Get basic file-server working for SPA

Help
1

1. Output of caddy version:

v2.5.0 h1:eRHzZ4l3X6Ag3kUt8nj5IxATprhqKq/wToP7OHlXWA0=

2. How I run Caddy:

systemctl start caddy

a. System environment:

Almalinux 8

b. Command:

systemctl start caddy

c. Service/unit/compose file:

huh?

d. My complete Caddy config:

{
        debug
}

www.roundtable.games {
        root * /var/www/html/roundtable.games/spa
        file_server
}

roundtable.games {
        redir https://www.rountable.games
}

3. The problem I’m having:

Site doesn’t load due to 308 permanent redirect.

4. Error messages and/or full log output:

Results of CURL to www.roundtable.games:

 curl -vl www.roundtable.games
*   Trying 77.68.13.165:80...
* Connected to www.roundtable.games (77.68.13.165) port 80 (#0)
> GET / HTTP/1.1
> Host: www.roundtable.games
> User-Agent: curl/7.84.0
> Accept: */*
>
* Mark bundle as not supporting multiuse
< HTTP/1.1 308 Permanent Redirect
< Connection: close
< Location: https://www.roundtable.games/
< Server: Caddy
< Date: Mon, 05 Dec 2022 12:59:38 GMT
< Content-Length: 0
<
* Closing connection 0

Result of CURL to roundtable.games:

curl -vl roundtable.games
*   Trying 77.68.13.165:80...
* Connected to roundtable.games (77.68.13.165) port 80 (#0)
> GET / HTTP/1.1
> Host: roundtable.games
> User-Agent: curl/7.84.0
> Accept: */*
>
* Mark bundle as not supporting multiuse
< HTTP/1.1 308 Permanent Redirect
< Connection: close
< Location: https://roundtable.games/
< Server: Caddy
< Date: Mon, 05 Dec 2022 13:03:32 GMT
< Content-Length: 0
<
* Closing connection 0

Results of CURL to https://www.roundtable.games

 % curl -vl https://www.roundtable.games
*   Trying 77.68.13.165:443...
* Connected to www.roundtable.games (77.68.13.165) port 443 (#0)
* ALPN: offers h2
* ALPN: offers http/1.1
*  CAfile: /etc/ssl/cert.pem
*  CApath: none
* (304) (OUT), TLS handshake, Client hello (1):
* error:1404B438:SSL routines:ST_CONNECT:tlsv1 alert internal error
* Closing connection 0
curl: (35) error:1404B438:SSL routines:ST_CONNECT:tlsv1 alert internal error

Results of systemctl status caddy:

systemctl status caddy
— caddy.service - Caddy
   Loaded: loaded (/usr/lib/systemd/system/caddy.service; enabled; vendor preset: disabled)
   Active: active (running) since Mon 2022-12-05 12:59:24 UTC; 3s ago
     Docs: https://caddyserver.com/docs/
 Main PID: 814571 (caddy)
    Tasks: 6 (limit: 2564)
   Memory: 11.3M
   CGroup: /system.slice/caddy.service
           ”””€814571 /usr/bin/caddy run --environ --config /etc/caddy/Caddyfile

Dec 05 12:59:25 arc-hosting caddy[814571]: {"level":"debug","ts":1670245165.9004762,"logger":"tls.issuance.acme.acme_client","msg":"http request","method":"POST",>
Dec 05 12:59:25 arc-hosting caddy[814571]: {"level":"debug","ts":1670245165.9005911,"logger":"tls.issuance.acme.acme_client","msg":"challenge accepted","identifie>
Dec 05 12:59:26 arc-hosting caddy[814571]: {"level":"debug","ts":1670245166.0780144,"logger":"tls.issuance.acme.acme_client","msg":"http request","method":"POST",>
Dec 05 12:59:26 arc-hosting caddy[814571]: {"level":"debug","ts":1670245166.2718313,"logger":"tls.issuance.acme.acme_client","msg":"http request","method":"POST",>
Dec 05 12:59:26 arc-hosting caddy[814571]: {"level":"debug","ts":1670245166.4771154,"logger":"tls.issuance.acme.acme_client","msg":"http request","method":"POST",>
Dec 05 12:59:26 arc-hosting caddy[814571]: {"level":"debug","ts":1670245166.6418822,"logger":"tls.issuance.acme.acme_client","msg":"http request","method":"POST",>
Dec 05 12:59:26 arc-hosting caddy[814571]: {"level":"debug","ts":1670245166.9174092,"logger":"tls.issuance.acme.acme_client","msg":"http request","method":"POST",>
Dec 05 12:59:27 arc-hosting caddy[814571]: {"level":"debug","ts":1670245167.0119767,"logger":"tls.issuance.acme.acme_client","msg":"http request","method":"POST",>
Dec 05 12:59:27 arc-hosting caddy[814571]: {"level":"debug","ts":1670245167.31625,"logger":"tls.issuance.acme.acme_client","msg":"http request","method":"POST","u>
Dec 05 12:59:27 arc-hosting caddy[814571]: {"level":"debug","ts":1670245167.3831837,"logger":"tls.issuance.acme.acme_client","msg":"http request","method":"POST",>
lines 1-20/20 (END)

5. What I already tried:

Just the above. I don’t know what else to do.

6. Links to relevant resources:

2

Caddy only serves your page on https:// and redirects everything on http:// by to https:// by default.
So that http/308 shouldn’t be an issue.

The error when trying that https:// connection, however, is failing because Caddy could not issue a certificate from LetsEncrypt or ZeroSSL yet.
You will find more about that in the logs.
The logs you shared are truncated (note those > at the end of each line).
You can use journalctl --unit caddy.service --no-pager | less +G instead (and press q to exit again).

I have a very high suspicion that your ISP might be blocking port :80 and :443.
In which case, not only will the ACME http/tls challenge continue to fail, but others also won’t be able to actually reach your page.

Is your Caddy currently running? Because I can’t reach it, rn.

1 Like
3

Caddy is running but the DNS records might still be updating. Perhaps that’s why the certificates are failing?

Here’s the logs:

# journalctl --unit caddy.service --no-pager | less +G
Dec 05 16:36:17 arc-hosting caddy[814673]: {"level":"debug","ts":1670258177.195322,"logger":"tls.handshake","msg":"all external certificate managers yielded no certificates and no errors","sni":""}
Dec 05 16:36:17 arc-hosting caddy[814673]: {"level":"debug","ts":1670258177.195335,"logger":"tls.handshake","msg":"no certificate matching TLS ClientHello","server_name":"","remote":"54.212.135.231:44318","identifier":"77.68.13.165","cipher_suites":[49200,49196,49192,49188,49172,49162,165,163,161,159,107,106,105,104,57,56,55,54,136,135,134,133,49202,49198,49194,49190,49167,49157,157,61,53,132,49199,49195,49191,49187,49171,49161,164,162,160,158,103,64,63,62,51,50,49,48,154,153,152,151,69,68,67,66,49201,49197,49193,49189,49166,49156,156,60,47,150,65,49170,49160,22,19,16,13,49165,49155,10,7,255],"cert_cache_fill":0.0002,"load_if_necessary":true,"obtain_if_necessary":true,"on_demand":false}
Dec 05 16:36:17 arc-hosting caddy[814673]: {"level":"debug","ts":1670258177.195412,"logger":"http.stdlib","msg":"http: TLS handshake error from 54.212.135.231:44318: no certificate available for '77.68.13.165'"}
Dec 05 16:36:26 arc-hosting caddy[814673]: {"level":"debug","ts":1670258186.7236216,"logger":"tls.handshake","msg":"no matching certificates and no custom selection logic","identifier":"77.68.13.165"}
Dec 05 16:36:26 arc-hosting caddy[814673]: {"level":"debug","ts":1670258186.7236617,"logger":"tls.handshake","msg":"all external certificate managers yielded no certificates and no errors","sni":""}
Dec 05 16:36:26 arc-hosting caddy[814673]: {"level":"debug","ts":1670258186.7236862,"logger":"tls.handshake","msg":"no certificate matching TLS ClientHello","server_name":"","remote":"54.167.211.4:49064","identifier":"77.68.13.165","cipher_suites":[49200,49196,49192,49188,49172,49162,165,163,161,159,107,106,105,104,57,56,55,54,136,135,134,133,49202,49198,49194,49190,49167,49157,157,61,53,132,49199,49195,49191,49187,49171,49161,164,162,160,158,103,64,63,62,51,50,49,48,154,153,152,151,69,68,67,66,49201,49197,49193,49189,49166,49156,156,60,47,150,65,49170,49160,22,19,16,13,49165,49155,10,7,255],"cert_cache_fill":0.0002,"load_if_necessary":true,"obtain_if_necessary":true,"on_demand":false}
Dec 05 16:36:26 arc-hosting caddy[814673]: {"level":"debug","ts":1670258186.7237544,"logger":"http.stdlib","msg":"http: TLS handshake error from 54.167.211.4:49064: no certificate available for '77.68.13.165'"}
Dec 05 16:36:33 arc-hosting caddy[814673]: {"level":"debug","ts":1670258193.116497,"logger":"tls.handshake","msg":"no matching certificates and no custom selection logic","identifier":"77.68.13.165"}
Dec 05 16:36:33 arc-hosting caddy[814673]: {"level":"debug","ts":1670258193.1165338,"logger":"tls.handshake","msg":"all external certificate managers yielded no certificates and no errors","sni":""}
Dec 05 16:36:33 arc-hosting caddy[814673]: {"level":"debug","ts":1670258193.1165433,"logger":"tls.handshake","msg":"no certificate matching TLS ClientHello","server_name":"","remote":"34.203.192.101:40388","identifier":"77.68.13.165","cipher_suites":[49200,49196,49192,49188,49172,49162,165,163,161,159,107,106,105,104,57,56,55,54,136,135,134,133,49202,49198,49194,49190,49167,49157,157,61,53,132,49199,49195,49191,49187,49171,49161,164,162,160,158,103,64,63,62,51,50,49,48,154,153,152,151,69,68,67,66,49201,49197,49193,49189,49166,49156,156,60,47,150,65,49170,49160,22,19,16,13,49165,49155,10,7,255],"cert_cache_fill":0.0002,"load_if_necessary":true,"obtain_if_necessary":true,"on_demand":false}
Dec 05 16:36:33 arc-hosting caddy[814673]: {"level":"debug","ts":1670258193.116613,"logger":"http.stdlib","msg":"http: TLS handshake error from 34.203.192.101:40388: no certificate available for '77.68.13.165'"}
Dec 05 16:36:42 arc-hosting caddy[814673]: {"level":"debug","ts":1670258202.0226207,"logger":"tls.handshake","msg":"no matching certificates and no custom selection logic","identifier":"77.68.13.165"}
Dec 05 16:36:42 arc-hosting caddy[814673]: {"level":"debug","ts":1670258202.0226614,"logger":"tls.handshake","msg":"all external certificate managers yielded no certificates and no errors","sni":""}
Dec 05 16:36:42 arc-hosting caddy[814673]: {"level":"debug","ts":1670258202.0226712,"logger":"tls.handshake","msg":"no certificate matching TLS ClientHello","server_name":"","remote":"18.234.57.166:45200","identifier":"77.68.13.165","cipher_suites":[49200,49196,49192,49188,49172,49162,165,163,161,159,107,106,105,104,57,56,55,54,136,135,134,133,49202,49198,49194,49190,49167,49157,157,61,53,132,49199,49195,49191,49187,49171,49161,164,162,160,158,103,64,63,62,51,50,49,48,154,153,152,151,69,68,67,66,49201,49197,49193,49189,49166,49156,156,60,47,150,65,49170,49160,22,19,16,13,49165,49155,10,7,255],"cert_cache_fill":0.0002,"load_if_necessary":true,"obtain_if_necessary":true,"on_demand":false}
Dec 05 16:36:42 arc-hosting caddy[814673]: {"level":"debug","ts":1670258202.022754,"logger":"http.stdlib","msg":"http: TLS handshake error from 18.234.57.166:45200: no certificate available for '77.68.13.165'"}
4

