on docker but running using sudo caddy --config caddyfile

b. Command:

sudo caddy --config caddyfile

c. Service/unit/compose file:

PASTE OVER THIS, BETWEEN THE ``` LINES.
Please use the preview pane to ensure it looks nice.

d. My complete Caddy config:

# Replace 'your-tailscale-domain' with your actual Tailscale domain, which typically looks like machine-name.ts.net
{
    debug
}

dorons-mac-mini.tail7c7620.ts.net{
    reverse_proxy localhost:3000
}

5. Links to relevant resources:

2

Caddy isn’t listening on port 3000, it listens on port 80 and 443 for HTTP and HTTPS respectively. Also, it doesn’t have a certificate for localhost (you didn’t tell it to generate one) so even if you connected with https://localhost (i.e. port 443) you would get a TLS error.

You need a space between the domain and the {.

What’s in your Caddy logs? What version of Caddy are you using exactly? Are you sure Caddy has access to the tailscale socket?

I don’t use Tailscale myself so I can’t help much beyond that.

1 Like
3

Hi… I have the latest caddy, I literally downloaded it tonight.

caddy --version
v2.8.4 h1:q3pe0wpBj1OcHFZ3n/1nl4V4bxBrYoSoab7rL9BMYNk=

I was following instructions from tailscale so i didnt do anything specific to expose tailscale socket. I will look that up now. Ill also add space between curley and domain but is there anything else I need to do?

