1. The problem I’m having:
I’m trying to set a subdomain (beta or even anything else) but every time there’s this error “SSL_ERROR_INTERNAL_ERROR_ALERT” which won’t let caddy create a ssl certificate for that domain.
I’ve tried a lot of things such as setting a wildcard dns challenge and similar things but it always returns that “could not get certificate from issuer error”.
I don’t know what I did wrong since I’ve followed the docs and other similar posts (where the problem at the end is another thing) (and those docs makes it seem easy but then some Error always have to appear)
In the beta subdomain as for now there’s a simple index.html with a h1 header
2. Error messages and/or full log output:
journalctl … (debug mode is enabled)
Jul 24 22:33:58 desktop5adt4c3 systemd[1]: Starting Caddy...
Jul 24 22:33:58 desktop5adt4c3 caddy[1839]: caddy.HomeDir=/var/lib/caddy
Jul 24 22:33:58 desktop5adt4c3 caddy[1839]: caddy.AppDataDir=/var/lib/caddy/.local/share/caddy
Jul 24 22:33:58 desktop5adt4c3 caddy[1839]: caddy.AppConfigDir=/var/lib/caddy/.config/caddy
Jul 24 22:33:58 desktop5adt4c3 caddy[1839]: caddy.ConfigAutosavePath=/var/lib/caddy/.config/caddy/autosave.json
Jul 24 22:33:58 desktop5adt4c3 caddy[1839]: caddy.Version=v2.8.4 h1:q3pe0wpBj1OcHFZ3n/1nl4V4bxBrYoSoab7rL9BMYNk=
Jul 24 22:33:58 desktop5adt4c3 caddy[1839]: runtime.GOOS=linux
Jul 24 22:33:58 desktop5adt4c3 caddy[1839]: runtime.GOARCH=amd64
Jul 24 22:33:58 desktop5adt4c3 caddy[1839]: runtime.Compiler=gc
Jul 24 22:33:58 desktop5adt4c3 caddy[1839]: runtime.NumCPU=8
Jul 24 22:33:58 desktop5adt4c3 caddy[1839]: runtime.GOMAXPROCS=8
Jul 24 22:33:58 desktop5adt4c3 caddy[1839]: runtime.Version=go1.22.3
Jul 24 22:33:58 desktop5adt4c3 caddy[1839]: os.Getwd=/
Jul 24 22:33:58 desktop5adt4c3 caddy[1839]: LANG=en_US.UTF-8
Jul 24 22:33:58 desktop5adt4c3 caddy[1839]: PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin
Jul 24 22:33:58 desktop5adt4c3 caddy[1839]: NOTIFY_SOCKET=/run/systemd/notify
Jul 24 22:33:58 desktop5adt4c3 caddy[1839]: HOME=/var/lib/caddy
Jul 24 22:33:58 desktop5adt4c3 caddy[1839]: LOGNAME=caddy
Jul 24 22:33:58 desktop5adt4c3 caddy[1839]: USER=caddy
Jul 24 22:33:58 desktop5adt4c3 caddy[1839]: INVOCATION_ID=97e77b210d2748f78956511bcf8992d8
Jul 24 22:33:58 desktop5adt4c3 caddy[1839]: JOURNAL_STREAM=8:33934
Jul 24 22:33:58 desktop5adt4c3 caddy[1839]: SYSTEMD_EXEC_PID=1839
Jul 24 22:33:58 desktop5adt4c3 caddy[1839]: DO_AUTH_TOKEN=*token*
Jul 24 22:33:58 desktop5adt4c3 caddy[1839]: {"level":"info","ts":1721853238.3686104,"msg":"using config from file","file":"/etc/caddy/Caddyfile"}
Jul 24 22:33:58 desktop5adt4c3 caddy[1839]: {"level":"info","ts":1721853238.3702385,"msg":"adapted config to JSON","adapter":"caddyfile"}
Jul 24 22:33:58 desktop5adt4c3 caddy[1839]: {"level":"warn","ts":1721853238.3702486,"msg":"Caddyfile input is not formatted; run 'caddy fmt --overwrite' to fix inconsistencies","adapter":"caddyfile","file":"/etc/caddy/Caddyfile","line":78}
