I’m hosting caddy on a VM, with ports 80 and 443 forwarded to this VM, and have several subdomains each served by their own VM, with caddy dealing with https and letsencrypt.
pve.TLD {
proxy / https://10.10.10.1:8006 {
header_upstream Host {host}
header_upstream X-Real-IP {remote}
header_upstream X-Forwarded-Proto {scheme}
websocket
insecure_skip_verify
}
}
This works well, as the backends I’m using either serve plain http or have self-signed certificates that insecure_skip_verify solves.
GitHub - mail-in-a-box/mailinabox: Mail-in-a-Box helps individuals take back control of their email by defining a one-click, easy-to-deploy SMTP+everything else server: a mail server in a box. Also does self-signed certificates, so adding
proxy / https://10.10.10.11:443 {
header_upstream Host {host}
header_upstream X-Real-IP {remote}
header_upstream X-Forwarded-Proto {scheme}
websocket
insecure_skip_verify
}
}
works well for its web-ui, however I’d like to use mail-in-a-box’s builtin letsencrypt support so that it can use its certificates for smtp and imap. This would mean that Caddy should not add https and should leave it up to the backend.
Currently if I request mail-in-a-box to provision a certificate from let’s encrypt, an ACME challenge is set to:
Submitting challenge response file at http://box.TLD/.well-known/acme-challenge/sAt1gQ9TW3mlj_4uM0WcFTJtlxwwIWviPs7ZOeymNJo.
After a while I get the error:
The HTTP Validation challenge for box.TLD failed: Invalid response from http://box.TLD/.well-known/acme-challenge/sAt1gQ9TW3mlj_4uM0WcFTJtlxwwIWviPs7ZOeymNJo: "<html>
<head><title>404 Not Found</title></head>
<body bgcolor="white">
<center><h1>404 Not Found</h1></center>
<hr><center>".
This seems to be related to https://github.com/mholt/caddy/issues/549, however I am running caddy 0.10.10 which should contain the fix for that issue.
Is there anything I need to write in the Caddyfile to delegate control over the subdomain to a different address?