How to get dockerised Caddy to use self-signed certs for local dev with php-fpm SPA (VueJs)

Help
23

What does your Caddyfile look like now? Is your upstream server actually running?

Turn on the debug global option. There’s probably more details in the logs.

24

Caddyfile

{
    debug
}
mnr-fe.localhost {
    reverse_proxy host.docker.internal:8080
}

mnr-be.localhost {
    root * /var/www/html/
    encode gzip
    php_fastcgi php:9000 
    header Access-Control-Allow-Origin         https://mnr-fe.localhost
    header Access-Control-Allow-Credentials    true
    file_server
}

Here’s the output from the caddy docker stdout (with debug switched on):

mnr-caddy-docker-caddy-1  | {"level":"debug","ts":1661293172.6543157,"logger":"http.handlers.reverse_proxy","msg":"selected upstream","dial":"host.docker.internal:8080","total_upstreams":1}
mnr-caddy-docker-caddy-1  | {"level":"debug","ts":1661293172.66062,"logger":"http.handlers.reverse_proxy","msg":"upstream roundtrip","upstream":"host.docker.internal:8080","duration":0.005989042,"request":{"remote_ip":"172.20.0.1","remote_port":"61778","proto":"HTTP/2.0","method":"GET","host":"mnr-fe.localhost","uri":"/","headers":{"Sec-Ch-Ua-Platform":["\"macOS\""],"User-Agent":["Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36"],"Sec-Fetch-Dest":["document"],"Accept-Encoding":["gzip, deflate, br"],"X-Forwarded-For":["172.20.0.1"],"Sec-Ch-Ua":["\"Chromium\";v=\"104\", \" Not A;Brand\";v=\"99\", \"Google Chrome\";v=\"104\""],"Accept-Language":["en-GB,en-US;q=0.9,en;q=0.8"],"Sec-Ch-Ua-Mobile":["?0"],"Accept":["text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9"],"X-Forwarded-Proto":["https"],"X-Forwarded-Host":["mnr-fe.localhost"],"Sec-Fetch-Site":["none"],"Sec-Fetch-Mode":["navigate"],"Upgrade-Insecure-Requests":["1"],"Sec-Fetch-User":["?1"],"Cache-Control":["max-age=0"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"h2","server_name":"mnr-fe.localhost"}},"error":"EOF"}
mnr-caddy-docker-caddy-1  | {"level":"error","ts":1661293172.6608567,"logger":"http.log.error","msg":"EOF","request":{"remote_ip":"172.20.0.1","remote_port":"61778","proto":"HTTP/2.0","method":"GET","host":"mnr-fe.localhost","uri":"/","headers":{"Accept":["text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9"],"Sec-Fetch-User":["?1"],"Accept-Language":["en-GB,en-US;q=0.9,en;q=0.8"],"Sec-Ch-Ua":["\"Chromium\";v=\"104\", \" Not A;Brand\";v=\"99\", \"Google Chrome\";v=\"104\""],"Sec-Ch-Ua-Platform":["\"macOS\""],"Upgrade-Insecure-Requests":["1"],"User-Agent":["Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36"],"Sec-Fetch-Dest":["document"],"Accept-Encoding":["gzip, deflate, br"],"Cache-Control":["max-age=0"],"Sec-Ch-Ua-Mobile":["?0"],"Sec-Fetch-Site":["none"],"Sec-Fetch-Mode":["navigate"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"h2","server_name":"mnr-fe.localhost"}},"duration":0.006861334,"status":502,"err_id":"tu1u13m8a","err_trace":"reverseproxy.statusError (reverseproxy.go:1184)"}
25

Any thoughts?

26

Hard to say. But EOF typically means that the upstream misbehaved and didn’t respond with anything that makes sense.

Are you sure your upstream is actually running?

1 Like
27

Actually this is working. I had another go this morning and noticed some misconfigurations had crept in on my app.

2 Likes
28

Having taken the solution further – i.e. implementing my actual PHP backend instead of just a phpinfo holding page – I’ve run into a CORS error:

Access to XMLHttpRequest at 'https://mnr-be.localhost/api/people/login' from origin 'https://mnr-fe.localhost' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: The 'Access-Control-Allow-Origin' header contains multiple values 'https://mnr-fe.localhost, https://mnr-fe.localhost', but only one is allowed.

I don’t think this is a configuration error in the code, because it works on the staging server. So what’s going on here? How is it getting multiple values in the header?

30

This isn’t really an issue with Caddy. Google that error message, it should point you in the right direction.

31

I did of course but no luck. Also, as I mentioned, the server code is not producing that error on staging. It’s only happening in this dockerised Caddy env. The related server forums all say the same thing you are but in reverse, I.e. it’s not the server code, it’s the web server adding headers. And I’m stuck in the middle :smiley:

32

Caddy doesn’t touch CORS headers unless you configure it to do so; that’s what I mean, it’s not something inherent with Caddy that’s causing the issue. If you configured Caddy to write CORS headers, that’s kinda on you to figure out what’s right for your app.

33

Right you are… there were CORS headers in my Caddyfile!
So now I no longer have CORS errors. However…

  1. I’m still faced with the problem that the PHP session cookie is not being stored by the browser.

  2. I thought I’d try it on Firefox but despite what it says here: Generate certificate for local development - #2 by francislavoie, Firefox does not recognise the certificate (although Chrome and Safari) do.

34

Cookies only apply for the domain they were served on, by default (in case you’re implying that you’re expecting a cookie set by the backend to apply to the frontend as well). There are options you can set to make it apply to other subdomains, but that’s out of scope of Caddy as well, it’s something you need to adjust in your app.

Please be more specific. What do you mean? What error are you seeing?

Firefox does have its own trust store (it doesn’t use the system’s), so you might need to install it in its trust store if you didn’t already.

35

Yes. Look the normal process with JS Ajax front-end talking to PHP backend is, you send login credentials to the back-end, which in turn starts a session and returns that as a session cookie. The browser then stores that cookie so that further requests are understood to be authorised. That’s not happening. Further research has revealed that this is because mnr-fe.localhost is not seen as a valid domain because it only has one dot and therefor will always be seen as cross-site by the browser and thus the browser will not store the session cookie.