Jul 24 22:33:58 desktop5adt4c3 caddy[1839]: {"level":"info","ts":1721853238.3711371,"logger":"admin","msg":"admin endpoint started","address":"localhost:2019","enforce_origin":false,"origins":["//localhost:2019","//[::1]:2019","//*ip*:2019"]}
Jul 24 22:33:58 desktop5adt4c3 caddy[1839]: {"level":"info","ts":1721853238.3713396,"logger":"tls.cache.maintenance","msg":"started background certificate maintenance","cache":"0xc0015dbe00"}
Jul 24 22:33:58 desktop5adt4c3 caddy[1839]: {"level":"info","ts":1721853238.371418,"logger":"http.auto_https","msg":"server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS","server_name":"srv0","https_port":443}
Jul 24 22:33:58 desktop5adt4c3 caddy[1839]: {"level":"info","ts":1721853238.3714333,"logger":"http.auto_https","msg":"enabling automatic HTTP->HTTPS redirects","server_name":"srv0"}
Jul 24 22:33:58 desktop5adt4c3 caddy[1839]: {"level":"debug","ts":1721853238.371467,"logger":"http.auto_https","msg":"adjusted config","tls":{"automation":{"policies":[{"subjects":["beta.nicolanapa.duckdns.org"]},{"subjects":["www.nicolanapa.duckdns.org","nicolanapa.duckdns.org"]},{}]}},"http":{"servers":{"remaining_auto_https_redirects":{"listen":[":80"],"routes":[{},{}],"logs":{"logger_names":{"beta.nicolanapa.duckdns.org":["log1"],"nicolanapa.duckdns.org":["log0"]},"skip_hosts":["www.nicolanapa.duckdns.org"]}},"srv0":{"listen":[":443"],"routes":[{"handle":[{"handler":"subroute","routes":[{"handle":[{"handler":"vars","root":"/var/www/beta"}]},{"handle":[{"handler":"headers","response":{"set":{"Cache-Control":["max-age=15778800"]}}}],"match":[{"file":{},"path":["*.ico","*.css","*.js","*.gif","*.webp","*.avif","*.jpg","*.jpeg","*.png","*.svg","*.woff","*.woff2"]}]},{"handle":[{"handler":"headers","response":{"set":{"Content-Security-Policy":["default-src 'self' data: gap: https://ssl.gstatic.com ; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com ; font-src 'self' https://fonts.gstatic.com ; img-src 'self' data: https: content:; media-src 'self' *;"],"Referrer-Policy":["strict-origin-when-cross-origin"],"Strict-Transport-Security":["max-age=63072000; includeSubDomains; preload"],"X-Content-Type-Options":["nosniff"],"X-Frame-Options":["sameorigin"]}}},{"encodings":{"gzip":{},"zstd":{}},"handler":"encode","prefer":["zstd","gzip"]},{"handler":"file_server","hide":["/etc/caddy/Caddyfile"]}]}]}],"terminal":true},{"handle":[{"handler":"subroute","routes":[{"handle":[{"handler":"static_response","headers":{"Location":["https://nicolanapa.duckdns.org"]},"status_code":302}]}]}],"terminal":true},{"handle":[{"handler":"subroute","routes":[{"handle":[{"handler":"vars","root":"/var/www/nicolanapa.duckdns.org/dist"}]},{"handle":[{"handler":"headers","response":{"set":{"Cache-Control":["max-age=15778800"]}}}],"match":[{"file":{},"path":["*.ico","*.css","*.js","*.gif","*.webp","*.avif","*.jpg","*.jpeg","*.png","*.svg","*.woff","*.woff2"]}]},{"handle":[{"handler":"headers","response":{"set":{"Content-Security-Policy":["default-src 'self' data: gap: https://ssl.gstatic.com ; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com ; font-src 'self' https://fonts.gstatic.com ; img-src 'self' data: https: content:; media-src 