Force TLS-ALPN to bind on a specific IP?

I’m running caddy on a colocated mac (high sierra) that also has mac server app installed. It had worked for a long, long time through all the early caddy versions. I used to have the homebrew build of caddy installed. Earlier this year, I began having cert renewal problems in April. Then, I installed a mac security update. Caddy would not start (made me wonder if mac changed BSD port binding behavior further complicating the problem). So, I tried v1 and that didn’t work either.

Now, after a month, I came back to trying to get caddy to run again. I think the TLS-ALPN behavior changed and it seems that I used to be able to get TLS challenges to work until ACME pushed the ALPN thing in April. As far as my mac goes, caddy isn’t able to bind port 443 for the challenge BECAUSE it is trying to bind to *:443

I use the “-host” directive in the command to launch caddy. But, what I think is going on (for whatever reason, my console and sys logs are pretty quiet about all this), is that caddy is silently failing to get port 443 (because there is a different service on *:443).

Is it possible to force caddy to use only one IP address for everything (and not let it pick from interfaces available)? Everything on the IP address used to be bindable, but I think the ALPN changes have caddy looking to bind the port on different interfaces (that are occupied) so it fails.

Your Caddyfile may probaby contain the following
http://:443 {


This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.