Failling many times assinging HTTPS on 2nd domain

haunter · July 24, 2020, 10:00pm

1. Caddy version (`caddy version`):

v2.1.1

2. How I run Caddy:

i used this guide to fully install and successfully run caddy
Deploy with Snaps - Rocket.Chat Docs

a. System environment:

Vps ubuntu 18.04 x64

b. Command:

sudo snap set rocketchat-server caddy-url=https://
.
.

c. Service/unit/compose file:

snap on vps

d. My complete Caddyfile or JSON config:

https://mydomain.com
proxy / localhost:3000 {
  websocket
  transparent
}

3. The problem I’m having:

sorry to bother you all . i can handle myself pretty good in some things , but in this particullar area , i am on junior level. I am successfully running a rocket.chat server with https access and i would like to assign to another instance(jellyfin server) also https . so in one vps to have two domains with https. But whatever i followed and i did , i am failing

4. Error messages and/or full log output:

if i try to add a 2nd domain with https , i end up without having https at all.

5. What I already tried:

basically i followed all instructions i have been given here:

Jellyfin Forum

6. Links to relevant resources:

francislavoie · July 25, 2020, 2:57am

The Caddyfile you posted uses Caddy v1 syntax. On the jellyfin thread, Autotonic did give you the right Caddy v2 syntax to use.

What exactly isn’t working? You didn’t post your logs or a thorough enough explanation of the symptoms, so we can’t really know how to help.

haunter · July 25, 2020, 5:33am

whenever i am using the syntax Autotonic posted , both or either of my sites turned offline when i am trying to visit them from https . how can get the logs? , cause i tried a curl line and the output didnt seemed like logs.
and i am thinking also that when i run caddy version , it gives me the v2.1.1 , but the original install is from snap , do you think i might use the v1 ?
i am sorry but i am really newbie on those things , how can i provide you data(logs , etc) to post here

francislavoie · July 25, 2020, 6:58am

It’s unclear how you’re actually running Caddy. Is it running as a systemd service? If so, you should be able to get the logs by running journalctl -u caddy.

haunter · July 25, 2020, 7:01am

i am sorry for the messed up . i just dont have it.
the output in my terminal is

Hint: You are currently not seeing messages from other users and the system.
Users in groups ‘adm’, ‘systemd-journal’ can see all messages.
Pass -q to turn off this notice.
– Logs begin at Wed 2020-07-22 12:23:53 CEST, end at Sat 2020-07-25 07:24:04 CE
– No entries –
lines 1-2/2 (END)

francislavoie · July 25, 2020, 7:05am

How are you running Caddy then? What actually starts the Caddy process?

haunter · July 25, 2020, 7:08am

my original install was here

Deploy with Snaps - Rocket.Chat Docs

and the rocket.chat is installed through snap(and as i can understand , it runs through it…tho i might be wrong)

francislavoie · July 25, 2020, 7:22am

Right on that page, it says how to check the logs with the installation they provide:

journalctl -r | grep caddy | less

It seems like it likely uses Caddy v1, not Caddy v2, but you might have a copy of Caddy v2 installed as well if caddy version gives you v2. I don’t know how you might’ve gotten that as well.

Their docs are entirely for Caddy v1. The versions are not compatible. Caddy v2 is a complete rewrite from ground up. proxy does not exist in Caddy v2, it’s a v1 directive. In v2, the equivalent is reverse_proxy and it has slightly different semantics. This is all covered in the upgrade guide:

So you’ll need to figure out what’s going on here.

haunter · July 26, 2020, 7:38am

ok i think i made a bit of a progress . i removed old version and installed v2 . i was able to replicate the successful use of my first domain . but i still cant assign https in my 2nd domain .
my config is :

https://1stdomain.com {
reverse_proxy * localhost:3000
}

https://2nddomain.com {
reverse_proxy * localhost:8096
}

i run

sudo caddy adapt --config ~/caddy/Caddyfile
sudo caddy run --config ~/caddy/Caddyfile