'self' *;"],"Referrer-Policy":["strict-origin-when-cross-origin"],"Strict-Transport-Security":["max-age=63072000; includeSubDomains; preload"],"X-Content-Type-Options":["nosniff"],"X-Frame-Options":["sameorigin"]}}},{"encodings":{"gzip":{},"zstd":{}},"handler":"encode","prefer":["zstd","gzip"]},{"handler":"file_server","hide":["/etc/caddy/Caddyfile"]}]}]}],"terminal":true}],"tls_connection_policies":[{}],"automatic_https":{},"logs":{"logger_names":{"beta.nicolanapa.duckdns.org":["log1"],"nicolanapa.duckdns.org":["log0"]},"skip_hosts":["www.nicolanapa.duckdns.org"]}}}}}
Jul 24 22:33:58 desktop5adt4c3 caddy[1839]: {"level":"info","ts":1721853238.37191,"logger":"http","msg":"enabling HTTP/3 listener","addr":":443"}
Jul 24 22:33:58 desktop5adt4c3 caddy[1839]: {"level":"debug","ts":1721853238.3720217,"logger":"http","msg":"starting server loop","address":"[::]:443","tls":true,"http3":true}
Jul 24 22:33:58 desktop5adt4c3 caddy[1839]: {"level":"info","ts":1721853238.3720307,"logger":"http.log","msg":"server running","name":"srv0","protocols":["h1","h2","h3"]}
Jul 24 22:33:58 desktop5adt4c3 caddy[1839]: {"level":"debug","ts":1721853238.3720596,"logger":"http","msg":"starting server loop","address":"[::]:80","tls":false,"http3":false}
Jul 24 22:33:58 desktop5adt4c3 caddy[1839]: {"level":"info","ts":1721853238.3720682,"logger":"http.log","msg":"server running","name":"remaining_auto_https_redirects","protocols":["h1","h2","h3"]}
Jul 24 22:33:58 desktop5adt4c3 caddy[1839]: {"level":"info","ts":1721853238.3720732,"logger":"http","msg":"enabling automatic TLS certificate management","domains":["www.nicolanapa.duckdns.org","nicolanapa.duckdns.org","beta.nicolanapa.duckdns.org"]}
Jul 24 22:33:58 desktop5adt4c3 caddy[1839]: {"level":"debug","ts":1721853238.3722885,"logger":"tls","msg":"loading managed certificate","domain":"www.nicolanapa.duckdns.org","expiration":1725552569,"issuer_key":"acme-v02.api.letsencrypt.org-directory","storage":"FileStorage:/var/lib/caddy/.local/share/caddy"}
Jul 24 22:33:58 desktop5adt4c3 caddy[1839]: {"level":"info","ts":1721853238.3723357,"logger":"tls.obtain","msg":"acquiring lock","identifier":"beta.nicolanapa.duckdns.org"}
Jul 24 22:33:58 desktop5adt4c3 caddy[1839]: {"level":"debug","ts":1721853238.3725348,"logger":"tls.cache","msg":"added certificate to cache","subjects":["www.nicolanapa.duckdns.org"],"expiration":1725552569,"managed":true,"issuer_key":"acme-v02.api.letsencrypt.org-directory","hash":"6ec7632f82a0784b091be1bdbcda2d23418346e4abdef6f47570fe69c14316d3","cache_size":1,"cache_capacity":10000}
Jul 24 22:33:58 desktop5adt4c3 caddy[1839]: {"level":"debug","ts":1721853238.3725579,"logger":"events","msg":"event","name":"cached_managed_cert","id":"1ea9a730-ebf0-4f5a-ba53-7eb6b0e72f93","origin":"tls","data":{"sans":["www.nicolanapa.duckdns.org"]}}
Jul 24 22:33:58 desktop5adt4c3 caddy[1839]: {"level":"debug","ts":1721853238.3727152,"logger":"tls","msg":"loading managed certificate","domain":"nicolanapa.duckdns.org","expiration":1725193794,"issuer_key":"acme-v02.api.letsencrypt.org-directory","storage":"FileStorage:/var/lib/caddy/.local/share/caddy"}