However, I’ve tried changing the domain and I don’t seem to be able to get that to work either. I tried using fe.mnr.dev and be.mnr.dev but now I get the following error in the browser:

fe.mnr.dev sent an invalid response.
ERR_SSL_PROTOCOL_ERROR

and in curl

% curl -v https://fe.mnr.dev
*   Trying 127.0.0.1:443...
* Connected to fe.mnr.dev (127.0.0.1) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*  CAfile: /etc/ssl/cert.pem
*  CApath: none
* (304) (OUT), TLS handshake, Client hello (1):
* error:1404B438:SSL routines:ST_CONNECT:tlsv1 alert internal error
* Closing connection 0
curl: (35) error:1404B438:SSL routines:ST_CONNECT:tlsv1 alert internal error

Here’s the updated Caddyfile:

fe.mnr.dev {
    reverse_proxy host.docker.internal:8080
}
be.mnr.dev {
    root * /var/www/html/be/webroot
    encode gzip
    php_fastcgi php:9000 
    file_server
}

Here’s the /etc/hosts:

127.0.0.1       be.mnr.dev
127.0.0.1       fe.mnr.dev

I seem to have these old certs for the old domains in caddy. I’m not sure how they got there. Do they matter?

Screenshot 2022-08-29 at 18.01.47
Screenshot 2022-08-29 at 18.01.47454×702 93.5 KB

I then tried to delete those local certs and when I spun Caddy up it went into a tailspin. Here’s the logs:

