Help interpreting errors in console

RKirchhof · June 24, 2020, 1:47am

1. Caddy version (`caddy version`): 2.0

2. How I run Caddy: Runs on domain member Windows 10 host. Domain: rkirchhof.net

I have a local DNS zone for kirchhof.tech addresses. Kirchhof.tech url’s all resolve to my homes ISPs ip address. Ports 80 and 443 are forwarded to caddy2 server.

a. System environment: Windows 10 Caddy2 runs at startup (Post login)

b. Command:

Caddy.exe run --watch

c. Service/unit/compose file:

paste full file contents here

d. My complete Caddyfile or JSON config:

fo76wdb.kirchhof.tech:443 {	
	reverse_proxy webserver.kirchhof.tech:2020
}
tv.kirchhof.tech:443 {	
	reverse_proxy hv1.kirchhof.tech:8096
}
mail.kirchhof.tech:443 {	
	reverse_proxy ME-1.rkirchhof.net:80
}
sonarr.kirchhof.tech:443 {	
	reverse_proxy hv1.kirchhof.tech:8989
}
sabnzbd.kirchhof.tech:443 {	
	reverse_proxy hv1.kirchhof.tech:8085
}
couchpotato.kirchhof.tech:443 {	
	reverse_proxy hv1.kirchhof.tech:5050
}

3. The problem I’m having:

Using reverse proxy feature. All seems to work fine. I just need help understanding console errors

