1. Output of caddy version
:
i dont know how to print caddy version because it is running in a container
2. How I run Caddy:
I am runing caddy inside a container.
with docker compose up -d
following this distribution
api platform distribution
a. System environment:
I’ m runing api platform in a server with public access on the domain www.electricityupcfib.es
Server is reachable, requests do connect and domain also works.
To access the server i need to be inside a network wich i access with a vpn
b. Command:
docker compose up -d
c. Service/unit/compose file:
version: "3.4"
services:
php:
build:
context: ./api
target: app_php
depends_on:
- database
restart: unless-stopped
volumes:
- php_socket:/var/run/php
healthcheck:
interval: 10s
timeout: 3s
retries: 3
start_period: 30s
environment:
DATABASE_URL: postgresql://${POSTGRES_USER:-app}:${POSTGRES_PASSWORD:-!ChangeMe!}@database:5432/${POSTGRES_DB:-app}?serverVersion=${POSTGRES_VERSION:-14}
TRUSTED_PROXIES: ${TRUSTED_PROXIES:-127.0.0.0/8,10.0.0.0/8,172.16.0.0/12,192.168.0.0/16}
TRUSTED_HOSTS: ^${SERVER_NAME:-example\.com|localhost}|caddy$$
MERCURE_URL: ${CADDY_MERCURE_URL:-http://caddy/.well-known/mercure}
MERCURE_PUBLIC_URL: https://${SERVER_NAME:-localhost}/.well-known/mercure
MERCURE_JWT_SECRET: ${CADDY_MERCURE_JWT_SECRET:-!ChangeThisMercureHubJWTSecretKey!}
pwa:
build:
context: ./pwa
target: prod
environment:
NEXT_PUBLIC_ENTRYPOINT: http://caddy
caddy:
build:
context: api/
target: app_caddy
depends_on:
- php
- pwa
environment:
PWA_UPSTREAM: pwa:3000
SERVER_NAME: ${SERVER_NAME:-localhost}, caddy:80
MERCURE_PUBLISHER_JWT_KEY: ${CADDY_MERCURE_JWT_SECRET:-!ChangeThisMercureHubJWTSecretKey!}
MERCURE_SUBSCRIBER_JWT_KEY: ${CADDY_MERCURE_JWT_SECRET:-!ChangeThisMercureHubJWTSecretKey!}
restart: unless-stopped
volumes:
- php_socket:/var/run/php
- caddy_data:/data
- caddy_config:/config
ports:
# HTTP
- target: 80
published: ${HTTP_PORT:-80}
protocol: tcp
# HTTPS
- target: 443
published: ${HTTPS_PORT:-443}
protocol: tcp
# HTTP/3
- target: 443
published: ${HTTP3_PORT:-443}
protocol: udp
###> doctrine/doctrine-bundle ###
database:
image: postgres:${POSTGRES_VERSION:-14}-alpine
environment:
- POSTGRES_DB=${POSTGRES_DB:-app}
# You should definitely change the password in production
- POSTGRES_PASSWORD=${POSTGRES_PASSWORD:-!ChangeMe!}
- POSTGRES_USER=${POSTGRES_USER:-app}
volumes:
- db_data:/var/lib/postgresql/data
# you may use a bind-mounted host directory instead, so that it is harder to accidentally remove the volume and lose all your data!