mnr-caddy-docker-caddy-1  | {"level":"debug","ts":1661792791.817466,"logger":"tls.issuance.acme.acme_client","msg":"http request","method":"POST","url":"https://acme-v02.api.letsencrypt.org/acme/new-order","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.5.2 CertMagic acmez (linux; arm64)"]},"response_headers":{"Boulder-Requester":["707076717"],"Cache-Control":["public, max-age=0, no-cache"],"Content-Length":["335"],"Content-Type":["application/json"],"Date":["Mon, 29 Aug 2022 17:06:31 GMT"],"Link":["<https://acme-v02.api.letsencrypt.org/directory>;rel=\"index\""],"Location":["https://acme-v02.api.letsencrypt.org/acme/order/707076717/120680975247"],"Replay-Nonce":["0102EvEM39PwuGMyOSoDHq3w3yQNtekjRl6bRnd_U3KttHE"],"Server":["nginx"],"Strict-Transport-Security":["max-age=604800"],"X-Frame-Options":["DENY"]},"status_code":201}
mnr-caddy-docker-caddy-1  | {"level":"debug","ts":1661792791.9637792,"logger":"tls.issuance.acme.acme_client","msg":"http request","method":"POST","url":"https://acme-v02.api.letsencrypt.org/acme/authz-v3/147514034527","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.5.2 CertMagic
acmez (linux; arm64)"]},"response_headers":{"Boulder-Requester":["707076717"],"Cache-Control":["public, max-age=0, no-cache"],"Content-Length":["794"],"Content-Type":["application/json"],"Date":["Mon, 29 Aug 2022 17:06:31 GMT"],"Link":["<https://acme-v02.api.letsencrypt.org/directory>;rel=\"index\""],"Replay-Nonce":["0102k87suwfAbPlcI097dhNkphfnVvWMhYZUsXGQCnKs5Tk"],"Server":["nginx"],"Strict-Transport-Security":["max-age=604800"],"X-Frame-Options":["DENY"]},"status_code":200}
mnr-caddy-docker-caddy-1  | {"level":"debug","ts":1661792791.963865,"logger":"tls.issuance.acme.acme_client","msg":"no solver configured","challenge_type":"dns-01"}
mnr-caddy-docker-caddy-1  | {"level":"info","ts":1661792791.9638684,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"fe.mnr.dev","challenge_type":"tls-alpn-01","ca":"https://acme-v02.api.letsencrypt.org/directory"}
mnr-caddy-docker-caddy-1  | {"level":"debug","ts":1661792791.9710896,"logger":"http.stdlib","msg":"http: TLS handshake error from 127.0.0.1:53784:
EOF"}
mnr-caddy-docker-caddy-1  | {"level":"debug","ts":1661792792.134829,"logger":"tls.issuance.acme.acme_client","msg":"http request","method":"POST","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/147514034527/j5pY4A","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.5.2 CertMagic acmez (linux; arm64)"]},"response_headers":{"Boulder-Requester":["707076717"],"Cache-Control":["public, max-age=0,
no-cache"],"Content-Length":["191"],"Content-Type":["application/json"],"Date":["Mon, 29 Aug 2022 17:06:32 GMT"],"Link":["<https://acme-v02.api.letsencrypt.org/directory>;rel=\"index\"","<https://acme-v02.api.letsencrypt.org/acme/authz-v3/147514034527>;rel=\"up\""],"Location":["https://acme-v02.api.letsencrypt.org/acme/chall-v3/147514034527/j5pY4A"],"Replay-Nonce":["0102Api_-1KRLt2pTkKch1_R4s-nM1jAZyeJ6dGi8mJXtdE"],"Server":["nginx"],"Strict-Transport-Security":["max-age=604800"],"X-Frame-Options":["DENY"]},"status_code":200}
mnr-caddy-docker-caddy-1  | {"level":"debug","ts":1661792792.1348925,"logger":"tls.issuance.acme.acme_client","msg":"challenge accepted","identifier":"fe.mnr.dev","challenge_type":"tls-alpn-01"}
mnr-caddy-docker-caddy-1  | {"level":"debug","ts":1661792792.535854,"logger":"tls.issuance.acme.acme_client","msg":"http request","method":"POST","url":"https://acme-v02.api.letsencrypt.org/acme/authz-v3/147514034527","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.5.2 CertMagic acmez (linux; arm64)"]},"response_headers":{"Boulder-Requester":["707076717"],"Cache-Control":["public, max-age=0, no-cache"],"Content-Length":["850"],"Content-Type":["application/json"],"Date":["Mon, 29 Aug 2022 17:06:32 GMT"],"Link":["<https://acme-v02.api.letsencrypt.org/directory>;rel=\"index\""],"Replay-Nonce":["0102ng6Ry6y-ltkKoMe_ArQ4SKkQFqYheO-aezcGHC6LU2U"],"Server":["nginx"],"Strict-Transport-Security":["max-age=604800"],"X-Frame-Options":["DENY"]},"status_code":200}
mnr-caddy-docker-caddy-1  | {"level":"error","ts":1661792792.5376897,"logger":"tls.issuance.acme.acme_client","msg":"challenge failed","identifier":"fe.mnr.dev","challenge_type":"tls-alpn-01","problem":{"type":"urn:ietf:params:acme:error:dns","title":"","detail":"DNS problem: NXDOMAIN
looking
up A for fe.mnr.dev -
check that a DNS record exists for this domain; DNS problem: NXDOMAIN looking up AAAA for fe.mnr.dev - check that a DNS record exists for this
domain","instance":"","subproblems":[]}}
mnr-caddy-docker-caddy-1  | {"level":"error","ts":1661792792.5377188,"logger":"tls.issuance.acme.acme_client","msg":"validating authorization","identifier":"fe.mnr.dev","problem":{"type":"urn:ietf:params:acme:error:dns","title":"","detail":"DNS problem: NXDOMAIN looking up A for fe.mnr.dev - check that a DNS record exists for this domain; DNS problem: NXDOMAIN looking up AAAA for fe.mnr.dev - check that a DNS record exists for this domain","instance":"","subproblems":[]},"order":"https://acme-v02.api.letsencrypt.org/acme/order/707076717/120680975247","attempt":2,"max_attempts":3}
mnr-caddy-docker-caddy-1  | {"level":"error","ts":1661792792.5377386,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"fe.mnr.dev","issuer":"acme-v02.api.letsencrypt.org-directory","error":"HTTP 400 urn:ietf:params:acme:error:dns - DNS problem: NXDOMAIN
looking
up A for fe.mnr.dev -
check that a DNS record exists for this domain; DNS problem: NXDOMAIN looking up AAAA for fe.mnr.dev - check that a DNS record exists for this
domain"}
mnr-caddy-docker-caddy-1  | {"level":"debug","ts":1661792792.5377445,"logger":"tls.obtain","msg":"trying issuer 2/2","issuer":"acme.zerossl.com-v2-DV90"}