and i end up

2020/07/26 07:17:38.908 INFO using provided configuration {“config_file”: “/home/haunter1/caddy/Caddyfile”, “config_adapter”: “”}
2020/07/26 07:17:38.910 INFO admin admin endpoint started {“address”: “tcp/localhost:2019”, “enforce_origin”: false, “origins”: [“localhost:2019”, “[::1]:2019”, “127.0.0.1:2019”]}
2020/07/26 09:17:38 [INFO][cache:0xc000185f20] Started certificate maintenance routine
2020/07/26 07:17:38.911 INFO http server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS {“server_name”: “srv0”, “https_port”: 443}
2020/07/26 07:17:38.911 INFO http enabling automatic HTTP->HTTPS redirects {“server_name”: “srv0”}
2020/07/26 07:17:38.913 INFO tls cleaned up storage units
2020/07/26 07:17:38.913 INFO http enabling automatic TLS certificate management {“domains”: [“2nd_HIDDENDOMAIN”, “1st2nd_HIDDENDOMAIN”]}
2020/07/26 07:17:38.926 INFO autosaved config {“file”: “/home/haunter1/.config/caddy/autosave.json”}
2020/07/26 07:17:38.926 INFO serving initial configuration
2020/07/26 09:17:38 [INFO][2nd_HIDDENDOMAIN] Obtain certificate; acquiring lock…
2020/07/26 09:17:38 [INFO][2nd_HIDDENDOMAIN] Obtain: Lock acquired; proceeding…
2020/07/26 09:17:39 [INFO][2nd_HIDDENDOMAIN] Waiting on rate limiter…
2020/07/26 09:17:39 [INFO][2nd_HIDDENDOMAIN] Done waiting
2020/07/26 09:17:39 [INFO] [2nd_HIDDENDOMAIN] acme: Obtaining bundled SAN certificate given a CSR
2020/07/26 09:17:40 [INFO] [2nd_HIDDENDOMAIN] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/6117966166
2020/07/26 09:17:40 [INFO] [2nd_HIDDENDOMAIN] acme: Could not find solver for: tls-alpn-01
2020/07/26 09:17:40 [INFO] [2nd_HIDDENDOMAIN] acme: use http-01 solver
2020/07/26 09:17:40 [INFO] [2nd_HIDDENDOMAIN] acme: Trying to solve HTTP-01
2020/07/26 09:17:45 [INFO] Deactivating auth: https://acme-v02.api.letsencrypt.org/acme/authz-v3/6117966166
2020/07/26 09:17:45 [INFO] Unable to deactivate the authorization: https://acme-v02.api.letsencrypt.org/acme/authz-v3/6117966166
2020/07/26 09:17:45 [ERROR] error: one or more domains had a problem:
[2nd_HIDDENDOMAIN] acme: error: 403 :: urn:ietf:params:acme:error:unauthorized :: Invalid response from http://2nd_HIDDENDOMAIN/.well-known/acme-challenge/lRrivlCpfNuDvwmGqbywBhvIMFaIlSuPl_eNnzxnjhw [2602:ff23:0:8888::206]: “\r\n\r\n<!-- WEB REDIRECT”, url:
(challenge=http-01 remaining=[tls-alpn-01])
2020/07/26 09:17:47 [INFO] [2nd_HIDDENDOMAIN] acme: Obtaining bundled SAN certificate given a CSR
2020/07/26 09:17:49 [INFO] [2nd_HIDDENDOMAIN] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/6117967804
2020/07/26 09:17:49 [INFO] [2nd_HIDDENDOMAIN] acme: use tls-alpn-01 solver
2020/07/26 09:17:49 [INFO] [2nd_HIDDENDOMAIN] acme: Trying to solve TLS-ALPN-01
2020/07/26 09:17:49 http: TLS handshake error from 127.0.0.1:53640: EOF
2020/07/26 09:17:50 [INFO] Deactivating auth: https://acme-v02.api.letsencrypt.org/acme/authz-v3/6117967804
2020/07/26 09:17:50 [INFO] Unable to deactivate the authorization: https://acme-v02.api.letsencrypt.org/acme/authz-v3/6117967804
2020/07/26 09:17:50 [ERROR] error: one or more domains had a problem:
[2nd_HIDDENDOMAIN] acme: error: 400 :: urn:ietf:params:acme:error:connection :: Error getting validation data, url:
(challenge=tls-alpn-01 remaining=)
2020/07/26 09:17:52 [ERROR] attempt 1: [2nd_HIDDENDOMAIN] Obtain: [2nd_HIDDENDOMAIN] error: one or more domains had a problem:
[2nd_HIDDENDOMAIN] acme: error: 400 :: urn:ietf:params:acme:error:connection :: Error getting validation data, url:

retrying in 1m0s (13.967977412s/720h0m0s elapsed)…

system · August 23, 2020, 10:00pm

This topic was automatically closed after 30 days. New replies are no longer allowed.