Error when starting Caddy

uglytruckling · April 17, 2019, 1:02pm

When starting Caddy, I get the following error:

C:\Caddy>caddy.exe
Activating privacy features… 2019/04/17 08:35:41 [INFO] [example[.]com] acme: Obtaining bundled SAN certificate
2019/04/17 08:35:42 [INFO] [example[.]com] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz/AMVAr3I3sDyuJnRWgmXKTYDRsO4KCfRmEwDfB3fO0H4
2019/04/17 08:35:42 [INFO] [example[.]com] acme: use tls-alpn-01 solver
2019/04/17 08:35:42 [INFO] [example[.]com] acme: Trying to solve TLS-ALPN-01
2019/04/17 08:35:48 [example[.]com] failed to obtain certificate: acme: Error → One or more domains had a problem:
[example.com] acme: error: 400 :: urn:ietf:params:acme:error:malformed :: Server only speaks HTTP, not TLS, url:

I am using a sub-domain from no-ip. It’s set up in my router, and I have ports 80 and 443 forwarded to port 5000 (which is used by Ombi).

I’m using Caddy 0.11.5, running on Win 10.

My Caddyfile is as follows:

example[.]com, www.example[.]com {
gzip
proxy / 127.0.0.1:5000,  {
transparent
}
}

Whitestrake · April 17, 2019, 11:11pm

Hi @uglytruckling, welcome to the Caddy community.

It’s not possible to run HTTP and HTTPS on the same port. By forwarding port 80 (HTTP) and 443 (HTTPS) to the same port, you’re effectively just using two HTTP ports.

Port 443 needs to be forwarded to a separate HTTPS-specific port.

uglytruckling · April 18, 2019, 12:46am

Is there another specific port I should use to forward 443 to? Do I need to change my Caddyfile to reflect that?

Whitestrake · April 18, 2019, 12:50am

You should be forwarding ports 80 and 443 to ports 80 and 443 on the host you run Caddy on.

Caddy expects to receive traffic on the default ports, including the ACME challenge. If that traffic is going to Ombi instead, it won’t reach Caddy, and Caddy won’t be able to answer the challenge successfully.

uglytruckling · April 18, 2019, 2:52am

Forwarding 80 and 443 to those ports, respectively, gives me the following error when starting Caddy:

Activating privacy features… 2019/04/17 22:47:53 [INFO] [example[.]com] acme: Obtaining bundled SAN certificate
2019/04/17 22:47:53 [INFO] [example[.]com] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz/B7m74V46zVVwo1JMy3z76TmOTq34slmETeJqy_EITZk
2019/04/17 22:47:53 [INFO] [example[.]com] acme: use tls-alpn-01 solver
2019/04/17 22:47:53 [INFO] [example[.]com] acme: Trying to solve TLS-ALPN-01
2019/04/17 22:47:59 [INFO] [example[.]com] The server validated our request
2019/04/17 22:47:59 [INFO] [example[.]com] acme: Validations succeeded; requesting certificates
2019/04/17 22:48:02 [INFO] [example[.]com] Server responded with a certificate.
2019/04/17 22:48:02 [INFO] [www.example[.]com] acme: Obtaining bundled SAN certificate
2019/04/17 22:48:03 [INFO] [www.example[.]com] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz/gXTZGejlXlUBDYBsUKnniQRuZW4_tHhsSoYCgkOJAdI
2019/04/17 22:48:03 [INFO] [www.example[.]com] acme: use tls-alpn-01 solver
2019/04/17 22:48:03 [INFO] [www.example[.]com] acme: Trying to solve TLS-ALPN-01
2019/04/17 22:48:03 [www.example[.]com] failed to obtain certificate: acme: Error → One or more domains had a problem:
[www.example[.]com] acme: error: 400 :: urn:ietf:params:acme:error:dns :: DNS problem: NXDOMAIN looking up A for www.example[.]com, url:

Whitestrake · April 18, 2019, 3:32am

This error indicates that LetsEncrypt tried to find your server by resolving the domain name and found that the domain name doesn’t exist.

uglytruckling · April 18, 2019, 12:27pm

Once I removed the , www.example[.]com from the first line of the Caddyfile (and then the extra comma after the port number) it works as it should.

Thanks for pointing me in the right direction.

system · July 17, 2019, 12:28pm

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.