mnr-caddy-docker-caddy-1  | {"level":"info","ts":1661792792.5412261,"logger":"tls.issuance.acme","msg":"waiting on internal rate limiter","identifiers":["fe.mnr.dev"],"ca":"https://acme.zerossl.com/v2/DV90","account":"caddy@zerossl.com"}
mnr-caddy-docker-caddy-1  | {"level":"info","ts":1661792792.5412445,"logger":"tls.issuance.acme","msg":"done waiting on internal rate limiter","identifiers":["fe.mnr.dev"],"ca":"https://acme.zerossl.com/v2/DV90","account":"caddy@zerossl.com"}
mnr-caddy-docker-caddy-1  | {"level":"debug","ts":1661792796.6168828,"logger":"tls.issuance.acme.acme_client","msg":"http request","method":"GET","url":"https://acme.zerossl.com/v2/DV90","headers":{"User-Agent":["Caddy/2.5.2 CertMagic acmez (linux; arm64)"]},"response_headers":{"Access-Control-Allow-Origin":["*"],"Cache-Control":["max-age=-1"],"Content-Length":["645"],"Content-Type":["application/json"],"Date":["Mon, 29 Aug 2022 17:06:36 GMT"],"Server":["nginx"],"Strict-Transport-Security":["max-age=15552000"]},"status_code":200}
mnr-caddy-docker-caddy-1  | {"level":"debug","ts":1661792801.0040567,"logger":"tls.issuance.acme.acme_client","msg":"http request","method":"HEAD","url":"https://acme.zerossl.com/v2/DV90/newNonce","headers":{"User-Agent":["Caddy/2.5.2 CertMagic acmez (linux; arm64)"]},"response_headers":{"Access-Control-Allow-Origin":["*"],"Cache-Control":["max-age=-1"],"Content-Type":["application/octet-stream"],"Date":["Mon, 29 Aug 2022 17:06:41
GMT"],"Link":["<https://acme.zerossl.com/v2/DV90>;rel=\"index\""],"Replay-Nonce":["Jp8wLwt0pPsGhjRMvTvXO9yb42Z7aqwADigDZokvfF4"],"Server":["nginx"],"Strict-Transport-Security":["max-age=15552000"]},"status_code":200}
mnr-caddy-docker-caddy-1  | {"level":"debug","ts":1661792801.004176,"logger":"tls.issuance.acme.acme_client","msg":"http request","method":"HEAD","url":"https://acme.zerossl.com/v2/DV90/newNonce","headers":{"User-Agent":["Caddy/2.5.2 CertMagic acmez (linux; arm64)"]},"response_headers":{"Access-Control-Allow-Origin":["*"],"Cache-Control":["max-age=-1"],"Content-Type":["application/octet-stream"],"Date":["Mon, 29 Aug 2022 17:06:41 GMT"],"Link":["<https://acme.zerossl.com/v2/DV90>;rel=\"index\""],"Replay-Nonce":["gpmFMct2ZVtvp_bgwZL4yvGKxGW-WaQB0aX6vRnIQLI"],"Server":["nginx"],"Strict-Transport-Security":["max-age=15552000"]},"status_code":200}
mnr-caddy-docker-caddy-1  | {"level":"debug","ts":1661792805.473816,"logger":"tls.issuance.acme.acme_client","msg":"http request","method":"POST","url":"https://acme.zerossl.com/v2/DV90/newOrder","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.5.2 CertMagic acmez (linux; arm64)"]},"response_headers":{"Access-Control-Allow-Origin":["*"],"Cache-Control":["max-age=0, no-cache, no-store","max-age=-1"],"Content-Length":["272"],"Content-Type":["application/json"],"Date":["Mon, 29 Aug 2022 17:06:45 GMT"],"Location":["https://acme.zerossl.com/v2/DV90/order/dwxLSx4nSyCG0oFrWxgmnw"],"Replay-Nonce":["GxydH5BewGbOvPKQzIZDZzMa6aqZVh93J4b4G9_6wMQ"],"Server":["nginx"],"Status":[""],"Strict-Transport-Security":["max-age=15552000"]},"status_code":201}
mnr-caddy-docker-caddy-1  | {"level":"debug","ts":1661792805.477913,"logger":"tls.issuance.acme.acme_client","msg":"http request","method":"POST","url":"https://acme.zerossl.com/v2/DV90/newOrder","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.5.2 CertMagic acmez (linux; arm64)"]},"response_headers":{"Access-Control-Allow-Origin":["*"],"Cache-Control":["max-age=0, no-cache, no-store","max-age=-1"],"Content-Length":["272"],"Content-Type":["application/json"],"Date":["Mon, 29 Aug 2022 17:06:45 GMT"],"Location":["https://acme.zerossl.com/v2/DV90/order/zhzUvLXWp5iU5Dqx8pEcwg"],"Replay-Nonce":["3FHbC9eNfWeYot7k3LQaKiDEj-cs975p-Yz130wz9k0"],"Server":["nginx"],"Status":[""],"Strict-Transport-Security":["max-age=15552000"]},"status_code":201}
mnr-caddy-docker-caddy-1  | {"level":"debug","ts":1661792809.81855,"logger":"tls.issuance.acme.acme_client","msg":"http request","method":"POST","url":"https://acme.zerossl.com/v2/DV90/authz/C6FVnEYP_zvxYEpj-C7BSw","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.5.2
CertMagic acmez (linux; arm64)"]},"response_headers":{"Access-Control-Allow-Origin":["*"],"Cache-Control":["max-age=-1"],"Content-Length":["440"],"Content-Type":["application/json"],"Date":["Mon, 29 Aug 2022 17:06:49 GMT"],"Link":["<https://acme.zerossl.com/v2/DV90>;rel=\"index\""],"Replay-Nonce":["zX40z0cOPfK8p0sf-BBeahKTrSbVpp0v4rUkZC-9OPY"],"Retry-After":["5"],"Server":["nginx"],"Strict-Transport-Security":["max-age=15552000"]},"status_code":200}
mnr-caddy-docker-caddy-1  | {"level":"debug","ts":1661792809.8189013,"logger":"tls.issuance.acme.acme_client","msg":"no solver configured","challenge_type":"dns-01"}
mnr-caddy-docker-caddy-1  | {"level":"info","ts":1661792809.8189278,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"be.mnr.dev","challenge_type":"http-01","ca":"https://acme.zerossl.com/v2/DV90"}
mnr-caddy-docker-caddy-1  | {"level":"debug","ts":1661792809.8185987,"logger":"tls.issuance.acme.acme_client","msg":"http request","method":"POST","url":"https://acme.zerossl.com/v2/DV90/authz/hJ0rSDfjOSpz0mns4SL3fQ","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.5.2 CertMagic acmez (linux; arm64)"]},"response_headers":{"Access-Control-Allow-Origin":["*"],"Cache-Control":["max-age=-1"],"Content-Length":["440"],"Content-Type":["application/json"],"Date":["Mon, 29 Aug 2022 17:06:49 GMT"],"Link":["<https://acme.zerossl.com/v2/DV90>;rel=\"index\""],"Replay-Nonce":["J-rckzDnjA12i-6i4Xykq3-pUZELoMJIXjH2x23xWu0"],"Retry-After":["5"],"Server":["nginx"],"Strict-Transport-Security":["max-age=15552000"]},"status_code":200}
mnr-caddy-docker-caddy-1  | {"level":"debug","ts":1661792809.8192253,"logger":"tls.issuance.acme.acme_client","msg":"no solver configured","challenge_type":"dns-01"}