DNS does have an A record:

$ dig roundtable.games

; <<>> DiG 9.16.29 <<>> roundtable.games
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 34184
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;roundtable.games.              IN      A

;; ANSWER SECTION:
roundtable.games.       227     IN      A       184.67.75.222

;; Query time: 2 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Mon Dec 05 20:55:16 Eastern Standard Time 2022
;; MSG SIZE  rcvd: 77

$ dig www.roundtable.games

; <<>> DiG 9.16.29 <<>> www.roundtable.games
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 44162
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.roundtable.games.          IN      A

;; ANSWER SECTION:
www.roundtable.games.   300     IN      CNAME   roundtable.games.
roundtable.games.       300     IN      A       184.67.75.222

;; Query time: 15 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Mon Dec 05 20:55:29 Eastern Standard Time 2022
;; MSG SIZE  rcvd: 131

But requests time out:

$ curl -v https://www.roundtable.games
*   Trying 184.67.75.222:443...
* connect to 184.67.75.222 port 443 failed: Timed out
* Failed to connect to www.roundtable.games port 443 after 21054 ms: Timed out
* Closing connection 0
curl: (28) Failed to connect to www.roundtable.games port 443 after 21054 ms: Timed out

I do see in your logs the IP address 77.68.13.165 from some bots trying to connect to your server. That’s probably your actual IP address. Make sure to update your DNS to the correct IP address.

2 Likes
5

So the DNS is now pointing at 77.68.13.165, which is the correct server address. However it’s still not accepting connections.

The caddy logs are full of errors:

