Docker Caddy TLS certs don't work

1. The problem I’m having:

I have a docker-compose.yml file which sets up a dev environment involving a php-fpm container, a mysql container and a caddy container. It was working just fine. Haven’t used it in a few months, spun it up again today and now it’s not working.

2. Error messages and/or full log output:

caddy-1       | {"level":"debug","ts":1703696926.8279283,"logger":"events","msg":"event","name":"tls_get_certificate","id":"c75844aa-c09e-4c40-bd70-3541fcf60339","origin":"tls","data":{"client_hello":{"CipherSuites":[4865,4867,4866,49195,49199,52393,52392,49196,49200,49162,49161,49171,49172,156,157,47,53],"ServerName":"fe.dev.localhost","SupportedCurves":[29,23,24,25,256,257],"SupportedPoints":"AA==","SignatureSchemes":[1027,1283,1539,2052,2053,2054,1025,1281,1537,515,513],"SupportedProtos":["h2","http/1.1"],"SupportedVersions":[772,771],"Conn":{}}}}
caddy-1       | {"level":"debug","ts":1703696926.8280492,"logger":"tls.handshake","msg":"choosing certificate","identifier":"fe.dev.localhost","num_choices":1}
caddy-1       | {"level":"debug","ts":1703696926.82812,"logger":"tls.handshake","msg":"default certificate selection results","identifier":"fe.dev.localhost","subjects":["fe.dev.localhost"],"managed":true,"issuer_key":"local","hash":"09950dfec6283621094902bb8fab737991c58207a61b983071c2c09bc0808253"}
caddy-1       | {"level":"debug","ts":1703696926.828142,"logger":"tls.handshake","msg":"matched certificate in cache","remote_ip":"192.168.65.1","remote_port":"52118","subjects":["fe.dev.localhost"],"managed":true,"expiration":1703728747,"hash":"09950dfec6283621094902bb8fab737991c58207a61b983071c2c09bc0808253"}
caddy-1       | {"level":"debug","ts":1703696926.8380108,"logger":"http.stdlib","msg":"http: TLS handshake error from 192.168.65.1:52118: remote error: tls: bad certificate"}
caddy-1       | {"level":"debug","ts":1703696927.3199594,"logger":"events","msg":"event","name":"tls_get_certificate","id":"4e10def0-2e5d-44c8-8567-ec26935d0c0b","origin":"tls","data":{"client_hello":{"CipherSuites":[4865,4867,4866,49195,49199,52393,52392,49196,49200,49162,49161,49171,49172,156,157,47,53],"ServerName":"fe.dev.localhost","SupportedCurves":[29,23,24,25,256,257],"SupportedPoints":"AA==","SignatureSchemes":[1027,1283,1539,2052,2053,2054,1025,1281,1537,515,513],"SupportedProtos":["h2","http/1.1"],"SupportedVersions":[772,771],"Conn":{}}}}
caddy-1       | {"level":"debug","ts":1703696927.3201632,"logger":"tls.handshake","msg":"choosing certificate","identifier":"fe.dev.localhost","num_choices":1}
caddy-1       | {"level":"debug","ts":1703696927.3201869,"logger":"tls.handshake","msg":"default certificate selection results","identifier":"fe.dev.localhost","subjects":["fe.dev.localhost"],"managed":true,"issuer_key":"local","hash":"09950dfec6283621094902bb8fab737991c58207a61b983071c2c09bc0808253"}
caddy-1       | {"level":"debug","ts":1703696927.3201964,"logger":"tls.handshake","msg":"matched certificate in cache","remote_ip":"192.168.65.1","remote_port":"52119","subjects":["fe.dev.localhost"],"managed":true,"expiration":1703728747,"hash":"09950dfec6283621094902bb8fab737991c58207a61b983071c2c09bc0808253"}
caddy-1       | {"level":"debug","ts":1703696927.3264754,"logger":"http.stdlib","msg":"http: TLS handshake error from 192.168.65.1:52119: remote error: tls: bad certificate"}

3. Caddy version:

caddy:latest (via docker image)

4. How I installed and ran Caddy:

docker plus Caddyfile

a. System environment:

Docker

b. Command:

docker-compose -f docker-compose-aarch64.yml up

c. Service/unit/compose file:

version: "0.0.1"
networks:
  web-network:
services:
  caddy:
    image: caddy:latest
    restart: always
    volumes:
      - ./caddy/data:/data
      - ./caddy/config:/config
      - ./caddy/Caddyfile:/etc/caddy/Caddyfile
      - ./caddy/logs:/logs
      - ./app:/var/www/html
    ports:
      - "80:80"
      - "443:443"
    networks:
      - web-network
    # this bit allows caddy on docker to see the listener on the external (to docker) port 8080 (which listens locally on my laptop)
    extra_hosts:
      host.docker.internal: host-gateway
  php:
    build: ./php
    tty: true
    restart: always
    volumes:
      - ./app:/var/www/html
    networks:
      - web-network
    extra_hosts:
      host.docker.internal: host-gateway

  mysql:
    image: mysql/mysql-server:latest-aarch64
    ports:
      - "23306:3306"
    environment:
      MYSQL_ROOT_HOST: "%"
      MYSQL_ROOT_USER: root
      MYSQL_ROOT_PASSWORD: root
      MYSQL_DATABASE: db
      MYSQL_USER: my_user
      MYSQL_PASSWORD: my_password
    command: mysqld --sql_mode="NO_ENGINE_SUBSTITUTION"
    volumes:
      - $PWD/db/data:/var/lib/mysql
      - $PWD/db/config:/etc/mysql/conf.d
    networks:
      - web-network
    extra_hosts:
      host.docker.internal: host-gateway

  phpmyadmin:
    image: phpmyadmin
    tty: true
    working_dir: $PWD/phpmyadmin
    ports:
        - "8888:80"
    networks:
        - web-network
    environment:
        PMA_HOST: "mysql"
        PMA_PORT: "3306"
        PMA_USER: "root"
        PMA_PASSWORD: "root"

d. My complete Caddy config:

{
    debug
}
fe.dev.localhost {
    reverse_proxy host.docker.internal:5173
}
be.dev.localhost {
    root * /var/www/html/SportchAppDEV
    encode gzip
    php_fastcgi php:9000 
    header / {
        Content-Type text/html
    }
    file_server
}

I also have /etc/hosts set up to map:

% cat /etc/hosts
##
# Host Database
#
# localhost is used to configure the loopback interface
# when the system is booting.  Do not change this entry.
##
127.0.0.1       localhost
255.255.255.255 broadcasthost
::1             localhost

127.0.0.1       be.dev.localhost
127.0.0.1       fe.dev.localhost

5. Links to relevant resources:

Deleting the caddy data, config and log folders cleared the problem.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.