mnr-caddy-docker-caddy-1  | {"level":"info","ts":1661792809.8192503,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"fe.mnr.dev","challenge_type":"http-01","ca":"https://acme.zerossl.com/v2/DV90"}
mnr-caddy-docker-caddy-1  | {"level":"debug","ts":1661792810.2924716,"logger":"tls.issuance.acme.acme_client","msg":"http request","method":"POST","url":"https://acme.zerossl.com/v2/DV90/chall/FQUNoG5MQVDvmyVlvrNFKg","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.5.2 CertMagic acmez (linux; arm64)"]},"response_headers":{"Access-Control-Allow-Origin":["*"],"Cache-Control":["max-age=-1"],"Content-Length":["164"],"Content-Type":["application/json"],"Date":["Mon, 29 Aug 2022 17:06:50 GMT"],"Link":["<https://acme.zerossl.com/v2/DV90>;rel=\"index\"","<https://acme.zerossl.com/v2/DV90/authz/hJ0rSDfjOSpz0mns4SL3fQ>;rel=\"up\""],"Replay-Nonce":["4aEe2vUahc0sZ_YpjIJ8TJHqByr1Cr7EiBGQE8CHjoc"],"Retry-After":["10"],"Server":["nginx"],"Strict-Transport-Security":["max-age=15552000"]},"status_code":200}
mnr-caddy-docker-caddy-1  | {"level":"debug","ts":1661792810.2926223,"logger":"tls.issuance.acme.acme_client","msg":"challenge accepted","identifier":"fe.mnr.dev","challenge_type":"http-01"}
mnr-caddy-docker-caddy-1  | {"level":"debug","ts":1661792815.195033,"logger":"tls.issuance.acme.acme_client","msg":"http request","method":"POST","url":"https://acme.zerossl.com/v2/DV90/authz/hJ0rSDfjOSpz0mns4SL3fQ","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.5.2 CertMagic acmez (linux; arm64)"]},"response_headers":{"Access-Control-Allow-Origin":["*"],"Cache-Control":["max-age=-1"],"Content-Length":["443"],"Content-Type":["application/json"],"Date":["Mon, 29 Aug 2022 17:06:55 GMT"],"Link":["<https://acme.zerossl.com/v2/DV90>;rel=\"index\""],"Replay-Nonce":["lx1VxgZ7EgfwmA3gYOm_0WBGWHiXRVK0_lkyIEKs_mQ"],"Retry-After":["5"],"Server":["nginx"],"Strict-Transport-Security":["max-age=15552000"]},"status_code":200}
mnr-caddy-docker-caddy-1  | {"level":"debug","ts":1661792818.5574489,"logger":"tls.issuance.acme.acme_client","msg":"http request","method":"POST","url":"https://acme.zerossl.com/v2/DV90/chall/OpXa9O3_8vCAW_-xQ7M6vA","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.5.2 CertMagic acmez (linux; arm64)"]},"response_headers":{"Access-Control-Allow-Origin":["*"],"Cache-Control":["max-age=-1"],"Content-Length":["164"],"Content-Type":["application/json"],"Date":["Mon, 29 Aug 2022 17:06:58 GMT"],"Link":["<https://acme.zerossl.com/v2/DV90>;rel=\"index\"","<https://acme.zerossl.com/v2/DV90/authz/C6FVnEYP_zvxYEpj-C7BSw>;rel=\"up\""],"Replay-Nonce":["IyJAKpjEmWuDD1_Qi60RZlidKItzQrNaqc9gpFIin5I"],"Retry-After":["10"],"Server":["nginx"],"Strict-Transport-Security":["max-age=15552000"]},"status_code":200}
mnr-caddy-docker-caddy-1  | {"level":"debug","ts":1661792818.5578232,"logger":"tls.issuance.acme.acme_client","msg":"challenge accepted","identifier":"be.mnr.dev","challenge_type":"http-01"}
mnr-caddy-docker-caddy-1  | {"level":"debug","ts":1661792823.8348544,"logger":"tls.issuance.acme.acme_client","msg":"http request","method":"POST","url":"https://acme.zerossl.com/v2/DV90/authz/C6FVnEYP_zvxYEpj-C7BSw","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.5.2 CertMagic acmez (linux; arm64)"]},"response_headers":{"Access-Control-Allow-Origin":["*"],"Cache-Control":["max-age=-1"],"Content-Length":["443"],"Content-Type":["application/json"],"Date":["Mon, 29 Aug 2022 17:07:03 GMT"],"Link":["<https://acme.zerossl.com/v2/DV90>;rel=\"index\""],"Replay-Nonce":["Yi2YqjaEHjvh-ZIqNvBqh0igrLfytkptW434o5jq0bU"],"Retry-After":["5"],"Server":["nginx"],"Strict-Transport-Security":["max-age=15552000"]},"status_code":200}
mnr-caddy-docker-caddy-1  | {"level":"debug","ts":1661792825.3708959,"logger":"tls.issuance.acme.acme_client","msg":"http request","method":"POST","url":"https://acme.zerossl.com/v2/DV90/authz/hJ0rSDfjOSpz0mns4SL3fQ","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.5.2 CertMagic acmez (linux; arm64)"]},"response_headers":{"Access-Control-Allow-Origin":["*"],"Cache-Control":["max-age=-1"],"Content-Length":["443"],"Content-Type":["application/json"],"Date":["Mon, 29 Aug 2022 17:07:05 GMT"],"Link":["<https://acme.zerossl.com/v2/DV90>;rel=\"index\""],"Replay-Nonce":["dlQ6ZYuZAl0pxFud4mhKi6zlofh-QbemCuVMigMfsDA"],"Retry-After":["5"],"Server":["nginx"],"Strict-Transport-Security":["max-age=15552000"]},"status_code":200}
mnr-caddy-docker-caddy-1  | {"level":"debug","ts":1661792834.4298885,"logger":"tls.issuance.acme.acme_client","msg":"http request","method":"POST","url":"https://acme.zerossl.com/v2/DV90/authz/hJ0rSDfjOSpz0mns4SL3fQ","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.5.2 CertMagic acmez (linux; arm64)"]},"response_headers":{"Access-Control-Allow-Origin":["*"],"Cache-Control":["max-age=-1"],"Content-Length":["443"],"Content-Type":["application/json"],"Date":["Mon, 29 Aug 2022 17:07:14 GMT"],"Link":["<https://acme.zerossl.com/v2/DV90>;rel=\"index\""],"Replay-Nonce":["MUyLwgGyPq934mBPFUIG6S3sP02cEcXH_IBNkhY_yew"],"Retry-After":["5"],"Server":["nginx"],"Strict-Transport-Security":["max-age=15552000"]},"status_code":200}
mnr-caddy-docker-caddy-1  | {"level":"debug","ts":1661792844.2500963,"logger":"tls.issuance.acme.acme_client","msg":"http request","method":"POST","url":"https://acme.zerossl.com/v2/DV90/authz/hJ0rSDfjOSpz0mns4SL3fQ","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.5.2 CertMagic acmez (linux; arm64)"]},"response_headers":{"Access-Control-Allow-Origin":["*"],"Cache-Control":["max-age=-1"],"Content-Length":["443"],"Content-Type":["application/json"],"Date":["Mon, 29 Aug 2022 17:07:24 GMT"],"Link":["<https://acme.zerossl.com/v2/DV90>;rel=\"index\""],"Replay-Nonce":["4gwMLW5BdDiKnF12ECv5NFwlQVSLleyGw_ImFB88dO8"],"Retry-After":["5"],"Server":["nginx"],"Strict-Transport-Security":["max-age=15552000"]},"status_code":200}