# - ./api/docker/db/data:/var/lib/postgresql/data
###< doctrine/doctrine-bundle ###
# Mercure is installed as a Caddy module, prevent the Flex recipe from installing another service
###> symfony/mercure-bundle ###
###< symfony/mercure-bundle ###
volumes:
php_socket:
caddy_data:
caddy_config:
###> doctrine/doctrine-bundle ###
db_data:
###< doctrine/doctrine-bundle ###
###> symfony/mercure-bundle ###
###< symfony/mercure-bundle ###
d. My complete Caddy config:
{
# Debug
{$DEBUG}
}
{$SERVER_NAME}
log
# Matches requests for HTML documents, for static files and for Next.js files,
# except for known API paths and paths with extensions handled by API Platform
@pwa expression `(
header({'Accept': '*text/html*'})
&& !path(
'/docs*', '/graphql*', '/bundles*', '/contexts*', '/_profiler*', '/_wdt*',
'*.json*', '*.html', '*.csv', '*.yml', '*.yaml', '*.xml'
)
)
|| path('/favicon.ico', '/manifest.json', '/robots.txt', '/_next*', '/sitemap*')`
route {
root * /srv/app/public
mercure {
# Transport to use (default to Bolt)
transport_url {$MERCURE_TRANSPORT_URL:bolt:///data/mercure.db}
# Publisher JWT key
publisher_jwt {env.MERCURE_PUBLISHER_JWT_KEY} {env.MERCURE_PUBLISHER_JWT_ALG}
# Subscriber JWT key
subscriber_jwt {env.MERCURE_SUBSCRIBER_JWT_KEY} {env.MERCURE_SUBSCRIBER_JWT_ALG}
# Allow anonymous subscribers (double-check that it's what you want)
anonymous
# Enable the subscription API (double-check that it's what you want)
subscriptions
# Extra directives
{$MERCURE_EXTRA_DIRECTIVES}
}
vulcain
# Add links to the API docs and to the Mercure Hub if not set explicitly (e.g. the PWA)
header ?Link `</docs.jsonld>; rel="http://www.w3.org/ns/hydra/core#apiDocumentation", </.well-known/mercure>; rel="mercure"`
# Disable Topics tracking if not enabled explicitly: https://github.com/jkarlin/topics
header ?Permissions-Policy "browsing-topics=()"
# Comment the following line if you don't want Next.js to catch requests for HTML documents.
# In this case, they will be handled by the PHP app.
reverse_proxy @pwa http://{$PWA_UPSTREAM}
php_fastcgi unix//var/run/php/php-fpm.sock
encode zstd gzip
file_server
}
3. The problem I’m having:
When executing curl requests to my api (they go through caddy) they end up with ssl errors
this is an example from postman after requesting
what i execute:
FROM the own SERVER, using diferent requests
request 1
curl "https://localhost"
#output: curl: (60) SSL certificate problem: unable to get local issuer certificate
request 2
curl "https://localhost" - kv
#output: works
request 3
curl "https://www.electricityupcfib.es" - kv
#output: curl: (35) error:14094438:SSL routines:ssl3_read_bytes:tlsv1 alert internal error
FROM A REMOTE CLIENT
request 4
curl "https://www.electricityupcfib.es" - kv
#output: curl: (35) error:14094438:SSL routines:ssl3_read_bytes:tlsv1 alert internal error
4. Error messages and/or full log output:
Request 1
client response
client executes:
curl "https://localhost"
client outputs:
curl: (60) SSL certificate problem: unable to get local issuer certificate
More details here: https://curl.haxx.se/docs/sslcerts.html
curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.
server caddy logs:
{"level":"debug","ts":1668425018.5966942,"logger":"events","msg":"event","name":"tls_get_certificate","id":"4146cfb0-3c2c-4939-994e-1a02236e6455","origin":"tls","data":{"client_hello":{"CipherSuites":[4866,4867,4865,49196,49200,159,52393,52392,52394,49195,49199,158,49188,49192,107,49187,49191,103,49162,49172,57,49161,49171,51,157,156,61,60,53,47,255],"ServerName":"localhost","SupportedCurves":[29,23,30,25,24],"SupportedPoints":"AAEC","SignatureSchemes":[1027,1283,1539,2055,2056,2057,2058,2059,2052,2053,2054,1025,1281,1537,771,769,770,1026,1282,1538],"SupportedProtos":["h2","http/1.1"],"SupportedVersions":[772,771],"Conn":{}}}}
{"level":"debug","ts":1668425018.5976794,"logger":"tls.handshake","msg":"choosing certificate","identifier":"localhost","num_choices":1}
{"level":"debug","ts":1668425018.5979774,"logger":"tls.handshake","msg":"default certificate selection results","identifier":"localhost","subjects":["localhost"],"managed":true,"issuer_key":"local","hash":"9092d28f63bd288e00db0b9230c140bb18f1c6640cc3a7a2d7af7f1b4714edbe"}
{"level":"debug","ts":1668425018.5981896,"logger":"tls.handshake","msg":"matched certificate in cache","remote_ip":"172.24.0.1","remote_port":"57952","subjects":["localhost"],"managed":true,"expiration":1668447577,"hash":"9092d28f63bd288e00db0b9230c140bb18f1c6640cc3a7a2d7af7f1b4714edbe"}
{"level":"debug","ts":1668425018.6017683,"logger":"http.stdlib","msg":"http: TLS handshake error from 172.24.0.1:57952: local error: tls: bad record MAC"}
Request 2
client response
client executes;
curl 'https://localhost' -vk
client outputs:
* Trying 127.0.0.1:443...
