Help with self signed

Yasser_Bazzi · November 7, 2025, 3:03am

1. The problem I’m having:

Im trying to setup a caddy server as a first time user, i have frigate, homeassistant, adguardDNS.
When i configure my Caddyfile to reroute their DNS with reverse proxy im able to access in HTTP but no luck with HTTPS at all, i get no hits on caddy with 443 and https, thee one thing i find suspect is the fact that in the log i see some metions about http2/3 is not enabled by policy, i`ve tried searching in github issues, reddit, this forum but i couldnt get anything to work
If my post is wrong and need correction please tell me and ill adjust as quick as possible

2. Error messages and/or full log output:

```tail -n100 -f containers/caddy/data/log.log 
{"level":"info","ts":1762483436.5607479,"logger":"admin","msg":"admin endpoint started","address":"localhost:2019","enforce_origin":false,"origins":["//localhost:2019","//[::1]:2019","//127.0.0.1:2019"]}
{"level":"info","ts":1762483436.5611053,"logger":"tls.cache.maintenance","msg":"started background certificate maintenance","cache":"0xc0007b8300"}
{"level":"info","ts":1762483436.5611694,"logger":"http.auto_https","msg":"server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS","server_name":"srv0","https_port":443}
{"level":"info","ts":1762483436.5611975,"logger":"http.auto_https","msg":"enabling automatic HTTP->HTTPS redirects","server_name":"srv0"}
{"level":"debug","ts":1762483436.5612354,"logger":"http.auto_https","msg":"adjusted config","tls":{"automation":{"policies":[{"subjects":["jellyfin.home.arpa","adguard.home.arpa","frigate.home.arpa","home.home.arpa"]},{}]}},"http":{"servers":{"remaining_auto_https_redirects":{"listen":[":80"],"routes":[{},{}]},"srv0":{"listen":[":443"],"routes":[{"handle":[{"handler":"subroute","routes":[{"handle":[{"handler":"reverse_proxy","upstreams":[{"dial":"169.254.1.2:8096"}]}]}]}],"terminal":true},{"handle":[{"handler":"subroute","routes":[{"handle":[{"handler":"reverse_proxy","upstreams":[{"dial":"169.254.1.2:35555"}]}]}]}],"terminal":true},{"handle":[{"handler":"subroute","routes":[{"handle":[{"handler":"reverse_proxy","upstreams":[{"dial":"169.254.1.2:8971"}]}]}]}],"terminal":true},{"handle":[{"handler":"subroute","routes":[{"handle":[{"handler":"reverse_proxy","upstreams":[{"dial":"169.254.1.2:8123"}]}]}]}],"terminal":true}],"tls_connection_policies":[{}],"automatic_https":{}}}}}
{"level":"info","ts":1762483436.5616972,"logger":"pki.ca.local","msg":"root certificate trust store installation disabled; unconfigured clients may show warnings","path":"storage:pki/authorities/local/root.crt"}
{"level":"debug","ts":1762483436.5617683,"logger":"http","msg":"starting server loop","address":"[::]:443","tls":true,"http3":false}
{"level":"info","ts":1762483436.5617814,"logger":"http","msg":"enabling HTTP/3 listener","addr":":443"}
{"level":"info","ts":1762483436.5619054,"logger":"http.log","msg":"server running","name":"srv0","protocols":["h1","h2","h3"]}
{"level":"debug","ts":1762483436.5619357,"logger":"http","msg":"starting server loop","address":"[::]:80","tls":false,"http3":false}
{"level":"warn","ts":1762483436.5619414,"logger":"http","msg":"HTTP/2 skipped because it requires TLS","network":"tcp","addr":":80"}