mnr-caddy-docker-caddy-1  | {"level":"debug","ts":1661792845.4200025,"logger":"tls.issuance.acme.acme_client","msg":"http request","method":"POST","url":"https://acme.zerossl.com/v2/DV90/authz/C6FVnEYP_zvxYEpj-C7BSw","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.5.2 CertMagic acmez (linux; arm64)"]},"response_headers":{"Access-Control-Allow-Origin":["*"],"Cache-Control":["max-age=-1"],"Content-Length":["443"],"Content-Type":["application/json"],"Date":["Mon, 29 Aug 2022 17:07:25 GMT"],"Link":["<https://acme.zerossl.com/v2/DV90>;rel=\"index\""],"Replay-Nonce":["1v5fi3aVNWuE8gJVzFTuOmJ1rwsO0mR578gpNaIKc38"],"Retry-After":["5"],"Server":["nginx"],"Strict-Transport-Security":["max-age=15552000"]},"status_code":200}
mnr-caddy-docker-caddy-1  | {"level":"debug","ts":1661792849.7394729,"logger":"tls.issuance.acme.acme_client","msg":"http request","method":"POST","url":"https://acme.zerossl.com/v2/DV90/authz/hJ0rSDfjOSpz0mns4SL3fQ","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.5.2 CertMagic acmez (linux; arm64)"]},"response_headers":{"Access-Control-Allow-Origin":["*"],"Cache-Control":["max-age=-1"],"Content-Length":["443"],"Content-Type":["application/json"],"Date":["Mon, 29 Aug 2022 17:07:29 GMT"],"Link":["<https://acme.zerossl.com/v2/DV90>;rel=\"index\""],"Replay-Nonce":["DxXdMG2YmpDw8oi0ItEtbZV0wQOlrtHe9Tup-ozfkOc"],"Retry-After":["5"],"Server":["nginx"],"Strict-Transport-Security":["max-age=15552000"]},"status_code":200}
mnr-caddy-docker-caddy-1  | {"level":"debug","ts":1661792855.2918198,"logger":"tls.issuance.acme.acme_client","msg":"http request","method":"POST","url":"https://acme.zerossl.com/v2/DV90/authz/C6FVnEYP_zvxYEpj-C7BSw","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.5.2 CertMagic acmez (linux; arm64)"]},"response_headers":{"Access-Control-Allow-Origin":["*"],"Cache-Control":["max-age=-1"],"Content-Length":["443"],"Content-Type":["application/json"],"Date":["Mon, 29 Aug 2022 17:07:35 GMT"],"Link":["<https://acme.zerossl.com/v2/DV90>;rel=\"index\""],"Replay-Nonce":["6sxfKLyQpOr88ZaD81qnDhdQxQAfJpF-RV5DDIoE0JE"],"Retry-After":["5"],"Server":["nginx"],"Strict-Transport-Security":["max-age=15552000"]},"status_code":200}
mnr-caddy-docker-caddy-1  | {"level":"debug","ts":1661792859.448882,"logger":"tls.issuance.acme.acme_client","msg":"http request","method":"POST","url":"https://acme.zerossl.com/v2/DV90/authz/hJ0rSDfjOSpz0mns4SL3fQ","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.5.2 CertMagic acmez (linux; arm64)"]},"response_headers":{"Access-Control-Allow-Origin":["*"],"Cache-Control":["max-age=-1"],"Content-Length":["443"],"Content-Type":["application/json"],"Date":["Mon, 29 Aug 2022 17:07:39 GMT"],"Link":["<https://acme.zerossl.com/v2/DV90>;rel=\"index\""],"Replay-Nonce":["j-_Y40n0_PWRRm5Q0VpRAp7k_YAKDSsa0Fa42n3PT88"],"Retry-After":["5"],"Server":["nginx"],"Strict-Transport-Security":["max-age=15552000"]},"status_code":200}
mnr-caddy-docker-caddy-1  | {"level":"debug","ts":1661792865.2252295,"logger":"tls.issuance.acme.acme_client","msg":"http request","method":"POST","url":"https://acme.zerossl.com/v2/DV90/authz/C6FVnEYP_zvxYEpj-C7BSw","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.5.2 CertMagic acmez (linux; arm64)"]},"response_headers":{"Access-Control-Allow-Origin":["*"],"Cache-Control":["max-age=-1"],"Content-Length":["443"],"Content-Type":["application/json"],"Date":["Mon, 29 Aug 2022 17:07:45 GMT"],"Link":["<https://acme.zerossl.com/v2/DV90>;rel=\"index\""],"Replay-Nonce":["bPdWTG1vkKOl8T58uL--k7ZzIUih0TbjVGqm_hnww3Y"],"Retry-After":["5"],"Server":["nginx"],"Strict-Transport-Security":["max-age=15552000"]},"status_code":200}
mnr-caddy-docker-caddy-1  | {"level":"debug","ts":1661792869.6622844,"logger":"tls.issuance.acme.acme_client","msg":"http request","method":"POST","url":"https://acme.zerossl.com/v2/DV90/authz/hJ0rSDfjOSpz0mns4SL3fQ","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.5.2 CertMagic acmez (linux; arm64)"]},"response_headers":{"Access-Control-Allow-Origin":["*"],"Cache-Control":["max-age=-1"],"Content-Length":["443"],"Content-Type":["application/json"],"Date":["Mon, 29 Aug 2022 17:07:49 GMT"],"Link":["<https://acme.zerossl.com/v2/DV90>;rel=\"index\""],"Replay-Nonce":["oh_EWlHyG-g3jKzuT2Iwee5-u0PR_0B10dBC-NPt6Ok"],"Retry-After":["5"],"Server":["nginx"],"Strict-Transport-Security":["max-age=15552000"]},"status_code":200}
mnr-caddy-docker-caddy-1  | {"level":"debug","ts":1661792875.7040248,"logger":"tls.issuance.acme.acme_client","msg":"http request","method":"POST","url":"https://acme.zerossl.com/v2/DV90/authz/C6FVnEYP_zvxYEpj-C7BSw","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.5.2 CertMagic acmez (linux; arm64)"]},"response_headers":{"Access-Control-Allow-Origin":["*"],"Cache-Control":["max-age=-1"],"Content-Length":["443"],"Content-Type":["application/json"],"Date":["Mon, 29 Aug 2022 17:07:55 GMT"],"Link":["<https://acme.zerossl.com/v2/DV90>;rel=\"index\""],"Replay-Nonce":["6Sjx1fBxJD2yTM4zCJj5WXRwb6nHbrpOavV21sKx3RA"],"Retry-After":["5"],"Server":["nginx"],"Strict-Transport-Security":["max-age=15552000"]},"status_code":200}
mnr-caddy-docker-caddy-1  | {"level":"debug","ts":1661792879.563565,"logger":"tls.issuance.acme.acme_client","msg":"http request","method":"POST","url":"https://acme.zerossl.com/v2/DV90/authz/hJ0rSDfjOSpz0mns4SL3fQ","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.5.2 CertMagic acmez (linux; arm64)"]},"response_headers":{"Access-Control-Allow-Origin":["*"],"Cache-Control":["max-age=-1"],"Content-Length":["443"],"Content-Type":["application/json"],"Date":["Mon, 29 Aug 2022 17:07:59 GMT"],"Link":["<https://acme.zerossl.com/v2/DV90>;rel=\"index\""],"Replay-Nonce":["pHcQ9wAdIX5g9NU8QYTNmdEEA8qyFrhendViQS4zyPU"],"Retry-After":["5"],"Server":["nginx"],"Strict-Transport-Security":["max-age=15552000"]},"status_code":200}