Jul 24 22:33:58 desktop5adt4c3 caddy[1839]: {"level":"debug","ts":1721853238.3728707,"logger":"tls.cache","msg":"added certificate to cache","subjects":["nicolanapa.duckdns.org"],"expiration":1725193794,"managed":true,"issuer_key":"acme-v02.api.letsencrypt.org-directory","hash":"17b108d499487cd688b39f1290026452ee8ea32a25a680f92af5167920126f46","cache_size":2,"cache_capacity":10000}
Jul 24 22:33:58 desktop5adt4c3 caddy[1839]: {"level":"debug","ts":1721853238.3728898,"logger":"events","msg":"event","name":"cached_managed_cert","id":"26f85d98-c790-4c8d-a6be-7b5da22d7e96","origin":"tls","data":{"sans":["nicolanapa.duckdns.org"]}}
Jul 24 22:33:58 desktop5adt4c3 caddy[1839]: {"level":"info","ts":1721853238.372989,"msg":"autosaved config (load with --resume flag)","file":"/var/lib/caddy/.config/caddy/autosave.json"}
Jul 24 22:33:58 desktop5adt4c3 caddy[1839]: {"level":"info","ts":1721853238.3730195,"msg":"serving initial configuration"}
Jul 24 22:33:58 desktop5adt4c3 systemd[1]: Started Caddy.
Jul 24 22:33:58 desktop5adt4c3 caddy[1839]: {"level":"info","ts":1721853238.3744063,"logger":"tls.obtain","msg":"lock acquired","identifier":"beta.nicolanapa.duckdns.org"}
Jul 24 22:33:58 desktop5adt4c3 caddy[1839]: {"level":"info","ts":1721853238.3744724,"logger":"tls.obtain","msg":"obtaining certificate","identifier":"beta.nicolanapa.duckdns.org"}
Jul 24 22:33:58 desktop5adt4c3 caddy[1839]: {"level":"debug","ts":1721853238.374512,"logger":"events","msg":"event","name":"cert_obtaining","id":"f4b9cef5-f6b7-450f-a366-b72cbf4687eb","origin":"tls","data":{"identifier":"beta.nicolanapa.duckdns.org"}}
Jul 24 22:33:58 desktop5adt4c3 caddy[1839]: {"level":"debug","ts":1721853238.3747468,"logger":"tls.obtain","msg":"trying issuer 1/1","issuer":"acme-v02.api.letsencrypt.org-directory"}
Jul 24 22:33:58 desktop5adt4c3 caddy[1839]: {"level":"info","ts":1721853238.3749413,"logger":"tls.issuance.acme","msg":"waiting on internal rate limiter","identifiers":["beta.nicolanapa.duckdns.org"],"ca":"https://acme-v02.api.letsencrypt.org/directory","account":"*email*"}
Jul 24 22:33:58 desktop5adt4c3 caddy[1839]: {"level":"info","ts":1721853238.3749607,"logger":"tls.issuance.acme","msg":"done waiting on internal rate limiter","identifiers":["beta.nicolanapa.duckdns.org"],"ca":"https://acme-v02.api.letsencrypt.org/directory","account":"*email*"}
Jul 24 22:33:58 desktop5adt4c3 caddy[1839]: {"level":"info","ts":1721853238.3750062,"logger":"tls.issuance.acme","msg":"using ACME account","account_id":"https://acme-v02.api.letsencrypt.org/acme/acct/*token*","account_contact":["mailto:*email*"]}
Jul 24 22:33:58 desktop5adt4c3 caddy[1839]: {"level":"info","ts":1721853238.37611,"logger":"tls","msg":"storage cleaning happened too recently; skipping for now","storage":"FileStorage:/var/lib/caddy/.local/share/caddy","instance":"29192141-1516-4c84-8154-f778f4ae76a3","try_again":1721939638.376109,"try_again_in":86399.999999693}
Jul 24 22:33:58 desktop5adt4c3 caddy[1839]: {"level":"info","ts":1721853238.3761613,"logger":"tls","msg":"finished cleaning storage units"}
