1. The problem I’m having:
My current setup is, I’m using Pi-Hole as my local DNS and added my local IP address for my domain so I can connect directly to it when I’m in my local network
Then I set my Tailscale IP as an A record for my domain in Cloudflare so I can still access my server whenever I’m outside and connected to Tailscale using the same domain
I’m using the same domain both in Pi-Hole and Cloudflare
It was working fine when I use tls internal and only accessing it from local network, but after I use the cloudflare setting, I can’t access the domain anymore.
2. Error messages and/or full log output:
caddy | {"level":"info","ts":1678457293.1903226,"logger":"tls.obtain","msg":"obtaining certificate","identifier":"plex.chrisdim.space"}
caddy | {"level":"warn","ts":1678457293.694026,"logger":"http.acme_client","msg":"HTTP request failed; retrying","url":"https://acme-staging-v02.api.letsencrypt.org/directory","error":"performing request: Get \"https://acme-staging-v02.api.letsencrypt.org/directory\": x509: certificate signed by unknown authority"}
caddy | {"level":"warn","ts":1678457294.4264433,"logger":"http.acme_client","msg":"HTTP request failed; retrying","url":"https://acme-staging-v02.api.letsencrypt.org/directory","error":"performing request: Get \"https://acme-staging-v02.api.letsencrypt.org/directory\": x509: certificate signed by unknown authority"}
caddy | {"level":"warn","ts":1678457295.3301404,"logger":"http.acme_client","msg":"HTTP request failed; retrying","url":"https://acme-staging-v02.api.letsencrypt.org/directory","error":"performing request: Get \"https://acme-staging-v02.api.letsencrypt.org/directory\": x509: certificate signed by unknown authority"}
caddy | {"level":"error","ts":1678457295.3302505,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"plex.chrisdim.space","issuer":"acme-v02.api.letsencrypt.org-directory","error":"[plex.chrisdim.space] creating new order: provisioning client: performing request: Get \"https://acme-staging-v02.api.letsencrypt.org/directory\": x509: certificate signed by unknown authority (ca=https://acme-staging-v02.api.letsencrypt.org/directory)"}
caddy | {"level":"warn","ts":1678457295.7752523,"logger":"http.acme_client","msg":"HTTP request failed; retrying","url":"https://acme.zerossl.com/v2/DV90","error":"performing request: Get \"https://acme.zerossl.com/v2/DV90\": x509: certificate signed by unknown authority"}
caddy | {"level":"warn","ts":1678457296.7656417,"logger":"http.acme_client","msg":"HTTP request failed; retrying","url":"https://acme.zerossl.com/v2/DV90","error":"performing request: Get \"https://acme.zerossl.com/v2/DV90\": x509: certificate signed by unknown authority"}
When accessed from a browser I’m getting this error
ERR_SSL_PROTOCOL_ERROR
3. Caddy version:
v2.6.4 h1:2hwYqiRwk1tf3VruhMpLcYTg+11fCdr8S3jhNAdnPy8=
4. How I installed and ran Caddy:
a. System environment:
Docker (custom build image with caddy-dns/cloudflare usin xcaddy)
c. Service/unit/compose file:
Dockerfile
FROM caddy:2.6.4-builder AS builder
RUN xcaddy build \
--with github.com/caddy-dns/cloudflare
FROM caddy:2.6.4
COPY --from=builder /usr/bin/caddy /usr/bin/caddy
d. My complete Caddy config:
{
email {CLOUDFLARE_EMAIL}
}
plex.chrisdim.space {
tls {
dns cloudflare {TOKEN}
resolvers 1.1.1.1
}
reverse_proxy plex:32400
}