No certificate available for my domain

I have successfully installed caddy as a reverse proxy for my server, but I can access my website for some reason

Jun 01 01:09:47 user caddy[9134]: 2020/06/01 01:09:47 http: TLS handshake error from 111.206.250.235:3013: tls: first record does not look like a TLS handshake
Jun 01 01:09:47 user caddy[9134]: 2020/06/01 01:09:47 http: TLS handshake error from 111.206.250.203:44323: tls: first record does not look like a TLS handshake
Jun 01 01:09:48 user caddy[9134]: 2020/06/01 01:09:48 http: TLS handshake error from 111.206.250.235:56077: no certificate available for ‘ipaddress’
Jun 01 01:09:48 user caddy[9134]: 2020/06/01 01:09:48 http: TLS handshake error from 111.206.250.236:49397: no certificate available for ‘ipaddress’
Jun 01 01:09:49 user caddy[9134]: 2020/06/01 01:09:49 http: TLS handshake error from 111.206.250.203:17159: no certificate available for ‘ipaddress’
Jun 01 01:09:49 user caddy[9134]: 2020/06/01 01:09:49 http: TLS handshake error from 111.206.250.204:57593: no certificate available for ‘ipaddress’
Jun 01 01:09:50 user caddy[9134]: 2020/06/01 01:09:50 http: TLS handshake error from 111.206.250.203:4190: no certificate available for ‘ipaddress’
Jun 01 01:12:08 user caddy[9134]: 2020/06/01 01:12:08 http: TLS handshake error from 103.249.89.27:62517: no certificate available for ‘mydomain.com’

I think it can be because of cloudflare? Should I remove cloudflare integration from my website? Or is it something different?

Edit - this is my caddy file

:80 :443 {

  reverse_proxy / localhost:8080 

  redir 301 {
    if {scheme} not https
    / https://{host}{uri}
  }
  
}`

Your Caddyfile doesn’t specify a domain name, so Caddy doesn’t know what certificate to manage.

Simply put your domain name in your site address, as the docs say:

You will see Caddy provision a TLS certificate and serve your site over HTTPS. This was possible because your site’s address in the Caddyfile contained a domain name.

(This concept is in several places – I just picked one.)

Also get rid of the :80 and redir stuff (that’s wrong for v2 anyway). Please refer to the docs for what is correct syntax in v2. And Caddy will do the redirects for you.

Actually in my web app users can add their custom domain so when it passes thorough the proxy they get the ssl, basically I want users custom domain to get SSL

Or maybe I can use tls on demand, can you please tell how can I use it in my scenario?
Thanks

Sure – on-demand TLS is described in our docs.

As far I have unnderstood should I add it in /var/lib/caddy/.config/caddy/autosave.json file which contains my json config in the tls

{
	"rate_limit": {
		"interval": 0,
		"burst": 0
	},
	"ask": ""
}

And configure caddy file with my domain only?

Or how can I apple the tls subdirective, it will be easy

@Cyril maybe this will help

I added this in my autosave.json file

"tls": {
      "automation": {
        "policies": [
          {
            "issuer": {
              "ca": "https://acme-staging-v02.api.letsencrypt.org/directory",
              "email": "myemail",
              "module": "acme"
            },
            "on_demand": true
          }
        ]
      }
    }

And this is my caddyfile

domain{

  reverse_proxy / localhost:8080 
  tls {
		on_demand
	}
}

Even though my website loads it doesn’t have https and my log shows this

 TLS handshake error from 103.249.89.27:63673: remote error: tls: unknown certificate authority

You shouldn’t edit your autosave.json file. This is just a temporary file with your previous saved config.

Create a new json config file named for example config.json and run the server : caddy run --config /path/to/config.json

Try using a json config file like this one:

{
	"apps": {
		"tls": {
			"automation": {
				"policies": [{
					"issuer": {
						"module": "acme",
						"email": "soporte@fakedomain.com"
					},
					"on_demand": true
				}],
				"on_demand": {
					"rate_limit": {
						"interval": "5m",
						"burst": 100
					},
					"ask": "http://certs.fakedomain.com/delegated.php"
				}
			}
		},
		"http": {
			"http_port": 80,
			"https_port": 443,
			"servers": {
				"tiendas": {
					"listen": [":80",":443"],
					"max_header_bytes": 41943040,
					"routes": [{
						"handle": [{
							"handler": "reverse_proxy",
							"upstreams": [{
								"dial": "localhost:8080"
							}]
						}],
						"terminal": true
					}]
				}
			}
		}
	}
}

You should use the ask directive to check if the domain pointed to your server is indeed one of your clients domains:

How to set the ask directive URL?

Ok, for now I added the config json without the ask directive for now and used the run config command
My current caddyfile is

mydomain {

  reverse_proxy / localhost:8080 
  tls {
		on_demand
	}
 
  
}

But when I visit the custom domain, it shows

Secure Connection Failed

An error occurred during a connection to domain name. Peer reports it experienced an internal error.

And my main domain loads, but without any css/js just raw html

Also my main domain name’s certificate name appears as

Common Name Fake LE Intermediate X1

Path matching is exact in Caddy v2, so if you use / as a matcher, it only matches requests to the root of your site. Remove the / and it will send all requests through the proxy. Omitting a matcher is the same as specifying *, meaning “all requests”.

It worked, thankyou!!

But I still cannot generate ssl for my custom domain pointing to my server with cname do not load “This site can’t provide a secure connection”
Error:

"http","msg":"user server is listening on same interface as automatic HTTP->HTTPS redirects; user-configured routes might override these settings"
"http","msg":"enabling automatic TLS certificate management","domains":["maindomain.com"]}

All errors are same as this one.
I think this is something to do with tls on demand and ask directive, can someone please help me figure out this issue!

I would really appreciate your reply!!

This topic was automatically closed after 30 days. New replies are no longer allowed.