I also am not sure how to access the caddy logs

4

Running it again

2024/11/11 03:59:42.394	DEBUG	events	event	{"name": "tls_get_certificate", "id": "02da6e44-4cec-4cbb-ba06-45b45f33c24d", "origin": "tls", "data": {"client_hello":{"CipherSuites":[10794,4865,4866,4867,49196,49195,52393,49200,49199,52392,49162,49161,49172,49171,157,156,53,47,49160,49170,10],"ServerName":"dorons-mac-mini.tail7c7620.ts.net","SupportedCurves":[39578,29,23,24,25],"SupportedPoints":"AA==","SignatureSchemes":[1027,2052,1025,1283,2053,2053,1281,2054,1537,513],"SupportedProtos":["h2","http/1.1"],"SupportedVersions":[27242,772,771,770,769],"RemoteAddr":{"IP":"100.72.17.42","Port":59136,"Zone":""},"LocalAddr":{"IP":"100.78.23.84","Port":443,"Zone":""}}}}
2024/11/11 03:59:42.396	DEBUG	tls.handshake	no matching certificates and no custom selection logic	{"identifier": "dorons-mac-mini.tail7c7620.ts.net"}
2024/11/11 03:59:42.396	DEBUG	tls.handshake	no matching certificates and no custom selection logic	{"identifier": "*.tail7c7620.ts.net"}
2024/11/11 03:59:42.396	DEBUG	tls.handshake	no matching certificates and no custom selection logic	{"identifier": "*.*.ts.net"}
2024/11/11 03:59:42.396	DEBUG	tls.handshake	no matching certificates and no custom selection logic	{"identifier": "*.*.*.net"}
2024/11/11 03:59:42.396	DEBUG	tls.handshake	no matching certificates and no custom selection logic	{"identifier": "*.*.*.*"}
2024/11/11 03:59:42.421	WARN	http	could not get status; will try to get certificate anyway	{"error": "Get \"http://local-tailscaled.sock/localapi/v0/status\": dial tcp [::1]:54567: connect: connection refused"}
2024/11/11 03:59:42.434	ERROR	tls.handshake	external certificate manager	{"remote_ip": "100.72.17.42", "remote_port": "59136", "sni": "dorons-mac-mini.tail7c7620.ts.net", "cert_manager": "caddytls.Tailscale", "cert_manager_idx": 0, "error": "Get \"http://local-tailscaled.sock/localapi/v0/cert/dorons-mac-mini.tail7c7620.ts.net?type=pair\": dial tcp [::1]:54567: connect: connection refused"}
2024/11/11 03:59:42.435	DEBUG	http.stdlib	http: TLS handshake error from 100.72.17.42:59136: external certificate manager indicated that it is unable to yield certificate: Get "http://local-tailscaled.sock/localapi/v0/cert/dorons-mac-mini.tail7c7620.ts.net?type=pair": dial tcp [::1]:54567: connect: connection refused
2024/11/11 03:59:42.502	DEBUG	events	event	{"name": "tls_get_certificate", "id": "4be060d8-5e69-4bf8-aa90-84a622348826", "origin": "tls", "data": {"client_hello":{"CipherSuites":[35466,4865,4866,4867,49196,49195,52393,49200,49199,52392,49162,49161,49172,49171,157,156,53,47,49160,49170,10],"ServerName":"dorons-mac-mini.tail7c7620.ts.net","SupportedCurves":[39578,29,23,24,25],"SupportedPoints":"AA==","SignatureSchemes":[1027,2052,1025,1283,2053,2053,1281,2054,1537,513],"SupportedProtos":["h2","http/1.1"],"SupportedVersions":[23130,772,771,770,769],"RemoteAddr":{"IP":"100.72.17.42","Port":59137,"Zone":""},"LocalAddr":{"IP":"100.78.23.84","Port":443,"Zone":""}}}}
2024/11/11 03:59:42.502	DEBUG	tls.handshake	no matching certificates and no custom selection logic	{"identifier": "dorons-mac-mini.tail7c7620.ts.net"}
2024/11/11 03:59:42.502	DEBUG	tls.handshake	no matching certificates and no custom selection logic	{"identifier": "*.tail7c7620.ts.net"}
2024/11/11 03:59:42.502	DEBUG	tls.handshake	no matching certificates and no custom selection logic	{"identifier": "*.*.ts.net"}
2024/11/11 03:59:42.502	DEBUG	tls.handshake	no matching certificates and no custom selection logic	{"identifier": "*.*.*.net"}
2024/11/11 03:59:42.502	DEBUG	tls.handshake	no matching certificates and no custom selection logic	{"identifier": "*.*.*.*"}
2024/11/11 03:59:42.513	WARN	http	could not get status; will try to get certificate anyway	{"error": "Get \"http://local-tailscaled.sock/localapi/v0/status\": dial tcp [::1]:54567: connect: connection refused"}
2024/11/11 03:59:42.521	ERROR	tls.handshake	external certificate manager	{"remote_ip": "100.72.17.42", "remote_port": "59137", "sni": "dorons-mac-mini.tail7c7620.ts.net", "cert_manager": "caddytls.Tailscale", "cert_manager_idx": 0, "error": "Get \"http://local-tailscaled.sock/localapi/v0/cert/dorons-mac-mini.tail7c7620.ts.net?type=pair\": dial tcp [::1]:54567: connect: connection refused"}
2024/11/11 03:59:42.522	DEBUG	http.stdlib	http: TLS handshake error from 100.72.17.42:59137: external certificate manager indicated that it is unable to yield certificate: Get "http://local-tailscaled.sock/localapi/v0/cert/dorons-mac-mini.tail7c7620.ts.net?type=pair": dial tcp [::1]:54567: connect: connection refused
2024/11/11 03:59:42.608	DEBUG	events	event	{"name": "tls_get_certificate", "id": "71f86f5e-0202-4c97-814c-5887a951c947", "origin": "tls", "data": {"client_hello":{"CipherSuites":[35466,4865,4866,4867,49196,49195,52393,49200,49199,52392,49162,49161,49172,49171,157,156,53,47,49160,49170,10],"ServerName":"dorons-mac-mini.tail7c7620.ts.net","SupportedCurves":[47802,29,23,24,25],"SupportedPoints":"AA==","SignatureSchemes":[1027,2052,1025,1283,2053,2053,1281,2054,1537,513],"SupportedProtos":["h2","http/1.1"],"SupportedVersions":[14906,772,771,770,769],"RemoteAddr":{"IP":"100.72.17.42","Port":59138,"Zone":""},"LocalAddr":{"IP":"100.78.23.84","Port":443,"Zone":""}}}}
2024/11/11 03:59:42.608	DEBUG	tls.handshake	no matching certificates and no custom selection logic	{"identifier": "dorons-mac-mini.tail7c7620.ts.net"}
2024/11/11 03:59:42.608	DEBUG	tls.handshake	no matching certificates and no custom selection logic	{"identifier": "*.tail7c7620.ts.net"}
2024/11/11 03:59:42.608	DEBUG	tls.handshake	no matching certificates and no custom selection logic	{"identifier": "*.*.ts.net"}
2024/11/11 03:59:42.608	DEBUG	tls.handshake	no matching certificates and no custom selection logic	{"identifier": "*.*.*.net"}
2024/11/11 03:59:42.608	DEBUG	tls.handshake	no matching certificates and no custom selection logic	{"identifier": "*.*.*.*"}
2024/11/11 03:59:42.621	WARN	http	could not get status; will try to get certificate anyway	{"error": "Get \"http://local-tailscaled.sock/localapi/v0/status\": dial tcp [::1]:54567: connect: connection refused"}
2024/11/11 03:59:42.632	ERROR	tls.handshake	external certificate manager	{"remote_ip": "100.72.17.42", "remote_port": "59138", "sni": "dorons-mac-mini.tail7c7620.ts.net", "cert_manager": "caddytls.Tailscale", "cert_manager_idx": 0, "error": "Get \"http://local-tailscaled.sock/localapi/v0/cert/dorons-mac-mini.tail7c7620.ts.net?type=pair\": dial tcp [::1]:54567: connect: connection refused"}
2024/11/11 03:59:42.632	DEBUG	http.stdlib	http: TLS handshake error from 100.72.17.42:59138: external certificate manager indicated that it is unable to yield certificate: Get "http://local-tailscaled.sock/localapi/v0/cert/dorons-mac-mini.tail7c7620.ts.net?type=pair": dial tcp [::1]:54567: connect: connection refused
2024/11/11 03:59:42.706	DEBUG	events	event	{"name": "tls_get_certificate", "id": "c7344aab-2d61-4df3-976c-1d48aa55d227", "origin": "tls", "data": {"client_hello":{"CipherSuites":[6682,4865,4866,4867,49196,49195,52393,49200,49199,52392,49162,49161,49172,49171,157,156,53,47,49160,49170,10],"ServerName":"dorons-mac-mini.tail7c7620.ts.net","SupportedCurves":[19018,29,23,24,25],"SupportedPoints":"AA==","SignatureSchemes":[1027,2052,1025,1283,2053,2053,1281,2054,1537,513],"SupportedProtos":["h2","http/1.1"],"SupportedVersions":[27242,772,771,770,769],"RemoteAddr":{"IP":"100.72.17.42","Port":59139,"Zone":""},"LocalAddr":{"IP":"100.78.23.84","Port":443,"Zone":""}}}}
2024/11/11 03:59:42.706	DEBUG	tls.handshake	no matching certificates and no custom selection logic	{"identifier": "dorons-mac-mini.tail7c7620.ts.net"}
2024/11/11 03:59:42.706	DEBUG	tls.handshake	no matching certificates and no custom selection logic	{"identifier": "*.tail7c7620.ts.net"}
