Getting errors when moving caddy to another server

oscarale · October 13, 2023, 3:39pm

1. The problem I’m having:

I had a personal web server which had several web apps (Nextcloud, Gitea, Immich, Jellyfin) and Caddy as the reverse proxy, that I wanted to move to another server with better resources. I began with Nextcloud, installed Caddy on the new server, but immediately got errors. I followed the advice from other topics and it seemed I should have been able to just fire up my new server and certificates should have been issued just fine, but that was not the case for me. Here is my setup:

Asus router providing DDNS url oscarale.asuscommm.com which points to my home IP
Shared hosting (Nixihost) and domain aleyoscar.com which lets me add CNAME records to route to my home IP, for example cloud.aleyoscar.com > oscarale.asuscomm.com
Router port forwarding 80 and 443 to new web server at 192.168.1.100 (New server internal IP was the same IP as the old server. Old server now has a different internal IP)
Server with firewall ports 80 and 443 open
Caddy listening on ports 80 and 443 to route traffic to appropriate web app, for example cloud.aleyoscar.com > localhost:8081

I will say I am using different ports in my new Caddyfile as opposed to the old Caddyfile, to better organize my web apps, but I have been unable to reach Nextcloud from my subdomain.

When I use curl -vL cloud.aleyoscar.com I get an error (below)
When I look at the status of the caddy service, I see errors (below)

2. Error messages and/or full log output:

curl -vL https://cloud.aleyoscar.com
*   Trying 38.158.133.174:443...
* Connected to cloud.aleyoscar.com (38.158.133.174) port 443 (#0)
* schannel: disabled automatic use of client certificate
* ALPN: offers http/1.1
* schannel: next InitializeSecurityContext failed: SEC_E_ILLEGAL_MESSAGE (0x80090326) - This error usually occurs when a fatal SSL/TLS alert is received (e.g. handshake failed). More detail may be available in the Windows System event log.
* Closing connection 0
* schannel: shutting down SSL/TLS connection with cloud.aleyoscar.com port 443
curl: (35) schannel: next InitializeSecurityContext failed: SEC_E_ILLEGAL_MESSAGE (0x80090326) - This error usually occurs when a fatal SSL/TLS alert is received (e.g. handshake failed). More detail may be available in the Windows System event log.

