Do 302 redirect if on_demand_tls fails

1. Caddy version (caddy version): 2.4.0 h1

2. How I run Caddy:

I run caddy via systemctl

a. System environment:

Ubuntu 20.04 LTS

b. Command:

sudo systemctl restart caddy

c. Service/unit/compose file:

ExecStart=/usr/bin/caddy run --environ --config /etc/caddy/Caddyfile
ExecReload=/usr/bin/caddy reload --config /etc/caddy/Caddyfile

d. My complete Caddyfile or JSON config:

    on_demand_tls {
    storage dynamodb caddy_ssl_certificates
:80 {
    respond /health "Im healthy!" 200
:443 {
    tls {
    reverse_proxy {
        header_up X-Forwarded-Port {server_port}

        health_timeout 5s

3. The problem I’m having:

I am using on_demand_tls for generating certificates for my multi tenant application. So for instance if someone creates a tenant with the domain, the ask will get a 200 code, and the certificate will be created and the reverse proxy will send the request to the server.

The feature that I am looking for, is to be able to redirect the user if the ask for the on_demand_tls fails. So for instance, if the user goes to and the ask method gets a 503 error code as response, I want to make a 302 redirect for the user to the page Is that possible to do?

4. Error messages and/or full log output:

5. What I already tried:

6. Links to relevant resources:

Over what connection would you like to send the HTTP response? We can’t send an HTTP response if we can’t establish a secure connection…

Please upgrade to v2.4.5!

FYI, this doesn’t do anything unless you actually enable active health checks via the health_uri option at minimum.

That’s not possible. If the TLS handshake fails (because Caddy was instructed not to issue a certificate), then it never reaches request handling, because Caddy can’t respond to an HTTPS request with HTTP content. Browsers will not trust anything the server sends back unless the TLS handshake succeeds.

Thank you both for your answers! I understand what you are saying and why my idea would not work!

@francislavoie - Thank you for the tips regarding my config, I will look into that as well as upgrading caddy to the latest version!

1 Like

This topic was automatically closed after 30 days. New replies are no longer allowed.