General questions about subdomains setup with Caddy

donaldpooh · September 8, 2020, 1:20am

Hello,

I have already a working wordpress site on my VPS, with quite basic setup by Caddy (thanks to the help from this forum). The caddyfile just looks like:

mydomain.com
{   
...
}

An A record mydomain.com is pointing to the VPS ip using Cloudflare.

I am thinking to instead of using mydomain.com to visit my wordpress site, use sth like wordpress.mydomain.com. Because I’m thinking in the future I may add more applications on the VPS such as owncloud and what not, I can then have owncloud.mydomain.com too.

Therefore I’m testing with the wordpress subdomain first. All I changed in Caddyfile was the site name, so after the change it is:

wordpress.mydomain.com
{   
...*no change here*
}

The other change I did was adding a cname “wordpress” to the domain I set up on Cloudflare.

However, when I visit wordpress.mydomain.com in the browser, I get the
Error 525: SSL handshake failed displayed by the cloudflare page. According to the Cloudflare documentation, it is basically…the faulty SSL certificate configuration.

I did a little research about the topic and my conclusion was that LetsEncrypt doesn’t issue subdomain certificate, or it is using the same certificate for mydomain.com which causes discrepancy issues?

So,

Can you help to explain the error I’m encountering?
What are the requirement/steps for setting up multiple subdomains?
Should the caddyfile look like this:

app1.mydomain.com
{}
app2.mydomain.com
{}
app3.mydomain.com
...

francislavoie · September 8, 2020, 1:44am

Please fill out the help thread template, and at least include your Caddy version, logs, full Caddyfile, and installation method.

donaldpooh · September 8, 2020, 1:55am

Caddy version: v2.1.1 h1:X9k1+ehZPYYrSqBvf/ocUgdLSRIuiNiMo7CvyGUQKeA=
Installation method: Downloaded the latest zip and created a systemd service, which has run fine without issue.
caddyfile:

wordpress.mydomain.com {
        root * /srv/www/wordpress
        encode gzip
        php_fastcgi unix//var/run/php-fpm.sock
        file_server
        log {
                output file /var/log/caddy/caddy.log
        }
}

logs: There is no logging occurred when subdomain is used in caddyfile. I guess it’s because of the SSL handshake error 525?

From cloudflare:
Error 525 indicates that the SSL handshake between Cloudflare and the origin web server failed. This only occurs when the domain is using Cloudflare Full or Full (Strict) SSL mode. This is typically caused by a configuration issue in the origin web server, when this happens, you’ll see “Error 525: SSL handshake failed”.

francislavoie · September 8, 2020, 2:08am

I think this article should cover the questions about using Caddy with Cloudflare:

donaldpooh · September 9, 2020, 2:02am

Thank you very much for the link. Much study to do.
I guess the error I encountered should be caused by the fact that let’s encrypt doesn’t provide certificates to subdomains automatically.

francislavoie · September 9, 2020, 2:16am

Caddy can only get certificates issued from Let’s Encrypt if your site is publicly reachable. When behind Cloudflare, this poses issues.

You can see your Caddy logs by running journalctl --no-pager -u caddy | less, you’ll likely notice errors in certificate issuance.

system · October 8, 2020, 1:20am

This topic was automatically closed after 30 days. New replies are no longer allowed.