2024/11/11 03:59:42.706	DEBUG	tls.handshake	no matching certificates and no custom selection logic	{"identifier": "*.*.ts.net"}
2024/11/11 03:59:42.706	DEBUG	tls.handshake	no matching certificates and no custom selection logic	{"identifier": "*.*.*.net"}
2024/11/11 03:59:42.706	DEBUG	tls.handshake	no matching certificates and no custom selection logic	{"identifier": "*.*.*.*"}
2024/11/11 03:59:42.714	WARN	http	could not get status; will try to get certificate anyway	{"error": "Get \"http://local-tailscaled.sock/localapi/v0/status\": dial tcp [::1]:54567: connect: connection refused"}
2024/11/11 03:59:42.721	ERROR	tls.handshake	external certificate manager	{"remote_ip": "100.72.17.42", "remote_port": "59139", "sni": "dorons-mac-mini.tail7c7620.ts.net", "cert_manager": "caddytls.Tailscale", "cert_manager_idx": 0, "error": "Get \"http://local-tailscaled.sock/localapi/v0/cert/dorons-mac-mini.tail7c7620.ts.net?type=pair\": dial tcp [::1]:54567: connect: connection refused"}
2024/11/11 03:59:42.722	DEBUG	http.stdlib	http: TLS handshake error from 100.72.17.42:59139: external certificate manager indicated that it is unable to yield certificate: Get "http://local-tailscaled.sock/localapi/v0/cert/dorons-mac-mini.tail7c7620.ts.net?type=pair": dial tcp [::1]:54567: connect: connection refused
2024/11/11 03:59:42.829	DEBUG	events	event	{"name": "tls_get_certificate", "id": "02060a42-6f5a-4574-802f-48922f3a9b77", "origin": "tls", "data": {"client_hello":{"CipherSuites":[2570,4865,4866,4867,49196,49195,52393,49200,49199,52392,49162,49161,49172,49171,157,156,53,47,49160,49170,10],"ServerName":"dorons-mac-mini.tail7c7620.ts.net","SupportedCurves":[47802,29,23,24,25],"SupportedPoints":"AA==","SignatureSchemes":[1027,2052,1025,1283,2053,2053,1281,2054,1537,513],"SupportedProtos":["h2","http/1.1"],"SupportedVersions":[2570,772,771,770,769],"RemoteAddr":{"IP":"100.72.17.42","Port":59140,"Zone":""},"LocalAddr":{"IP":"100.78.23.84","Port":443,"Zone":""}}}}
2024/11/11 03:59:42.830	DEBUG	tls.handshake	no matching certificates and no custom selection logic	{"identifier": "dorons-mac-mini.tail7c7620.ts.net"}
2024/11/11 03:59:42.830	DEBUG	tls.handshake	no matching certificates and no custom selection logic	{"identifier": "*.tail7c7620.ts.net"}
2024/11/11 03:59:42.830	DEBUG	tls.handshake	no matching certificates and no custom selection logic	{"identifier": "*.*.ts.net"}
2024/11/11 03:59:42.830	DEBUG	tls.handshake	no matching certificates and no custom selection logic	{"identifier": "*.*.*.net"}
2024/11/11 03:59:42.830	DEBUG	tls.handshake	no matching certificates and no custom selection logic	{"identifier": "*.*.*.*"}
2024/11/11 03:59:42.852	WARN	http	could not get status; will try to get certificate anyway	{"error": "Get \"http://local-tailscaled.sock/localapi/v0/status\": dial tcp [::1]:54567: connect: connection refused"}
2024/11/11 03:59:42.864	ERROR	tls.handshake	external certificate manager	{"remote_ip": "100.72.17.42", "remote_port": "59140", "sni": "dorons-mac-mini.tail7c7620.ts.net", "cert_manager": "caddytls.Tailscale", "cert_manager_idx": 0, "error": "Get \"http://local-tailscaled.sock/localapi/v0/cert/dorons-mac-mini.tail7c7620.ts.net?type=pair\": dial tcp [::1]:54567: connect: connection refused"}
2024/11/11 03:59:42.864	DEBUG	http.stdlib	http: TLS handshake error from 100.72.17.42:59140: external certificate manager indicated that it is unable to yield certificate: Get "http://local-tailscaled.sock/localapi/v0/cert/dorons-mac-mini.tail7c7620.ts.net?type=pair": dial tcp [::1]:54567: connect: connection refused
2024/11/11 03:59:42.922	DEBUG	events	event	{"name": "tls_get_certificate", "id": "e05bd7be-8fd1-4f21-baea-91e2a7916461", "origin": "tls", "data": {"client_hello":{"CipherSuites":[43690,4865,4866,4867,49196,49195,52393,49200,49199,52392,49162,49161,49172,49171,157,156,53,47,49160,49170,10],"ServerName":"dorons-mac-mini.tail7c7620.ts.net","SupportedCurves":[2570,29,23,24,25],"SupportedPoints":"AA==","SignatureSchemes":[1027,2052,1025,1283,2053,2053,1281,2054,1537,513],"SupportedProtos":["h2","http/1.1"],"SupportedVersions":[23130,772,771,770,769],"RemoteAddr":{"IP":"100.72.17.42","Port":59141,"Zone":""},"LocalAddr":{"IP":"100.78.23.84","Port":443,"Zone":""}}}}
2024/11/11 03:59:42.922	DEBUG	tls.handshake	no matching certificates and no custom selection logic	{"identifier": "dorons-mac-mini.tail7c7620.ts.net"}
2024/11/11 03:59:42.922	DEBUG	tls.handshake	no matching certificates and no custom selection logic	{"identifier": "*.tail7c7620.ts.net"}
2024/11/11 03:59:42.922	DEBUG	tls.handshake	no matching certificates and no custom selection logic	{"identifier": "*.*.ts.net"}
2024/11/11 03:59:42.922	DEBUG	tls.handshake	no matching certificates and no custom selection logic	{"identifier": "*.*.*.net"}
2024/11/11 03:59:42.922	DEBUG	tls.handshake	no matching certificates and no custom selection logic	{"identifier": "*.*.*.*"}
2024/11/11 03:59:42.936	WARN	http	could not get status; will try to get certificate anyway	{"error": "Get \"http://local-tailscaled.sock/localapi/v0/status\": dial tcp [::1]:54567: connect: connection refused"}
2024/11/11 03:59:42.946	ERROR	tls.handshake	external certificate manager	{"remote_ip": "100.72.17.42", "remote_port": "59141", "sni": "dorons-mac-mini.tail7c7620.ts.net", "cert_manager": "caddytls.Tailscale", "cert_manager_idx": 0, "error": "Get \"http://local-tailscaled.sock/localapi/v0/cert/dorons-mac-mini.tail7c7620.ts.net?type=pair\": dial tcp [::1]:54567: connect: connection refused"}
2024/11/11 03:59:42.946	DEBUG	http.stdlib	http: TLS handshake error from 100.72.17.42:59141: external certificate manager indicated that it is unable to yield certificate: Get "http://local-tailscaled.sock/localapi/v0/cert/dorons-mac-mini.tail7c7620.ts.net?type=pair": dial tcp [::1]:54567: connect: connection refused
2024/11/11 03:59:43.022	DEBUG	events	event	{"name": "tls_get_certificate", "id": "fc08981d-5443-4a2f-84dc-b5d01805ae9c", "origin": "tls", "data": {"client_hello":{"CipherSuites":[56026,4865,4866,4867,49196,49195,52393,49200,49199,52392,49162,49161,49172,49171,157,156,53,47,49160,49170,10],"ServerName":"dorons-mac-mini.tail7c7620.ts.net","SupportedCurves":[6682,29,23,24,25],"SupportedPoints":"AA==","SignatureSchemes":[1027,2052,1025,1283,2053,2053,1281,2054,1537,513],"SupportedProtos":["h2","http/1.1"],"SupportedVersions":[10794,772,771,770,769],"RemoteAddr":{"IP":"100.72.17.42","Port":59142,"Zone":""},"LocalAddr":{"IP":"100.78.23.84","Port":443,"Zone":""}}}}
2024/11/11 03:59:43.022	DEBUG	tls.handshake	no matching certificates and no custom selection logic	{"identifier": "dorons-mac-mini.tail7c7620.ts.net"}
2024/11/11 03:59:43.022	DEBUG	tls.handshake	no matching certificates and no custom selection logic	{"identifier": "*.tail7c7620.ts.net"}
2024/11/11 03:59:43.022	DEBUG	tls.handshake	no matching certificates and no custom selection logic	{"identifier": "*.*.ts.net"}
2024/11/11 03:59:43.022	DEBUG	tls.handshake	no matching certificates and no custom selection logic	{"identifier": "*.*.*.net"}
2024/11/11 03:59:43.022	DEBUG	tls.handshake	no matching certificates and no custom selection logic	{"identifier": "*.*.*.*"}
2024/11/11 03:59:43.040	WARN	http	could not get status; will try to get certificate anyway	{"error": "Get \"http://local-tailscaled.sock/localapi/v0/status\": dial tcp [::1]:54567: connect: connection refused"}
2024/11/11 03:59:43.048	ERROR	tls.handshake	external certificate manager	{"remote_ip": "100.72.17.42", "remote_port": "59142", "sni": "dorons-mac-mini.tail7c7620.ts.net", "cert_manager": "caddytls.Tailscale", "cert_manager_idx": 0, "error": "Get \"http://local-tailscaled.sock/localapi/v0/cert/dorons-mac-mini.tail7c7620.ts.net?type=pair\": dial tcp [::1]:54567: connect: connection refused"}