mnr-caddy-docker-caddy-1  | {"level":"debug","ts":1661792885.1950052,"logger":"tls.issuance.acme.acme_client","msg":"http request","method":"POST","url":"https://acme.zerossl.com/v2/DV90/authz/hJ0rSDfjOSpz0mns4SL3fQ","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.5.2 CertMagic acmez (linux; arm64)"]},"response_headers":{"Access-Control-Allow-Origin":["*"],"Cache-Control":["max-age=-1"],"Content-Length":["443"],"Content-Type":["application/json"],"Date":["Mon, 29 Aug 2022 17:08:04 GMT"],"Link":["<https://acme.zerossl.com/v2/DV90>;rel=\"index\""],"Replay-Nonce":["kRwZPegvjXrv-VK_cSjorozMFUHPL8Vz_ab0ED183R4"],"Retry-After":["5"],"Server":["nginx"],"Strict-Transport-Security":["max-age=15552000"]},"status_code":200}
mnr-caddy-docker-caddy-1  | {"level":"debug","ts":1661792890.931077,"logger":"tls.issuance.acme.acme_client","msg":"http request","method":"POST","url":"https://acme.zerossl.com/v2/DV90/authz/hJ0rSDfjOSpz0mns4SL3fQ","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.5.2 CertMagic acmez (linux; arm64)"]},"response_headers":{"Access-Control-Allow-Origin":["*"],"Cache-Control":["max-age=-1"],"Content-Length":["443"],"Content-Type":["application/json"],"Date":["Mon, 29 Aug 2022 17:08:10 GMT"],"Link":["<https://acme.zerossl.com/v2/DV90>;rel=\"index\""],"Replay-Nonce":["MPA63JZnMlckTP3sxLWc4ahYaY7GAxNx2lly6H-wU8A"],"Retry-After":["5"],"Server":["nginx"],"Strict-Transport-Security":["max-age=15552000"]},"status_code":200}
mnr-caddy-docker-caddy-1  | {"level":"debug","ts":1661792893.6476412,"logger":"tls.issuance.acme.acme_client","msg":"http request","method":"POST","url":"https://acme.zerossl.com/v2/DV90/authz/C6FVnEYP_zvxYEpj-C7BSw","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.5.2 CertMagic acmez (linux; arm64)"]},"response_headers":{"Access-Control-Allow-Origin":["*"],"Cache-Control":["max-age=-1"],"Content-Length":["443"],"Content-Type":["application/json"],"Date":["Mon, 29 Aug 2022 17:08:13 GMT"],"Link":["<https://acme.zerossl.com/v2/DV90>;rel=\"index\""],"Replay-Nonce":["LpD3TL_EXjp1ia03MkecQtXsy5WylW2Y5RV_oFIc3Bo"],"Retry-After":["5"],"Server":["nginx"],"Strict-Transport-Security":["max-age=15552000"]},"status_code":200}
mnr-caddy-docker-caddy-1  | {"level":"debug","ts":1661792896.3571715,"logger":"tls.issuance.acme.acme_client","msg":"http request","method":"POST","url":"https://acme.zerossl.com/v2/DV90/authz/hJ0rSDfjOSpz0mns4SL3fQ","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.5.2 CertMagic acmez (linux; arm64)"]},"response_headers":{"Access-Control-Allow-Origin":["*"],"Cache-Control":["max-age=-1"],"Content-Length":["443"],"Content-Type":["application/json"],"Date":["Mon, 29 Aug 2022 17:08:16 GMT"],"Link":["<https://acme.zerossl.com/v2/DV90>;rel=\"index\""],"Replay-Nonce":["9SmCV3F1vVUEF-zpSRen_7xV2RWyeXhT1C6Um6AQsS8"],"Retry-After":["5"],"Server":["nginx"],"Strict-Transport-Security":["max-age=15552000"]},"status_code":200}
mnr-caddy-docker-caddy-1  | {"level":"debug","ts":1661792903.4899027,"logger":"tls.issuance.acme.acme_client","msg":"http request","method":"POST","url":"https://acme.zerossl.com/v2/DV90/authz/C6FVnEYP_zvxYEpj-C7BSw","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.5.2 CertMagic acmez (linux; arm64)"]},"response_headers":{"Access-Control-Allow-Origin":["*"],"Cache-Control":["max-age=-1"],"Content-Length":["443"],"Content-Type":["application/json"],"Date":["Mon, 29 Aug 2022 17:08:23 GMT"],"Link":["<https://acme.zerossl.com/v2/DV90>;rel=\"index\""],"Replay-Nonce":["whvTAN85flyVAFUY2sVTuBHq5P7lBDkzWy3--dz78uk"],"Retry-After":["5"],"Server":["nginx"],"Strict-Transport-Security":["max-age=15552000"]},"status_code":200}
mnr-caddy-docker-caddy-1  | {"level":"debug","ts":1661792906.1843536,"logger":"tls.issuance.acme.acme_client","msg":"http request","method":"POST","url":"https://acme.zerossl.com/v2/DV90/authz/hJ0rSDfjOSpz0mns4SL3fQ","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.5.2 CertMagic acmez (linux; arm64)"]},"response_headers":{"Access-Control-Allow-Origin":["*"],"Cache-Control":["max-age=-1"],"Content-Length":["443"],"Content-Type":["application/json"],"Date":["Mon, 29 Aug 2022 17:08:25 GMT"],"Link":["<https://acme.zerossl.com/v2/DV90>;rel=\"index\""],"Replay-Nonce":["ANpvcg2oAOAqbemkX9AWeb4VNmXpAPChAZzmin8xR0I"],"Retry-After":["5"],"Server":["nginx"],"Strict-Transport-Security":["max-age=15552000"]},"status_code":200}
mnr-caddy-docker-caddy-1  | {"level":"debug","ts":1661792913.6732745,"logger":"tls.issuance.acme.acme_client","msg":"http request","method":"POST","url":"https://acme.zerossl.com/v2/DV90/authz/C6FVnEYP_zvxYEpj-C7BSw","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.5.2 CertMagic acmez (linux; arm64)"]},"response_headers":{"Access-Control-Allow-Origin":["*"],"Cache-Control":["max-age=-1"],"Content-Length":["443"],"Content-Type":["application/json"],"Date":["Mon, 29 Aug 2022 17:08:33 GMT"],"Link":["<https://acme.zerossl.com/v2/DV90>;rel=\"index\""],"Replay-Nonce":["4n_Bqg6YpdMMaUFQ8GlQgxNRA9y7jF3k-1FeEEFkSAk"],"Retry-After":["5"],"Server":["nginx"],"Strict-Transport-Security":["max-age=15552000"]},"status_code":200}
mnr-caddy-docker-caddy-1  | {"level":"debug","ts":1661792915.7743435,"logger":"tls.issuance.acme.acme_client","msg":"http request","method":"POST","url":"https://acme.zerossl.com/v2/DV90/authz/hJ0rSDfjOSpz0mns4SL3fQ","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.5.2 CertMagic acmez (linux; arm64)"]},"response_headers":{"Access-Control-Allow-Origin":["*"],"Cache-Control":["max-age=-1"],"Content-Length":["443"],"Content-Type":["application/json"],"Date":["Mon, 29 Aug 2022 17:08:35 GMT"],"Link":["<https://acme.zerossl.com/v2/DV90>;rel=\"index\""],"Replay-Nonce":["FUPyfNzfP9dAQcPB1un0qbB4oCPBrVS_gRFQXLo0RCk"],"Retry-After":["5"],"Server":["nginx"],"Strict-Transport-Security":["max-age=15552000"]},"status_code":200}```
And it just keeps looping like this.
36