Dec 10 08:39:55 arc-hosting caddy[888710]: {"level":"debug","ts":1670661595.0950918,"logger":"tls.issuance.acme.acme_client","msg":"http request","method":"POST","url":"https://acme.zerossl.com/v2/DV90/authz/KGLVthc4Hfs_aSoqdaAOYA","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.5.0 CertMagic acmez (linux; amd64)"]},"response_headers":{"Access-Control-Allow-Origin":["*"],"Cache-Control":["max-age=0, no-cache, no-store"],"Content-Length":["453"],"Content-Type":["application/json"],"Date":["Sat, 10 Dec 2022 08:39:55 GMT"],"Link":["<https://acme.zerossl.com/v2/DV90>;rel=\"index\""],"Replay-Nonce":["VHnZE0e_n0lBhr0mRx43KHkN8Rpy243npgSevleO7h0"],"Retry-After":["5"],"Server":["nginx"],"Strict-Transport-Security":["max-age=15724800; includeSubDomains"]},"status_code":200}
Dec 10 08:39:57 arc-hosting caddy[888710]: {"level":"debug","ts":1670661597.3769143,"logger":"tls.issuance.acme.acme_client","msg":"http request","method":"POST","url":"https://acme.zerossl.com/v2/DV90/authz/771tZa61BTnIpzBlRAMKjg","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.5.0 CertMagic acmez (linux; amd64)"]},"response_headers":{"Access-Control-Allow-Origin":["*"],"Cache-Control":["max-age=0, no-cache, no-store"],"Content-Length":["449"],"Content-Type":["application/json"],"Date":["Sat, 10 Dec 2022 08:39:57 GMT"],"Link":["<https://acme.zerossl.com/v2/DV90>;rel=\"index\""],"Replay-Nonce":["0ysvjL0jisQaA6qRZDO0BmgPgi2NenTZgS38TKqrHGY"],"Retry-After":["5"],"Server":["nginx"],"Strict-Transport-Security":["max-age=15724800; includeSubDomains"]},"status_code":200}
Dec 10 08:40:05 arc-hosting caddy[888710]: {"level":"debug","ts":1670661605.8220913,"logger":"tls.issuance.acme.acme_client","msg":"http request","method":"POST","url":"https://acme.zerossl.com/v2/DV90/authz/KGLVthc4Hfs_aSoqdaAOYA","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.5.0 CertMagic acmez (linux; amd64)"]},"response_headers":{"Access-Control-Allow-Origin":["*"],"Cache-Control":["max-age=0, no-cache, no-store"],"Content-Length":["453"],"Content-Type":["application/json"],"Date":["Sat, 10 Dec 2022 08:40:05 GMT"],"Link":["<https://acme.zerossl.com/v2/DV90>;rel=\"index\""],"Replay-Nonce":["VBpn2LpzQnYv320_YpDbR6OcIare-9XZRpBy9QWF__4"],"Retry-After":["5"],"Server":["nginx"],"Strict-Transport-Security":["max-age=15724800; includeSubDomains"]},"status_code":200}
Dec 10 08:40:08 arc-hosting caddy[888710]: {"level":"debug","ts":1670661608.2294974,"logger":"tls.issuance.acme.acme_client","msg":"http request","method":"POST","url":"https://acme.zerossl.com/v2/DV90/authz/771tZa61BTnIpzBlRAMKjg","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.5.0 CertMagic acmez (linux; amd64)"]},"response_headers":{"Access-Control-Allow-Origin":["*"],"Cache-Control":["max-age=0, no-cache, no-store"],"Content-Length":["449"],"Content-Type":["application/json"],"Date":["Sat, 10 Dec 2022 08:40:08 GMT"],"Link":["<https://acme.zerossl.com/v2/DV90>;rel=\"index\""],"Replay-Nonce":["qs11pjLClgf8ROcmkN1xhC3-lkoyF0qWySUFq8IOlG0"],"Retry-After":["5"],"Server":["nginx"],"Strict-Transport-Security":["max-age=15724800; includeSubDomains"]},"status_code":200}
Dec 10 08:40:17 arc-hosting caddy[888710]: {"level":"debug","ts":1670661617.1131942,"logger":"tls.issuance.acme.acme_client","msg":"http request","method":"POST","url":"https://acme.zerossl.com/v2/DV90/authz/KGLVthc4Hfs_aSoqdaAOYA","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.5.0 CertMagic acmez (linux; amd64)"]},"response_headers":{"Access-Control-Allow-Origin":["*"],"Cache-Control":["max-age=0, no-cache, no-store"],"Content-Length":["453"],"Content-Type":["application/json"],"Date":["Sat, 10 Dec 2022 08:40:17 GMT"],"Link":["<https://acme.zerossl.com/v2/DV90>;rel=\"index\""],"Replay-Nonce":["3w4Mxiawgn0IEVLNeyCmtL_cWuDozECLIG9gUrGDH0E"],"Retry-After":["5"],"Server":["nginx"],"Strict-Transport-Security":["max-age=15724800; includeSubDomains"]},"status_code":200}
Dec 10 08:40:19 arc-hosting caddy[888710]: {"level":"debug","ts":1670661619.9318337,"logger":"tls.issuance.acme.acme_client","msg":"http request","method":"POST","url":"https://acme.zerossl.com/v2/DV90/authz/771tZa61BTnIpzBlRAMKjg","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.5.0 CertMagic acmez (linux; amd64)"]},"response_headers":{"Access-Control-Allow-Origin":["*"],"Cache-Control":["max-age=0, no-cache, no-store"],"Content-Length":["449"],"Content-Type":["application/json"],"Date":["Sat, 10 Dec 2022 08:40:19 GMT"],"Link":["<https://acme.zerossl.com/v2/DV90>;rel=\"index\""],"Replay-Nonce":["RVJZHGhDjmVYI-Tp4Mj41KAVHxDl0YGRZ29wlQ-la0c"],"Retry-After":["5"],"Server":["nginx"],"Strict-Transport-Security":["max-age=15724800; includeSubDomains"]},"status_code":200}
Dec 10 08:40:29 arc-hosting caddy[888710]: {"level":"debug","ts":1670661629.8419178,"logger":"tls.issuance.acme.acme_client","msg":"http request","method":"POST","url":"https://acme.zerossl.com/v2/DV90/authz/KGLVthc4Hfs_aSoqdaAOYA","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.5.0 CertMagic acmez (linux; amd64)"]},"response_headers":{"Access-Control-Allow-Origin":["*"],"Cache-Control":["max-age=0, no-cache, no-store"],"Content-Length":["453"],"Content-Type":["application/json"],"Date":["Sat, 10 Dec 2022 08:40:29 GMT"],"Link":["<https://acme.zerossl.com/v2/DV90>;rel=\"index\""],"Replay-Nonce":["LuHBSOJkNfaVzCWo3-XK-j28lP4ZUk5n6mqqacgizY4"],"Retry-After":["5"],"Server":["nginx"],"Strict-Transport-Security":["max-age=15724800; includeSubDomains"]},"status_code":200}
Dec 10 08:40:33 arc-hosting caddy[888710]: {"level":"debug","ts":1670661633.0815184,"logger":"tls.issuance.acme.acme_client","msg":"http request","method":"POST","url":"https://acme.zerossl.com/v2/DV90/authz/771tZa61BTnIpzBlRAMKjg","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.5.0 CertMagic acmez (linux; amd64)"]},"response_headers":{"Access-Control-Allow-Origin":["*"],"Cache-Control":["max-age=0, no-cache, no-store"],"Content-Length":["449"],"Content-Type":["application/json"],"Date":["Sat, 10 Dec 2022 08:40:33 GMT"],"Link":["<https://acme.zerossl.com/v2/DV90>;rel=\"index\""],"Replay-Nonce":["Tp08xKz_wKEDetTbMfpJ6t2hZjP5K5z6aBqFzu7iAKo"],"Retry-After":["5"],"Server":["nginx"],"Strict-Transport-Security":["max-age=15724800; includeSubDomains"]},"status_code":200}
Dec 10 08:40:41 arc-hosting caddy[888710]: {"level":"debug","ts":1670661641.5733883,"logger":"tls.handshake","msg":"no matching certificates and no custom selection logic","identifier":"77.68.13.165"}
Dec 10 08:40:41 arc-hosting caddy[888710]: {"level":"debug","ts":1670661641.573431,"logger":"tls.handshake","msg":"no matching certificates and no custom selection logic","identifier":"*.68.13.165"}
Dec 10 08:40:41 arc-hosting caddy[888710]: {"level":"debug","ts":1670661641.573438,"logger":"tls.handshake","msg":"no matching certificates and no custom selection logic","identifier":"*.*.13.165"}
Dec 10 08:40:41 arc-hosting caddy[888710]: {"level":"debug","ts":1670661641.573446,"logger":"tls.handshake","msg":"no matching certificates and no custom selection logic","identifier":"*.*.*.165"}
Dec 10 08:40:41 arc-hosting caddy[888710]: {"level":"debug","ts":1670661641.5734534,"logger":"tls.handshake","msg":"no matching certificates and no custom selection logic","identifier":"*.*.*.*"}
Dec 10 08:40:41 arc-hosting caddy[888710]: {"level":"debug","ts":1670661641.5734596,"logger":"tls.handshake","msg":"all external certificate managers yielded no certificates and no errors","sni":"77.68.13.165"}
Dec 10 08:40:41 arc-hosting caddy[888710]: {"level":"debug","ts":1670661641.5734699,"logger":"tls.handshake","msg":"no certificate matching TLS ClientHello","server_name":"77.68.13.165","remote":"192.241.207.16:47066","identifier":"77.68.13.165","cipher_suites":[22,51,103,49310,49314,158,57,107,49311,49315,159,69,190,136,196,154,49160,49161,49187,49324,49326,49195,49162,49188,49325,49327,49196,49266,49267,52393,4866,4865,52244,49159,49170,49171,49191,49199,49172,49192,49200,49248,49249,49270,49271,52392,4869,4868,4867,52243,49169,10,47,60,49308,49312,156,53,61,49309,49313,157,65,186,132,192,7,4,5],"cert_cache_fill":0.0002,"load_if_necessary":true,"obtain_if_necessary":true,"on_demand":false}
Dec 10 08:40:41 arc-hosting caddy[888710]: {"level":"debug","ts":1670661641.5735335,"logger":"http.stdlib","msg":"http: TLS handshake error from 192.241.207.16:47066: no certificate available for '77.68.13.165'"}
Dec 10 08:40:42 arc-hosting caddy[888710]: {"level":"debug","ts":1670661642.5371993,"logger":"tls.issuance.acme.acme_client","msg":"http request","method":"POST","url":"https://acme.zerossl.com/v2/DV90/authz/KGLVthc4Hfs_aSoqdaAOYA","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.5.0 CertMagic acmez (linux; amd64)"]},"response_headers":{"Access-Control-Allow-Origin":["*"],"Cache-Control":["max-age=0, no-cache, no-store"],"Content-Length":["453"],"Content-Type":["application/json"],"Date":["Sat, 10 Dec 2022 08:40:42 GMT"],"Link":["<https://acme.zerossl.com/v2/DV90>;rel=\"index\""],"Replay-Nonce":["oj26WMSXX5IO8QEXBuAMnFLGO3GWUkKlR6ybNNy6vbY"],"Retry-After":["5"],"Server":["nginx"],"Strict-Transport-Security":["max-age=15724800; includeSubDomains"]},"status_code":200}
Dec 10 08:40:42 arc-hosting caddy[888710]: {"level":"debug","ts":1670661642.852517,"logger":"tls.handshake","msg":"no matching certificates and no custom selection logic","identifier":"77.68.13.165"}