{"level":"warn","ts":1762483436.5619452,"logger":"http","msg":"HTTP/3 skipped because it requires TLS","network":"tcp","addr":":80"}
{"level":"info","ts":1762483436.5619483,"logger":"http.log","msg":"server running","name":"remaining_auto_https_redirects","protocols":["h1","h2","h3"]}
{"level":"info","ts":1762483436.5619526,"logger":"http","msg":"enabling automatic TLS certificate management","domains":["jellyfin.home.arpa","adguard.home.arpa","frigate.home.arpa","home.home.arpa"]}
{"level":"debug","ts":1762483436.5620382,"logger":"events","msg":"event","name":"started","id":"2ccaf7e0-bb27-4ab2-aa9a-89da6d512677","origin":"","data":null}
{"level":"info","ts":1762483436.5620928,"msg":"autosaved config (load with --resume flag)","file":"/config/caddy/autosave.json"}
{"level":"info","ts":1762483436.5682278,"logger":"tls","msg":"cleaning storage unit","storage":"FileStorage:/data/caddy"}
{"level":"info","ts":1762483436.574511,"logger":"tls.obtain","msg":"acquiring lock","identifier":"adguard.home.arpa"}
{"level":"info","ts":1762483436.574527,"logger":"tls.obtain","msg":"acquiring lock","identifier":"jellyfin.home.arpa"}
{"level":"info","ts":1762483436.5745928,"logger":"tls.obtain","msg":"acquiring lock","identifier":"home.home.arpa"}
{"level":"info","ts":1762483436.574518,"logger":"tls.obtain","msg":"acquiring lock","identifier":"frigate.home.arpa"}
{"level":"info","ts":1762483436.5804014,"logger":"tls","msg":"finished cleaning storage units"}
{"level":"info","ts":1762483436.5863578,"logger":"tls.obtain","msg":"lock acquired","identifier":"home.home.arpa"}
{"level":"info","ts":1762483436.586411,"logger":"tls.obtain","msg":"obtaining certificate","identifier":"home.home.arpa"}
{"level":"debug","ts":1762483436.586434,"logger":"events","msg":"event","name":"cert_obtaining","id":"56d7472e-2582-4630-b84a-96b4d52b5e8c","origin":"tls","data":{"identifier":"home.home.arpa"}}
{"level":"info","ts":1762483436.5863612,"logger":"tls.obtain","msg":"lock acquired","identifier":"adguard.home.arpa"}
{"level":"info","ts":1762483436.5865107,"logger":"tls.obtain","msg":"obtaining certificate","identifier":"adguard.home.arpa"}
{"level":"debug","ts":1762483436.5865185,"logger":"tls","msg":"created CSR","identifiers":["home.home.arpa"],"san_dns_names":["home.home.arpa"],"san_emails":[],"common_name":"","extra_extensions":0}
{"level":"debug","ts":1762483436.58652,"logger":"events","msg":"event","name":"cert_obtaining","id":"b6d0ea53-974e-47f5-8254-affafb58385d","origin":"tls","data":{"identifier":"adguard.home.arpa"}}
{"level":"info","ts":1762483436.5863583,"logger":"tls.obtain","msg":"lock acquired","identifier":"frigate.home.arpa"}
{"level":"debug","ts":1762483436.5865693,"logger":"tls","msg":"created CSR","identifiers":["adguard.home.arpa"],"san_dns_names":["adguard.home.arpa"],"san_emails":[],"common_name":"","extra_extensions":0}
{"level":"info","ts":1762483436.5863583,"logger":"tls.obtain","msg":"lock acquired","identifier":"jellyfin.home.arpa"}
{"level":"info","ts":1762483436.5867066,"logger":"tls.obtain","msg":"obtaining certificate","identifier":"jellyfin.home.arpa"}
{"level":"info","ts":1762483436.5866203,"logger":"tls.obtain","msg":"obtaining certificate","identifier":"frigate.home.arpa"}
{"level":"debug","ts":1762483436.5867202,"logger":"tls.obtain","msg":"trying issuer 1/1","issuer":"local"}