That means the domain doesn’t exist / doesn’t have an entry in a zone file. Are you sure you’ve provisioned a record for fe.mnr.dev? (I confirmed I also get that error for that domain.)

37

Well no of course not :smiley: The whole point of this exercise is to have a localhost dev environment. If I’m going to have to register a domain to get this to work then I may as well just ssh into the server and code there and wave bye bye to having a local dev env.

Am I the only dev in the world who works locally these days? It’s starting to feel that way, judging by the enormous difficulty of this attempt.

1 Like
38

I’ve tried it now with fe.mnr.localhost instead, and I get the following logs:

mnr-caddy-docker-caddy-1  | {"level":"info","ts":1661795136.1842198,"msg":"using provided configuration","config_file":"/etc/caddy/Caddyfile","config_adapter":"caddyfile"}
mnr-caddy-docker-caddy-1  | {"level":"warn","ts":1661795136.186114,"msg":"Caddyfile input is not formatted; run the 'caddy fmt' command to fix
inconsistencies","adapter":"caddyfile","file":"/etc/caddy/Caddyfile","line":2}
mnr-caddy-docker-caddy-1  | {"level":"info","ts":1661795136.1870143,"logger":"admin","msg":"admin endpoint started","address":"tcp/localhost:2019","enforce_origin":false,"origins":["//localhost:2019","//[::1]:2019","//127.0.0.1:2019"]}
mnr-caddy-docker-caddy-1  | {"level":"info","ts":1661795136.1878214,"logger":"http","msg":"server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS","server_name":"srv0","https_port":443}
mnr-caddy-docker-caddy-1  | {"level":"info","ts":1661795136.187841,"logger":"http","msg":"enabling automatic HTTP->HTTPS redirects","server_name":"srv0"}
mnr-caddy-docker-caddy-1  | {"level":"info","ts":1661795136.1883545,"logger":"tls.cache.maintenance","msg":"started background certificate maintenance","cache":"0x4000636e70"}
mnr-caddy-docker-caddy-1  | {"level":"info","ts":1661795136.211213,"logger":"tls","msg":"cleaning storage unit","description":"FileStorage:/data/caddy"}
mnr-caddy-docker-caddy-1  | {"level":"info","ts":1661795136.2214913,"logger":"tls","msg":"finished cleaning storage units"}
mnr-caddy-docker-caddy-1  | {"level":"info","ts":1661795136.2307372,"logger":"pki.ca.local","msg":"root certificate is already trusted by system","path":"storage:pki/authorities/local/root.crt"}
mnr-caddy-docker-caddy-1  | {"level":"debug","ts":1661795136.231086,"logger":"http","msg":"starting server loop","address":"[::]:443","http3":false,"tls":true}
mnr-caddy-docker-caddy-1  | {"level":"debug","ts":1661795136.2311997,"logger":"http","msg":"starting server loop","address":"[::]:80","http3":false,"tls":false}
mnr-caddy-docker-caddy-1  | {"level":"info","ts":1661795136.231219,"logger":"http","msg":"enabling automatic TLS certificate management","domains":["fe.mnr.localhost","be.mnr.localhost"]}
mnr-caddy-docker-caddy-1  | {"level":"info","ts":1661795136.2429397,"msg":"autosaved config (load with --resume flag)","file":"/config/caddy/autosave.json"}
mnr-caddy-docker-caddy-1  | {"level":"info","ts":1661795136.2429616,"msg":"serving initial configuration"}
mnr-caddy-docker-caddy-1  | {"level":"info","ts":1661795136.2477531,"logger":"tls.obtain","msg":"acquiring lock","identifier":"fe.mnr.localhost"}
mnr-caddy-docker-caddy-1  | {"level":"info","ts":1661795136.251336,"logger":"tls.obtain","msg":"acquiring lock","identifier":"be.mnr.localhost"}
mnr-caddy-docker-caddy-1  | {"level":"info","ts":1661795136.255244,"logger":"tls.obtain","msg":"lock acquired","identifier":"fe.mnr.localhost"}
mnr-caddy-docker-caddy-1  | {"level":"info","ts":1661795136.257446,"logger":"tls.obtain","msg":"lock acquired","identifier":"be.mnr.localhost"}
mnr-caddy-docker-caddy-1  | {"level":"debug","ts":1661795136.257859,"logger":"tls.obtain","msg":"trying issuer 1/1","issuer":"local"}
mnr-caddy-docker-caddy-1  | {"level":"debug","ts":1661795136.2587411,"logger":"pki.ca.local","msg":"using intermediate signer","serial":"203878197125419019603004198986868433327","not_before":"2022-08-28 11:27:41 +0000 UTC","not_after":"2022-09-04 11:27:41 +0000 UTC"}
mnr-caddy-docker-caddy-1  | {"level":"debug","ts":1661795136.2616694,"logger":"tls.obtain","msg":"trying issuer 1/1","issuer":"local"}
mnr-caddy-docker-caddy-1  | {"level":"debug","ts":1661795136.2618744,"logger":"pki.ca.local","msg":"using intermediate signer","serial":"203878197125419019603004198986868433327","not_before":"2022-08-28 11:27:41 +0000 UTC","not_after":"2022-09-04 11:27:41 +0000 UTC"}
mnr-caddy-docker-caddy-1  | {"level":"info","ts":1661795136.2843966,"logger":"tls.obtain","msg":"certificate obtained successfully","identifier":"fe.mnr.localhost"}
mnr-caddy-docker-caddy-1  | {"level":"info","ts":1661795136.2845175,"logger":"tls.obtain","msg":"releasing lock","identifier":"fe.mnr.localhost"}
mnr-caddy-docker-caddy-1  | {"level":"info","ts":1661795136.2892864,"logger":"tls.obtain","msg":"certificate obtained successfully","identifier":"be.mnr.localhost"}
mnr-caddy-docker-caddy-1  | {"level":"info","ts":1661795136.2893107,"logger":"tls.obtain","msg":"releasing lock","identifier":"be.mnr.localhost"}
mnr-caddy-docker-caddy-1  | {"level":"warn","ts":1661795136.2989419,"logger":"tls","msg":"stapling OCSP","error":"no OCSP stapling for [fe.mnr.localhost]: no OCSP server specified in certificate","identifiers":["fe.mnr.localhost"]}
mnr-caddy-docker-caddy-1  | {"level":"debug","ts":1661795136.2989686,"logger":"tls.cache","msg":"added certificate to cache","subjects":["fe.mnr.localhost"],"expiration":1661838336,"managed":true,"issuer_key":"local","hash":"efae3d896397d36afcfe24e2bfc133dce5678de8e5abb9d59e409db2b3294c88","cache_size":1,"cache_capacity":10000}
mnr-caddy-docker-caddy-1  | {"level":"warn","ts":1661795136.3044267,"logger":"tls","msg":"stapling OCSP","error":"no OCSP stapling for [be.mnr.localhost]: no OCSP server specified in certificate","identifiers":["be.mnr.localhost"]}
mnr-caddy-docker-caddy-1  | {"level":"debug","ts":1661795136.3044608,"logger":"tls.cache","msg":"added certificate to cache","subjects":["be.mnr.localhost"],"expiration":1661838336,"managed":true,"issuer_key":"local","hash":"8612f9a6bb648d5d237cdcec4d455f2f1454e1f8d2902af7735d9956248f3477","cache_size":2,"cache_capacity":10000}
1 Like
39

But it works! And my session cookie is being saved!!

So it seems the magic formula is that it:

  • must be on the localhost top-level domain
  • must have two dots in the domain name
1 Like
40

OMG I’m going to faint. I must be dreaming!
No doubt tomorrow when I wake up it will have stopped working :laughing:

1 Like
41

Ah sorry, I admit in my hurry I didn’t catch up on the whole thread and missed that you wanted local dev only.

Caddy still works very well for local dev and internal infrastructure!

Glad you got it working!

As stated in the docs automatic HTTPS will use a public CA for all hostnames that aren’t localhost and don’t end in .localhost. So if you only have private DNS where that domain is defined, you can’t get a cert from those CAs anyway since they can’t verify its identity.

You can use an internal CA including Caddy’s built-in authority, but those aren’t trusted by other systems/programs by default. You’d have to install trust by adding the root cert to trust store(s).

Not necessary actually; foo.localhost will work just as well as localhost.

That one is the key right there, for internal certs.

Or you can force the use of Caddy’s self-signing CA with tls internal directive or the internal_certs global option.

Hopefully not this time :sweat_smile:

42

Maybe not necessary for certs but it is necessary in order for the browser to store the session cookie.

1 Like
43

This topic was automatically closed after 30 days. New replies are no longer allowed.