Hi!
1. The problem I’m having:
I am having a strange issue which I am unable to debug myself and I thought I could ask the wider community in case someone stumbled across this or has an idea.
I am the backend/ops person writing the code for the backend of a mobile app.
It happened to us twice that all of a sudden the app stops to communicate with the backend without any specifics error besides “Network Error”. This only happens on iOS, and on specific iOS “setups”. I am not sure what affects this issue happening or not, we have tried several different iOS versions and devices without being able to identify what make this bug happens or not.
The only way to fix this problem I have found is to remove the TLS certificates for this specific domain from the file storage and restart Caddy so it generates them again. This was a desperate attempt to fix a bug I don’t understand which somehow worked. The second time this bug happened I redid the same steps and it worked again.
sudo rm /var/lib/caddy/.local/share/caddy/certificates/acme-v02.api.letsencrypt.org-directory/$HOST/$HOST.{key,crt,json}
sudo systemctl restart caddy
I now know that the issue resides in the communication between the app and the server and more specifically in the TLS exchange. However I can’t figure out what exactly is the issue and would appreciate any tips on that.
Thank you!
2. Error messages and/or full log output:
No relevant logs to show.
3. Caddy version:
v2.6.4
This already happened in the past (in December 2023) with a different Caddy version.
4. How I installed and ran Caddy:
a. System environment:
Debian 11 cheap VPS for dev purposes.
Caddy is installed using systemd.
b. Command:
# To enable it
systemctl enable --now caddy
# To restart it
systemctl restart caddy
c. Service/unit/compose file:
debian@pretentaine:~$ cat /lib/systemd/system/caddy.service
# caddy.service
#
# For using Caddy with a config file.
#
# Make sure the ExecStart and ExecReload commands are correct
# for your installation.
#
# See https://caddyserver.com/docs/install for instructions.
#
# WARNING: This service does not use the --resume flag, so if you
# use the API to make changes, they will be overwritten by the
# Caddyfile next time the service is restarted. If you intend to
# use Caddy's API to configure it, add the --resume flag to the
# `caddy run` command or use the caddy-api.service file instead.
[Unit]
Description=Caddy
Documentation=https://caddyserver.com/docs/
After=network.target network-online.target
Requires=network-online.target
[Service]
Type=notify
User=caddy
Group=caddy
ExecStart=/usr/bin/caddy run --environ --config /etc/caddy/Caddyfile
ExecReload=/usr/bin/caddy reload --config /etc/caddy/Caddyfile --force
TimeoutStopSec=5s
LimitNOFILE=1048576
LimitNPROC=512
PrivateDevices=yes
PrivateTmp=true
ProtectSystem=full
AmbientCapabilities=CAP_NET_BIND_SERVICE
[Install]
WantedBy=multi-user.target
d. My complete Caddy config:
{
log default {
output file /tmp/caddy.log {
roll_uncompressed
}
format filter {
wrap console
fields {
request>headers>Authorization replace '***'
}
}
}
}
pouny.lodi.me {
log {
output file /tmp/caddy-pouny.lodi.me.log
}
reverse_proxy localhost:9300
}
admin.pouny.lodi.me {
reverse_proxy localhost:9302
}
5. Links to relevant resources:
N/A