1. The problem I’m having:
I had a personal web server which had several web apps (Nextcloud, Gitea, Immich, Jellyfin) and Caddy as the reverse proxy, that I wanted to move to another server with better resources. I began with Nextcloud, installed Caddy on the new server, but immediately got errors. I followed the advice from other topics and it seemed I should have been able to just fire up my new server and certificates should have been issued just fine, but that was not the case for me. Here is my setup:
- Asus router providing DDNS url
oscarale.asuscommm.com
which points to my home IP - Shared hosting (Nixihost) and domain
aleyoscar.com
which lets me add CNAME records to route to my home IP, for examplecloud.aleyoscar.com
>oscarale.asuscomm.com
- Router port forwarding 80 and 443 to new web server at
192.168.1.100
(New server internal IP was the same IP as the old server. Old server now has a different internal IP) - Server with firewall ports 80 and 443 open
- Caddy listening on ports 80 and 443 to route traffic to appropriate web app, for example
cloud.aleyoscar.com
>localhost:8081
I will say I am using different ports in my new Caddyfile as opposed to the old Caddyfile, to better organize my web apps, but I have been unable to reach Nextcloud from my subdomain.
When I use curl -vL cloud.aleyoscar.com
I get an error (below)
When I look at the status of the caddy service, I see errors (below)
2. Error messages and/or full log output:
curl -vL https://cloud.aleyoscar.com
* Trying 38.158.133.174:443...
* Connected to cloud.aleyoscar.com (38.158.133.174) port 443 (#0)
* schannel: disabled automatic use of client certificate
* ALPN: offers http/1.1
* schannel: next InitializeSecurityContext failed: SEC_E_ILLEGAL_MESSAGE (0x80090326) - This error usually occurs when a fatal SSL/TLS alert is received (e.g. handshake failed). More detail may be available in the Windows System event log.
* Closing connection 0
* schannel: shutting down SSL/TLS connection with cloud.aleyoscar.com port 443
curl: (35) schannel: next InitializeSecurityContext failed: SEC_E_ILLEGAL_MESSAGE (0x80090326) - This error usually occurs when a fatal SSL/TLS alert is received (e.g. handshake failed). More detail may be available in the Windows System event log.
sudo systemctl status caddy
Oct 13 10:24:21 oscarale-server caddy[46545]: {"level":"info","ts":1697210661.8719542,"logger":"http.acme_client","msg":"trying to solve challenge","identifier":"cloud.alyoscar.com","challenge_type":"tls-alpn-01","ca":"https://acme-staging-v02.api.letsencrypt.org/directory"}
Oct 13 10:24:22 oscarale-server caddy[46545]: {"level":"error","ts":1697210662.2360396,"logger":"http.acme_client","msg":"challenge failed","identifier":"cloud.alyoscar.com","challenge_type":"tls-alpn-01","problem":{"type":"urn:ietf:params:acme:error:dns","title":"","detail":"DNS problem: NXDOMAIN looking up A for cloud.alyoscar.com - check that a DNS record exists for this domain; DNS problem: NXDOMAIN looking up AAAA for cloud.alyoscar.com - check that a DNS record exists for this domain","instance":"","subproblems":[]}}
Oct 13 10:24:22 oscarale-server caddy[46545]: {"level":"error","ts":1697210662.2361085,"logger":"http.acme_client","msg":"validating authorization","identifier":"cloud.alyoscar.com","problem":{"type":"urn:ietf:params:acme:error:dns","title":"","detail":"DNS problem: NXDOMAIN looking up A for cloud.alyoscar.com - check that a DNS record exists for this domain; DNS problem: NXDOMAIN looking up AAAA for cloud.alyoscar.com - check that a DNS record exists for this domain","instance":"","subproblems":[]},"order":"https://acme-staging-v02.api.letsencrypt.org/acme/order/121763844/11557220854","attempt":1,"max_attempts":3}