{"level":"debug","ts":1762483436.5867312,"logger":"tls.obtain","msg":"trying issuer 1/1","issuer":"local"}
{"level":"debug","ts":1762483436.5867367,"logger":"events","msg":"event","name":"cert_obtaining","id":"3634ec63-0f61-4790-9b96-c07990329545","origin":"tls","data":{"identifier":"frigate.home.arpa"}}
{"level":"debug","ts":1762483436.5867298,"logger":"events","msg":"event","name":"cert_obtaining","id":"0e0745e4-6186-4154-ac06-f3e265c5a6f7","origin":"tls","data":{"identifier":"jellyfin.home.arpa"}}
{"level":"debug","ts":1762483436.5868046,"logger":"tls","msg":"created CSR","identifiers":["frigate.home.arpa"],"san_dns_names":["frigate.home.arpa"],"san_emails":[],"common_name":"","extra_extensions":0}
{"level":"debug","ts":1762483436.586847,"logger":"tls","msg":"created CSR","identifiers":["jellyfin.home.arpa"],"san_dns_names":["jellyfin.home.arpa"],"san_emails":[],"common_name":"","extra_extensions":0}
{"level":"debug","ts":1762483436.586988,"logger":"pki.ca.local","msg":"using intermediate signer","serial":"104689206404230575899319966556423329759","not_before":"2025-11-07 02:43:56 +0000 UTC","not_after":"2025-11-14 02:43:56 +0000 UTC"}
{"level":"debug","ts":1762483436.586993,"logger":"pki.ca.local","msg":"using intermediate signer","serial":"104689206404230575899319966556423329759","not_before":"2025-11-07 02:43:56 +0000 UTC","not_after":"2025-11-14 02:43:56 +0000 UTC"}
{"level":"debug","ts":1762483436.5870228,"logger":"tls.obtain","msg":"trying issuer 1/1","issuer":"local"}
{"level":"debug","ts":1762483436.5870273,"logger":"tls.obtain","msg":"trying issuer 1/1","issuer":"local"}
{"level":"debug","ts":1762483436.5872164,"logger":"pki.ca.local","msg":"using intermediate signer","serial":"104689206404230575899319966556423329759","not_before":"2025-11-07 02:43:56 +0000 UTC","not_after":"2025-11-14 02:43:56 +0000 UTC"}
{"level":"debug","ts":1762483436.5872772,"logger":"pki.ca.local","msg":"using intermediate signer","serial":"104689206404230575899319966556423329759","not_before":"2025-11-07 02:43:56 +0000 UTC","not_after":"2025-11-14 02:43:56 +0000 UTC"}
{"level":"info","ts":1762483436.6218424,"logger":"tls.obtain","msg":"certificate obtained successfully","identifier":"home.home.arpa","issuer":"local"}
{"level":"info","ts":1762483436.6219015,"logger":"tls.obtain","msg":"certificate obtained successfully","identifier":"adguard.home.arpa","issuer":"local"}
{"level":"debug","ts":1762483436.6219356,"logger":"events","msg":"event","name":"cert_obtained","id":"05f30141-5128-43dd-9bea-0a92d45cdde2","origin":"tls","data":{"certificate_path":"certificates/local/home.home.arpa/home.home.arpa.crt","csr_pem":"LS0tLS1CRUdJTiBDRVJUSUZJQ0FURSBSRVFVRVNULS0tLS0KTUlIbk1JR09BZ0VBTUFBd1dUQVRCZ2NxaGtqT1BRSUJCZ2dxaGtqT1BRTUJCd05DQUFSbkxiZGRXbnlOS1hEMQo5TTBjWW96dVNMdEErSDhUeCtLYUhicHZVR0ttOU5YZmZtYW16anQ5L05ZWlF4SUh1aGl3MktvdEFYdldWRkp6CkpDMHI5RGpyb0N3d0tnWUpLb1pJaHZjTkFRa09NUjB3R3pBWkJnTlZIUkVFRWpBUWdnNW9iMjFsTG1odmJXVXUKWVhKd1lUQUtCZ2dxaGtqT1BRUURBZ05JQURCRkFpQTRMNWltYVlzWFdzYUprcmFLSkVNa3BLS0Q0aHlXbmNpQwo4U2tQTWdPUTRnSWhBT2hubUp5dTRDU1IxTEhVVHlYUWtndGVVM2F5ekFSazlBUmMvTmtNalJXTQotLS0tLUVORCBDRVJUSUZJQ0FURSBSRVFVRVNULS0tLS0K","identifier":"home.home.arpa","issuer":"local","metadata_path":"certificates/local/home.home.arpa/home.home.arpa.json","private_key_path":"certificates/local/home.home.arpa/home.home.arpa.key","renewal":false,"storage_path":"certificates/local/home.home.arpa"}}