* TCP_NODELAY set
* Connected to localhost (127.0.0.1) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: /etc/ssl/certs/ca-certificates.crt
CApath: /etc/ssl/certs
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_CHACHA20_POLY1305_SHA256
* ALPN, server accepted to use h2
* Server certificate:
* subject: [NONE]
* start date: Nov 14 05:39:36 2022 GMT
* expire date: Nov 14 17:39:36 2022 GMT
* issuer: CN=Caddy Local Authority - ECC Intermediate
* SSL certificate verify result: unable to get local issuer certificate (20), continuing anyway.
* Using HTTP2, server supports multi-use
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* Using Stream ID: 1 (easy handle 0x561257e53350)
> GET / HTTP/2
> Host: localhost
> user-agent: curl/7.68.0
> accept: */*
>
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* Connection state changed (MAX_CONCURRENT_STREAMS == 250)!
< HTTP/2 401
< alt-svc: h3=":443"; ma=2592000
< cache-control: no-cache, private
< content-type: application/json
< date: Mon, 14 Nov 2022 11:28:54 GMT
< link: <https://localhost/docs.jsonld>; rel="http://www.w3.org/ns/hydra/core#apiDocumentation"
< permissions-policy: browsing-topics=()
< server: Caddy
< status: 401 Unauthorized
< x-debug-token: 730052
< x-debug-token-link: https://localhost/_profiler/730052
< x-robots-tag: noindex
< content-length: 35
<
* Connection #0 to host localhost left intact
{"message":"No API token provided"}a
server caddy logs:
{"level":"debug","ts":1668425334.8059258,"logger":"events","msg":"event","name":"tls_get_certificate","id":"c2ec6da9-2f8f-40e8-a84e-5a1413a06458","origin":"tls","data":{"client_hello":{"CipherSuites":[4866,4867,4865,49196,49200,159,52393,52392,52394,49195,49199,158,49188,49192,107,49187,49191,103,49162,49172,57,49161,49171,51,157,156,61,60,53,47,255],"ServerName":"localhost","SupportedCurves":[29,23,30,25,24],"SupportedPoints":"AAEC","SignatureSchemes":[1027,1283,1539,2055,2056,2057,2058,2059,2052,2053,2054,1025,1281,1537,771,769,770,1026,1282,1538],"SupportedProtos":["h2","http/1.1"],"SupportedVersions":[772,771],"Conn":{}}}}
{"level":"debug","ts":1668425334.8060942,"logger":"tls.handshake","msg":"choosing certificate","identifier":"localhost","num_choices":1}
{"level":"debug","ts":1668425334.806141,"logger":"tls.handshake","msg":"default certificate selection results","identifier":"localhost","subjects":["localhost"],"managed":true,"issuer_key":"local","hash":"9092d28f63bd288e00db0b9230c140bb18f1c6640cc3a7a2d7af7f1b4714edbe"}
{"level":"debug","ts":1668425334.8061554,"logger":"tls.handshake","msg":"matched certificate in cache","remote_ip":"172.24.0.1","remote_port":"41132","subjects":["localhost"],"managed":true,"expiration":1668447577,"hash":"9092d28f63bd288e00db0b9230c140bb18f1c6640cc3a7a2d7af7f1b4714edbe"}
{"level":"debug","ts":1668425334.8166463,"logger":"http.handlers.rewrite","msg":"rewrote request","request":{"remote_ip":"172.24.0.1","remote_port":"41132","proto":"HTTP/2.0","method":"GET","host":"localhost","uri":"/","headers":{"User-Agent":["curl/7.68.0"],"Accept":["*/*"]},"tls":{"resumed":false,"version":772,"cipher_suite":4867,"proto":"h2","server_name":"localhost"}},"method":"GET","uri":"/index.php"}
{"level":"debug","ts":1668425334.8170853,"logger":"http.handlers.reverse_proxy","msg":"selected upstream","dial":"/var/run/php/php-fpm.sock","total_upstreams":1}