Dec 10 08:40:42 arc-hosting caddy[888710]: {"level":"debug","ts":1670661642.8525515,"logger":"tls.handshake","msg":"no matching certificates and no custom selection logic","identifier":"*.68.13.165"}
Dec 10 08:40:42 arc-hosting caddy[888710]: {"level":"debug","ts":1670661642.8525565,"logger":"tls.handshake","msg":"no matching certificates and no custom selection logic","identifier":"*.*.13.165"}
Dec 10 08:40:42 arc-hosting caddy[888710]: {"level":"debug","ts":1670661642.8525624,"logger":"tls.handshake","msg":"no matching certificates and no custom selection logic","identifier":"*.*.*.165"}
Dec 10 08:40:42 arc-hosting caddy[888710]: {"level":"debug","ts":1670661642.8525684,"logger":"tls.handshake","msg":"no matching certificates and no custom selection logic","identifier":"*.*.*.*"}
Dec 10 08:40:42 arc-hosting caddy[888710]: {"level":"debug","ts":1670661642.8525772,"logger":"tls.handshake","msg":"all external certificate managers yielded no certificates and no errors","sni":"77.68.13.165"}
Dec 10 08:40:42 arc-hosting caddy[888710]: {"level":"debug","ts":1670661642.8525863,"logger":"tls.handshake","msg":"no certificate matching TLS ClientHello","server_name":"77.68.13.165","remote":"192.241.207.16:49154","identifier":"77.68.13.165","cipher_suites":[5,4,7,192,132,186,65,157,49313,49309,61,53,156,49312,49308,60,47,10,49169,52243,4867,4868,4869,52392,49271,49270,49249,49248,49200,49192,49172,49199,49191,49171,49170,49159,52244,4865,4866,52393,49267,49266,49196,49327,49325,49188,49162,49195,49326,49324,49187,49161,49160,154,196,136,190,69,159,49315,49311,107,57,158,49314,49310,103,51,22],"cert_cache_fill":0.0002,"load_if_necessary":true,"obtain_if_necessary":true,"on_demand":false}
Dec 10 08:40:42 arc-hosting caddy[888710]: {"level":"debug","ts":1670661642.8526568,"logger":"http.stdlib","msg":"http: TLS handshake error from 192.241.207.16:49154: no certificate available for '77.68.13.165'"}
Dec 10 08:40:45 arc-hosting caddy[888710]: {"level":"debug","ts":1670661645.740976,"logger":"tls.issuance.acme.acme_client","msg":"http request","method":"POST","url":"https://acme.zerossl.com/v2/DV90/authz/771tZa61BTnIpzBlRAMKjg","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.5.0 CertMagic acmez
(linux; amd64)"]},"response_headers":{"Access-Control-Allow-Origin":["*"],"Cache-Control":["max-age=0, no-cache, no-store"],"Content-Length":["449"],"Content-Type":["application/json"],"Date":["Sat, 10 Dec 2022 08:40:45 GMT"],"Link":["<https://acme.zerossl.com/v2/DV90>;rel=\"index\""],"Replay-Nonce":["E8xruPgPNquABYDhtuda9YRlWVAuyuSs6cY9FldwSoo"],"Retry-After":["5"],"Server":["nginx"],"Strict-Transport-Security":["max-age=15724800; includeSubDomains"]},"status_code":200}
Dec 10 08:40:46 arc-hosting caddy[888710]: {"level":"debug","ts":1670661646.1424882,"logger":"tls.handshake","msg":"no matching certificates and no custom selection logic","identifier":"77.68.13.165"}
Dec 10 08:40:46 arc-hosting caddy[888710]: {"level":"debug","ts":1670661646.1425335,"logger":"tls.handshake","msg":"no matching certificates and no custom selection logic","identifier":"*.68.13.165"}
Dec 10 08:40:46 arc-hosting caddy[888710]: {"level":"debug","ts":1670661646.14254,"logger":"tls.handshake","msg":"no matching certificates and no custom selection
logic","identifier":"*.*.13.165"}
Dec 10 08:40:46 arc-hosting caddy[888710]: {"level":"debug","ts":1670661646.1425462,"logger":"tls.handshake","msg":"no matching certificates and no custom selection logic","identifier":"*.*.*.165"}
Dec 10 08:40:46 arc-hosting caddy[888710]: {"level":"debug","ts":1670661646.142553,"logger":"tls.handshake","msg":"no matching certificates and no custom selection logic","identifier":"*.*.*.*"}
Dec 10 08:40:46 arc-hosting caddy[888710]: {"level":"debug","ts":1670661646.142561,"logger":"tls.handshake","msg":"all external certificate managers yielded no certificates and no errors","sni":"77.68.13.165"}
Dec 10 08:40:46 arc-hosting caddy[888710]: {"level":"debug","ts":1670661646.1425695,"logger":"tls.handshake","msg":"no certificate matching TLS ClientHello","server_name":"77.68.13.165","remote":"192.241.207.16:50022","identifier":"77.68.13.165","cipher_suites":[49170,49159,52244,4865,4866,52393,49267,49266,49196,49327,49325,49188,49162,49195,49326,49324,49187,49161,49160,154,196,136,190,69,159,49315,49311,107,57,158,49314,49310,103,51,22],"cert_cache_fill":0.0002,"load_if_necessary":true,"obtain_if_necessary":true,"on_demand":false}
Dec 10 08:40:46 arc-hosting caddy[888710]: {"level":"debug","ts":1670661646.142678,"logger":"http.stdlib","msg":"http: TLS handshake error from 192.241.207.16:50022: no certificate available for '77.68.13.165'"}
Dec 10 08:40:46 arc-hosting caddy[888710]: {"level":"debug","ts":1670661646.435345,"logger":"http.stdlib","msg":"http: TLS handshake error from 192.241.207.16:52090: tls: client requested unsupported application protocols ([http/0.9 http/1.0 spdy/1 spdy/2 spdy/3 h2c hq])"}
Dec 10 08:40:53 arc-hosting caddy[888710]: {"level":"debug","ts":1670661653.7395318,"logger":"http.stdlib","msg":"http: TLS handshake error from 192.241.207.16:52292: tls: client requested unsupported application protocols ([hq h2c spdy/3 spdy/2 spdy/1 http/1.0 http/0.9])"}
Dec 10 08:40:54 arc-hosting caddy[888710]: {"level":"debug","ts":1670661654.670323,"logger":"tls.issuance.acme.acme_client","msg":"http request","method":"POST","url":"https://acme.zerossl.com/v2/DV90/authz/KGLVthc4Hfs_aSoqdaAOYA","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.5.0 CertMagic acmez
(linux; amd64)"]},"response_headers":{"Access-Control-Allow-Origin":["*"],"Cache-Control":["max-age=0, no-cache, no-store"],"Content-Length":["453"],"Content-Type":["application/json"],"Date":["Sat, 10 Dec 2022 08:40:54 GMT"],"Link":["<https://acme.zerossl.com/v2/DV90>;rel=\"index\""],"Replay-Nonce":["UkILzbxkPitCauTUiKR4fH7g4qQlsOn1km6398c3cEQ"],"Retry-After":["5"],"Server":["nginx"],"Strict-Transport-Security":["max-age=15724800; includeSubDomains"]},"status_code":200}
Dec 10 08:40:55 arc-hosting caddy[888710]: {"level":"debug","ts":1670661655.0305104,"logger":"http.stdlib","msg":"http: TLS handshake error from 192.241.207.16:57272: tls: client offered only unsupported versions: [302 301]"}
Dec 10 08:40:56 arc-hosting caddy[888710]: {"level":"debug","ts":1670661656.3230193,"logger":"tls.handshake","msg":"no matching certificates and no custom selection logic","identifier":"77.68.13.165"}
Dec 10 08:40:56 arc-hosting caddy[888710]: {"level":"debug","ts":1670661656.3230836,"logger":"tls.handshake","msg":"no matching certificates and no custom selection logic","identifier":"*.68.13.165"}
Dec 10 08:40:56 arc-hosting caddy[888710]: {"level":"debug","ts":1670661656.3230917,"logger":"tls.handshake","msg":"no matching certificates and no custom selection logic","identifier":"*.*.13.165"}
Dec 10 08:40:56 arc-hosting caddy[888710]: {"level":"debug","ts":1670661656.3230994,"logger":"tls.handshake","msg":"no matching certificates and no custom selection logic","identifier":"*.*.*.165"}
Dec 10 08:40:56 arc-hosting caddy[888710]: {"level":"debug","ts":1670661656.3231096,"logger":"tls.handshake","msg":"no matching certificates and no custom selection logic","identifier":"*.*.*.*"}
Dec 10 08:40:56 arc-hosting caddy[888710]: {"level":"debug","ts":1670661656.3231204,"logger":"tls.handshake","msg":"all external certificate managers yielded no certificates and no errors","sni":"77.68.13.165"}
Dec 10 08:40:56 arc-hosting caddy[888710]: {"level":"debug","ts":1670661656.3231347,"logger":"tls.handshake","msg":"no certificate matching TLS ClientHello","server_name":"77.68.13.165","remote":"192.241.207.16:58274","identifier":"77.68.13.165","cipher_suites":[22,51,103,49310,49314,158,57,107,49311,49315,159,69,190,136,196,154,49160,49161,49187,49324,49326,49195,49162,49188,49325,49327,49196,49266,49267,52393,4866,4865,52244,49159,49170,49171,49191,49199,49172,49192,49200,49248,49249,49270,49271,52392,4869,4868,4867,52243,49169,10,47,60,49308,49312,156,53,61,49309,49313,157,65,186,132,192,7,4,5],"cert_cache_fill":0.0002,"load_if_necessary":true,"obtain_if_necessary":true,"on_demand":false}
Dec 10 08:40:56 arc-hosting caddy[888710]: {"level":"debug","ts":1670661656.3232474,"logger":"http.stdlib","msg":"http: TLS handshake error from 192.241.207.16:58274: no certificate available for '77.68.13.165'"}
Dec 10 08:40:57 arc-hosting caddy[888710]: {"level":"debug","ts":1670661657.7571359,"logger":"tls.issuance.acme.acme_client","msg":"http request","method":"POST","url":"https://acme.zerossl.com/v2/DV90/authz/771tZa61BTnIpzBlRAMKjg","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.5.0 CertMagic acmez (linux; amd64)"]},"response_headers":{"Access-Control-Allow-Origin":["*"],"Cache-Control":["max-age=0, no-cache, no-store"],"Content-Length":["449"],"Content-Type":["application/json"],"Date":["Sat, 10 Dec 2022 08:40:57 GMT"],"Link":["<https://acme.zerossl.com/v2/DV90>;rel=\"index\""],"Replay-Nonce":["Yb1e141bYTErW9acNKB-RMEReo5wfV-O9CRc1agVKhA"],"Retry-After":["5"],"Server":["nginx"],"Strict-Transport-Security":["max-age=15724800; includeSubDomains"]},"status_code":200}
Dec 10 08:40:59 arc-hosting caddy[888710]: {"level":"debug","ts":1670661659.6123674,"logger":"tls.handshake","msg":"no matching certificates and no custom selection logic","identifier":"77.68.13.165"}