{"level":"info","ts":1762483436.6219807,"logger":"tls.obtain","msg":"releasing lock","identifier":"home.home.arpa"}
{"level":"debug","ts":1762483436.6219945,"logger":"events","msg":"event","name":"cert_obtained","id":"53b72a32-f463-40b7-b7a0-5dc371c547d5","origin":"tls","data":{"certificate_path":"certificates/local/adguard.home.arpa/adguard.home.arpa.crt","csr_pem":"LS0tLS1CRUdJTiBDRVJUSUZJQ0FURSBSRVFVRVNULS0tLS0KTUlIcE1JR1JBZ0VBTUFBd1dUQVRCZ2NxaGtqT1BRSUJCZ2dxaGtqT1BRTUJCd05DQUFSOGhyUnV5SVpmdG4wTApQcUNzdjNmenVIcy9uQysrMDJ6amR1VnM3UElJdnhpbksyY2d1MEtFalQxUmJjY3ZSeHZDUE5vUEM1d05xNlVVCjhpbFRwaktMb0M4d0xRWUpLb1pJaHZjTkFRa09NU0F3SGpBY0JnTlZIUkVFRlRBVGdoRmhaR2QxWVhKa0xtaHYKYldVdVlYSndZVEFLQmdncWhrak9QUVFEQWdOSEFEQkVBaUEvYzVlZllGN2x1Zk9tUXdoa2FmTGR2T0JDdHN4QQphdmNteVhKRmRlWGlVQUlnQlhYK0hyTVdkV3FDUGxQRUFFS3JMYmtmWUNnY2hiSWF6WlpYdzJOS2FkOD0KLS0tLS1FTkQgQ0VSVElGSUNBVEUgUkVRVUVTVC0tLS0tCg==","identifier":"adguard.home.arpa","issuer":"local","metadata_path":"certificates/local/adguard.home.arpa/adguard.home.arpa.json","private_key_path":"certificates/local/adguard.home.arpa/adguard.home.arpa.key","renewal":false,"storage_path":"certificates/local/adguard.home.arpa"}}
{"level":"info","ts":1762483436.6220164,"logger":"tls.obtain","msg":"releasing lock","identifier":"adguard.home.arpa"}
{"level":"warn","ts":1762483436.622273,"logger":"tls","msg":"stapling OCSP","identifiers":["adguard.home.arpa"]}
{"level":"debug","ts":1762483436.6223013,"logger":"tls.cache","msg":"added certificate to cache","subjects":["adguard.home.arpa"],"expiration":1762526637,"managed":true,"issuer_key":"local","hash":"ad90da2c8c665a6e510939b0ce355c101bc6e9ce76610721d8945ff59ab560b1","cache_size":1,"cache_capacity":10000}
{"level":"warn","ts":1762483436.622309,"logger":"tls","msg":"stapling OCSP","identifiers":["home.home.arpa"]}
{"level":"debug","ts":1762483436.6223462,"logger":"tls.cache","msg":"added certificate to cache","subjects":["home.home.arpa"],"expiration":1762526637,"managed":true,"issuer_key":"local","hash":"098589f5295e007b8211a0e95ca1550d4cdecaa36ce87c317cf64f0ccc1267d8","cache_size":2,"cache_capacity":10000}
{"level":"debug","ts":1762483436.6223805,"logger":"events","msg":"event","name":"cached_managed_cert","id":"81bc0cfa-6241-4aed-830c-2959d6f4ee37","origin":"tls","data":{"sans":["home.home.arpa"]}}
{"level":"debug","ts":1762483436.6223147,"logger":"events","msg":"event","name":"cached_managed_cert","id":"a9c81659-252e-48cc-8254-a36a548ef872","origin":"tls","data":{"sans":["adguard.home.arpa"]}}
{"level":"info","ts":1762483436.6279438,"logger":"tls.obtain","msg":"certificate obtained successfully","identifier":"frigate.home.arpa","issuer":"local"}
{"level":"info","ts":1762483436.6279652,"logger":"tls.obtain","msg":"certificate obtained successfully","identifier":"jellyfin.home.arpa","issuer":"local"}