{"level":"debug","ts":1668425334.8177314,"logger":"http.reverse_proxy.transport.fastcgi","msg":"roundtrip","request":{"remote_ip":"172.24.0.1","remote_port":"41132","proto":"HTTP/2.0","method":"GET","host":"localhost","uri":"/index.php","headers":{"Accept":["*/*"],"X-Forwarded-For":["172.24.0.1"],"X-Forwarded-Proto":["https"],"X-Forwarded-Host":["localhost"],"User-Agent":["curl/7.68.0"]},"tls":{"resumed":false,"version":772,"cipher_suite":4867,"proto":"h2","server_name":"localhost"}},"env":{"SERVER_PROTOCOL":"HTTP/2.0","SCRIPT_NAME":"/index.php","QUERY_STRING":"","REQUEST_SCHEME":"https","SERVER_NAME":"localhost","SCRIPT_FILENAME":"/srv/app/public/index.php","SERVER_PORT":"443","HTTPS":"on","GATEWAY_INTERFACE":"CGI/1.1","PATH_INFO":"","HTTP_X_FORWARDED_PROTO":"https","SSL_PROTOCOL":"TLSv1.3","HTTP_ACCEPT":"*/*","REMOTE_IDENT":"","REMOTE_ADDR":"172.24.0.1","DOCUMENT_URI":"/index.php","HTTP_X_FORWARDED_FOR":"172.24.0.1","HTTP_USER_AGENT":"curl/7.68.0","AUTH_TYPE":"","REQUEST_METHOD":"GET","REQUEST_URI":"/","SERVER_SOFTWARE":"Caddy/v2.6.2","DOCUMENT_ROOT":"/srv/app/public","HTTP_HOST":"localhost","REMOTE_HOST":"172.24.0.1","REMOTE_USER":"","SSL_CIPHER":"TLS_CHACHA20_POLY1305_SHA256","HTTP_X_FORWARDED_HOST":"localhost","CONTENT_TYPE":"","REMOTE_PORT":"41132","CONTENT_LENGTH":""},"dial":"/var/run/php/php-fpm.sock","env":{"CONTENT_TYPE":"","REMOTE_PORT":"41132","SSL_CIPHER":"TLS_CHACHA20_POLY1305_SHA256","HTTP_X_FORWARDED_HOST":"localhost","CONTENT_LENGTH":"","SERVER_PROTOCOL":"HTTP/2.0","SCRIPT_NAME":"/index.php","GATEWAY_INTERFACE":"CGI/1.1","PATH_INFO":"","QUERY_STRING":"","REQUEST_SCHEME":"https","SERVER_NAME":"localhost","SCRIPT_FILENAME":"/srv/app/public/index.php","SERVER_PORT":"443","HTTPS":"on","HTTP_X_FORWARDED_PROTO":"https","REMOTE_IDENT":"","REMOTE_ADDR":"172.24.0.1","SSL_PROTOCOL":"TLSv1.3","HTTP_ACCEPT":"*/*","AUTH_TYPE":"","REQUEST_METHOD":"GET","DOCUMENT_URI":"/index.php","HTTP_X_FORWARDED_FOR":"172.24.0.1","HTTP_USER_AGENT":"curl/7.68.0","SERVER_SOFTWARE":"Caddy/v2.6.2","DOCUMENT_ROOT":"/srv/app/public","REQUEST_URI":"/","REMOTE_HOST":"172.24.0.1","REMOTE_USER":"","HTTP_HOST":"localhost"},"request":{"remote_ip":"172.24.0.1","remote_port":"41132","proto":"HTTP/2.0","method":"GET","host":"localhost","uri":"/index.php","headers":{"X-Forwarded-Proto":["https"],"X-Forwarded-Host":["localhost"],"User-Agent":["curl/7.68.0"],"Accept":["*/*"],"X-Forwarded-For":["172.24.0.1"]},"tls":{"resumed":false,"version":772,"cipher_suite":4867,"proto":"h2","server_name":"localhost"}}}
{"level":"debug","ts":1668425334.8815846,"logger":"http.handlers.reverse_proxy","msg":"upstream roundtrip","upstream":"unix//var/run/php/php-fpm.sock","duration":0.064152163,"request":{"remote_ip":"172.24.0.1","remote_port":"41132","proto":"HTTP/2.0","method":"GET","host":"localhost","uri":"/index.php","headers":{"User-Agent":["curl/7.68.0"],"Accept":["*/*"],"X-Forwarded-For":["172.24.0.1"],"X-Forwarded-Proto":["https"],"X-Forwarded-Host":["localhost"]},"tls":{"resumed":false,"version":772,"cipher_suite":4867,"proto":"h2","server_name":"localhost"}},"headers":{"Content-Type":["application/json"],"X-Debug-Token":["730052"],"X-Debug-Token-Link":["https://localhost/_profiler/730052"],"Status":["401 Unauthorized"],"Cache-Control":["no-cache, private"],"Date":["Mon, 14 Nov 2022 11:28:54 GMT"],"Link":["<https://localhost/docs.jsonld>; rel=\"http://www.w3.org/ns/hydra/core#apiDocumentation\""],"X-Robots-Tag":["noindex"]},"status":401}