sudo systemctl status caddy
Oct 13 10:24:21 oscarale-server caddy[46545]: {"level":"info","ts":1697210661.8719542,"logger":"http.acme_client","msg":"trying to solve challenge","identifier":"cloud.alyoscar.com","challenge_type":"tls-alpn-01","ca":"https://acme-staging-v02.api.letsencrypt.org/directory"}
Oct 13 10:24:22 oscarale-server caddy[46545]: {"level":"error","ts":1697210662.2360396,"logger":"http.acme_client","msg":"challenge failed","identifier":"cloud.alyoscar.com","challenge_type":"tls-alpn-01","problem":{"type":"urn:ietf:params:acme:error:dns","title":"","detail":"DNS problem: NXDOMAIN looking up A for cloud.alyoscar.com - check that a DNS record exists for this domain; DNS problem: NXDOMAIN looking up AAAA for cloud.alyoscar.com - check that a DNS record exists for this domain","instance":"","subproblems":[]}}
Oct 13 10:24:22 oscarale-server caddy[46545]: {"level":"error","ts":1697210662.2361085,"logger":"http.acme_client","msg":"validating authorization","identifier":"cloud.alyoscar.com","problem":{"type":"urn:ietf:params:acme:error:dns","title":"","detail":"DNS problem: NXDOMAIN looking up A for cloud.alyoscar.com - check that a DNS record exists for this domain; DNS problem: NXDOMAIN looking up AAAA for cloud.alyoscar.com - check that a DNS record exists for this domain","instance":"","subproblems":[]},"order":"https://acme-staging-v02.api.letsencrypt.org/acme/order/121763844/11557220854","attempt":1,"max_attempts":3}
Oct 13 10:24:23 oscarale-server caddy[46545]: {"level":"info","ts":1697210663.373604,"logger":"http.acme_client","msg":"trying to solve challenge","identifier":"cloud.alyoscar.com","challenge_type":"http-01","ca":"https://acme-staging-v02.api.letsencrypt.org/directory"}
Oct 13 10:24:23 oscarale-server caddy[46545]: {"level":"error","ts":1697210663.7381973,"logger":"http.acme_client","msg":"challenge failed","identifier":"cloud.alyoscar.com","challenge_type":"http-01","problem":{"type":"urn:ietf:params:acme:error:dns","title":"","detail":"DNS problem: NXDOMAIN looking up A for cloud.alyoscar.com - check that a DNS record exists for this domain; DNS problem: NXDOMAIN looking up AAAA for cloud.alyoscar.com - check that a DNS record exists for this domain","instance":"","subproblems":[]}}
Oct 13 10:24:23 oscarale-server caddy[46545]: {"level":"error","ts":1697210663.7382593,"logger":"http.acme_client","msg":"validating authorization","identifier":"cloud.alyoscar.com","problem":{"type":"urn:ietf:params:acme:error:dns","title":"","detail":"DNS problem: NXDOMAIN looking up A for cloud.alyoscar.com - check that a DNS record exists for this domain; DNS problem: NXDOMAIN looking up AAAA for cloud.alyoscar.com - check that a DNS record exists for this domain","instance":"","subproblems":[]},"order":"https://acme-staging-v02.api.letsencrypt.org/acme/order/121763844/11557221224","attempt":2,"max_attempts":3}
Oct 13 10:24:23 oscarale-server caddy[46545]: {"level":"error","ts":1697210663.7383134,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"cloud.alyoscar.com","issuer":"acme-v02.api.letsencrypt.org-directory","error":"HTTP 400 urn:ietf:params:acme:error:dns - DNS problem: NXDOMAIN looking up A for cloud.alyoscar.com - check that a DNS record exists for this domain; DNS problem: NXDOMAIN looking up AAAA for cloud.alyoscar.com - check that a DNS record exists for this domain"}
Oct 13 10:24:23 oscarale-server caddy[46545]: {"level":"warn","ts":1697210663.7385497,"logger":"http","msg":"missing email address for ZeroSSL; it is strongly recommended to set one for next time"}
Oct 13 10:24:24 oscarale-server caddy[46545]: {"level":"error","ts":1697210664.39227,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"cloud.alyoscar.com","issuer":"acme.zerossl.com-v2-DV90","error":"account pre-registration callback: failed getting EAB credentials: HTTP 200: failed_creating_eab_account (code 2902)"}
Oct 13 10:24:24 oscarale-server caddy[46545]: {"level":"error","ts":1697210664.3923604,"logger":"tls.obtain","msg":"will retry","error":"[cloud.alyoscar.com] Obtain: account pre-registration callback: failed getting EAB credentials: HTTP 200: failed_creating_eab_account (code 2902)","attempt":10,"retrying_in":3600,"elapsed":7229.173834062,"max_duration":2592000}

3. Caddy version:

v2.7.4

4. How I installed and ran Caddy:

a. System environment:

Debian GNU Linux 12, amd64, systemd

b. Command:

sudo systemctl enable caddy
sudo systemctl reload caddy

Though when I make edits to the Caddyfile, I use

cd /etc/caddy
caddy adapt
caddy reload

c. Service/unit/compose file:

caddy.service

d. My complete Caddy config:

NEW CADDYFILE

https://aio.aleyoscar.com:443 { # NEXTCLOUD ALL-IN-ONE: WORKS
        reverse_proxy https://localhost:8081 {
                transport http {
                        tls_insecure_skip_verify
                }
        }
}

https://cloud.alyoscar.com:443 { # NEXTCLOUD SERVER: DOES NOT WORK
        reverse_proxy localhost:8082
}

https://media.aleyoscar.com:433 { #JELLYFIN SERVER: BLANK PAGE, BUT MAY BE AN ISSUE WITH MY JELLYFIN CONFIG
        reverse_proxy localhost:8083
}

5. Links to relevant resources:

francislavoie · October 13, 2023, 9:43pm

I think you have a typo in your config with your domain?

$ host cloud.alyoscar.com                                                   
Host cloud.alyoscar.com not found: 3(NXDOMAIN)

$ host cloud.aleyoscar.com
cloud.aleyoscar.com has address 38.158.133.174

oscarale · October 13, 2023, 10:36pm

Wow I feel REALLY dumb now. Thank you! It worked immediately right after fixing that.

system · November 12, 2023, 10:37pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.