ERR_SSL_PROTOCOL_ERROR - No self signed cert proposed

1. The problem I’m having:

Hi all!
I’m currently building my first docker stack with caddy (we want to replace nginx here :wink: ). But I’m facing a strange issue:
Chrome is giving me a ERR_SSL_PROTOCOL_ERROR without proposing to accept any self signed cert.

2. Error messages and/or full log output:

Main main error is that I’m receiving a code: ERR_SSL_PROTOCOL_ERROR.

Here is the full logs of the starting server:

container-caddy-1    | {"level":"info","ts":1678457618.401892,"msg":"using provided configuration","config_file":"/etc/caddy/Caddyfile","config_adapter":"caddyfile"}
container-caddy-1    | {"level":"warn","ts":1678457618.4046283,"msg":"Caddyfile input is not formatted; run the 'caddy fmt' command to fix inconsistencies","adapter":"caddyfile","file":"/etc/caddy/Caddyfile","line":5}
container-caddy-1    | {"level":"info","ts":1678457618.406586,"logger":"admin","msg":"admin endpoint started","address":"localhost:2019","enforce_origin":false,"origins":["//","//localhost:2019","//[::1]:2019"]}
container-caddy-1    | {"level":"info","ts":1678457618.407156,"logger":"http","msg":"server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS","server_name":"srv0","https_port":443}
container-caddy-1    | {"level":"info","ts":1678457618.4074059,"logger":"http","msg":"enabling automatic HTTP->HTTPS redirects","server_name":"srv0"}
container-caddy-1    | {"level":"info","ts":1678457618.4073477,"logger":"tls.cache.maintenance","msg":"started background certificate maintenance","cache":"0x4000206e70"}
container-caddy-1    | {"level":"info","ts":1678457618.4080667,"logger":"http","msg":"enabling HTTP/3 listener","addr":":443"}
container-caddy-1    | {"level":"info","ts":1678457618.4081972,"msg":"failed to sufficiently increase receive buffer size (was: 208 kiB, wanted: 2048 kiB, got: 416 kiB). See for details."}
container-caddy-1    | {"level":"info","ts":1678457618.408458,"logger":"http.log","msg":"server running","name":"srv0","protocols":["h1","h2","h3"]}
container-caddy-1    | {"level":"info","ts":1678457618.4085166,"logger":"http.log","msg":"server running","name":"remaining_auto_https_redirects","protocols":["h1","h2","h3"]}
container-caddy-1    | {"level":"info","ts":1678457618.408758,"msg":"autosaved config (load with --resume flag)","file":"/config/caddy/autosave.json"}
container-caddy-1    | {"level":"info","ts":1678457618.4088247,"msg":"serving initial configuration"}
container-caddy-1    | {"level":"info","ts":1678457618.409076,"logger":"tls","msg":"cleaning storage unit","description":"FileStorage:/data/caddy"}
container-caddy-1    | {"level":"info","ts":1678457618.4094574,"logger":"tls","msg":"finished cleaning storage units"}

3. Caddy version:


4. How I installed and ran Caddy:

I ran Caddy through docker with this files architecture:

a. System environment:

Here is my docker-compose.yml:

version: '3.1'
        image: 'redis:alpine'

        image: 'mysql:8.0'
        working_dir: /application
            - '.:/application'
            - SOME VARS...
            - '6002:3306'

        build: phpdocker/php-fpm
        working_dir: /application
            - '.:/application'
            - './phpdocker/php-fpm/php-ini-overrides.ini:/etc/php/8.2/fpm/conf.d/99-overrides.ini'

        image: phpmyadmin/phpmyadmin
        container_name: phpmyadmin
            - "6089:80"
            - mysql
            - SOME VARS...

        image: caddy:2.6.4-alpine
        restart: unless-stopped
            # HTTP
            - target: 80
              published: 80
              protocol: tcp
            # HTTPS
            - target: 443
              published: 443
              protocol: tcp
            # HTTP/3
            - target: 443
              published: 443
              protocol: udp
            - ./phpdocker/caddy/Caddyfile:/etc/caddy/Caddyfile
            - ./app:/srv
            - caddy_data:/data
            - caddy_config:/config
            -   php-fpm


d. My complete Caddy config:


:443 {
    root * /srv/public
    encode gzip
    php_fastcgi unix//var/run/php/php-fpm.sock

I don’t understand why it’s not proposing me to accept the self generated cert :frowning:
Could you help me pls?

Caddy can only install its cert on the machine it’s running on. If you’re running it in Docker that’s basically like running it in a separate machine. You’ll have to install the cert manually I think, but I don’t use Docker so I’ll let a Docker expert chime in here. :slight_smile:

Typically we recommend running Caddy without Docker. (I literally made Caddy because I didn’t want to deal with the containers mess.)

ahah understood.

To be fair, I inspired myself with this repo (which is present in the official documentation of Symfony) and especially :

and it’s working great there! But I can’t spot the problem/difference on my end… :frowning:

1 Like

Finally I managed it to “work” with 2 changes in my Caddyfile:

http://localhost, https://localhost { <-- directly putted the address I'm accessing of (found this in a github issue)
    log {
        level DEBUG

	root * ./srv/public/
	encode gzip
	php_fastcgi php-fpm:9000 <-- directly indicates my docker container

But now I’m getting:

Not sure of what to do now. :face_with_monocle:
I correctly see my files on the caddy container at the right place. :face_with_monocle:

Any idea? This could like a right problem, but where …

1 Like

You could probably just change that first line to localhost { unless you actually intend to serve your site over plaintext HTTP too.

As for the File not found error, not sure. Make sure the file you’re requesting actually exists in the site root? (And that the site root exists too.)

These aren’t the same. You probably meant to use root * /srv/public in your Caddyfile. You included ./ which means “relative path”. Caddy’s default working directory in the Docker image is /srv already, so that would mean /srv/srv/public I think.

Make sure the site’s files are mounted in the same place in both your Caddy and PHP containers, since Caddy sends the path to the file to execute to the PHP container.

1 Like

Hi Francis! (we spoke together few minutes in September in France at th @APIPPlatform conf :wink: )

You were totally right! I used a shared mounted volume across my php and my caddy containers, and it worked!

Thanks a lot for your help!!


Ah! Was it you that I spoke to with Daniel after his talk, outside? Sorry if not, I don’t remember!

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.