1. Caddy version (caddy version
):
v2.3.0
2. How I run Caddy:
Same as below?
a. System environment:
Debian 10
b. Command:
sudo service caddy reload
d. My complete Caddyfile or JSON config:
www.domainone.com {
redir https://domainone.com{uri}
}
domainone.com {
root * /home/user/www/domainone.com
file_server
}
www.domaintwo.com {
redir https://domaintwo.com{uri}
}
domaintwo.com {
root * /home/user/www/domaintwo.com
file_server
}
3. The problem I’m having:
I am using Cloudflare for both domains. The first domain works fine, but on the second domain I am getting Error 525, SSL handshake failed
.
Looks like SSL is only working on the first domain.
4. Error messages and/or full log output:
Jun 02 17:21:52 username caddy[5052]: {"level":"error","ts":xxxx,"logger":"tls.issuance.acme.acme_client","msg":"validating authorization","identifier":"www.exampletwo.com","error":"authorization failed: HTTP 403 urn:ietf:params:acme:error:unauthorized - Invalid response from https://www.exampletwo.com/.well-known/acme-challenge/xxxx [xxxx]: \"<!DOCTYPE html>\\n<!--[if lt IE 7]> <html class=\\\"no-js ie6 oldie\\\" lang=\\\"en-US\\\"> <![endif]-->\\n<!--[if IE 7]> <html class=\\\"no-js \"","order":"https://acme-staging-v02.api.letsencrypt.org/acme/order/xxxx/xxxx","attempt":1,"max_attempts":3}
Jun 02 17:21:54 username caddy[5052]: {"level":"info","ts":xxxx,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"www.exampletwo.com","challenge_type":"tls-alpn-01","ca":"https://acme-staging-v02.api.letsencrypt.org/directory"}
Jun 02 17:21:55 username caddy[5052]: {"level":"error","ts":xxxx,"logger":"tls.issuance.acme.acme_client","msg":"challenge failed","identifier":"www.exampletwo.com","challenge_type":"tls-alpn-01","status_code":403,"problem_type":"urn:ietf:params:acme:error:unauthorized","error":"Cannot negotiate ALPN protocol \"acme-tls/1\" for tls-alpn-01 challenge"}
Jun 02 17:21:55 username caddy[5052]: {"level":"error","ts":xxxx,"logger":"tls.issuance.acme.acme_client","msg":"validating authorization","identifier":"www.exampletwo.com","error":"authorization failed: HTTP 403 urn:ietf:params:acme:error:unauthorized - Cannot negotiate ALPN protocol \"acme-tls/1\" for tls-alpn-01 challenge","order":"https://acme-staging-v02.api.letsencrypt.org/acme/order/xxxx/xxxx","attempt":2,"max_attempts":3}
Jun 02 17:21:59 username caddy[5052]: {"level":"info","ts":xxxx,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"www.exampletwo.com","challenge_type":"http-01","ca":"https://acme.zerossl.com/v2/DV90"}
Jun 02 17:26:37 username caddy[5052]: {"level":"error","ts":xxxx,"logger":"tls.obtain","msg":"will retry","error":"[exampletwo.com] Obtain: [exampletwo.com] solving challenges: [exampletwo.com] authorization took too long (order=https://acme.zerossl.com/v2/DV90/order/xxxx) (ca=https://acme.zerossl.com/v2/DV90)","attempt":6,"retrying_in":1200,"elapsed":3134.601656254,"max_duration":2592000}
$ curl -svo /dev/null https://domaintwo.com --connect-to ::ipaddress 2>&1 | egrep -v "^{.*$|^}.*$|^* http.*$"
* Expire in 0 ms for 6 (transfer 0x...)
* Connecting to hostname: ipaddress
* Trying ipaddress...
* TCP_NODELAY set
* Expire in 200 ms for 4 (transfer 0x...)
* Connected to ipaddress (ipaddress) port 443 (#0)
* ALPN, offering h2
* successfully set certificate verify locations:
* CAfile: none
CApath: /etc/ssl/certs
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS alert, internal error (592):
* error:14094438:SSL routines:ssl3_read_bytes:tlsv1 alert internal error
* Closing connection 0
5. What I already tried:
I researched these forums and found this:
Unfortunately it didn’t help.