Jul 24 22:33:58 desktop5adt4c3 caddy[1839]: {"level":"debug","ts":1721853238.843502,"logger":"tls.issuance.acme.acme_client","msg":"http request","method":"GET","url":"https://acme-v02.api.letsencrypt.org/directory","headers":{"User-Agent":["Caddy/2.8.4 CertMagic acmez (linux; amd64)"]},"response_headers":{"Cache-Control":["public, max-age=0, no-cache"],"Content-Length":["746"],"Content-Type":["application/json"],"Date":["Wed, 24 Jul 2024 20:33:58 GMT"],"Server":["nginx"],"Strict-Transport-Security":["max-age=604800"],"X-Frame-Options":["DENY"]},"status_code":200}
Jul 24 22:33:58 desktop5adt4c3 caddy[1839]: {"level":"debug","ts":1721853238.843659,"logger":"tls.issuance.acme.acme_client","msg":"creating order","account":"https://acme-v02.api.letsencrypt.org/acme/acct/*token*","identifiers":["beta.nicolanapa.duckdns.org"]}
Jul 24 22:33:58 desktop5adt4c3 caddy[1839]: {"level":"debug","ts":1721853238.9934306,"logger":"tls.issuance.acme.acme_client","msg":"http request","method":"HEAD","url":"https://acme-v02.api.letsencrypt.org/acme/new-nonce","headers":{"User-Agent":["Caddy/2.8.4 CertMagic acmez (linux; amd64)"]},"response_headers":{"Cache-Control":["public, max-age=0, no-cache"],"Date":["Wed, 24 Jul 2024 20:33:58 GMT"],"Link":["<https://acme-v02.api.letsencrypt.org/directory>;rel=\"index\""],"Replay-Nonce":["PbAJzy_rqLVuSPATVbGjFKOGxePvTBxx25CuXm6cH8y8iXzea-U"],"Server":["nginx"],"Strict-Transport-Security":["max-age=604800"],"X-Frame-Options":["DENY"]},"status_code":200}
Jul 24 22:33:59 desktop5adt4c3 caddy[1839]: {"level":"debug","ts":1721853239.418284,"logger":"tls.issuance.acme.acme_client","msg":"http request","method":"POST","url":"https://acme-v02.api.letsencrypt.org/acme/new-order","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.8.4 CertMagic acmez (linux; amd64)"]},"response_headers":{"Boulder-Requester":["1641980387"],"Cache-Control":["public, max-age=0, no-cache"],"Content-Length":["353"],"Content-Type":["application/json"],"Date":["Wed, 24 Jul 2024 20:33:59 GMT"],"Link":["<https://acme-v02.api.letsencrypt.org/directory>;rel=\"index\""],"Location":["https://acme-v02.api.letsencrypt.org/acme/order/*token*"],"Replay-Nonce":["PbAJzy_ru4kj75zAStJATSbh8hSs-0VGjIXNe34nSKPzWPRUwlI"],"Server":["nginx"],"Strict-Transport-Security":["max-age=604800"],"X-Frame-Options":["DENY"]},"status_code":201}
Jul 24 22:33:59 desktop5adt4c3 caddy[1839]: {"level":"debug","ts":1721853239.5696044,"logger":"tls.issuance.acme.acme_client","msg":"http request","method":"POST","url":"https://acme-v02.api.letsencrypt.org/acme/authz-v3/*token*","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.8.4 CertMagic acmez (linux; amd64)"]},"response_headers":{"Boulder-Requester":["1641980387"],"Cache-Control":["public, max-age=0, no-cache"],"Content-Length":["811"],"Content-Type":["application/json"],"Date":["Wed, 24 Jul 2024 20:33:59 GMT"],"Link":["<https://acme-v02.api.letsencrypt.org/directory>;rel=\"index\""],"Replay-Nonce":["PbAJzy_r9ECr4HekjyTrvH6llkLM78ME_75cbquahKvyjGECurA"],"Server":["nginx"],"Strict-Transport-Security":["max-age=604800"],"X-Frame-Options":["DENY"]},"status_code":200}