2024/11/11 03:59:43.048	DEBUG	http.stdlib	http: TLS handshake error from 100.72.17.42:59142: external certificate manager indicated that it is unable to yield certificate: Get "http://local-tailscaled.sock/localapi/v0/cert/dorons-mac-mini.tail7c7620.ts.net?type=pair": dial tcp [::1]:54567: connect: connection refused
2024/11/11 03:59:43.098	DEBUG	events	event	{"name": "tls_get_certificate", "id": "6f203e01-96cb-4b96-b933-b41b77e856df", "origin": "tls", "data": {"client_hello":{"CipherSuites":[47802,4865,4866,4867,49196,49195,52393,49200,49199,52392,49162,49161,49172,49171,157,156,53,47,49160,49170,10],"ServerName":"dorons-mac-mini.tail7c7620.ts.net","SupportedCurves":[14906,29,23,24,25],"SupportedPoints":"AA==","SignatureSchemes":[1027,2052,1025,1283,2053,2053,1281,2054,1537,513],"SupportedProtos":["h2","http/1.1"],"SupportedVersions":[10794,772,771,770,769],"RemoteAddr":{"IP":"100.72.17.42","Port":59143,"Zone":""},"LocalAddr":{"IP":"100.78.23.84","Port":443,"Zone":""}}}}
2024/11/11 03:59:43.098	DEBUG	tls.handshake	no matching certificates and no custom selection logic	{"identifier": "dorons-mac-mini.tail7c7620.ts.net"}
2024/11/11 03:59:43.098	DEBUG	tls.handshake	no matching certificates and no custom selection logic	{"identifier": "*.tail7c7620.ts.net"}
2024/11/11 03:59:43.098	DEBUG	tls.handshake	no matching certificates and no custom selection logic	{"identifier": "*.*.ts.net"}
2024/11/11 03:59:43.098	DEBUG	tls.handshake	no matching certificates and no custom selection logic	{"identifier": "*.*.*.net"}
2024/11/11 03:59:43.098	DEBUG	tls.handshake	no matching certificates and no custom selection logic	{"identifier": "*.*.*.*"}
2024/11/11 03:59:43.105	WARN	http	could not get status; will try to get certificate anyway	{"error": "Get \"http://local-tailscaled.sock/localapi/v0/status\": dial tcp [::1]:54567: connect: connection refused"}
2024/11/11 03:59:43.116	ERROR	tls.handshake	external certificate manager	{"remote_ip": "100.72.17.42", "remote_port": "59143", "sni": "dorons-mac-mini.tail7c7620.ts.net", "cert_manager": "caddytls.Tailscale", "cert_manager_idx": 0, "error": "Get \"http://local-tailscaled.sock/localapi/v0/cert/dorons-mac-mini.tail7c7620.ts.net?type=pair\": dial tcp [::1]:54567: connect: connection refused"}
2024/11/11 03:59:43.116	DEBUG	http.stdlib	http: TLS handshake error from 100.72.17.42:59143: external certificate manager indicated that it is unable to yield certificate: Get "http://local-tailscaled.sock/localapi/v0/cert/dorons-mac-mini.tail7c7620.ts.net?type=pair": dial tcp [::1]:54567: connect: connection refused
2024/11/11 03:59:45.076	DEBUG	events	event	{"name": "tls_get_certificate", "id": "9d1b569e-bfa2-47fd-bb13-909af878f5b8", "origin": "tls", "data": {"client_hello":{"CipherSuites":[43690,4865,4866,4867,49196,49195,52393,49200,49199,52392,49162,49161,49172,49171,157,156,53,47,49160,49170,10],"ServerName":"dorons-mac-mini.tail7c7620.ts.net","SupportedCurves":[64250,29,23,24,25],"SupportedPoints":"AA==","SignatureSchemes":[1027,2052,1025,1283,2053,2053,1281,2054,1537,513],"SupportedProtos":["h2","http/1.1"],"SupportedVersions":[14906,772,771,770,769],"RemoteAddr":{"IP":"100.72.17.42","Port":59145,"Zone":""},"LocalAddr":{"IP":"100.78.23.84","Port":443,"Zone":""}}}}
2024/11/11 03:59:45.077	DEBUG	tls.handshake	no matching certificates and no custom selection logic	{"identifier": "dorons-mac-mini.tail7c7620.ts.net"}
2024/11/11 03:59:45.077	DEBUG	tls.handshake	no matching certificates and no custom selection logic	{"identifier": "*.tail7c7620.ts.net"}
2024/11/11 03:59:45.077	DEBUG	tls.handshake	no matching certificates and no custom selection logic	{"identifier": "*.*.ts.net"}
2024/11/11 03:59:45.077	DEBUG	tls.handshake	no matching certificates and no custom selection logic	{"identifier": "*.*.*.net"}
2024/11/11 03:59:45.077	DEBUG	tls.handshake	no matching certificates and no custom selection logic	{"identifier": "*.*.*.*"}
2024/11/11 03:59:45.098	WARN	http	could not get status; will try to get certificate anyway	{"error": "Get \"http://local-tailscaled.sock/localapi/v0/status\": dial tcp [::1]:54567: connect: connection refused"}
2024/11/11 03:59:45.105	ERROR	tls.handshake	external certificate manager	{"remote_ip": "100.72.17.42", "remote_port": "59145", "sni": "dorons-mac-mini.tail7c7620.ts.net", "cert_manager": "caddytls.Tailscale", "cert_manager_idx": 0, "error": "Get \"http://local-tailscaled.sock/localapi/v0/cert/dorons-mac-mini.tail7c7620.ts.net?type=pair\": dial tcp [::1]:54567: connect: connection refused"}
2024/11/11 03:59:45.106	DEBUG	http.stdlib	http: TLS handshake error from 100.72.17.42:59145: external certificate manager indicated that it is unable to yield certificate: Get "http://local-tailscaled.sock/localapi/v0/cert/dorons-mac-mini.tail7c7620.ts.net?type=pair": dial tcp [::1]:54567: connect: connection refused
2024/11/11 03:59:45.162	DEBUG	events	event	{"name": "tls_get_certificate", "id": "2e1f5505-1437-4f38-8982-150617dee1d6", "origin": "tls", "data": {"client_hello":{"CipherSuites":[35466,4865,4866,4867,49196,49195,52393,49200,49199,52392,49162,49161,49172,49171,157,156,53,47,49160,49170,10],"ServerName":"dorons-mac-mini.tail7c7620.ts.net","SupportedCurves":[27242,29,23,24,25],"SupportedPoints":"AA==","SignatureSchemes":[1027,2052,1025,1283,2053,2053,1281,2054,1537,513],"SupportedProtos":["h2","http/1.1"],"SupportedVersions":[2570,772,771,770,769],"RemoteAddr":{"IP":"100.72.17.42","Port":59146,"Zone":""},"LocalAddr":{"IP":"100.78.23.84","Port":443,"Zone":""}}}}
2024/11/11 03:59:45.162	DEBUG	tls.handshake	no matching certificates and no custom selection logic	{"identifier": "dorons-mac-mini.tail7c7620.ts.net"}
2024/11/11 03:59:45.162	DEBUG	tls.handshake	no matching certificates and no custom selection logic	{"identifier": "*.tail7c7620.ts.net"}
2024/11/11 03:59:45.162	DEBUG	tls.handshake	no matching certificates and no custom selection logic	{"identifier": "*.*.ts.net"}
2024/11/11 03:59:45.162	DEBUG	tls.handshake	no matching certificates and no custom selection logic	{"identifier": "*.*.*.net"}
2024/11/11 03:59:45.162	DEBUG	tls.handshake	no matching certificates and no custom selection logic	{"identifier": "*.*.*.*"}
2024/11/11 03:59:45.212	WARN	http	could not get status; will try to get certificate anyway	{"error": "Get \"http://local-tailscaled.sock/localapi/v0/status\": dial tcp [::1]:54567: connect: connection refused"}
2024/11/11 03:59:45.219	ERROR	tls.handshake	external certificate manager	{"remote_ip": "100.72.17.42", "remote_port": "59146", "sni": "dorons-mac-mini.tail7c7620.ts.net", "cert_manager": "caddytls.Tailscale", "cert_manager_idx": 0, "error": "Get \"http://local-tailscaled.sock/localapi/v0/cert/dorons-mac-mini.tail7c7620.ts.net?type=pair\": dial tcp [::1]:54567: connect: connection refused"}
2024/11/11 03:59:45.219	DEBUG	http.stdlib	http: TLS handshake error from 100.72.17.42:59146: external certificate manager indicated that it is unable to yield certificate: Get "http://local-tailscaled.sock/localapi/v0/cert/dorons-mac-mini.tail7c7620.ts.net?type=pair": dial tcp [::1]:54567: connect: connection refused
2024/11/11 03:59:45.294	DEBUG	events	event	{"name": "tls_get_certificate", "id": "3714f08e-d898-4e67-afcb-9f93786a937e", "origin": "tls", "data": {"client_hello":{"CipherSuites":[2570,4865,4866,4867,49196,49195,52393,49200,49199,52392,49162,49161,49172,49171,157,156,53,47,49160,49170,10],"ServerName":"dorons-mac-mini.tail7c7620.ts.net","SupportedCurves":[43690,29,23,24,25],"SupportedPoints":"AA==","SignatureSchemes":[1027,2052,1025,1283,2053,2053,1281,2054,1537,513],"SupportedProtos":["h2","http/1.1"],"SupportedVersions":[6682,772,771,770,769],"RemoteAddr":{"IP":"100.72.17.42","Port":59148,"Zone":""},"LocalAddr":{"IP":"100.78.23.84","Port":443,"Zone":""}}}}
2024/11/11 03:59:45.295	DEBUG	tls.handshake	no matching certificates and no custom selection logic	{"identifier": "dorons-mac-mini.tail7c7620.ts.net"}