{"level":"error","ts":1668425334.8824522,"logger":"http.log.access","msg":"handled request","request":{"remote_ip":"172.24.0.1","remote_port":"41132","proto":"HTTP/2.0","method":"GET","host":"localhost","uri":"/","headers":{"User-Agent":["curl/7.68.0"],"Accept":["*/*"]},"tls":{"resumed":false,"version":772,"cipher_suite":4867,"proto":"h2","server_name":"localhost"}},"user_id":"","duration":0.066674038,"size":35,"status":401,"resp_headers":{"Date":["Mon, 14 Nov 2022 11:28:54 GMT"],"Link":["<https://localhost/docs.jsonld>; rel=\"http://www.w3.org/ns/hydra/core#apiDocumentation\""],"X-Debug-Token-Link":["https://localhost/_profiler/730052"],"Permissions-Policy":["browsing-topics=()"],"Server":["Caddy"],"Status":["401 Unauthorized"],"Cache-Control":["no-cache, private"],"X-Debug-Token":["730052"],"Alt-Svc":["h3=\":443\"; ma=2592000"],"X-Robots-Tag":["noindex"],"Content-Type":["application/json"]}}
Request 3
client response
client executes;
curl 'https://www.electricityupcfib.es' -vk
client outputs:
* Trying 10.4.41.43:443...
* TCP_NODELAY set
* Connected to www.electricityupcfib.es (10.4.41.43) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: /etc/ssl/certs/ca-certificates.crt
CApath: /etc/ssl/certs
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS alert, internal error (592):
* error:14094438:SSL routines:ssl3_read_bytes:tlsv1 alert internal error
* Closing connection 0
curl: (35) error:14094438:SSL routines:ssl3_read_bytes:tlsv1 alert internal error
server caddy logs:
{"level":"debug","ts":1668425680.2538621,"logger":"events","msg":"event","name":"tls_get_certificate","id":"f9bb6129-6aa5-4000-80d3-6213e958b8e6","origin":"tls","data":{"client_hello":{"CipherSuites":[4866,4867,4865,49196,49200,159,52393,52392,52394,49195,49199,158,49188,49192,107,49187,49191,103,49162,49172,57,49161,49171,51,157,156,61,60,53,47,255],"ServerName":"www.electricityupcfib.es","SupportedCurves":[29,23,30,25,24],"SupportedPoints":"AAEC","SignatureSchemes":[1027,1283,1539,2055,2056,2057,2058,2059,2052,2053,2054,1025,1281,1537,771,769,770,1026,1282,1538],"SupportedProtos":["h2","http/1.1"],"SupportedVersions":[772,771],"Conn":{}}}}
{"level":"debug","ts":1668425680.253994,"logger":"tls.handshake","msg":"no matching certificates and no custom selection logic","identifier":"www.electricityupcfib.es"}
{"level":"debug","ts":1668425680.2540083,"logger":"tls.handshake","msg":"no matching certificates and no custom selection logic","identifier":"*.electricityupcfib.es"}
{"level":"debug","ts":1668425680.2540174,"logger":"tls.handshake","msg":"no matching certificates and no custom selection logic","identifier":"*.*.es"}
{"level":"debug","ts":1668425680.2540257,"logger":"tls.handshake","msg":"no matching certificates and no custom selection logic","identifier":"*.*.*"}
{"level":"debug","ts":1668425680.254036,"logger":"tls.handshake","msg":"all external certificate managers yielded no certificates and no errors","remote_ip":"10.4.41.43","remote_port":"54304","sni":"www.electricityupcfib.es"}
{"level":"debug","ts":1668425680.254047,"logger":"tls.handshake","msg":"no certificate matching TLS ClientHello","remote_ip":"10.4.41.43","remote_port":"54304","server_name":"www.electricityupcfib.es","remote":"10.4.41.43:54304","identifier":"www.electricityupcfib.es","cipher_suites":[4866,4867,4865,49196,49200,159,52393,52392,52394,49195,49199,158,49188,49192,107,49187,49191,103,49162,49172,57,49161,49171,51,157,156,61,60,53,47,255],"cert_cache_fill":0.0001,"load_if_necessary":true,"obtain_if_necessary":true,"on_demand":false}
{"level":"debug","ts":1668425680.2541656,"logger":"http.stdlib","msg":"http: TLS handshake error from 10.4.41.43:54304: no certificate available for 'www.electricityupcfib.es'"}
Request 4
client response
client executes;
curl -vk "https://www.electricityupcfib.es"
client outputs:
* Trying 10.4.41.43:443...