{"level":"debug","ts":1762483436.627981,"logger":"events","msg":"event","name":"cert_obtained","id":"b1e27ae4-d66c-4fb9-908a-839cb3d4d8dc","origin":"tls","data":{"certificate_path":"certificates/local/frigate.home.arpa/frigate.home.arpa.crt","csr_pem":"LS0tLS1CRUdJTiBDRVJUSUZJQ0FURSBSRVFVRVNULS0tLS0KTUlIck1JR1JBZ0VBTUFBd1dUQVRCZ2NxaGtqT1BRSUJCZ2dxaGtqT1BRTUJCd05DQUFTZlNiZHVGMit3V0ZqcQo0enc4RU5ES2pOMU83VlQ3bmNmcTdSZ2ZkRDMrTHFYS2NkcGp3OWZLQnA0cWtNaEhTR1lXTTJUb3RNVy9BQzh3CjdaVnJUc1kwb0M4d0xRWUpLb1pJaHZjTkFRa09NU0F3SGpBY0JnTlZIUkVFRlRBVGdoRm1jbWxuWVhSbExtaHYKYldVdVlYSndZVEFLQmdncWhrak9QUVFEQWdOSkFEQkdBaUVBaE5NMEJYekV3UlF4VS9Kc1dwQ1g5MS9FVWxWQwpiWG1RaU91MWpOTDNUbElDSVFDYzZJYzJwTGp5Z29wVXRlbnpFaUhodGFPejh3WTFTNVZtNnVaRU9HaklUQT09Ci0tLS0tRU5EIENFUlRJRklDQVRFIFJFUVVFU1QtLS0tLQo=","identifier":"frigate.home.arpa","issuer":"local","metadata_path":"certificates/local/frigate.home.arpa/frigate.home.arpa.json","private_key_path":"certificates/local/frigate.home.arpa/frigate.home.arpa.key","renewal":false,"storage_path":"certificates/local/frigate.home.arpa"}}
{"level":"info","ts":1762483436.6279979,"logger":"tls.obtain","msg":"releasing lock","identifier":"frigate.home.arpa"}
{"level":"debug","ts":1762483436.6280208,"logger":"events","msg":"event","name":"cert_obtained","id":"c389b8bd-fdc4-41a9-a6d9-c52f6ccc6899","origin":"tls","data":{"certificate_path":"certificates/local/jellyfin.home.arpa/jellyfin.home.arpa.crt","csr_pem":"LS0tLS1CRUdJTiBDRVJUSUZJQ0FURSBSRVFVRVNULS0tLS0KTUlIc01JR1NBZ0VBTUFBd1dUQVRCZ2NxaGtqT1BRSUJCZ2dxaGtqT1BRTUJCd05DQUFTbFRDcmtBdDUxVnhvbgo2VkJhZ3Nldm1sMUxmNVI1N3Z6ajdoMjJHd2dlaWE4b0xCaFFOcFBmWXRQVWNaYkp4K3pYNmRyb0tQVExkK2VvCkFTZ254clJZb0RBd0xnWUpLb1pJaHZjTkFRa09NU0V3SHpBZEJnTlZIUkVFRmpBVWdoSnFaV3hzZVdacGJpNW8KYjIxbExtRnljR0V3Q2dZSUtvWkl6ajBFQXdJRFNRQXdSZ0loQU9WdTdpMTYvUXVEdHdsV1NMMzBDdHpOVjRLKwpmQVpiL1VlQTdnQlJOS09VQWlFQXNBKzZCd2VVd1lGYjdwMStEVHNxMytYQzVFWWRuZFNFVHFIZ3YzOEtOYVE9Ci0tLS0tRU5EIENFUlRJRklDQVRFIFJFUVVFU1QtLS0tLQo=","identifier":"jellyfin.home.arpa","issuer":"local","metadata_path":"certificates/local/jellyfin.home.arpa/jellyfin.home.arpa.json","private_key_path":"certificates/local/jellyfin.home.arpa/jellyfin.home.arpa.key","renewal":false,"storage_path":"certificates/local/jellyfin.home.arpa"}}
{"level":"info","ts":1762483436.6280382,"logger":"tls.obtain","msg":"releasing lock","identifier":"jellyfin.home.arpa"}
{"level":"warn","ts":1762483436.6281595,"logger":"tls","msg":"stapling OCSP","identifiers":["frigate.home.arpa"]}
{"level":"debug","ts":1762483436.6281698,"logger":"tls.cache","msg":"added certificate to cache","subjects":["frigate.home.arpa"],"expiration":1762526637,"managed":true,"issuer_key":"local","hash":"d4ae52fb844a3cfc51269c0c1c2832ef4de7e35218798b362209cc5c30d19aa6","cache_size":3,"cache_capacity":10000}
{"level":"debug","ts":1762483436.6281776,"logger":"events","msg":"event","name":"cached_managed_cert","id":"4e2853c0-b06a-460f-ae55-57d6eb3d9c48","origin":"tls","data":{"sans":["frigate.home.arpa"]}}
{"level":"warn","ts":1762483436.6282272,"logger":"tls","msg":"stapling OCSP","identifiers":["jellyfin.home.arpa"]}
{"level":"debug","ts":1762483436.6282384,"logger":"tls.cache","msg":"added certificate to cache","subjects":["jellyfin.home.arpa"],"expiration":1762526637,"managed":true,"issuer_key":"local","hash":"6b49b2b6fb04ca8e9e18f112b262ef8265101b8a1fb5bf5d3d8016973dd2cae8","cache_size":4,"cache_capacity":10000}
{"level":"debug","ts":1762483436.6282475,"logger":"events","msg":"event","name":"cached_managed_cert","id":"994f4112-83ad-44af-b320-3c5a3ab67442","origin":"tls","data":{"sans":["jellyfin.home.arpa"]}}
```

