Firstly, please forgive my English, and also my n00bish in system admin area 
1. Caddy version:
v2.6.2 h1:wKoFIxpmOJLGl3QXoo6PNbYvGW4xLEgo32GPBEjWL8o=
2. How I installed, and run Caddy:
I followed this tutorial on DigitalOcean
https://www.digitalocean.com/community/tutorials/how-to-host-a-website-with-caddy-on-ubuntu-22-04
But somehow I cannot get the caddy user/user group to work. I managed to run caddy with user + user group www-data instead.
a. System environment:
Ubuntu 20.04.4 LTS no Docker
Apache2 and Nginx is installed before but already turned off
b. Command:
service caddy start
c. Service/unit/compose file:
I am not using Docker
d. My complete Caddy config:
{
debug
}
:80 {
root * /var/www/default
php_fastcgi unix//run/php/php8.1-fpm.sock
encode zstd gzip
file_server {
index index.php index.html
}
# tls {
# dns digitalocean {env.DO_AUTH_TOKEN}
# }
log {
output file /var/log/caddy/any-other.access.log {
roll_size 1gb
roll_keep 5
roll_keep_for 720h
}
}
}
:443 {
root * /var/www/default
php_fastcgi unix//run/php/php8.1-fpm.sock
encode zstd gzip
file_server {
index index.php index.html
}
# tls {
# dns digitalocean {env.DO_AUTH_TOKEN}
# }
log {
output file /var/log/caddy/any-other.access.log {
roll_size 1gb
roll_keep 5
roll_keep_for 720h
}
}
}
auto.example.com {
root * /var/www/app.example.com/html/public
php_fastcgi unix//run/php/php8.1-fpm.sock
encode zstd gzip
file_server {
index index.php
}
tls {
dns digitalocean {env.DO_AUTH_TOKEN}
}
log {
output file /var/log/caddy/auto.example.com.access.log {
roll_size 1gb
roll_keep 5
roll_keep_for 720h
}
}
}
I also tried changing :80 to http://
:443 to https://
did not work as well
3. The problem I’m having:
Please allow me to explain briefly what I am trying to achieve.
I am currently developing a web app that anyone can come to my app and create a single-page website using my web builder at app.example.com
I will allow any domains of users to connect to my app in order to display the single-page website they have made to their users.
So I decided to go with Caddy to solve the SSL/TLS problem.
In this scenario, the app.example.com is my app, and the domain customersite.in.th is the domain that is “connecting” to my app in order to use the single-page website that they created.
Now, accessing customersite.in.th returning error message in the Chrome browser:
This site can’t provide a secure connection
customersite.in.th sent an invalid response.
ERR_SSL_PROTOCOL_ERROR
I also got this error message in Caddy log:
no certificate available for 'customersite.in.th'
However, the app.example.com is working fine. According to the config above, I am using DigitalOcean token to let it manage TXT record for verification something. I am not sure if this was what make it work.
4. Error messages and/or full log output:
Feb 01 07:44:57 ExampleCom-Caddy caddy[18817]: {"level":"debug","ts":1675237497.2942142,"logger":"tls.handshake","msg":"all external certif
icate managers yielded no certificates and no errors","remote_ip":"49.228.166.58","remote_port":"52009","sni":"customersite.in.th"}
Feb 01 07:44:57 ExampleCom-Caddy caddy[18817]: {"level":"debug","ts":1675237497.2942288,"logger":"tls.handshake","msg":"no certificate matching TLS ClientHello","remote_ip":"49.228.166.58","remote_port":"52009","server_name":"customersite.in.th","remote":"49.228.166.58:52009","identifier":"customersite.in.th","cipher_suites":[35466,4865,4866,4867,49195,49199,49196,49200,52393,52392,49171,49172,156,157,47,53],"cert_cache_fill":0.0001,"load_if_necessary":true,"obtain_if_necessary":true,"on_demand":false}
Feb 01 07:44:57 ExampleCom-Caddy caddy[18817]: {"level":"debug","ts":1675237497.2942762,"logger":"http.stdlib","msg":"http: TLS handshake error from 49.228.166.58:52009: no certificate available for 'customersite.in.th'"}
