HTTPS Secure Connect Failed on locally hosted site using DuckDNS Plugin

Help
1

1. The problem I’m having:

https is failing on a file_server index.html

curl -vL https://cathead.duckdns.org
* Host cathead.duckdns.org:443 was resolved.
* IPv6: (none)
* IPv4: 47.32.80.65
*   Trying 47.32.80.65:443...
* Connected to cathead.duckdns.org (47.32.80.65) port 443
* ALPN: curl offers h2,http/1.1
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
*  CAfile: /etc/ssl/certs/ca-certificates.crt
*  CApath: /etc/ssl/certs
* TLSv1.3 (IN), TLS alert, internal error (592):
* OpenSSL/3.0.13: error:0A000438:SSL routines::tlsv1 alert internal error
* Closing connection
curl: (35) OpenSSL/3.0.13: error:0A000438:SSL routines::tlsv1 alert internal error

I’ve added the duckdns plugin using xcaddy
(https works for reverse proxies)

2. Error messages and/or full log output:

Jan 31 10:58:01 TheDrone caddy[194031]: {"level":"info","ts":1738339081.83    89661,"logger":"admin","msg":"stopped previous server","address":"localhos    t:2019"}                                                                    2 Jan 31 10:58:01 TheDrone caddy[194031]: {"level":"info","ts":1738339081.83    89807,"msg":"shutdown complete","signal":"SIGTERM","exit_code":0}
  3 Jan 31 10:58:01 TheDrone systemd[1]: Stopped caddy.service - Caddy.         4 Jan 31 10:58:01 TheDrone systemd[1]: caddy.service: Consumed 28.386s CPU t    ime, 27.6M memory peak, 0B memory swap peak.                                5 Jan 31 10:58:23 TheDrone systemd[1]: Starting caddy.service - Caddy...      6 Jan 31 10:58:23 TheDrone caddy[395978]: caddy.HomeDir=/var/lib/caddy
  7 Jan 31 10:58:23 TheDrone caddy[395978]: caddy.AppDataDir=/var/lib/caddy/.l    ocal/share/caddy
  8 Jan 31 10:58:23 TheDrone caddy[395978]: caddy.AppConfigDir=/var/lib/caddy/    .config/caddy
  9 Jan 31 10:58:23 TheDrone caddy[395978]: caddy.ConfigAutosavePath=/var/lib/    caddy/.config/caddy/autosave.json
 10 Jan 31 10:58:23 TheDrone caddy[395978]: caddy.Version=v2.9.1 h1:OEYiZ7DbCz    AWVb6TNEkjRcSCRGHVoZsJinoDR/n9oaY=
 11 Jan 31 10:58:23 TheDrone caddy[395978]: runtime.GOOS=linux
 12 Jan 31 10:58:23 TheDrone caddy[395978]: runtime.GOARCH=amd64
 13 Jan 31 10:58:23 TheDrone caddy[395978]: runtime.Compiler=gc
 14 Jan 31 10:58:23 TheDrone caddy[395978]: runtime.NumCPU=4
 15 Jan 31 10:58:23 TheDrone caddy[395978]: runtime.GOMAXPROCS=4
 16 Jan 31 10:58:23 TheDrone caddy[395978]: runtime.Version=go1.23.5
 17 Jan 31 10:58:23 TheDrone caddy[395978]: os.Getwd=/
 18 Jan 31 10:58:23 TheDrone caddy[395978]: LANG=en_US.UTF-8
 19 Jan 31 10:58:23 TheDrone caddy[395978]: PATH=/usr/local/sbin:/usr/local/bi    n:/usr/sbin:/usr/bin:/snap/bin
 20 Jan 31 10:58:23 TheDrone caddy[395978]: NOTIFY_SOCKET=/run/systemd/notify
 21 Jan 31 10:58:23 TheDrone caddy[395978]: USER=caddy
 22 Jan 31 10:58:23 TheDrone caddy[395978]: LOGNAME=caddy
 23 Jan 31 10:58:23 TheDrone caddy[395978]: HOME=/var/lib/caddy
 24 Jan 31 10:58:23 TheDrone caddy[395978]: INVOCATION_ID=c0d8ee493ac44784a8cb    8ce3c6e4be8a
 25 Jan 31 10:58:23 TheDrone caddy[395978]: JOURNAL_STREAM=8:1447867
 26 Jan 31 10:58:23 TheDrone caddy[395978]: SYSTEMD_EXEC_PID=395978
27 Jan 31 10:58:23 TheDrone caddy[395978]: MEMORY_PRESSURE_WATCH=/sys/fs/cgro    up/system.slice/caddy.service/memory.pressure
 28 Jan 31 10:58:23 TheDrone caddy[395978]: MEMORY_PRESSURE_WRITE=c29tZSAyMDAw    MDAgMjAwMDAwMAA=
 29 Jan 31 10:58:23 TheDrone caddy[395978]: {"level":"info","ts":1738339103.18    54513,"msg":"using config from file","file":"/etc/caddy/Caddyfile"}
 30 Jan 31 10:58:23 TheDrone caddy[395978]: {"level":"info","ts":1738339103.18    71948,"msg":"adapted config to JSON","adapter":"caddyfile"}