3. Caddy version:

2.10.2

4. How I installed and ran Caddy:

Caddy was installed using podman quadlet

a. System environment:

b. Command:

systemctl --user start caddy.service

PASTE OVER THIS, BETWEEN THE ``` LINES.
Please use the preview pane to ensure it looks nice.

c. Service/unit/compose file:

i removed the pod thinking it was a problem, no luck either








[Unit]

Description=Caddy Reverse Proxy Service

# Depende do serviço do Pod

#Requires=web-pod.service

#After=web-pod.service



[Container]

Image=docker.io/library/caddy:latest

ContainerName=caddy

AutoUpdate=registry

# CORRIGIDO: Deve corresponder ao 'PodName' do web.pod

#Pod=web.pod

AddCapability=NET_ADMIN

PublishPort=80:80/tcp

PublishPort=443:443/tcp

PublishPort=443:443/udp





# Volumes

Volume=%h/containers/caddy/Caddyfile:/etc/caddy/Caddyfile

Volume=%h/containers/caddy/data:/data

Volume=%h/containers/caddy/config:/config





#[Install]

# CORRIGIDO: O contêiner é parte do 'web.service'

#WantedBy=web-pod.service

d. My complete Caddy config:

This is my CaddyFile  https://gist.github.com/YShow/6545cdff61e74f43a2538fd37573989f


{

    debug
#    auto_https disable_redirects
    log {
        output file /data/log.log
        level DEBUG
    }
#tried this no luck :(
#    skip_install_trust
 
}
 
# AdGuard Home
# Escuta em HTTP (80) E HTTPS (443)
adguard.home.arpa {
    tls internal
    reverse_proxy http://169.254.1.2:35555
}
 
# Frigate
# Escuta em HTTP (80) E HTTPS (443)
frigate.home.arpa {
    tls internal
    reverse_proxy http://169.254.1.2:8971
}
 
# Home Assistant
# Escuta em HTTP (80) E HTTPS (443)
home.home.arpa {
    tls internal
    reverse_proxy http://169.254.1.2:8123
}
 
# Jellyfin
# Escuta em HTTP (80) E HTTPS (443)
jellyfin.home.arpa {
    tls internal
    reverse_proxy http://169.254.1.2:8096
}

5. Links to relevant resources:

timelordx · November 7, 2025, 3:30am

Can you try, for example, this and share the result?

curl -vk https://home.home.arpa

Mohammed90 · November 7, 2025, 10:28pm

By the way

if you’re saying this because of the logs you have, they don’t prove that. You’re only enabling debug logs, not access logs.

Yasser_Bazzi · November 8, 2025, 2:54am

Hey everyone, somehow podman allowed adguard and caddy to enable port 443 and that is why it got that result, thanks everyone for helping me, i`ve disable port 443 in adguard and now everything is fine, i even managed to figure out how to use registro.br with duckdns acme now, caddy is magnificent

PS: the forum didnt allow me to post for 24h, sorry for the delay

system · December 8, 2025, 2:54am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.