2024/11/11 03:59:45.295	DEBUG	tls.handshake	no matching certificates and no custom selection logic	{"identifier": "*.tail7c7620.ts.net"}
2024/11/11 03:59:45.295	DEBUG	tls.handshake	no matching certificates and no custom selection logic	{"identifier": "*.*.ts.net"}
2024/11/11 03:59:45.295	DEBUG	tls.handshake	no matching certificates and no custom selection logic	{"identifier": "*.*.*.net"}
2024/11/11 03:59:45.295	DEBUG	tls.handshake	no matching certificates and no custom selection logic	{"identifier": "*.*.*.*"}
2024/11/11 03:59:45.318	WARN	http	could not get status; will try to get certificate anyway	{"error": "Get \"http://local-tailscaled.sock/localapi/v0/status\": dial tcp [::1]:54567: connect: connection refused"}
2024/11/11 03:59:45.333	ERROR	tls.handshake	external certificate manager	{"remote_ip": "100.72.17.42", "remote_port": "59148", "sni": "dorons-mac-mini.tail7c7620.ts.net", "cert_manager": "caddytls.Tailscale", "cert_manager_idx": 0, "error": "Get \"http://local-tailscaled.sock/localapi/v0/cert/dorons-mac-mini.tail7c7620.ts.net?type=pair\": dial tcp [::1]:54567: connect: connection refused"}
2024/11/11 03:59:45.333	DEBUG	http.stdlib	http: TLS handshake error from 100.72.17.42:59148: external certificate manager indicated that it is unable to yield certificate: Get "http://local-tailscaled.sock/localapi/v0/cert/dorons-mac-mini.tail7c7620.ts.net?type=pair": dial tcp [::1]:54567: connect: connection refused
2024/11/11 03:59:45.406	DEBUG	events	event	{"name": "tls_get_certificate", "id": "0a0f878e-f8c0-4a61-9e25-ae517768e1ee", "origin": "tls", "data": {"client_hello":{"CipherSuites":[6682,4865,4866,4867,49196,49195,52393,49200,49199,52392,49162,49161,49172,49171,157,156,53,47,49160,49170,10],"ServerName":"dorons-mac-mini.tail7c7620.ts.net","SupportedCurves":[27242,29,23,24,25],"SupportedPoints":"AA==","SignatureSchemes":[1027,2052,1025,1283,2053,2053,1281,2054,1537,513],"SupportedProtos":["h2","http/1.1"],"SupportedVersions":[2570,772,771,770,769],"RemoteAddr":{"IP":"100.72.17.42","Port":59149,"Zone":""},"LocalAddr":{"IP":"100.78.23.84","Port":443,"Zone":""}}}}
2024/11/11 03:59:45.406	DEBUG	tls.handshake	no matching certificates and no custom selection logic	{"identifier": "dorons-mac-mini.tail7c7620.ts.net"}
2024/11/11 03:59:45.407	DEBUG	tls.handshake	no matching certificates and no custom selection logic	{"identifier": "*.tail7c7620.ts.net"}
2024/11/11 03:59:45.407	DEBUG	tls.handshake	no matching certificates and no custom selection logic	{"identifier": "*.*.ts.net"}
2024/11/11 03:59:45.407	DEBUG	tls.handshake	no matching certificates and no custom selection logic	{"identifier": "*.*.*.net"}
2024/11/11 03:59:45.407	DEBUG	tls.handshake	no matching certificates and no custom selection logic	{"identifier": "*.*.*.*"}
2024/11/11 03:59:45.432	WARN	http	could not get status; will try to get certificate anyway	{"error": "Get \"http://local-tailscaled.sock/localapi/v0/status\": dial tcp [::1]:54567: connect: connection refused"}
2024/11/11 03:59:45.441	ERROR	tls.handshake	external certificate manager	{"remote_ip": "100.72.17.42", "remote_port": "59149", "sni": "dorons-mac-mini.tail7c7620.ts.net", "cert_manager": "caddytls.Tailscale", "cert_manager_idx": 0, "error": "Get \"http://local-tailscaled.sock/localapi/v0/cert/dorons-mac-mini.tail7c7620.ts.net?type=pair\": dial tcp [::1]:54567: connect: connection refused"}
2024/11/11 03:59:45.441	DEBUG	http.stdlib	http: TLS handshake error from 100.72.17.42:59149: external certificate manager indicated that it is unable to yield certificate: Get "http://local-tailscaled.sock/localapi/v0/cert/dorons-mac-mini.tail7c7620.ts.net?type=pair": dial tcp [::1]:54567: connect: connection refused
2024/11/11 03:59:45.498	DEBUG	events	event	{"name": "tls_get_certificate", "id": "13aea0e9-e4f6-4a7e-bc7d-ca8fbc53812c", "origin": "tls", "data": {"client_hello":{"CipherSuites":[47802,4865,4866,4867,49196,49195,52393,49200,49199,52392,49162,49161,49172,49171,157,156,53,47,49160,49170,10],"ServerName":"dorons-mac-mini.tail7c7620.ts.net","SupportedCurves":[14906,29,23,24,25],"SupportedPoints":"AA==","SignatureSchemes":[1027,2052,1025,1283,2053,2053,1281,2054,1537,513],"SupportedProtos":["h2","http/1.1"],"SupportedVersions":[39578,772,771,770,769],"RemoteAddr":{"IP":"100.72.17.42","Port":59150,"Zone":""},"LocalAddr":{"IP":"100.78.23.84","Port":443,"Zone":""}}}}
2024/11/11 03:59:45.498	DEBUG	tls.handshake	no matching certificates and no custom selection logic	{"identifier": "dorons-mac-mini.tail7c7620.ts.net"}
2024/11/11 03:59:45.498	DEBUG	tls.handshake	no matching certificates and no custom selection logic	{"identifier": "*.tail7c7620.ts.net"}
2024/11/11 03:59:45.498	DEBUG	tls.handshake	no matching certificates and no custom selection logic	{"identifier": "*.*.ts.net"}
2024/11/11 03:59:45.498	DEBUG	tls.handshake	no matching certificates and no custom selection logic	{"identifier": "*.*.*.net"}
2024/11/11 03:59:45.498	DEBUG	tls.handshake	no matching certificates and no custom selection logic	{"identifier": "*.*.*.*"}
2024/11/11 03:59:45.519	WARN	http	could not get status; will try to get certificate anyway	{"error": "Get \"http://local-tailscaled.sock/localapi/v0/status\": dial tcp [::1]:54567: connect: connection refused"}
2024/11/11 03:59:45.528	ERROR	tls.handshake	external certificate manager	{"remote_ip": "100.72.17.42", "remote_port": "59150", "sni": "dorons-mac-mini.tail7c7620.ts.net", "cert_manager": "caddytls.Tailscale", "cert_manager_idx": 0, "error": "Get \"http://local-tailscaled.sock/localapi/v0/cert/dorons-mac-mini.tail7c7620.ts.net?type=pair\": dial tcp [::1]:54567: connect: connection refused"}
2024/11/11 03:59:45.528	DEBUG	http.stdlib	http: TLS handshake error from 100.72.17.42:59150: external certificate manager indicated that it is unable to yield certificate: Get "http://local-tailscaled.sock/localapi/v0/cert/dorons-mac-mini.tail7c7620.ts.net?type=pair": dial tcp [::1]:54567: connect: connection refused
2024/11/11 03:59:45.578	DEBUG	events	event	{"name": "tls_get_certificate", "id": "b14c8c03-7274-441a-9724-8591c024677e", "origin": "tls", "data": {"client_hello":{"CipherSuites":[51914,4865,4866,4867,49196,49195,52393,49200,49199,52392,49162,49161,49172,49171,157,156,53,47,49160,49170,10],"ServerName":"dorons-mac-mini.tail7c7620.ts.net","SupportedCurves":[19018,29,23,24,25],"SupportedPoints":"AA==","SignatureSchemes":[1027,2052,1025,1283,2053,2053,1281,2054,1537,513],"SupportedProtos":["h2","http/1.1"],"SupportedVersions":[14906,772,771,770,769],"RemoteAddr":{"IP":"100.72.17.42","Port":59151,"Zone":""},"LocalAddr":{"IP":"100.78.23.84","Port":443,"Zone":""}}}}
2024/11/11 03:59:45.578	DEBUG	tls.handshake	no matching certificates and no custom selection logic	{"identifier": "dorons-mac-mini.tail7c7620.ts.net"}
2024/11/11 03:59:45.578	DEBUG	tls.handshake	no matching certificates and no custom selection logic	{"identifier": "*.tail7c7620.ts.net"}
2024/11/11 03:59:45.578	DEBUG	tls.handshake	no matching certificates and no custom selection logic	{"identifier": "*.*.ts.net"}
2024/11/11 03:59:45.578	DEBUG	tls.handshake	no matching certificates and no custom selection logic	{"identifier": "*.*.*.net"}
2024/11/11 03:59:45.578	DEBUG	tls.handshake	no matching certificates and no custom selection logic	{"identifier": "*.*.*.*"}
2024/11/11 03:59:45.588	WARN	http	could not get status; will try to get certificate anyway	{"error": "Get \"http://local-tailscaled.sock/localapi/v0/status\": dial tcp [::1]:54567: connect: connection refused"}
2024/11/11 03:59:45.595	ERROR	tls.handshake	external certificate manager	{"remote_ip": "100.72.17.42", "remote_port": "59151", "sni": "dorons-mac-mini.tail7c7620.ts.net", "cert_manager": "caddytls.Tailscale", "cert_manager_idx": 0, "error": "Get \"http://local-tailscaled.sock/localapi/v0/cert/dorons-mac-mini.tail7c7620.ts.net?type=pair\": dial tcp [::1]:54567: connect: connection refused"}