 31 Jan 31 10:58:23 TheDrone caddy[395978]: {"level":"warn","ts":1738339103.18    72056,"msg":"Caddyfile input is not formatted; run 'caddy fmt --overwrite'     to fix inconsistencies","adapter":"caddyfile","file":"/etc/caddy/Caddyfil    e","line":22}
  32 Jan 31 10:58:23 TheDrone caddy[395978]: {"level":"info","ts":1738339103.18
    83636,"logger":"admin","msg":"admin endpoint started","address":"localhost    :2019","enforce_origin":false,"origins":["//127.0.0.1:2019","//localhost:2    019","//[::1]:2019"]}
 33 Jan 31 10:58:23 TheDrone caddy[395978]: {"level":"info","ts":1738339103.18    85588,"logger":"http.auto_https","msg":"server is listening only on the HT    TPS port but has no TLS connection policies; adding one to enable TLS","se    rver_name":"srv0","https_port":443}
 34 Jan 31 10:58:23 TheDrone caddy[395978]: {"level":"info","ts":1738339103.18    85667,"logger":"tls.cache.maintenance","msg":"started background certifica    te maintenance","cache":"0xc00028f280"}
 35 Jan 31 10:58:23 TheDrone caddy[395978]: {"level":"info","ts":1738339103.18    85822,"logger":"http.auto_https","msg":"enabling automatic HTTP->HTTPS red    irects","server_name":"srv0"}
 36 Jan 31 10:58:23 TheDrone caddy[395978]: {"level":"warn","ts":1738339103.18    85982,"logger":"http.auto_https","msg":"server is listening only on the HT    TP port, so no automatic HTTPS will be applied to this server","server_nam    e":"srv1","http_port":80}
37 Jan 31 10:58:23 TheDrone caddy[395978]: {"level":"info","ts":1738339103.18    98248,"logger":"http","msg":"enabling HTTP/3 listener","addr":":443"}
 38 Jan 31 10:58:23 TheDrone caddy[395978]: {"level":"info","ts":1738339103.19    02084,"logger":"http.log","msg":"server running","name":"srv0","protocols"    :["h1","h2","h3"]}
 39 Jan 31 10:58:23 TheDrone caddy[395978]: {"level":"warn","ts":1738339103.19    02585,"logger":"http","msg":"HTTP/2 skipped because it requires TLS","netw    ork":"tcp","addr":":80"}
 40 Jan 31 10:58:23 TheDrone caddy[395978]: {"level":"warn","ts":1738339103.19
    02661,"logger":"http","msg":"HTTP/3 skipped because it requires TLS","netw    ork":"tcp","addr":":80"}
 41 Jan 31 10:58:23 TheDrone caddy[395978]: {"level":"info","ts":1738339103.19    02747,"logger":"http.log","msg":"server running","name":"srv1","protocols"    :["h1","h2","h3"]}
42 Jan 31 10:58:23 TheDrone caddy[395978]: {"level":"info","ts":1738339103.19    02795,"logger":"http","msg":"enabling automatic TLS certificate management    ","domains":["jellyfin.cathead.duckdns.org","immich.cathead.duckdns.org","    plex.cathead.duckdns.org","adguard.cathead.duckdns.org","openwrt.cathead.d    uckdns.org","calibre.cathead.duckdns.org","ownfoil.cathead.duckdns.org","a    udiobookshelf.cathead.duckdns.org","transmission.cathead.duckdns.org","sou    lseek.cathead.duckdns.org"]}
 43 Jan 31 10:58:23 TheDrone caddy[395978]: {"level":"info","ts":1738339103.27    41156,"logger":"tls","msg":"storage cleaning happened too recently; skippi    ng for now","storage":"FileStorage:/var/lib/caddy/.local/share/caddy","ins    tance":"5bf20750-46f1-45f6-937d-816d56d609c6","try_again":1738425503.27411    3,"try_again_in":86399.999999233}
 44 Jan 31 10:58:23 TheDrone caddy[395978]: {"level":"info","ts":1738339103.27    42667,"logger":"tls","msg":"finished cleaning storage units"}
 45 Jan 31 10:58:23 TheDrone caddy[395978]: {"level":"info","ts":1738339103.46    24128,"msg":"autosaved config (load with --resume flag)","file":"/var/lib/    caddy/.config/caddy/autosave.json"}
 46 Jan 31 10:58:23 TheDrone caddy[395978]: {"level":"info","ts":1738339103.46    25354,"msg":"serving initial configuration"}