Dec 10 08:40:59 arc-hosting caddy[888710]: {"level":"debug","ts":1670661659.6124086,"logger":"tls.handshake","msg":"no matching certificates and no custom selection logic","identifier":"*.68.13.165"}
Dec 10 08:40:59 arc-hosting caddy[888710]: {"level":"debug","ts":1670661659.6124141,"logger":"tls.handshake","msg":"no matching certificates and no custom selection logic","identifier":"*.*.13.165"}
Dec 10 08:40:59 arc-hosting caddy[888710]: {"level":"debug","ts":1670661659.61242,"logger":"tls.handshake","msg":"no matching certificates and no custom selection
logic","identifier":"*.*.*.165"}
Dec 10 08:40:59 arc-hosting caddy[888710]: {"level":"debug","ts":1670661659.6124268,"logger":"tls.handshake","msg":"no matching certificates and no custom selection logic","identifier":"*.*.*.*"}
Dec 10 08:40:59 arc-hosting caddy[888710]: {"level":"debug","ts":1670661659.6124344,"logger":"tls.handshake","msg":"all external certificate managers yielded no certificates and no errors","sni":"77.68.13.165"}
Dec 10 08:40:59 arc-hosting caddy[888710]: {"level":"debug","ts":1670661659.612449,"logger":"tls.handshake","msg":"no certificate matching TLS ClientHello","server_name":"77.68.13.165","remote":"192.241.207.16:59424","identifier":"77.68.13.165","cipher_suites":[5,4,7,192,132,186,65,157,49313,49309,61,53,156,49312,49308,60,47,10,49169,52243,4867,4868,4869,52392,49271,49270,49249,49248,49200,49192,49172,49199,49191,49171,49170,49159,52244,4865,4866,52393,49267,49266,49196,49327,49325,49188,49162,49195,49326,49324,49187,49161,49160,154,196,136,190,69,159,49315,49311,107,57,158,49314,49310,103,51,22],"cert_cache_fill":0.0002,"load_if_necessary":true,"obtain_if_necessary":true,"on_demand":false}
Dec 10 08:40:59 arc-hosting caddy[888710]: {"level":"debug","ts":1670661659.612512,"logger":"http.stdlib","msg":"http: TLS handshake error from 192.241.207.16:59424: no certificate available for '77.68.13.165'"}
Dec 10 08:41:02 arc-hosting caddy[888710]: {"level":"debug","ts":1670661662.8966236,"logger":"tls.handshake","msg":"no matching certificates and no custom selection logic","identifier":"77.68.13.165"}
Dec 10 08:41:02 arc-hosting caddy[888710]: {"level":"debug","ts":1670661662.8966665,"logger":"tls.handshake","msg":"no matching certificates and no custom selection logic","identifier":"*.68.13.165"}
Dec 10 08:41:02 arc-hosting caddy[888710]: {"level":"debug","ts":1670661662.8966746,"logger":"tls.handshake","msg":"no matching certificates and no custom selection logic","identifier":"*.*.13.165"}
Dec 10 08:41:02 arc-hosting caddy[888710]: {"level":"debug","ts":1670661662.8966818,"logger":"tls.handshake","msg":"no matching certificates and no custom selection logic","identifier":"*.*.*.165"}
Dec 10 08:41:02 arc-hosting caddy[888710]: {"level":"debug","ts":1670661662.89669,"logger":"tls.handshake","msg":"no matching certificates and no custom selection
logic","identifier":"*.*.*.*"}
Dec 10 08:41:02 arc-hosting caddy[888710]: {"level":"debug","ts":1670661662.8967013,"logger":"tls.handshake","msg":"all external certificate managers yielded no certificates and no errors","sni":"77.68.13.165"}
Dec 10 08:41:02 arc-hosting caddy[888710]: {"level":"debug","ts":1670661662.8967144,"logger":"tls.handshake","msg":"no certificate matching TLS ClientHello","server_name":"77.68.13.165","remote":"192.241.207.16:33914","identifier":"77.68.13.165","cipher_suites":[22,51,103,49310,49314,158,57,107,49311,49315,159,69,190,136,196,154,49160,49161,49187,49324,49326,49195,49162,49188,49325,49327,49196,49266,49267,52393,52244,49159,49170,49171,49191,49199,49172,49192,49200,49248,49249,49270,49271,52392,52243,49169,10,47,60,49308,49312,156,53,61,49309,49313,157,65,186,132,192,7,4,5],"cert_cache_fill":0.0002,"load_if_necessary":true,"obtain_if_necessary":true,"on_demand":false}
Dec 10 08:41:02 arc-hosting caddy[888710]: {"level":"debug","ts":1670661662.8968039,"logger":"http.stdlib","msg":"http: TLS handshake error from 192.241.207.16:33914: no certificate available for '77.68.13.165'"}
Dec 10 08:41:06 arc-hosting caddy[888710]: {"level":"debug","ts":1670661666.319839,"logger":"tls.issuance.acme.acme_client","msg":"http request","method":"POST","url":"https://acme.zerossl.com/v2/DV90/authz/KGLVthc4Hfs_aSoqdaAOYA","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.5.0 CertMagic acmez (linux; amd64)"]},"response_headers":{"Access-Control-Allow-Origin":["*"],"Cache-Control":["max-age=0, no-cache, no-store"],"Content-Length":["453"],"Content-Type":["application/json"],"Date":["Sat, 10 Dec 2022 08:41:06 GMT"],"Link":["<https://acme.zerossl.com/v2/DV90>;rel=\"index\""],"Replay-Nonce":["YXdv5Kgh1qhR5cQceKSaRcipG_dYRjtjaOjSYJkTx9o"],"Retry-After":["5"],"Server":["nginx"],"Strict-Transport-Security":["max-age=15724800; includeSubDomains"]},"status_code":200}
Dec 10 08:41:09 arc-hosting caddy[888710]: {"level":"debug","ts":1670661669.7126942,"logger":"tls.issuance.acme.acme_client","msg":"http request","method":"POST","url":"https://acme.zerossl.com/v2/DV90/authz/771tZa61BTnIpzBlRAMKjg","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.5.0 CertMagic acmez (linux; amd64)"]},"response_headers":{"Access-Control-Allow-Origin":["*"],"Cache-Control":["max-age=0, no-cache, no-store"],"Content-Length":["449"],"Content-Type":["application/json"],"Date":["Sat, 10 Dec 2022 08:41:09 GMT"],"Link":["<https://acme.zerossl.com/v2/DV90>;rel=\"index\""],"Replay-Nonce":["l-uPbAoGyunsOTojr20BFoVIWbZv648jrq5xEadwpZA"],"Retry-After":["5"],"Server":["nginx"],"Strict-Transport-Security":["max-age=15724800; includeSubDomains"]},"status_code":200}
Dec 10 08:41:10 arc-hosting caddy[888710]: {"level":"debug","ts":1670661670.1942306,"logger":"tls.handshake","msg":"no matching certificates and no custom selection logic","identifier":"77.68.13.165"}
Dec 10 08:41:10 arc-hosting caddy[888710]: {"level":"debug","ts":1670661670.194267,"logger":"tls.handshake","msg":"no matching certificates and no custom selection logic","identifier":"*.68.13.165"}
Dec 10 08:41:10 arc-hosting caddy[888710]: {"level":"debug","ts":1670661670.1942732,"logger":"tls.handshake","msg":"no matching certificates and no custom selection logic","identifier":"*.*.13.165"}
Dec 10 08:41:10 arc-hosting caddy[888710]: {"level":"debug","ts":1670661670.194279,"logger":"tls.handshake","msg":"no matching certificates and no custom selection logic","identifier":"*.*.*.165"}
Dec 10 08:41:10 arc-hosting caddy[888710]: {"level":"debug","ts":1670661670.1942842,"logger":"tls.handshake","msg":"no matching certificates and no custom selection logic","identifier":"*.*.*.*"}
Dec 10 08:41:10 arc-hosting caddy[888710]: {"level":"debug","ts":1670661670.1942928,"logger":"tls.handshake","msg":"all external certificate managers yielded no certificates and no errors","sni":"77.68.13.165"}
Dec 10 08:41:10 arc-hosting caddy[888710]: {"level":"debug","ts":1670661670.1943016,"logger":"tls.handshake","msg":"no certificate matching TLS ClientHello","server_name":"77.68.13.165","remote":"192.241.207.16:36746","identifier":"77.68.13.165","cipher_suites":[19018,49170,49171,49159,49191,52244,49199,4865,49172,4866,49192,52393,49200,49267,49248,49266,49249,49196,49270,49327,49271,49325,52392,49188,4869,49162,4868,49195,4867,49326,52243,49324,49169,49187,10,49161,47,49160,60,154,49308,196,49312,136,156,190,53,69,61,159,49309,49315,49313,49311,157,107,65,57,186,158,132,49314,192,49310,7,103,4,51,5,22],"cert_cache_fill":0.0002,"load_if_necessary":true,"obtain_if_necessary":true,"on_demand":false}
Dec 10 08:41:10 arc-hosting caddy[888710]: {"level":"debug","ts":1670661670.1943626,"logger":"http.stdlib","msg":"http: TLS handshake error from 192.241.207.16:36746: no certificate available for '77.68.13.165'"}
Dec 10 08:41:18 arc-hosting caddy[888710]: {"level":"debug","ts":1670661678.0697541,"logger":"tls.issuance.acme.acme_client","msg":"http request","method":"POST","url":"https://acme.zerossl.com/v2/DV90/authz/KGLVthc4Hfs_aSoqdaAOYA","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.5.0 CertMagic acmez (linux; amd64)"]},"response_headers":{"Access-Control-Allow-Origin":["*"],"Cache-Control":["max-age=0, no-cache, no-store"],"Content-Length":["453"],"Content-Type":["application/json"],"Date":["Sat, 10 Dec 2022 08:41:18 GMT"],"Link":["<https://acme.zerossl.com/v2/DV90>;rel=\"index\""],"Replay-Nonce":["FX7HVfYiTrmlbVvo8mifDuHGR_qBRu78USTKmykStXE"],"Retry-After":["5"],"Server":["nginx"],"Strict-Transport-Security":["max-age=15724800; includeSubDomains"]},"status_code":200}
Dec 10 08:41:21 arc-hosting caddy[888710]: {"level":"debug","ts":1670661681.2138765,"logger":"tls.issuance.acme.acme_client","msg":"http request","method":"POST","url":"https://acme.zerossl.com/v2/DV90/authz/771tZa61BTnIpzBlRAMKjg","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.5.0 CertMagic acmez (linux; amd64)"]},"response_headers":{"Access-Control-Allow-Origin":["*"],"Cache-Control":["max-age=0, no-cache, no-store"],"Content-Length":["449"],"Content-Type":["application/json"],"Date":["Sat, 10 Dec 2022 08:41:21 GMT"],"Link":["<https://acme.zerossl.com/v2/DV90>;rel=\"index\""],"Replay-Nonce":["lKtRh59H0oq-AZd7E61SiW_hR7tuE2hcUfF6QZxK2jc"],"Retry-After":["5"],"Server":["nginx"],"Strict-Transport-Security":["max-age=15724800; includeSubDomains"]},"status_code":200}
[root@arc-hosting ~]#
7