2024/11/11 03:59:45.595	DEBUG	http.stdlib	http: TLS handshake error from 100.72.17.42:59151: external certificate manager indicated that it is unable to yield certificate: Get "http://local-tailscaled.sock/localapi/v0/cert/dorons-mac-mini.tail7c7620.ts.net?type=pair": dial tcp [::1]:54567: connect: connection refused
2024/11/11 03:59:45.656	DEBUG	events	event	{"name": "tls_get_certificate", "id": "015d9ecb-258a-4336-be08-bb12bebff61f", "origin": "tls", "data": {"client_hello":{"CipherSuites":[10794,4865,4866,4867,49196,49195,52393,49200,49199,52392,49162,49161,49172,49171,157,156,53,47,49160,49170,10],"ServerName":"dorons-mac-mini.tail7c7620.ts.net","SupportedCurves":[35466,29,23,24,25],"SupportedPoints":"AA==","SignatureSchemes":[1027,2052,1025,1283,2053,2053,1281,2054,1537,513],"SupportedProtos":["h2","http/1.1"],"SupportedVersions":[56026,772,771,770,769],"RemoteAddr":{"IP":"100.72.17.42","Port":59152,"Zone":""},"LocalAddr":{"IP":"100.78.23.84","Port":443,"Zone":""}}}}
2024/11/11 03:59:45.656	DEBUG	tls.handshake	no matching certificates and no custom selection logic	{"identifier": "dorons-mac-mini.tail7c7620.ts.net"}
2024/11/11 03:59:45.656	DEBUG	tls.handshake	no matching certificates and no custom selection logic	{"identifier": "*.tail7c7620.ts.net"}
2024/11/11 03:59:45.656	DEBUG	tls.handshake	no matching certificates and no custom selection logic	{"identifier": "*.*.ts.net"}
2024/11/11 03:59:45.656	DEBUG	tls.handshake	no matching certificates and no custom selection logic	{"identifier": "*.*.*.net"}
2024/11/11 03:59:45.656	DEBUG	tls.handshake	no matching certificates and no custom selection logic	{"identifier": "*.*.*.*"}
2024/11/11 03:59:45.666	WARN	http	could not get status; will try to get certificate anyway	{"error": "Get \"http://local-tailscaled.sock/localapi/v0/status\": dial tcp [::1]:54567: connect: connection refused"}
2024/11/11 03:59:45.674	ERROR	tls.handshake	external certificate manager	{"remote_ip": "100.72.17.42", "remote_port": "59152", "sni": "dorons-mac-mini.tail7c7620.ts.net", "cert_manager": "caddytls.Tailscale", "cert_manager_idx": 0, "error": "Get \"http://local-tailscaled.sock/localapi/v0/cert/dorons-mac-mini.tail7c7620.ts.net?type=pair\": dial tcp [::1]:54567: connect: connection refused"}
2024/11/11 03:59:45.674	DEBUG	http.stdlib	http: TLS handshake error from 100.72.17.42:59152: external certificate manager indicated that it is unable to yield certificate: Get "http://local-tailscaled.sock/localapi/v0/cert/dorons-mac-mini.tail7c7620.ts.net?type=pair": dial tcp [::1]:54567: connect: connection refused
2024/11/11 03:59:45.722	DEBUG	events	event	{"name": "tls_get_certificate", "id": "d92883f7-ef8b-4bad-96d0-27b1da758c0e", "origin": "tls", "data": {"client_hello":{"CipherSuites":[10794,4865,4866,4867,49196,49195,52393,49200,49199,52392,49162,49161,49172,49171,157,156,53,47,49160,49170,10],"ServerName":"dorons-mac-mini.tail7c7620.ts.net","SupportedCurves":[51914,29,23,24,25],"SupportedPoints":"AA==","SignatureSchemes":[1027,2052,1025,1283,2053,2053,1281,2054,1537,513],"SupportedProtos":["h2","http/1.1"],"SupportedVersions":[23130,772,771,770,769],"RemoteAddr":{"IP":"100.72.17.42","Port":59154,"Zone":""},"LocalAddr":{"IP":"100.78.23.84","Port":443,"Zone":""}}}}
2024/11/11 03:59:45.722	DEBUG	tls.handshake	no matching certificates and no custom selection logic	{"identifier": "dorons-mac-mini.tail7c7620.ts.net"}
2024/11/11 03:59:45.722	DEBUG	tls.handshake	no matching certificates and no custom selection logic	{"identifier": "*.tail7c7620.ts.net"}
2024/11/11 03:59:45.722	DEBUG	tls.handshake	no matching certificates and no custom selection logic	{"identifier": "*.*.ts.net"}
2024/11/11 03:59:45.722	DEBUG	tls.handshake	no matching certificates and no custom selection logic	{"identifier": "*.*.*.net"}
2024/11/11 03:59:45.722	DEBUG	tls.handshake	no matching certificates and no custom selection logic	{"identifier": "*.*.*.*"}
2024/11/11 03:59:45.736	WARN	http	could not get status; will try to get certificate anyway	{"error": "Get \"http://local-tailscaled.sock/localapi/v0/status\": dial tcp [::1]:54567: connect: connection refused"}
2024/11/11 03:59:45.744	ERROR	tls.handshake	external certificate manager	{"remote_ip": "100.72.17.42", "remote_port": "59154", "sni": "dorons-mac-mini.tail7c7620.ts.net", "cert_manager": "caddytls.Tailscale", "cert_manager_idx": 0, "error": "Get \"http://local-tailscaled.sock/localapi/v0/cert/dorons-mac-mini.tail7c7620.ts.net?type=pair\": dial tcp [::1]:54567: connect: connection refused"}
2024/11/11 03:59:45.744	DEBUG	http.stdlib	http: TLS handshake error from 100.72.17.42:59154: external certificate manager indicated that it is unable to yield certificate: Get "http://local-tailscaled.sock/localapi/v0/cert/dorons-mac-mini.tail7c7620.ts.net?type=pair": dial tcp [::1]:54567: connect: connection refused
2024/11/11 03:59:47.120	DEBUG	events	event	{"name": "tls_get_certificate", "id": "5d01cd76-30b7-4b26-ba56-e89a03b92b18", "origin": "tls", "data": {"client_hello":{"CipherSuites":[35466,4865,4866,4867,49196,49195,52393,49200,49199,52392,49162,49161,49172,49171,157,156,53,47,49160,49170,10],"ServerName":"dorons-mac-mini.tail7c7620.ts.net","SupportedCurves":[19018,29,23,24,25],"SupportedPoints":"AA==","SignatureSchemes":[1027,2052,1025,1283,2053,2053,1281,2054,1537,513],"SupportedProtos":["h2","http/1.1"],"SupportedVersions":[27242,772,771,770,769],"RemoteAddr":{"IP":"100.72.17.42","Port":59166,"Zone":""},"LocalAddr":{"IP":"100.78.23.84","Port":443,"Zone":""}}}}
2024/11/11 03:59:47.120	DEBUG	tls.handshake	no matching certificates and no custom selection logic	{"identifier": "dorons-mac-mini.tail7c7620.ts.net"}
2024/11/11 03:59:47.120	DEBUG	tls.handshake	no matching certificates and no custom selection logic	{"identifier": "*.tail7c7620.ts.net"}
2024/11/11 03:59:47.120	DEBUG	tls.handshake	no matching certificates and no custom selection logic	{"identifier": "*.*.ts.net"}
2024/11/11 03:59:47.120	DEBUG	tls.handshake	no matching certificates and no custom selection logic	{"identifier": "*.*.*.net"}
2024/11/11 03:59:47.120	DEBUG	tls.handshake	no matching certificates and no custom selection logic	{"identifier": "*.*.*.*"}
2024/11/11 03:59:47.143	WARN	http	could not get status; will try to get certificate anyway	{"error": "Get \"http://local-tailscaled.sock/localapi/v0/status\": dial tcp [::1]:54567: connect: connection refused"}
2024/11/11 03:59:47.155	ERROR	tls.handshake	external certificate manager	{"remote_ip": "100.72.17.42", "remote_port": "59166", "sni": "dorons-mac-mini.tail7c7620.ts.net", "cert_manager": "caddytls.Tailscale", "cert_manager_idx": 0, "error": "Get \"http://local-tailscaled.sock/localapi/v0/cert/dorons-mac-mini.tail7c7620.ts.net?type=pair\": dial tcp [::1]:54567: connect: connection refused"}
2024/11/11 03:59:47.155	DEBUG	http.stdlib	http: TLS handshake error from 100.72.17.42:59166: external certificate manager indicated that it is unable to yield certificate: Get "http://local-tailscaled.sock/localapi/v0/cert/dorons-mac-mini.tail7c7620.ts.net?type=pair": dial tcp [::1]:54567: connect: connection refused
2024/11/11 03:59:47.218	DEBUG	events	event	{"name": "tls_get_certificate", "id": "8dda065d-e501-4600-acba-daacf3a5b106", "origin": "tls", "data": {"client_hello":{"CipherSuites":[64250,4865,4866,4867,49196,49195,52393,49200,49199,52392,49162,49161,49172,49171,157,156,53,47,49160,49170,10],"ServerName":"dorons-mac-mini.tail7c7620.ts.net","SupportedCurves":[14906,29,23,24,25],"SupportedPoints":"AA==","SignatureSchemes":[1027,2052,1025,1283,2053,2053,1281,2054,1537,513],"SupportedProtos":["h2","http/1.1"],"SupportedVersions":[39578,772,771,770,769],"RemoteAddr":{"IP":"100.72.17.42","Port":59167,"Zone":""},"LocalAddr":{"IP":"100.78.23.84","Port":443,"Zone":""}}}}
2024/11/11 03:59:47.218	DEBUG	tls.handshake	no matching certificates and no custom selection logic	{"identifier": "dorons-mac-mini.tail7c7620.ts.net"}