* TCP_NODELAY set
* Connected to www.electricityupcfib.es (10.4.41.43) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: /etc/ssl/certs/ca-certificates.crt
CApath: /etc/ssl/certs
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS alert, internal error (592):
* error:14094438:SSL routines:ssl3_read_bytes:tlsv1 alert internal error
* Closing connection 0
curl: (35) error:14094438:SSL routines:ssl3_read_bytes:tlsv1 alert internal error
server caddy logs:
{"level":"debug","ts":1668425778.1251702,"logger":"events","msg":"event","name":"tls_get_certificate","id":"70bf31a6-d1c8-4b67-9e7c-6827fca6fc96","origin":"tls","data":{"client_hello":{"CipherSuites":[4866,4867,4865,49196,49200,159,52393,52392,52394,49195,49199,158,49188,49192,107,49187,49191,103,49162,49172,57,49161,49171,51,157,156,61,60,53,47,255],"ServerName":"www.electricityupcfib.es","SupportedCurves":[29,23,30,25,24],"SupportedPoints":"AAEC","SignatureSchemes":[1027,1283,1539,2055,2056,2057,2058,2059,2052,2053,2054,1025,1281,1537,771,769,770,1026,1282,1538],"SupportedProtos":["h2","http/1.1"],"SupportedVersions":[772,771],"Conn":{}}}}
{"level":"debug","ts":1668425778.1263995,"logger":"tls.handshake","msg":"no matching certificates and no custom selection logic","identifier":"www.electricityupcfib.es"}
{"level":"debug","ts":1668425778.126621,"logger":"tls.handshake","msg":"no matching certificates and no custom selection logic","identifier":"*.electricityupcfib.es"}
{"level":"debug","ts":1668425778.1268315,"logger":"tls.handshake","msg":"no matching certificates and no custom selection logic","identifier":"*.*.es"}
{"level":"debug","ts":1668425778.1270013,"logger":"tls.handshake","msg":"no matching certificates and no custom selection logic","identifier":"*.*.*"}
{"level":"debug","ts":1668425778.1272526,"logger":"tls.handshake","msg":"all external certificate managers yielded no certificates and no errors","remote_ip":"10.4.41.43","remote_port":"55598","sni":"www.electricityupcfib.es"}
{"level":"debug","ts":1668425778.1273553,"logger":"tls.handshake","msg":"no certificate matching TLS ClientHello","remote_ip":"10.4.41.43","remote_port":"55598","server_name":"www.electricityupcfib.es","remote":"10.4.41.43:55598","identifier":"www.electricityupcfib.es","cipher_suites":[4866,4867,4865,49196,49200,159,52393,52392,52394,49195,49199,158,49188,49192,107,49187,49191,103,49162,49172,57,49161,49171,51,157,156,61,60,53,47,255],"cert_cache_fill":0.0001,"load_if_necessary":true,"obtain_if_necessary":true,"on_demand":false}
{"level":"debug","ts":1668425778.1281602,"logger":"http.stdlib","msg":"http: TLS handshake error from 10.4.41.43:55598: no certificate available for 'www.electricityupcfib.es'"}
5. What I already tried:
So far I have been searching for a solution to my problem but i have only found articles related to my error (some even referring to the exact same error) like here
6. Links to relevant resources:
https://caddy.community/t/why-does-caddy-work-on-localhost-and-internal-ip-but-not-public-ip/15260
https://caddy.community/t/local-ip-address-creates-ssl-error/11314/10