I have already tried updating the system. Updating Caddy Regenerate the certificate.
Remove the configuration of other sites
This problem still occurs.
Logfile
IP - - [27/Apr/2018:01:24:41 -0400] “GET / HTTP/1.1” 502 40
The 502 error is pertinent to your proxy. The technical explanation is that when you browsed to your website, Caddy tried to connect to https://bbb.com to retrieve its content for you, but received an invalid response from the server.
Running curl -IL https://bbb.com from the Caddy host will tell you exactly how the website is responding to Caddy.
It looks like Caddy wasn’t able to connect over HTTPS because the certificate presented by the upstream server couldn’t be validated (wasn’t signed by a trusted authority).
curl: (60) Peer's Certificate issuer is not recognized.
More details here: http://curl.haxx.se/docs/sslcerts.html
curl performs SSL certificate verification by default, using a "bundle"
of Certificate Authority (CA) public keys (CA certs). If the default
bundle file isn't adequate, you can specify an alternate file
using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
the bundle, the certificate verification probably failed due to a
problem with the certificate (it might be expired, or the name might
not match the domain name in the URL).
If you'd like to turn off curl's verification of the certificate, use
the -k (or --insecure) option.
Does this mean that I can’t avoid this issue?
thank you very much.
You can tell Caddy not to verify the upstream certificate, but the downside would be there’s nothing stopping someone between you from impersonating the upstream server. The insecure_skip_verify subdirective does this.
No worries, although the best outcome would be to get bbb.com to use a valid certificate so you don’t have to skip verification! Maybe they could use Caddy?