4. Error messages and/or full log output:

2020/06/23 16:00:48 http: TLS handshake error from 222.186.19.210:35068: tls: first record does not look like a TLS handshake
2020/06/23 16:07:06 http: TLS handshake error from 193.118.53.210:43792: no certificate available for ‘45.18.10.201’
2020/06/23 16:08:51 http: TLS handshake error from 142.112.145.68:54120: no certificate available for ‘kirchhof.tech’
2020/06/23 16:08:51 http: TLS handshake error from 142.112.145.68:54140: tls: client offered only unsupported versions: [301]
2020/06/23 16:08:51 http: TLS handshake error from 142.112.145.68:54154: tls: client offered only unsupported versions: []
2020/06/23 16:08:51 http: TLS handshake error from 142.112.145.68:54162: EOF
2020/06/23 16:08:51 http: TLS handshake error from 142.112.145.68:54170: no certificate available for ‘kirchhof.tech’
2020/06/23 16:08:52 http: TLS handshake error from 142.112.145.68:54193: tls: client offered only unsupported versions: [301]
2020/06/23 16:08:52 http: TLS handshake error from 142.112.145.68:54205: tls: client offered only unsupported versions: []
2020/06/23 16:08:52 http: TLS handshake error from 142.112.145.68:54217: EOF
2020/06/23 16:08:52 http: TLS handshake error from 142.112.145.68:54227: no certificate available for ‘kirchhof.tech’
2020/06/23 16:08:52 http: TLS handshake error from 142.112.145.68:54243: tls: client offered only unsupported versions: [301]
2020/06/23 16:08:52 http: TLS handshake error from 142.112.145.68:54257: tls: client offered only unsupported versions: []
2020/06/23 16:08:52 http: TLS handshake error from 142.112.145.68:54271: EOF
2020/06/23 16:15:32 http: TLS handshake error from 40.77.167.169:12983: no certificate available for ‘kirchhof.tech’
2020/06/23 16:15:32 http: TLS handshake error from 40.77.167.169:13106: tls: client offered only unsupported versions: [302 301]
2020/06/23 16:15:32 http: TLS handshake error from 40.77.167.169:13164: tls: client offered only unsupported versions: [301]
2020/06/23 16:15:32 http: TLS handshake error from 40.77.167.169:13236: EOF
2020/06/23 16:21:58 http: TLS handshake error from 114.119.162.16:61876: no certificate available for ‘kirchhof.tech’
2020/06/23 16:38:32 http: TLS handshake error from 66.249.72.55:63963: no certificate available for ‘rkirchhof.net’
2020/06/23 17:32:48 http: TLS handshake error from 195.54.160.135:33400: no certificate available for ‘192.168.1.75’
2020/06/23 17:41:32 http: TLS handshake error from 195.54.160.135:58446: no certificate available for ‘192.168.1.75’
2020/06/23 17:41:34 http: TLS handshake error from 195.54.160.135:44022: no certificate available for ‘192.168.1.75’
2020/06/23 17:48:22 http: TLS handshake error from 66.249.69.206:48953: no certificate available for ‘kirchhof.tech’
2020/06/23 17:52:28 http: TLS handshake error from 203.173.10.149:41699: EOF
2020/06/23 17:59:24 http: TLS handshake error from 195.54.160.135:50242: no certificate available for ‘192.168.1.75’
2020/06/23 18:03:56 http: TLS handshake error from 114.119.166.187:48986: no certificate available for ‘kirchhof.tech’
2020/06/23 18:08:33 http: TLS handshake error from 34.75.187.236:55551: no certificate available for ‘rkirchhof.net’
2020/06/23 18:08:33 http: TLS handshake error from 34.75.187.236:53503: no certificate available for ‘rkirchhof.net’
2020/06/23 19:19:07 http: TLS handshake error from 207.46.13.88:16083: no certificate available for ‘kirchhof.tech’
2020/06/23 19:19:07 http: TLS handshake error from 207.46.13.88:16215: tls: client offered only unsupported versions: [302 301]
2020/06/23 19:19:07 http: TLS handshake error from 207.46.13.88:16292: tls: client offered only unsupported versions: [301]
2020/06/23 19:19:08 http: TLS handshake error from 207.46.13.88:16381: EOF
2020/06/23 19:44:40 http: TLS handshake error from 114.119.164.238:33470: no certificate available for ‘kirchhof.tech’
2020/06/23 20:05:26 http: TLS handshake error from 37.59.56.107:61252: no certificate available for ‘45.18.10.201’
2020/06/23 20:05:26 http: TLS handshake error from 37.59.56.107:61515: no certificate available for ‘45.18.10.201’
2020/06/23 20:13:01 http: TLS handshake error from 171.67.70.88:37592: no certificate available for ‘192.168.1.75’
2020/06/23 20:20:41 http: TLS handshake error from 66.249.66.18:47476: no certificate available for ‘kirchhof.tech’
2020/06/23 20:20:41 http: TLS handshake error from 66.249.66.16:55280: no certificate available for ‘kirchhof.tech’
2020/06/23 20:22:18 http: TLS handshake error from 95.163.255.46:52023: no certificate available for ‘kirchhof.tech’
2020/06/23 20:22:20 http: TLS handshake error from 95.163.255.44:35856: no certificate available for ‘kirchhof.tech’
2020/06/23 20:25:10 http: TLS handshake error from 107.217.53.76:57530: EOF
2020/06/23 20:52:16 http: TLS handshake error from 171.67.70.81:34116: no certificate available for ‘192.168.1.75’
2020/06/23 21:07:22 http: TLS handshake error from 195.54.160.135:50544: no certificate available for ‘192.168.1.75’
2020/06/23 21:24:04 http: TLS handshake error from 114.119.160.63:61898: no certificate available for ‘kirchhof.tech’
2020/06/23 21:28:44 http: TLS handshake error from 192.241.215.65:49424: no certificate available for ‘45.18.10.201’

What is a TLS handshake error?
Are these attempted efforts to gain unintended access?

5. What I already tried:

On my external DNS server I remove wildcard records. all kirchhof.tech url’s use FQDN i.e tv.kirchhof.tech and fo76wdb.kirchhof.tech . . . That about it. Thank you.

6. Links to relevant resources:

francislavoie · June 24, 2020, 2:08am

This just means you were hit with requests from clients that either:

are attempting to use old versions of TLS (i.e. tls: client offered only unsupported versions; Caddy only supports v1.2 and v1.3 which are the latest two versions of the protocol)
or from clients that made a request that hit your server making a request with just the IP address and not a hostname that you are serving.

Most of these will just be bots/crawlers that are trying to find vulnerable sites. You can safely ignore all of these, they’re just warnings. Unfortunately, these messages are emitted from the Go stdlib so Caddy doesn’t really have an opportunity to handle them and wrap them in a nicer error format.

system · July 24, 2020, 1:47am

This topic was automatically closed after 30 days. New replies are no longer allowed.