2024/11/11 03:59:47.218	DEBUG	tls.handshake	no matching certificates and no custom selection logic	{"identifier": "*.tail7c7620.ts.net"}
2024/11/11 03:59:47.218	DEBUG	tls.handshake	no matching certificates and no custom selection logic	{"identifier": "*.*.ts.net"}
2024/11/11 03:59:47.218	DEBUG	tls.handshake	no matching certificates and no custom selection logic	{"identifier": "*.*.*.net"}
2024/11/11 03:59:47.218	DEBUG	tls.handshake	no matching certificates and no custom selection logic	{"identifier": "*.*.*.*"}
2024/11/11 03:59:47.227	WARN	http	could not get status; will try to get certificate anyway	{"error": "Get \"http://local-tailscaled.sock/localapi/v0/status\": dial tcp [::1]:54567: connect: connection refused"}
2024/11/11 03:59:47.235	ERROR	tls.handshake	external certificate manager	{"remote_ip": "100.72.17.42", "remote_port": "59167", "sni": "dorons-mac-mini.tail7c7620.ts.net", "cert_manager": "caddytls.Tailscale", "cert_manager_idx": 0, "error": "Get \"http://local-tailscaled.sock/localapi/v0/cert/dorons-mac-mini.tail7c7620.ts.net?type=pair\": dial tcp [::1]:54567: connect: connection refused"}
2024/11/11 03:59:47.235	DEBUG	http.stdlib	http: TLS handshake error from 100.72.17.42:59167: external certificate manager indicated that it is unable to yield certificate: Get "http://local-tailscaled.sock/localapi/v0/cert/dorons-mac-mini.tail7c7620.ts.net?type=pair": dial tcp [::1]:54567: connect: connection refused
2024/11/11 03:59:47.287	DEBUG	events	event	{"name": "tls_get_certificate", "id": "fb1b0979-8576-4470-b357-f9a9feb678fe", "origin": "tls", "data": {"client_hello":{"CipherSuites":[47802,4865,4866,4867,49196,49195,52393,49200,49199,52392,49162,49161,49172,49171,157,156,53,47,49160,49170,10],"ServerName":"dorons-mac-mini.tail7c7620.ts.net","SupportedCurves":[6682,29,23,24,25],"SupportedPoints":"AA==","SignatureSchemes":[1027,2052,1025,1283,2053,2053,1281,2054,1537,513],"SupportedProtos":["h2","http/1.1"],"SupportedVersions":[6682,772,771,770,769],"RemoteAddr":{"IP":"100.72.17.42","Port":59168,"Zone":""},"LocalAddr":{"IP":"100.78.23.84","Port":443,"Zone":""}}}}
2024/11/11 03:59:47.287	DEBUG	tls.handshake	no matching certificates and no custom selection logic	{"identifier": "dorons-mac-mini.tail7c7620.ts.net"}
2024/11/11 03:59:47.287	DEBUG	tls.handshake	no matching certificates and no custom selection logic	{"identifier": "*.tail7c7620.ts.net"}
2024/11/11 03:59:47.287	DEBUG	tls.handshake	no matching certificates and no custom selection logic	{"identifier": "*.*.ts.net"}
2024/11/11 03:59:47.287	DEBUG	tls.handshake	no matching certificates and no custom selection logic	{"identifier": "*.*.*.net"}
2024/11/11 03:59:47.287	DEBUG	tls.handshake	no matching certificates and no custom selection logic	{"identifier": "*.*.*.*"}
2024/11/11 03:59:47.298	WARN	http	could not get status; will try to get certificate anyway	{"error": "Get \"http://local-tailscaled.sock/localapi/v0/status\": dial tcp [::1]:54567: connect: connection refused"}
2024/11/11 03:59:47.309	ERROR	tls.handshake	external certificate manager	{"remote_ip": "100.72.17.42", "remote_port": "59168", "sni": "dorons-mac-mini.tail7c7620.ts.net", "cert_manager": "caddytls.Tailscale", "cert_manager_idx": 0, "error": "Get \"http://local-tailscaled.sock/localapi/v0/cert/dorons-mac-mini.tail7c7620.ts.net?type=pair\": dial tcp [::1]:54567: connect: connection refused"}
2024/11/11 03:59:47.309	DEBUG	http.stdlib	http: TLS handshake error from 100.72.17.42:59168: external certificate manager indicated that it is unable to yield certificate: Get "http://local-tailscaled.sock/localapi/v0/cert/dorons-mac-mini.tail7c7620.ts.net?type=pair": dial tcp [::1]:54567: connect: connection refused
2024/11/11 03:59:47.351	DEBUG	events	event	{"name": "tls_get_certificate", "id": "abd778af-0e87-4f39-ad1f-1467b3e72409", "origin": "tls", "data": {"client_hello":{"CipherSuites":[2570,4865,4866,4867,49196,49195,52393,49200,49199,52392,49162,49161,49172,49171,157,156,53,47,49160,49170,10],"ServerName":"dorons-mac-mini.tail7c7620.ts.net","SupportedCurves":[27242,29,23,24,25],"SupportedPoints":"AA==","SignatureSchemes":[1027,2052,1025,1283,2053,2053,1281,2054,1537,513],"SupportedProtos":["h2","http/1.1"],"SupportedVersions":[39578,772,771,770,769],"RemoteAddr":{"IP":"100.72.17.42","Port":59169,"Zone":""},"LocalAddr":{"IP":"100.78.23.84","Port":443,"Zone":""}}}}
2024/11/11 03:59:47.351	DEBUG	tls.handshake	no matching certificates and no custom selection logic	{"identifier": "dorons-mac-mini.tail7c7620.ts.net"}
2024/11/11 03:59:47.351	DEBUG	tls.handshake	no matching certificates and no custom selection logic	{"identifier": "*.tail7c7620.ts.net"}
2024/11/11 03:59:47.351	DEBUG	tls.handshake	no matching certificates and no custom selection logic	{"identifier": "*.*.ts.net"}
2024/11/11 03:59:47.351	DEBUG	tls.handshake	no matching certificates and no custom selection logic	{"identifier": "*.*.*.net"}
2024/11/11 03:59:47.351	DEBUG	tls.handshake	no matching certificates and no custom selection logic	{"identifier": "*.*.*.*"}
2024/11/11 03:59:47.362	WARN	http	could not get status; will try to get certificate anyway	{"error": "Get \"http://local-tailscaled.sock/localapi/v0/status\": dial tcp [::1]:54567: connect: connection refused"}
2024/11/11 03:59:47.371	ERROR	tls.handshake	external certificate manager	{"remote_ip": "100.72.17.42", "remote_port": "59169", "sni": "dorons-mac-mini.tail7c7620.ts.net", "cert_manager": "caddytls.Tailscale", "cert_manager_idx": 0, "error": "Get \"http://local-tailscaled.sock/localapi/v0/cert/dorons-mac-mini.tail7c7620.ts.net?type=pair\": dial tcp [::1]:54567: connect: connection refused"}
2024/11/11 03:59:47.371	DEBUG	http.stdlib	http: TLS handshake error from 100.72.17.42:59169: external certificate manager indicated that it is unable to yield certificate: Get "http://local-tailscaled.sock/localapi/v0/cert/dorons-mac-mini.tail7c7620.ts.net?type=pair": dial tcp [::1]:54567: connect: connection refused
2024/11/11 03:59:47.506	DEBUG	events	event	{"name": "tls_get_certificate", "id": "b0b5ec1e-1844-4908-9c4b-dc07a8938fa2", "origin": "tls", "data": {"client_hello":{"CipherSuites":[47802,4865,4866,4867,49196,49195,52393,49200,49199,52392,49162,49161,49172,49171,157,156,53,47,49160,49170,10],"ServerName":"dorons-mac-mini.tail7c7620.ts.net","SupportedCurves":[19018,29,23,24,25],"SupportedPoints":"AA==","SignatureSchemes":[1027,2052,1025,1283,2053,2053,1281,2054,1537,513],"SupportedProtos":["h2","http/1.1"],"SupportedVersions":[14906,772,771,770,769],"RemoteAddr":{"IP":"100.72.17.42","Port":59170,"Zone":""},"LocalAddr":{"IP":"100.78.23.84","Port":443,"Zone":""}}}}
2024/11/11 03:59:47.506	DEBUG	tls.handshake	no matching certificates and no custom selection logic	{"identifier": "dorons-mac-mini.tail7c7620.ts.net"}
2024/11/11 03:59:47.506	DEBUG	tls.handshake	no matching certificates and no custom selection logic	{"identifier": "*.tail7c7620.ts.net"}
2024/11/11 03:59:47.506	DEBUG	tls.handshake	no matching certificates and no custom selection logic	{"identifier": "*.*.ts.net"}
2024/11/11 03:59:47.506	DEBUG	tls.handshake	no matching certificates and no custom selection logic	{"identifier": "*.*.*.net"}
2024/11/11 03:59:47.506	DEBUG	tls.handshake	no matching certificates and no custom selection logic	{"identifier": "*.*.*.*"}
2024/11/11 03:59:47.523	WARN	http	could not get status; will try to get certificate anyway	{"error": "Get \"http://local-tailscaled.sock/localapi/v0/status\": dial tcp [::1]:54567: connect: connection refused"}
2024/11/11 03:59:47.544	ERROR	tls.handshake	external certificate manager	{"remote_ip": "100.72.17.42", "remote_port": "59170", "sni": "dorons-mac-mini.tail7c7620.ts.net", "cert_manager": "caddytls.Tailscale", "cert_manager_idx": 0, "error": "Get \"http://local-tailscaled.sock/localapi/v0/cert/dorons-mac-mini.tail7c7620.ts.net?type=pair\": dial tcp [::1]:54567: connect: connection refused"}