Jul 24 22:33:59 desktop5adt4c3 caddy[1839]: {"level":"info","ts":1721853239.5698037,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"beta.nicolanapa.duckdns.org","challenge_type":"dns-01","ca":"https://acme-v02.api.letsencrypt.org/directory"}
Jul 24 22:33:59 desktop5adt4c3 caddy[1839]: {"level":"error","ts":1721853239.5817113,"logger":"tls.issuance.acme.acme_client","msg":"cleaning up solver","identifier":"beta.nicolanapa.duckdns.org","challenge_type":"dns-01","error":"no memory of presenting a DNS record for \"_acme-challenge.beta.nicolanapa.duckdns.org\" (usually OK if presenting also failed)"}
Jul 24 22:33:59 desktop5adt4c3 caddy[1839]: {"level":"debug","ts":1721853239.7820709,"logger":"tls.issuance.acme.acme_client","msg":"http request","method":"POST","url":"https://acme-v02.api.letsencrypt.org/acme/authz-v3/381378505187","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.8.4 CertMagic acmez (linux; amd64)"]},"response_headers":{"Boulder-Requester":["1641980387"],"Cache-Control":["public, max-age=0, no-cache"],"Content-Length":["815"],"Content-Type":["application/json"],"Date":["Wed, 24 Jul 2024 20:33:59 GMT"],"Link":["<https://acme-v02.api.letsencrypt.org/directory>;rel=\"index\""],"Replay-Nonce":["PbAJzy_rRQuKDiiEkeYr-bvBrew28pyWZ7XL0VCClCJlalxkPwg"],"Server":["nginx"],"Strict-Transport-Security":["max-age=604800"],"X-Frame-Options":["DENY"]},"status_code":200}
Jul 24 22:33:59 desktop5adt4c3 caddy[1839]: {"level":"error","ts":1721853239.7823262,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"beta.nicolanapa.duckdns.org","issuer":"acme-v02.api.letsencrypt.org-directory","error":"[beta.nicolanapa.duckdns.org] solving challenges: presenting for challenge: could not determine zone for domain \"_acme-challenge.beta.nicolanapa.duckdns.org\": unexpected response code 'SERVFAIL' for _acme-challenge.beta.nicolanapa.duckdns.org. (order=https://acme-v02.api.letsencrypt.org/acme/order/*token*/*token*) (ca=https://acme-v02.api.letsencrypt.org/directory)"}
Jul 24 22:33:59 desktop5adt4c3 caddy[1839]: {"level":"debug","ts":1721853239.782459,"logger":"events","msg":"event","name":"cert_failed","id":"8d47a1e2-f90d-4054-b62d-64f9b9347e35","origin":"tls","data":{"error":{},"identifier":"beta.nicolanapa.duckdns.org","issuers":["acme-v02.api.letsencrypt.org-directory"],"renewal":false}}
Jul 24 22:33:59 desktop5adt4c3 caddy[1839]: {"level":"error","ts":1721853239.7825046,"logger":"tls.obtain","msg":"will retry","error":"[beta.nicolanapa.duckdns.org] Obtain: [beta.nicolanapa.duckdns.org] solving challenges: presenting for challenge: could not determine zone for domain \"_acme-challenge.beta.nicolanapa.duckdns.org\": unexpected response code 'SERVFAIL' for _acme-challenge.beta.nicolanapa.duckdns.org. (order=https://acme-v02.api.letsencrypt.org/acme/order/*token*/*token*) (ca=https://acme-v02.api.letsencrypt.org/directory)","attempt":1,"retrying_in":60,"elapsed":1.408085213,"max_duration":2592000}
curl -vL to https://beta.nicolanapa.duckdns.org
* Trying *ip*:443...
