Multiple sites for the same ip

I’m using Caddy2 to revers proxy some sub sites on the same ip
This is my Caddy file

sg.csnet.win {
tls ./fullchain.pem ./privkey.pem
route /prov2 / {
strip_prefix prov2
reverse_proxy localhost:8080
}
route /ydv2 / {
strip_prefix ydv2
reverse_proxy localhost:81
}
@a {
path /
}
redir @a http://ahk.myff.xyz
}

tw.csnet.win {
tls fullchain.pem privkey.pem
route /tw / {
strip_prefix tw
reverse_proxy localhost:82
}
@b {
path /
}
redir @b http://ahk.myff.xyz
}

but it seems only the tw.csnet.win work. it shows

2020/03/01 01:01:43 http: TLS handshake error from 14.116.206.250:54097: no certificate available for ‘sg.csnet.win’
2020/03/01 01:01:45 http: TLS handshake error from 14.116.206.250:54100: no certificate available for ‘sg.csnet.win’
2020/03/01 01:01:46 http: TLS handshake error from 14.116.206.250:54101: no certificate available for ‘sg.csnet.win’
2020/03/01 01:01:46 http: TLS handshake error from 14.116.206.250:54102: no certificate available for ‘sg.csnet.win’
2020/03/01 01:01:49 http: TLS handshake error from 14.116.206.250:54106: no certificate available for ‘sg.csnet.win’

We’ll need more information here. Is your certificate a wildcard? Are your tls files in the same directory as you’re running Caddy?

yes, i use the same certificate for two sites. in the Caddyfile’s directory
the firs site sg.xxx.xxx don’t working. but the tw.xxx.xxx working fine

I can’t connect to either. Did you redact your actual domain name?

Looking closer at the actual certificate you provided to Caddy might produce some clues.

i buy a new vps to try it, but don’t work also. This is the Caddyfile I am currently using

site1.xxx.xxx {
tls site1.pem site1-key.pem
route /prov2 / {
strip_prefix prov2
reverse_proxy localhost:8080
}
@a {
path /
}
redir @a http://xxx.xxx.xxx
}

site2.xxx.xxx {
tls fullchain.pem privkey.pem
route /prov2 / {
strip_prefix prov2
reverse_proxy localhost:8080
}
@a {
path /
}
redir @a http://xxx.xxx.xxx
}

and here is the caddy run log

2020/03/06 13:16:12.802 INFO using adjacent Caddyfile
2020/03/06 13:16:12.807 INFO admin admin endpoint started {“address”: “localhost:2019”, “enforce_origin”: false, “origins”: [“localhost:2019”]}
2020/03/06 13:16:12.808 INFO http enabling automatic HTTP->HTTPS redirects {“server_name”: “srv0”}
2020/03/06 13:16:12.808 INFO tls cleaned up storage units
2020/03/06 13:16:12.809 INFO http skipping automatic certificate management because one or more matching certificates are already loaded {“domain”: “site1.xxx.xxx”, “server_name”: “srv0”}
2020/03/06 13:16:12.809 INFO http enabling automatic TLS certificate management {“domains”: [“site2.xxx.xxx”]}
2020/03/06 13:16:12.809 INFO autosaved config {“file”: “/root/.config/caddy/autosave.json”}
2020/03/06 13:16:12.809 INFO serving initial configuration
2020/03/06 13:16:12 [INFO][cache:0xc0000ddc20] Started certificate maintenance routine
Successfully started Caddy (pid=12961)
[root@ONEVPS200306123033 ~]# 2020/03/06 13:16:13 [INFO][site2.xxx.xxx] Obtain certificate
2020/03/06 13:16:13 [INFO][site2.xxx.xxx] Obtain: Waiting on rate limiter…
2020/03/06 13:16:13 [INFO][site2.xxx.xxx] Obtain: Done waiting
2020/03/06 13:16:13 [INFO] [site2.xxx.xxx] acme: Obtaining bundled SAN certificate
2020/03/06 13:16:14 [INFO] [site2.xxx.xxx] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/3196351738
2020/03/06 13:16:14 [INFO] [site2.xxx.xxx] acme: authorization already valid; skipping challenge
2020/03/06 13:16:14 [INFO] [site2.xxx.xxx] acme: Validations succeeded; requesting certificates
2020/03/06 13:16:14 [INFO] [site2.xxx.xxx] Server responded with a certificate.

i use it as a reverse proxy for v2ray. but only the site1.xxx.xxx working. site2.xxx.xxx don’t work.

Looks like you’re providing a certificate for jp3.netcs.win, but Caddy doesn’t think the certificate you’ve provided is suitable (is it not the correct format? Is it expired? Is it for the wrong domain name?).

It’s picked up the cert for jp3.tvhk.top:

2020/03/06 13:16:12.809 INFO http skipping automatic certificate management because one or more matching certificates are already loaded {“domain”: “jp3.tvhk.top”, “server_name”: “srv0”}

Now, over on the Discord you posted more logs:

2020/03/06 13:17:49 http: TLS handshake error from 14.126.204.111:62288: no certificate available for 'jp3.netcs.win'
2020/03/06 13:17:50 http: TLS handshake error from 14.126.204.111:62291: no certificate available for 'jp3.netcs.win'
2020/03/06 13:17:54 http: TLS handshake error from 14.126.204.111:62292: no certificate available for 'jp3.netcs.win'
2020/03/06 13:17:55 http: TLS handshake error from 14.126.204.111:62295: no certificate available for 'jp3.netcs.win'
2020/03/06 13:17:56 http: TLS handshake error from 179.43.169.182:59098: no certificate available for 'jp3.netcs.win'
2020/03/06 13:17:57 http: TLS handshake error from 14.126.204.111:62300: no certificate available for 'jp3.netcs.win'
2020/03/06 13:17:58 http: TLS handshake error from 14.126.204.111:62301: no certificate available for 'jp3.netcs.win'

Please don’t hold back any logs when you post on the forums, by the way - every little bit might be helpful, or the piece that actually solves the puzzle.

So we’ve got a double whammy here, actually.

First up, Caddy isn’t recognizing the fact you’ve provided a certificate. THEN, Caddy’s getting one for the site but does not seem to be using it. I’m not sure why on either case.

I might have to throw this one over to @matt. How do we go about debugging this one?

but i use the caddy1 with the same certificate, all 2 sites working fine.
now i just use the caddy1 to run the actual sites, you can check jp3.tvhk.top and jp3.netcs.win
they are working!

Just a hunch, but maybe building from the latest commit on the v2 branch would be a good idea, I think we fixed a bug related to this recently.

thank you so much! i use the latest version to try it. they are working fine now.

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.