Net proxy with tls off, continues to try and obtain certificate

nodesocket · May 2, 2019, 10:04pm

Caddy version v1.0.0 (h1:KI6RPGih2GFzWRPG8s9clKK28Ns4ZlVMKR/v7mxq6+c=).

Caddyfile is:

proxy :3306 :3306 {
    tls off
    host global.dompbraywuid.us-west-2.rds.amazonaws.com
}

Starting with /usr/local/bin/caddy -log stdout -type=net -conf=/etc/caddy/Caddyfile

Activating privacy features...2019/05/02 22:03:34 [INFO][cache:0xc0000307d0] Started certificate maintenance routine
2019/05/02 22:03:34 [INFO] [global.dompbraywuid.us-west-2.rds.amazonaws.com] acme: Obtaining bundled SAN certificate
2019/05/02 22:03:35 [global.dompbraywuid.us-west-2.rds.amazonaws.com] failed to obtain certificate: acme: error: 400 :: POST :: https://acme-v02.api.letsencrypt.org/acme/new-order :: urn:ietf:params:acme:error:rejectedIdentifier :: Error creating new order :: Policy forbids issuing for name, url:

Huh? I am explicitly turning tls off.

Whitestrake · May 2, 2019, 11:35pm

That’s a very good question!

You may need to ask the server plugin author over at GitHub - pieterlouw/caddy-net: Proxy server type for Caddy server (https://github.com/mholt/caddy).

The docs definitely communicate that the tls directive is respected.

system · July 31, 2019, 11:35pm

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.