I’m mobile so I may be wrong but it looks like the client is trying to connect without SNI, i.e. IP address only, but Caddy is only configured to serve the domain name not the IP address.

8

None of those are errors. They’re just debug messages.

You have bots trying to connect to Caddy, but failing. That’s what these are:

You can ignore those messages.

No, your DNS is still wrong:

$ dig roundtable.games

; <<>> DiG 9.16.29 <<>> roundtable.games
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 57720
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;roundtable.games.              IN      A

;; ANSWER SECTION:
roundtable.games.       183     IN      A       184.67.75.222

;; Query time: 1 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Sun Dec 11 23:57:25 Eastern Standard Time 2022
;; MSG SIZE  rcvd: 77

It’s resolving to 184.67.75.222 and not 77.68.13.165.

1 Like
9

I don’t think that is true (at least not anymore). See here:

% ping round-table.games
PING round-table.games (77.68.13.165): 56 data bytes

… and here:

% dig round-table.games

; <<>> DiG 9.10.6 <<>> round-table.games
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 65234
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 9

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;round-table.games.             IN      A

;; ANSWER SECTION:
round-table.games.      3493    IN      A       77.68.13.165

;; AUTHORITY SECTION:
round-table.games.      3492    IN      NS      ns4.iwantmyname.net.
round-table.games.      3492    IN      NS      ns3.iwantmyname.net.
round-table.games.      3492    IN      NS      ns1.iwantmyname.net.
round-table.games.      3492    IN      NS      ns2.iwantmyname.net.

;; ADDITIONAL SECTION:
ns1.iwantmyname.net.    92199   IN      A       62.116.159.99
ns2.iwantmyname.net.    92199   IN      A       217.160.113.131
ns3.iwantmyname.net.    92199   IN      A       89.146.248.96
ns4.iwantmyname.net.    92199   IN      A       74.208.254.95
ns1.iwantmyname.net.    92199   IN      AAAA    2001:4178:3:a357:62:116:159:99
ns2.iwantmyname.net.    92199   IN      AAAA    2001:8d8:580:401:217:160:113:131
ns3.iwantmyname.net.    92199   IN      AAAA    2a01:130:2000:118:89:146:248:96
ns4.iwantmyname.net.    92199   IN      AAAA    2607:f1c0:1800:8091:74:208:254:95

;; Query time: 7 msec
;; SERVER: 192.168.1.1#53(192.168.1.1)
;; WHEN: Mon Dec 12 13:18:38 SAST 2022
;; MSG SIZE  rcvd: 325
10

I restarted caddy and got a whole bunch of output (more than this text area will allow)
… but still no joy.

11

When I try to connect to the site, I can see Caddy logs get triggered (so I’m pretty sure it’s reaching the correct place). See the last two log entries where there are errors:

Dec 12 11:27:05 arc-hosting caddy[927831]: {"level":"debug","ts":1670844425.8905568,"logger":"tls.handshake","msg":"no matching certificates and no custom selection logic","identifier":"www.round-table.games"}
Dec 12 11:27:05 arc-hosting caddy[927831]: {"level":"debug","ts":1670844425.8905978,"logger":"tls.handshake","msg":"no matching certificates and no custom selection logic","identifier":"*.round-table.games"}
Dec 12 11:27:05 arc-hosting caddy[927831]: {"level":"debug","ts":1670844425.8906033,"logger":"tls.handshake","msg":"no matching certificates and no custom selection logic","identifier":"*.*.games"}
Dec 12 11:27:05 arc-hosting caddy[927831]: {"level":"debug","ts":1670844425.8906093,"logger":"tls.handshake","msg":"no matching certificates and no custom selection logic","identifier":"*.*.*"}
Dec 12 11:27:05 arc-hosting caddy[927831]: {"level":"debug","ts":1670844425.8906214,"logger":"tls.handshake","msg":"all external certificate managers yielded no certificates and no errors","sni":"www.round-table.games"}
Dec 12 11:27:05 arc-hosting caddy[927831]: {"level":"debug","ts":1670844425.8906348,"logger":"tls.handshake","msg":"no certificate matching TLS ClientHello","server_name":"www.round-table.games","remote":"197.92.139.26:53269","identifier":"www.round-table.games","cipher_suites":[31354,4865,4866,4867,49195,49199,49196,49200,52393,52392,49171,49172,156,157,47,53],"cert_cache_fill":0.0002,"load_if_necessary":true,"obtain_if_necessary":true,"on_demand":false}
Dec 12 11:27:05 arc-hosting caddy[927831]: {"level":"debug","ts":1670844425.890699,"logger":"http.stdlib","msg":"http: TLS handshake error from 197.92.139.26:53269: no certificate available for 'www.round-table.games'"}
Dec 12 11:27:05 arc-hosting caddy[927831]: {"level":"debug","ts":1670844425.8909817,"logger":"tls.handshake","msg":"no matching certificates and no custom selection logic","identifier":"www.round-table.games"}
Dec 12 11:27:05 arc-hosting caddy[927831]: {"level":"debug","ts":1670844425.8909893,"logger":"tls.handshake","msg":"no matching certificates and no custom selection logic","identifier":"*.round-table.games"}
Dec 12 11:27:05 arc-hosting caddy[927831]: {"level":"debug","ts":1670844425.8909948,"logger":"tls.handshake","msg":"no matching certificates and no custom selection logic","identifier":"*.*.games"}
Dec 12 11:27:05 arc-hosting caddy[927831]: {"level":"debug","ts":1670844425.8909993,"logger":"tls.handshake","msg":"no matching certificates and no custom selection logic","identifier":"*.*.*"}
Dec 12 11:27:05 arc-hosting caddy[927831]: {"level":"debug","ts":1670844425.8910038,"logger":"tls.handshake","msg":"all external certificate managers yielded no certificates and no errors","sni":"www.round-table.games"}
Dec 12 11:27:05 arc-hosting caddy[927831]: {"level":"debug","ts":1670844425.8910093,"logger":"tls.handshake","msg":"no certificate matching TLS ClientHello","server_name":"www.round-table.games","remote":"197.92.139.26:53270","identifier":"www.round-table.games","cipher_suites":[14906,4865,4866,4867,49195,49199,49196,49200,52393,52392,49171,49172,156,157,47,53],"cert_cache_fill":0.0002,"load_if_necessary":true,"obtain_if_necessary":true,"on_demand":false}
Dec 12 11:27:05 arc-hosting caddy[927831]: {"level":"debug","ts":1670844425.8910582,"logger":"http.stdlib","msg":"http: TLS handshake error from 197.92.139.26:53270: no certificate available for 'www.round-table.games'"}
Dec 12 11:27:06 arc-hosting caddy[927831]: {"level":"debug","ts":1670844426.014472,"logger":"tls.handshake","msg":"no matching certificates and no custom selection logic","identifier":"www.round-table.games"}
Dec 12 11:27:06 arc-hosting caddy[927831]: {"level":"debug","ts":1670844426.0145288,"logger":"tls.handshake","msg":"no matching certificates and no custom selection logic","identifier":"*.round-table.games"}
Dec 12 11:27:06 arc-hosting caddy[927831]: {"level":"debug","ts":1670844426.0145566,"logger":"tls.handshake","msg":"no matching certificates and no custom selection logic","identifier":"*.*.games"}
Dec 12 11:27:06 arc-hosting caddy[927831]: {"level":"debug","ts":1670844426.0145652,"logger":"tls.handshake","msg":"no matching certificates and no custom selection logic","identifier":"*.*.*"}
Dec 12 11:27:06 arc-hosting caddy[927831]: {"level":"debug","ts":1670844426.0145736,"logger":"tls.handshake","msg":"all external certificate managers yielded no certificates and no errors","sni":"www.round-table.games"}
Dec 12 11:27:06 arc-hosting caddy[927831]: {"level":"debug","ts":1670844426.0145907,"logger":"tls.handshake","msg":"no certificate matching TLS ClientHello","server_name":"www.round-table.games","remote":"197.92.139.26:53271","identifier":"www.round-table.games","cipher_suites":[14906,4865,4866,4867,49195,49199,49196,49200,52393,52392,49171,49172,156,157,47,53],"cert_cache_fill":0.0002,"load_if_necessary":true,"obtain_if_necessary":true,"on_demand":false}
Dec 12 11:27:06 arc-hosting caddy[927831]: {"level":"debug","ts":1670844426.014688,"logger":"http.stdlib","msg":"http: TLS handshake error from 197.92.139.26:53271: no certificate available for 'www.round-table.games'"}
Dec 12 11:27:06 arc-hosting caddy[927831]: {"level":"debug","ts":1670844426.1983578,"logger":"tls.handshake","msg":"no matching certificates and no custom selection logic","identifier":"www.round-table.games"}
Dec 12 11:27:06 arc-hosting caddy[927831]: {"level":"debug","ts":1670844426.1983926,"logger":"tls.handshake","msg":"no matching certificates and no custom selection logic","identifier":"*.round-table.games"}
Dec 12 11:27:06 arc-hosting caddy[927831]: {"level":"debug","ts":1670844426.1983979,"logger":"tls.handshake","msg":"no matching certificates and no custom selection logic","identifier":"*.*.games"}
Dec 12 11:27:06 arc-hosting caddy[927831]: {"level":"debug","ts":1670844426.1984046,"logger":"tls.handshake","msg":"no matching certificates and no custom selection logic","identifier":"*.*.*"}
Dec 12 11:27:06 arc-hosting caddy[927831]: {"level":"debug","ts":1670844426.1984112,"logger":"tls.handshake","msg":"all external certificate managers yielded no certificates and no errors","sni":"www.round-table.games"}
Dec 12 11:27:06 arc-hosting caddy[927831]: {"level":"debug","ts":1670844426.1984203,"logger":"tls.handshake","msg":"no certificate matching TLS ClientHello","server_name":"www.round-table.games","remote":"197.92.139.26:53273","identifier":"www.round-table.games","cipher_suites":[47802,4865,4866,4867,49195,49199,49196,49200,52393,52392,49171,49172,156,157,47,53],"cert_cache_fill":0.0002,"load_if_necessary":true,"obtain_if_necessary":true,"on_demand":false}
Dec 12 11:27:06 arc-hosting caddy[927831]: {"level":"debug","ts":1670844426.1984825,"logger":"http.stdlib","msg":"http: TLS handshake error from 197.92.139.26:53273: no certificate available for 'www.round-table.games'"}
Dec 12 11:27:06 arc-hosting caddy[927831]: {"level":"debug","ts":1670844426.202151,"logger":"tls.handshake","msg":"no matching certificates and no custom selection logic","identifier":"www.round-table.games"}
Dec 12 11:27:06 arc-hosting caddy[927831]: {"level":"debug","ts":1670844426.2021854,"logger":"tls.handshake","msg":"no matching certificates and no custom selection logic","identifier":"*.round-table.games"}
Dec 12 11:27:06 arc-hosting caddy[927831]: {"level":"debug","ts":1670844426.2021937,"logger":"tls.handshake","msg":"no matching certificates and no custom selection logic","identifier":"*.*.games"}
Dec 12 11:27:06 arc-hosting caddy[927831]: {"level":"debug","ts":1670844426.2022007,"logger":"tls.handshake","msg":"no matching certificates and no custom selection logic","identifier":"*.*.*"}
Dec 12 11:27:06 arc-hosting caddy[927831]: {"level":"debug","ts":1670844426.2022095,"logger":"tls.handshake","msg":"all external certificate managers yielded no certificates and no errors","sni":"www.round-table.games"}
Dec 12 11:27:06 arc-hosting caddy[927831]: {"level":"debug","ts":1670844426.2022195,"logger":"tls.handshake","msg":"no certificate matching TLS ClientHello","server_name":"www.round-table.games","remote":"197.92.139.26:53272","identifier":"www.round-table.games","cipher_suites":[60138,4865,4866,4867,49195,49199,49196,49200,52393,52392,49171,49172,156,157,47,53],"cert_cache_fill":0.0002,"load_if_necessary":true,"obtain_if_necessary":true,"on_demand":false}
Dec 12 11:27:06 arc-hosting caddy[927831]: {"level":"debug","ts":1670844426.20228,"logger":"http.stdlib","msg":"http: TLS handshake error from 197.92.139.26:53272: no certificate available for 'www.round-table.games'"}
Dec 12 11:27:06 arc-hosting caddy[927831]: {"level":"debug","ts":1670844426.3289778,"logger":"tls.handshake","msg":"no matching certificates and no custom selection logic","identifier":"www.round-table.games"}
Dec 12 11:27:06 arc-hosting caddy[927831]: {"level":"debug","ts":1670844426.329028,"logger":"tls.handshake","msg":"no matching certificates and no custom selection logic","identifier":"*.round-table.games"}
Dec 12 11:27:06 arc-hosting caddy[927831]: {"level":"debug","ts":1670844426.3290334,"logger":"tls.handshake","msg":"no matching certificates and no custom selection logic","identifier":"*.*.games"}
Dec 12 11:27:06 arc-hosting caddy[927831]: {"level":"debug","ts":1670844426.3290384,"logger":"tls.handshake","msg":"no matching certificates and no custom selection logic","identifier":"*.*.*"}
Dec 12 11:27:06 arc-hosting caddy[927831]: {"level":"debug","ts":1670844426.3290613,"logger":"tls.handshake","msg":"all external certificate managers yielded no certificates and no errors","sni":"www.round-table.games"}
Dec 12 11:27:06 arc-hosting caddy[927831]: {"level":"debug","ts":1670844426.3290756,"logger":"tls.handshake","msg":"no certificate matching TLS ClientHello","server_name":"www.round-table.games","remote":"197.92.139.26:53274","identifier":"www.round-table.games","cipher_suites":[51914,4865,4866,4867,49195,49199,49196,49200,52393,52392,49171,49172,156,157,47,53],"cert_cache_fill":0.0002,"load_if_necessary":true,"obtain_if_necessary":true,"on_demand":false}
Dec 12 11:27:06 arc-hosting caddy[927831]: {"level":"debug","ts":1670844426.3291426,"logger":"http.stdlib","msg":"http: TLS handshake error from 197.92.139.26:53274: no certificate available for 'www.round-table.games'"}
Dec 12 11:27:10 arc-hosting caddy[927831]: {"level":"debug","ts":1670844430.1491563,"logger":"tls.issuance.acme.acme_client","msg":"http request","method":"POST","url":"https://acme.zerossl.com/v2/DV90/authz/9xG3UpEHuVnMmjVSYm6yFQ","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.5.0 CertMagic acmez (linux; amd64)"]},"response_headers":{"Access-Control-Allow-Origin":["*"],"Cache-Control":["max-age=0, no-cache, no-store"],"Content-Length":["449"],"Content-Type":["application/json"],"Date":["Mon, 12 Dec 2022 11:27:10 GMT"],"Link":["<https://acme.zerossl.com/v2/DV90>;rel=\"index\""],"Replay-Nonce":["Y1UUZFYnhCDplzSVd_YH-2FC-Qn9Y4vsSY1_tRimfWo"],"Retry-After":["897"],"Server":["nginx"],"Strict-Transport-Security":["max-age=15724800; includeSubDomains"]},"status_code":200}
Dec 12 11:27:13 arc-hosting caddy[927831]: {"level":"debug","ts":1670844433.3533323,"logger":"tls.issuance.acme.acme_client","msg":"http request","method":"POST","url":"https://acme.zerossl.com/v2/DV90/authz/9xG3UpEHuVnMmjVSYm6yFQ","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.5.0 CertMagic acmez (linux; amd64)"]},"response_headers":{"Access-Control-Allow-Origin":["*"],"Cache-Control":["max-age=0, no-cache, no-store"],"Content-Length":["300"],"Content-Type":["application/json"],"Date":["Mon, 12 Dec 2022 11:27:13 GMT"],"Link":["<https://acme.zerossl.com/v2/DV90>;rel=\"index\""],"Replay-Nonce":["bpzTH9fMVBj2c9sGYENSr7CncEAMryI-Yj7JUTt5AoY"],"Retry-After":["86400"],"Server":["nginx"],"Strict-Transport-Security":["max-age=15724800; includeSubDomains"]},"status_code":200}
Dec 12 11:27:13 arc-hosting caddy[927831]: {"level":"error","ts":1670844433.353613,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"roundtable.games","issuer":"acme.zerossl.com-v2-DV90","error":"[roundtable.games] solving challenges: [roundtable.games] authorization took too long (order=https://acme.zerossl.com/v2/DV90/order/EnZw43ZUdfbKVrGlkQcGAA) (ca=https://acme.zerossl.com/v2/DV90)"}
Dec 12 11:27:13 arc-hosting caddy[927831]: {"level":"error","ts":1670844433.3536596,"logger":"tls.obtain","msg":"will retry","error":"[roundtable.games] Obtain: [roundtable.games] solving challenges: [roundtable.games] authorization took too long (order=https://acme.zerossl.com/v2/DV90/order/EnZw43ZUdfbKVrGlkQcGAA) (ca=https://acme.zerossl.com/v2/DV90)","attempt":1,"retrying_in":60,"elapsed":400.352901867,"max_duration":2592000}
12