3. Caddy version:

v2.9.1 h1:OEYiZ7DbCzAWVb6TNEkjRcSCRGHVoZsJinoDR/n9oaY=

4. How I installed and ran Caddy:

a. System environment:

latest Ubuntu
systemd

b. Command:

systemctl start caddy.service

c. Service/unit/compose file:

d. My complete Caddy config:

 11 {
 12     debug
 13 }
 14
 15 cathead.duckdns.org:80 {
 16         tls {
 17                 dns duckdns 00000000-0000-0000-00000
 18         }
 19         # Set this path to your site's directory.
 20         root * /var/www/
 21
 22         file_server
 23
24         # Enable the static file server.
 25         #file_server
 26
 27 }
 28
 29 openwrt.cathead.duckdns.org {
 30         reverse_proxy 192.168.1.1
 31 }
 32
 33 adguard.cathead.duckdns.org {
 34         reverse_proxy 192.168.1.1:8080
 35 }
 36
 37 audiobookshelf.cathead.duckdns.org {
 38         reverse_proxy 192.168.1.55:13378
 39 }
 40
 41 calibre.cathead.duckdns.org {
42         reverse_proxy 192.168.1.55:8282
 43 }
 44
 45 immich.cathead.duckdns.org {
 46         reverse_proxy 192.168.1.55:2283
 47 }
 48
 49 jellyfin.cathead.duckdns.org {
 50         reverse_proxy 192.168.1.55:8096
 51 }
 52
 53 plex.cathead.duckdns.org {
 54         reverse_proxy 192.168.1.55:32400
 55 }
 56
 57 soulseek.cathead.duckdns.org {
 58         reverse_proxy 192.168.1.55:5030
 59 }
60
 61 transmission.cathead.duckdns.org {
 62         reverse_proxy 192.168.1.55:9091
 63 }
 64
 65 ownfoil.cathead.duckdns.org {
 66         reverse_proxy 192.168.1.55:8465
 67 }

5. Links to relevant resources:

2

The :80 here is suspicious :eyes:

Remove it

1 Like
3

Thanks for the replay. I’m pretty sure I tried that.
At this point I’ve spent about 30 hours in the past 3 days trying to figure this out, so my head is a bit of a mess with what I’ve done. I’m very new to networking, but not new to linux.

Tried it again, it turns out that when I’ve been testing things out and playing around I was using a Firefox and just reloading the browser to test for changes. This worked a lot of time for various changes, but not this kind. I tested it in incognito mode and it worked! Also tested in tor to be safe.
Should I have just been testing with curl https://mysite.duckdns.org -v ?

4

Browsers have all kinds of idiosyncrasies, e.g. cache, so curl is the recommended and definitive test.

5

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.