Feb 01 07:52:56 ExampleCom-Caddy caddy[18817]: {"level":"debug","ts":1675237976.8882215,"logger":"http.handlers.file_server","msg":"sanitized path join","site_root":"/var/www/default","request_path":"/","result":"/var/www/default"}
Feb 01 07:52:56 ExampleCom-Caddy caddy[18817]: {"level":"debug","ts":1675237976.8882768,"logger":"http.handlers.file_server","msg":"located index file","filename":"/var/www/default/index.html"}
Feb 01 07:52:56 ExampleCom-Caddy caddy[18817]: {"level":"debug","ts":1675237976.8882844,"logger":"http.handlers.file_server","msg":"opening file","filename":"/var/www/default/index.html"}
Feb 01 07:52:57 ExampleCom-Caddy caddy[18817]: {"level":"debug","ts":1675237977.063023,"logger":"http.handlers.file_server","msg":"sanitized path join","site_root":"/var/www/default","request_path":"/","result":"/var/www/default"}
Feb 01 07:52:57 ExampleCom-Caddy caddy[18817]: {"level":"debug","ts":1675237977.0630667,"logger":"http.handlers.file_server","msg":"located index file","filename":"/var/www/default/index.html"}
Feb 01 07:52:57 ExampleCom-Caddy caddy[18817]: {"level":"debug","ts":1675237977.063089,"logger":"http.handlers.file_server","msg":"opening file","filename":"/var/www/default/index.html"}
Feb 01 07:52:57 ExampleCom-Caddy caddy[18817]: {"level":"debug","ts":1675237977.1340008,"logger":"http.handlers.file_server","msg":"sanitized path join","site_root":"/var/www/default","request_path":"/favicon.ico","result":"/var/www/default/favicon.ico"}
Feb 01 07:52:57 ExampleCom-Caddy caddy[18817]: {"level":"debug","ts":1675237977.1341283,"logger":"http.log.error.log0","msg":"{id=6bqa3a6sq} fileserver.(*FileServer).notFound (staticfiles.go:579): HTTP 404","request":{"remote_ip":"45.9.110.186","remote_port":"50129","proto":"HTTP/1.1","method":"GET","host":"167.71.196.44:80","uri":"/favicon.ico","headers":{"User-Agent":["Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.132 Safari/537.36 QIHU 360SE"],"Accept":["*/*"],"Accept-Encoding":["gzip"],"Connection":["close"]}},"duration":0.000211954,"status":404,"err_id":"6bqa3a6sq","err_trace":"fileserver.(*FileServer).notFound (staticfiles.go:579)"}
Feb 01 07:52:57 ExampleCom-Caddy caddy[18817]: {"level":"debug","ts":1675237977.2066443,"logger":"http.handlers.file_server","msg":"sanitiz
ed path join","site_root":"/var/www/default","request_path":"/robots.txt","result":"/var/www/default/robots.txt"}
Feb 01 07:52:57 ExampleCom-Caddy caddy[18817]: {"level":"debug","ts":1675237977.2071543,"logger":"http.log.error.log0","msg":"{id=q048va5st
} fileserver.(*FileServer).notFound (staticfiles.go:579): HTTP 404","request":{"remote_ip":"45.9.110.186","remote_port":"50197","proto":"HT
TP/1.1","method":"GET","host":"167.71.196.44:80","uri":"/robots.txt","headers":{"Accept-Encoding":["gzip"],"Connection":["close"],"User-Age
nt":["Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.132 Safari/537.36 QIHU 360SE"],"Accept":[
"*/*"]}},"duration":0.000585581,"status":404,"err_id":"q048va5st","err_trace":"fileserver.(*FileServer).notFound (staticfiles.go:579)"}
5. What I already tried:
From my understandings, I suppose that I do not have to config tls directive in the Caddyfile at all for automatic TLS. The Caddy will do the magic thing about retrieving certificates for new domains automatically (please punch my face if I got this wrong 
). However, I got the error above
- I tried
tls internal(something) directive, no luck
6. Links to relevant resources:
This is the tutorial link I followed. I am suspecting that “custom Caddy build” of this tutorial may affect the default automatic TLS system? (Please kindly see step 4)
https://www.digitalocean.com/community/tutorials/how-to-host-a-website-with-caddy-on-ubuntu-22-04
Thank you in advance 
EDITED after found a solution:
I had to remove domain names due to my team’s privacy