When I try curl it yields:

 % curl -vl https://www.round-table.games
*   Trying 77.68.13.165:443...
* Connected to www.round-table.games (77.68.13.165) port 443 (#0)
* ALPN: offers h2
* ALPN: offers http/1.1
*  CAfile: /etc/ssl/cert.pem
*  CApath: none
* (304) (OUT), TLS handshake, Client hello (1):
* error:1404B438:SSL routines:ST_CONNECT:tlsv1 alert internal error
* Closing connection 0
curl: (35) error:1404B438:SSL routines:ST_CONNECT:tlsv1 alert internal error
13

I restarted caddy again and saw these errors:

Dec 12 11:42:45 arc-hosting caddy[928077]: {"level":"error","ts":1670845365.9460754,"logger":"tls.issuance.acme.acme_client","msg":"challenge failed","identifier":"www.roundtable.games","challenge_type":"http-01","problem":{"type":"urn:ietf:params:acme:error:connection","title":"","detail":"184.67.75.222: Fetching http://www.roundtable.games/.well-known/acme-challenge/lXeWakfRhAjA3xLxaQ3apzaL6m9caxfanDnerAiWKOY: Timeout during connect (likely firewall problem)","instance":"","subproblems":[]}}
Dec 12 11:42:45 arc-hosting caddy[928077]: {"level":"error","ts":1670845365.9461215,"logger":"tls.issuance.acme.acme_client","msg":"validating authorization","identifier":"www.roundtable.games","problem":{"type":"urn:ietf:params:acme:error:connection","title":"","detail":"184.67.75.222: Fetching http://www.roundtable.games/.well-known/acme-challenge/lXeWakfRhAjA3xLxaQ3apzaL6m9caxfanDnerAiWKOY: Timeout during connect (likely firewall problem)","instance":"","subproblems":[]},"order":"https://acme-v02.api.letsencrypt.org/acme/order/523260957/152282495757","attempt":1,"max_attempts":3}

… I’ll check the firewall

14

Firewall looks ok, unless I’m missing something:

Screenshot 2022-12-12 at 13.46.54
Screenshot 2022-12-12 at 13.46.542054×1120 121 KB

15

Your domain can resolve to your host, but clients can still choose to connect via IP address directly; that appears to be what is happening. (There’s nothing you can really do to stop that.) That’s why Caddy is saying it doesn’t have a cert, it’s for an IP address and it isn’t configured to serve the IP address.

A “timeout during connect” usually is a firewall problem. What’s in the server logs when you run your curl command?

16

This is the logs output when I run the curl command:

Dec 12 16:05:17 arc-hosting caddy[928077]: {"level":"debug","ts":1670861117.6319315,"logger":"tls.handshake","msg":"no matching certificates and no custom selection logic","identifier":"round-table.games"}
Dec 12 16:05:17 arc-hosting caddy[928077]: {"level":"debug","ts":1670861117.6319773,"logger":"tls.handshake","msg":"no matching certificates and no custom selection logic","identifier":"*.games"}
Dec 12 16:05:17 arc-hosting caddy[928077]: {"level":"debug","ts":1670861117.6319826,"logger":"tls.handshake","msg":"no matching certificates and no custom selection logic","identifier":"*.*"}
Dec 12 16:05:17 arc-hosting caddy[928077]: {"level":"debug","ts":1670861117.6319973,"logger":"tls.handshake","msg":"all external certificate managers yielded no certificates and no errors","sni":"round-table.games"}
Dec 12 16:05:17 arc-hosting caddy[928077]: {"level":"debug","ts":1670861117.6320114,"logger":"tls.handshake","msg":"no certificate matching TLS ClientHello","server_name":"round-table.games","remote":"197.92.139.26:55169","identifier":"round-table.games","cipher_suites":[4867,4866,4865,52393,52392,52394,49200,49196,49192,49188,49172,49162,159,107,57,65413,196,136,129,157,61,53,192,132,49199,49195,49191,49187,49171,49161,158,103,51,190,69,156,60,47,186,65,49169,49159,5,4,49170,49160,22,10,255],"cert_cache_fill":0.0002,"load_if_necessary":true,"obtain_if_necessary":true,"on_demand":false}
Dec 12 16:05:17 arc-hosting caddy[928077]: {"level":"debug","ts":1670861117.63211,"logger":"http.stdlib","msg":"http: TLS handshake error from 197.92.139.26:55169: no certificate available for 'round-table.games'"}
17

Yep, can confirm that looks correct now.

I can reach Caddy with curl as well. So it should be fine.

Might just need to clear out Caddy’s storage and restart it one more time for it to try ACME issuance freshly.

If you installed with the COPR repo (I’m assuming, since you’re using Alma) it should be at /var/lib/caddy/.local/share/caddy. Wipe that out then restart Caddy, and hopefully it should get a cert.

18

No such luck :-/
Here’s an error after clearing the storage as you suggested and restarting the caddy service:


Dec 12 17:02:14 arc-hosting caddy[932231]: {"level":"error","ts":1670864534.423792,"logger":"tls.issuance.acme.acme_client","msg":"validating authorization","identifier":"www.roundtable.games","problem":{"type":"urn:ietf:params:acme:error:connection","title":"","detail":"184.67.75.222: Error getting validation data","instance":"","subproblems":[]},"order":"https://acme-v02.api.letsencrypt.org/acme/order/868142917/152325153227","attempt":2,"max_attempts":3}
Dec 12 17:02:14 arc-hosting caddy[932231]: {"level":"error","ts":1670864534.4238331,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"www.roundtable.games","issuer":"acme-v02.api.letsencrypt.org-directory","error":"HTTP 400 urn:ietf:params:acme:error:connection - 184.67.75.222: Error getting validation data"}

Curl gives the same response as before.

19

Hmm, your IP address in DNS changed again! :thinking:

20

But it hasn’t:

 % dig round-table.games

; <<>> DiG 9.10.6 <<>> round-table.games
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 5198
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 9

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;round-table.games.             IN      A

;; ANSWER SECTION:
round-table.games.      3600    IN      A       77.68.13.165

;; AUTHORITY SECTION:
round-table.games.      3600    IN      NS      ns3.iwantmyname.net.
round-table.games.      3600    IN      NS      ns1.iwantmyname.net.
round-table.games.      3600    IN      NS      ns2.iwantmyname.net.
round-table.games.      3600    IN      NS      ns4.iwantmyname.net.

;; ADDITIONAL SECTION:
ns1.iwantmyname.net.    66678   IN      A       62.116.159.99
ns2.iwantmyname.net.    66678   IN      A       217.160.113.131
ns3.iwantmyname.net.    66678   IN      A       89.146.248.96
ns4.iwantmyname.net.    66678   IN      A       74.208.254.95
ns1.iwantmyname.net.    66678   IN      AAAA    2001:4178:3:a357:62:116:159:99
ns2.iwantmyname.net.    66678   IN      AAAA    2001:8d8:580:401:217:160:113:131
ns3.iwantmyname.net.    66678   IN      AAAA    2a01:130:2000:118:89:146:248:96
ns4.iwantmyname.net.    66678   IN      AAAA    2607:f1c0:1800:8091:74:208:254:95

;; Query time: 249 msec
;; SERVER: 192.168.1.1#53(192.168.1.1)
;; WHEN: Mon Dec 12 20:24:00 SAST 2022
;; MSG SIZE  rcvd: 325

… what do you mean?

% dig www.round-table.games

; <<>> DiG 9.10.6 <<>> www.round-table.games
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 61977
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 9

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.round-table.games.         IN      A

;; ANSWER SECTION:
www.round-table.games.  3600    IN      A       77.68.13.165

;; AUTHORITY SECTION:
round-table.games.      3544    IN      NS      ns3.iwantmyname.net.
round-table.games.      3544    IN      NS      ns2.iwantmyname.net.
round-table.games.      3544    IN      NS      ns1.iwantmyname.net.
round-table.games.      3544    IN      NS      ns4.iwantmyname.net.

;; ADDITIONAL SECTION:
ns1.iwantmyname.net.    66622   IN      A       62.116.159.99
ns2.iwantmyname.net.    66622   IN      A       217.160.113.131
ns3.iwantmyname.net.    66622   IN      A       89.146.248.96
ns4.iwantmyname.net.    66622   IN      A       74.208.254.95
ns1.iwantmyname.net.    66622   IN      AAAA    2001:4178:3:a357:62:116:159:99
ns2.iwantmyname.net.    66622   IN      AAAA    2001:8d8:580:401:217:160:113:131
ns3.iwantmyname.net.    66622   IN      AAAA    2a01:130:2000:118:89:146:248:96
ns4.iwantmyname.net.    66622   IN      AAAA    2607:f1c0:1800:8091:74:208:254:95

;; Query time: 212 msec
;; SERVER: 192.168.1.1#53(192.168.1.1)
;; WHEN: Mon Dec 12 20:24:56 SAST 2022
;; MSG SIZE  rcvd: 329
21

Ah geez lmao I ran dig roundtable.games with no dash :man_facepalming: hence the confusion