2024/11/11 03:59:47.544	DEBUG	http.stdlib	http: TLS handshake error from 100.72.17.42:59170: external certificate manager indicated that it is unable to yield certificate: Get "http://local-tailscaled.sock/localapi/v0/cert/dorons-mac-mini.tail7c7620.ts.net?type=pair": dial tcp [::1]:54567: connect: connection refused
2024/11/11 03:59:47.646	DEBUG	events	event	{"name": "tls_get_certificate", "id": "6cc40f06-42f8-40e6-bbca-ba89cb5a0a44", "origin": "tls", "data": {"client_hello":{"CipherSuites":[47802,4865,4866,4867,49196,49195,52393,49200,49199,52392,49162,49161,49172,49171,157,156,53,47,49160,49170,10],"ServerName":"dorons-mac-mini.tail7c7620.ts.net","SupportedCurves":[39578,29,23,24,25],"SupportedPoints":"AA==","SignatureSchemes":[1027,2052,1025,1283,2053,2053,1281,2054,1537,513],"SupportedProtos":["h2","http/1.1"],"SupportedVersions":[10794,772,771,770,769],"RemoteAddr":{"IP":"100.72.17.42","Port":59171,"Zone":""},"LocalAddr":{"IP":"100.78.23.84","Port":443,"Zone":""}}}}
2024/11/11 03:59:47.646	DEBUG	tls.handshake	no matching certificates and no custom selection logic	{"identifier": "dorons-mac-mini.tail7c7620.ts.net"}
2024/11/11 03:59:47.646	DEBUG	tls.handshake	no matching certificates and no custom selection logic	{"identifier": "*.tail7c7620.ts.net"}
2024/11/11 03:59:47.646	DEBUG	tls.handshake	no matching certificates and no custom selection logic	{"identifier": "*.*.ts.net"}
2024/11/11 03:59:47.646	DEBUG	tls.handshake	no matching certificates and no custom selection logic	{"identifier": "*.*.*.net"}
2024/11/11 03:59:47.646	DEBUG	tls.handshake	no matching certificates and no custom selection logic	{"identifier": "*.*.*.*"}
2024/11/11 03:59:47.670	WARN	http	could not get status; will try to get certificate anyway	{"error": "Get \"http://local-tailscaled.sock/localapi/v0/status\": dial tcp [::1]:54567: connect: connection refused"}
2024/11/11 03:59:47.684	ERROR	tls.handshake	external certificate manager	{"remote_ip": "100.72.17.42", "remote_port": "59171", "sni": "dorons-mac-mini.tail7c7620.ts.net", "cert_manager": "caddytls.Tailscale", "cert_manager_idx": 0, "error": "Get \"http://local-tailscaled.sock/localapi/v0/cert/dorons-mac-mini.tail7c7620.ts.net?type=pair\": dial tcp [::1]:54567: connect: connection refused"}
2024/11/11 03:59:47.684	DEBUG	http.stdlib	http: TLS handshake error from 100.72.17.42:59171: external certificate manager indicated that it is unable to yield certificate: Get "http://local-tailscaled.sock/localapi/v0/cert/dorons-mac-mini.tail7c7620.ts.net?type=pair": dial tcp [::1]:54567: connect: connection refused
2024/11/11 03:59:47.820	DEBUG	events	event	{"name": "tls_get_certificate", "id": "b3f79e42-53c9-43c9-b724-bba0973f8fe3", "origin": "tls", "data": {"client_hello":{"CipherSuites":[60138,4865,4866,4867,49196,49195,52393,49200,49199,52392,49162,49161,49172,49171,157,156,53,47,49160,49170,10],"ServerName":"dorons-mac-mini.tail7c7620.ts.net","SupportedCurves":[39578,29,23,24,25],"SupportedPoints":"AA==","SignatureSchemes":[1027,2052,1025,1283,2053,2053,1281,2054,1537,513],"SupportedProtos":["h2","http/1.1"],"SupportedVersions":[23130,772,771,770,769],"RemoteAddr":{"IP":"100.72.17.42","Port":59172,"Zone":""},"LocalAddr":{"IP":"100.78.23.84","Port":443,"Zone":""}}}}
2024/11/11 03:59:47.820	DEBUG	tls.handshake	no matching certificates and no custom selection logic	{"identifier": "dorons-mac-mini.tail7c7620.ts.net"}
2024/11/11 03:59:47.820	DEBUG	tls.handshake	no matching certificates and no custom selection logic	{"identifier": "*.tail7c7620.ts.net"}
2024/11/11 03:59:47.820	DEBUG	tls.handshake	no matching certificates and no custom selection logic	{"identifier": "*.*.ts.net"}
2024/11/11 03:59:47.820	DEBUG	tls.handshake	no matching certificates and no custom selection logic	{"identifier": "*.*.*.net"}
2024/11/11 03:59:47.820	DEBUG	tls.handshake	no matching certificates and no custom selection logic	{"identifier": "*.*.*.*"}
2024/11/11 03:59:47.844	WARN	http	could not get status; will try to get certificate anyway	{"error": "Get \"http://local-tailscaled.sock/localapi/v0/status\": dial tcp [::1]:54567: connect: connection refused"}
2024/11/11 03:59:47.868	ERROR	tls.handshake	external certificate manager	{"remote_ip": "100.72.17.42", "remote_port": "59172", "sni": "dorons-mac-mini.tail7c7620.ts.net", "cert_manager": "caddytls.Tailscale", "cert_manager_idx": 0, "error": "Get \"http://local-tailscaled.sock/localapi/v0/cert/dorons-mac-mini.tail7c7620.ts.net?type=pair\": dial tcp [::1]:54567: connect: connection refused"}
2024/11/11 03:59:47.868	DEBUG	http.stdlib	http: TLS handshake error from 100.72.17.42:59172: external certificate manager indicated that it is unable to yield certificate: Get "http://local-tailscaled.sock/localapi/v0/cert/dorons-mac-mini.tail7c7620.ts.net?type=pair": dial tcp [::1]:54567: connect: connection refused
2024/11/11 03:59:47.958	DEBUG	events	event	{"name": "tls_get_certificate", "id": "5b24dc5e-e7ec-4d9c-8f30-31df6dee3b39", "origin": "tls", "data": {"client_hello":{"CipherSuites":[43690,4865,4866,4867,49196,49195,52393,49200,49199,52392,49162,49161,49172,49171,157,156,53,47,49160,49170,10],"ServerName":"dorons-mac-mini.tail7c7620.ts.net","SupportedCurves":[43690,29,23,24,25],"SupportedPoints":"AA==","SignatureSchemes":[1027,2052,1025,1283,2053,2053,1281,2054,1537,513],"SupportedProtos":["h2","http/1.1"],"SupportedVersions":[27242,772,771,770,769],"RemoteAddr":{"IP":"100.72.17.42","Port":59173,"Zone":""},"LocalAddr":{"IP":"100.78.23.84","Port":443,"Zone":""}}}}
2024/11/11 03:59:47.958	DEBUG	tls.handshake	no matching certificates and no custom selection logic	{"identifier": "dorons-mac-mini.tail7c7620.ts.net"}
2024/11/11 03:59:47.958	DEBUG	tls.handshake	no matching certificates and no custom selection logic	{"identifier": "*.tail7c7620.ts.net"}
2024/11/11 03:59:47.958	DEBUG	tls.handshake	no matching certificates and no custom selection logic	{"identifier": "*.*.ts.net"}
2024/11/11 03:59:47.958	DEBUG	tls.handshake	no matching certificates and no custom selection logic	{"identifier": "*.*.*.net"}
2024/11/11 03:59:47.958	DEBUG	tls.handshake	no matching certificates and no custom selection logic	{"identifier": "*.*.*.*"}
2024/11/11 03:59:47.983	WARN	http	could not get status; will try to get certificate anyway	{"error": "Get \"http://local-tailscaled.sock/localapi/v0/status\": dial tcp [::1]:54567: connect: connection refused"}
2024/11/11 03:59:47.996	ERROR	tls.handshake	external certificate manager	{"remote_ip": "100.72.17.42", "remote_port": "59173", "sni": "dorons-mac-mini.tail7c7620.ts.net", "cert_manager": "caddytls.Tailscale", "cert_manager_idx": 0, "error": "Get \"http://local-tailscaled.sock/localapi/v0/cert/dorons-mac-mini.tail7c7620.ts.net?type=pair\": dial tcp [::1]:54567: connect: connection refused"}
2024/11/11 03:59:47.996	DEBUG	http.stdlib	http: TLS handshake error from 100.72.17.42:59173: external certificate manager indicated that it is unable to yield certificate: Get "http://local-tailscaled.sock/localapi/v0/cert/dorons-mac-mini.tail7c7620.ts.net?type=pair": dial tcp [::1]:54567: connect: connection refused
5

That’s a weird one.

You don’t have HTTPS disabled in your tailnet settings?

I have Caddy version: v2.8.4 h1:q3pe0wpBj1OcHFZ3n/1nl4V4bxBrYoSoab7rL9BMYNk=

My tailnet pulls a certificate just fine on MacOS with Tailscale installed and logged in.

1 Like
6

Right no I ensured Tailscale has it enabled.

7

This looks like Caddy can’t connect to tailscaled’s socket. You should ask the Tailscale community what you might have wrong in your system setup.

1 Like
8

Thanks Ill give it a shot. Will ask on Reddit as they dont have as vibrant a forum as here :slight_smile:

9

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.