1. Caddy version (caddy:latest (currently 9ce811ab3540)
):
2. How I run Caddy:
I’m running Caddy inside of a single server Docker Swarm to add TLS to a ghost blog I’m hosting. Config files are posted below
stack.yml
version: '3.1'
services:
proxy:
image: caddy:2-alpine
restart: always
ports:
- 443:443
- 80:80
volumes:
- ./proxy/Caddyfile:/etc/caddy/Caddyfile
ghost:
image: ghost:3-alpine
restart: always
environment:
# see https://docs.ghost.org/docs/config#section-running-ghost-with-config-env-variables
database__client: mysql
database__connection__host: db
database__connection__user: root
database__connection__password: ${MYSQL_PASS}
database__connection__database: ghost
url: ${URL}
db:
image: mysql:5.7
restart: always
environment:
MYSQL_ROOT_PASSWORD: ${MYSQL_PASS}
Caddyfile
samvanderkris.xyz {
reverse_proxy {
to ghost:2368
}
}
3. The problem I’m having:
Trying to visit the website in my browser results in an SSL_ERROR_INTERNAL_ERROR_ALERT
error.
4. Error messages and/or full log output:
ghost_proxy.1.x83wckek2wsx@arcadia | {"level":"info","ts":1594938888.4519227,"msg":"using provided configuration","config_file":"/etc/caddy/Caddyfile","config_adapter":"caddyfile"}
ghost_proxy.1.x83wckek2wsx@arcadia | {"level":"info","ts":1594938888.4709291,"logger":"admin","msg":"admin endpoint started","address":"tcp/localhost:2019","enforce_origin":false,"origins":["localhost:2019","[::1]:2019","127.0.0.1:2019"]}
ghost_proxy.1.x83wckek2wsx@arcadia | {"level":"info","ts":1594938888.4726567,"logger":"http","msg":"server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS","server_name":"srv0","https_port":443}
ghost_proxy.1.x83wckek2wsx@arcadia | {"level":"info","ts":1594938888.4727864,"logger":"http","msg":"enabling automatic HTTP->HTTPS redirects","server_name":"srv0"}
ghost_proxy.1.x83wckek2wsx@arcadia | {"level":"info","ts":1594938888.474206,"logger":"tls","msg":"cleaned up storage units"}
ghost_proxy.1.x83wckek2wsx@arcadia | 2020/07/16 22:34:48 [INFO][cache:0xc00003b380] Started certificate maintenance routine
ghost_proxy.1.x83wckek2wsx@arcadia | {"level":"info","ts":1594938888.4794965,"logger":"http","msg":"enabling automatic TLS certificate management","domains":["samvanderkris.xyz"]}
ghost_proxy.1.x83wckek2wsx@arcadia | {"level":"info","ts":1594938888.4874046,"msg":"autosaved config","file":"/config/caddy/autosave.json"}
ghost_proxy.1.x83wckek2wsx@arcadia | {"level":"info","ts":1594938888.48752,"msg":"serving initial configuration"}
ghost_proxy.1.x83wckek2wsx@arcadia | 2020/07/16 22:34:48 [INFO][samvanderkris.xyz] Obtain certificate; acquiring lock...
ghost_proxy.1.x83wckek2wsx@arcadia | 2020/07/16 22:34:48 [INFO][samvanderkris.xyz] Obtain: Lock acquired; proceeding...
ghost_proxy.1.x83wckek2wsx@arcadia | 2020/07/16 22:34:49 [INFO] [samvanderkris.xyz] acme: Obtaining bundled SAN certificate given a CSR
ghost_proxy.1.x83wckek2wsx@arcadia | 2020/07/16 22:34:49 [INFO][samvanderkris.xyz] Waiting on rate limiter...
ghost_proxy.1.x83wckek2wsx@arcadia | 2020/07/16 22:34:49 [INFO][samvanderkris.xyz] Done waiting
ghost_proxy.1.x83wckek2wsx@arcadia | 2020/07/16 22:34:50 [INFO] [samvanderkris.xyz] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/5925104005
ghost_proxy.1.x83wckek2wsx@arcadia | 2020/07/16 22:34:50 [INFO] [samvanderkris.xyz] acme: Could not find solver for: tls-alpn-01
ghost_proxy.1.x83wckek2wsx@arcadia | 2020/07/16 22:34:50 [INFO] [samvanderkris.xyz] acme: use http-01 solver
ghost_proxy.1.x83wckek2wsx@arcadia | 2020/07/16 22:34:50 [INFO] [samvanderkris.xyz] acme: Trying to solve HTTP-01
ghost_proxy.1.x83wckek2wsx@arcadia | 2020/07/16 22:34:54 http: TLS handshake error from 10.0.0.2:45198: no certificate available for 'samvanderkris.xyz'
ghost_proxy.1.x83wckek2wsx@arcadia | 2020/07/16 22:34:56 http: TLS handshake error from 10.0.0.2:45204: no certificate available for 'samvanderkris.xyz'
ghost_proxy.1.x83wckek2wsx@arcadia | 2020/07/16 22:35:01 http: TLS handshake error from 10.0.0.2:45206: no certificate available for 'samvanderkris.xyz'
ghost_proxy.1.x83wckek2wsx@arcadia | 2020/07/16 22:35:47 http: TLS handshake error from 10.0.0.2:38186: no certificate available for 'git.samvanderkris.xyz'
ghost_proxy.1.x83wckek2wsx@arcadia | 2020/07/16 22:35:49 http: TLS handshake error from 10.0.0.2:36846: no certificate available for 'git.samvanderkris.xyz'
5. What I already tried:
I tried changing the host in my Caddyfile to some other stuff like proxy
, localhost
and my server’s external IPv4 address (thought maybe Docker Swarm’s networking messed something up). I assume the no certificate available for 'samvanderkris.xyz'
error suggests that something went wrong getting a certificate from Let’s Encrypt, but I don’t really know what else to try here.
I’ve looked around online and found some people with very similar problems, but couldn’t actually find a solution. Any help would be very much appreciated!