Oct 13 10:24:23 oscarale-server caddy[46545]: {"level":"info","ts":1697210663.373604,"logger":"http.acme_client","msg":"trying to solve challenge","identifier":"cloud.alyoscar.com","challenge_type":"http-01","ca":"https://acme-staging-v02.api.letsencrypt.org/directory"}
Oct 13 10:24:23 oscarale-server caddy[46545]: {"level":"error","ts":1697210663.7381973,"logger":"http.acme_client","msg":"challenge failed","identifier":"cloud.alyoscar.com","challenge_type":"http-01","problem":{"type":"urn:ietf:params:acme:error:dns","title":"","detail":"DNS problem: NXDOMAIN looking up A for cloud.alyoscar.com - check that a DNS record exists for this domain; DNS problem: NXDOMAIN looking up AAAA for cloud.alyoscar.com - check that a DNS record exists for this domain","instance":"","subproblems":[]}}
Oct 13 10:24:23 oscarale-server caddy[46545]: {"level":"error","ts":1697210663.7382593,"logger":"http.acme_client","msg":"validating authorization","identifier":"cloud.alyoscar.com","problem":{"type":"urn:ietf:params:acme:error:dns","title":"","detail":"DNS problem: NXDOMAIN looking up A for cloud.alyoscar.com - check that a DNS record exists for this domain; DNS problem: NXDOMAIN looking up AAAA for cloud.alyoscar.com - check that a DNS record exists for this domain","instance":"","subproblems":[]},"order":"https://acme-staging-v02.api.letsencrypt.org/acme/order/121763844/11557221224","attempt":2,"max_attempts":3}
Oct 13 10:24:23 oscarale-server caddy[46545]: {"level":"error","ts":1697210663.7383134,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"cloud.alyoscar.com","issuer":"acme-v02.api.letsencrypt.org-directory","error":"HTTP 400 urn:ietf:params:acme:error:dns - DNS problem: NXDOMAIN looking up A for cloud.alyoscar.com - check that a DNS record exists for this domain; DNS problem: NXDOMAIN looking up AAAA for cloud.alyoscar.com - check that a DNS record exists for this domain"}
Oct 13 10:24:23 oscarale-server caddy[46545]: {"level":"warn","ts":1697210663.7385497,"logger":"http","msg":"missing email address for ZeroSSL; it is strongly recommended to set one for next time"}
Oct 13 10:24:24 oscarale-server caddy[46545]: {"level":"error","ts":1697210664.39227,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"cloud.alyoscar.com","issuer":"acme.zerossl.com-v2-DV90","error":"account pre-registration callback: failed getting EAB credentials: HTTP 200: failed_creating_eab_account (code 2902)"}
Oct 13 10:24:24 oscarale-server caddy[46545]: {"level":"error","ts":1697210664.3923604,"logger":"tls.obtain","msg":"will retry","error":"[cloud.alyoscar.com] Obtain: account pre-registration callback: failed getting EAB credentials: HTTP 200: failed_creating_eab_account (code 2902)","attempt":10,"retrying_in":3600,"elapsed":7229.173834062,"max_duration":2592000}
3. Caddy version:
v2.7.4
4. How I installed and ran Caddy:
a. System environment:
Debian GNU Linux 12, amd64, systemd
b. Command:
sudo systemctl enable caddy
sudo systemctl reload caddy
Though when I make edits to the Caddyfile, I use
cd /etc/caddy
caddy adapt
caddy reload
c. Service/unit/compose file:
caddy.service
d. My complete Caddy config:
NEW CADDYFILE
https://aio.aleyoscar.com:443 { # NEXTCLOUD ALL-IN-ONE: WORKS
reverse_proxy https://localhost:8081 {
transport http {
tls_insecure_skip_verify
}
}
}
https://cloud.alyoscar.com:443 { # NEXTCLOUD SERVER: DOES NOT WORK
reverse_proxy localhost:8082
}
https://media.aleyoscar.com:433 { #JELLYFIN SERVER: BLANK PAGE, BUT MAY BE AN ISSUE WITH MY JELLYFIN CONFIG
reverse_proxy localhost:8083
}