* Connected to beta.nicolanapa.duckdns.org (*ip*) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* CAfile: /etc/ssl/certs/ca-certificates.crt
* CApath: /etc/ssl/certs
* TLSv1.0 (OUT), TLS header, Certificate Status (22):
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS header, Unknown (21):
* TLSv1.3 (IN), TLS alert, internal error (592):
* error:0A000438:SSL routines::tlsv1 alert internal error
* Closing connection 0
curl: (35) error:0A000438:SSL routines::tlsv1 alert internal error
curl -vL to http://beta.nicolanapa.duckdns.org
* Trying *ip*:80...
* Connected to beta.nicolanapa.duckdns.org (*ip*) port 80 (#0)
> GET / HTTP/1.1
> Host: beta.nicolanapa.duckdns.org
> User-Agent: curl/7.81.0
> Accept: */*
>
* Mark bundle as not supporting multiuse
< HTTP/1.1 308 Permanent Redirect
< Connection: close
< Location: https://beta.nicolanapa.duckdns.org/
< Server: Caddy
< Date: Wed, 24 Jul 2024 20:43:24 GMT
< Content-Length: 0
<
* Closing connection 0
* Clear auth, redirects to port from 80 to 443
* Issue another request to this URL: 'https://beta.nicolanapa.duckdns.org/'
* Trying *ip*:443...
* Connected to beta.nicolanapa.duckdns.org (*ip*) port 443 (#1)
* ALPN, offering h2
* ALPN, offering http/1.1
* CAfile: /etc/ssl/certs/ca-certificates.crt
* CApath: /etc/ssl/certs
* TLSv1.0 (OUT), TLS header, Certificate Status (22):
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS header, Unknown (21):
* TLSv1.3 (IN), TLS alert, internal error (592):
* error:0A000438:SSL routines::tlsv1 alert internal error
* Closing connection 1
curl: (35) error:0A000438:SSL routines::tlsv1 alert internal error
3. Caddy version:
v2.8.4 h1:q3pe0wpBj1OcHFZ3n/1nl4V4bxBrYoSoab7rL9BMYNk=
4. How I installed and ran Caddy:
Installed it from Download Caddy as a system service
a. System environment:
Ubuntu 22.04.4 LTS
No docker
b. Command:
I don’t really type any commands to run it, since it automatically starts
sudo systemctl status caddy
c. Service/unit/compose file:
d. My complete Caddy config:
{
email *email*
acme_dns duckdns *token*
}
(logging) {
log {
output file /var/log/caddy/caddy.log
format json
}
}
(static) {
@static {
file
path *.ico *.css *.js *.gif *.webp *.avif *.jpg *.jpeg *.png *.svg *.woff *.woff2
}
header @static Cache-Control max-age=15778800
}
(security) {
header {
Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"
X-Content-Type-Options nosniff
Referrer-Policy strict-origin-when-cross-origin
X-Frame-Options sameorigin
Content-Security-Policy "default-src 'self' data: gap: https://ssl.gstatic.com ; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com ; font-src 'se> }
}
https://nicolanapa.duckdns.org {
root * /var/www/nicolanapa.duckdns.org/dist
file_server
encode zstd gzip
import security
import static
import logging
}
https://www.nicolanapa.duckdns.org {
redir https://nicolanapa.duckdns.org
}
https://beta.nicolanapa.duckdns.org {
root * /var/www/beta
file_server
encode zstd gzip
*tls here is another thing I tried*
tls {
dns duckdns {
api_token *token*
}
}
import security
import static
import logging
}