This topic is a continuation of Caddy is unable to fetch certificates for new domain, I’m making this a new topic as it’s a different problem.
1. Caddy version (caddy version):
v2.5.1 h1:bAWwslD1jNeCzDa+jDCNwb8M3UJ2tPa8UZFFzPVmGKs=
$ tailscale version
1.24.2
tailscale commit: 9d6867fb0ab30a33cbdfc8e583f5d39169dbb2e6
other commit: 2d0f7ddc35aa4149e67e27d11ea317669cccdd94
go version: go1.18.1-ts710a0d8610
2. How I run Caddy:
Linux Systemd
a. System environment:
$ uname -a
Linux 5.13.0-1025-raspi #27-Ubuntu SMP PREEMPT Tue Apr 5 12:05:22 UTC 2022 aarch64 aarch64 aarch64 GNU/Linux
b. Command:
sudo service caddy start
c. Service/unit/compose file:
[Unit]
Description=Caddy
Documentation=https://caddyserver.com/docs/
After=network.target network-online.target
Requires=network-online.target
[Service]
Type=notify
User=caddy
Group=caddy
ExecStart=/usr/bin/caddy run --environ --config /etc/caddy/Caddyfile
ExecReload=/usr/bin/caddy reload --config /etc/caddy/Caddyfile
TimeoutStopSec=5s
LimitNOFILE=1048576
LimitNPROC=512
PrivateTmp=true
ProtectSystem=full
AmbientCapabilities=CAP_NET_BIND_SERVICE
[Install]
WantedBy=multi-user.target
d. My complete Caddyfile or JSON config:
{
debug
email plorenzo@hey.com
servers {
protocol {
experimental_http3
}
}
}
azabache.narwhal-nominal.ts.net {
encode zstd gzip
rewrite * /admin{uri}
reverse_proxy localhost:1080
log {
output file /var/log/caddy/pihole.log
}
}
chat.pinayalcachofa.es {
encode zstd gzip
reverse_proxy localhost:3000
log {
output file /var/log/caddy/rocket-chat.log
}
}
manual.pinayalcachofa.es {
encode zstd gzip
reverse_proxy unix//var/discourse/shared/standalone/nginx.http.sock
log {
output file /var/log/caddy/discourse.log
}
}
metricas.pinayalcachofa.es {
encode zstd gzip
reverse_proxy 192.168.10.65:3000
log {
output file /var/log/caddy/grafana.log
}
}
3. The problem I’m having:
I’m trying to use a tailscale domain to access a service I’m hosting. I’m getting an error because there is no certificate available for that domain.
May 08 06:51:15 azabache caddy[259395]: {"level":"debug","ts":1651992675.3014572,"logger":"tls.handshake","msg":"no matching certificates and no custom selection logic","identifier":"azabache.narwhal-nomi
nal.ts.net"}
I have other 3 domains in the same Caddyfile that work just fine.
4. Error messages and/or full log output:
May 08 06:51:07 azabache caddy[851]: {"level":"info","ts":1651992667.7019594,"msg":"shutting down apps, then terminating","signal":"SIGTERM"}
May 08 06:51:07 azabache caddy[851]: {"level":"warn","ts":1651992667.7020538,"msg":"exiting; byeee!! 👋","signal":"SIGTERM"}
May 08 06:51:07 azabache systemd[1]: Stopping Caddy...
May 08 06:51:07 azabache caddy[851]: {"level":"info","ts":1651992667.705332,"logger":"tls.cache.maintenance","msg":"stopped background certificate maintenance","cache":"0x40001ccd90"}
May 08 06:51:07 azabache caddy[851]: {"level":"info","ts":1651992667.7072873,"logger":"admin","msg":"stopped previous server","address":"tcp/localhost:2019"}
May 08 06:51:07 azabache caddy[851]: {"level":"info","ts":1651992667.7074153,"msg":"shutdown complete","signal":"SIGTERM","exit_code":0}
May 08 06:51:07 azabache systemd[1]: caddy.service: Deactivated successfully.
May 08 06:51:07 azabache systemd[1]: Stopped Caddy.
May 08 06:51:07 azabache systemd[1]: caddy.service: Consumed 8min 30.016s CPU time.
May 08 06:51:07 azabache systemd[1]: Starting Caddy...
May 08 06:51:07 azabache caddy[259395]: caddy.HomeDir=/var/lib/caddy
May 08 06:51:07 azabache caddy[259395]: caddy.AppDataDir=/var/lib/caddy/.local/share/caddy
May 08 06:51:07 azabache caddy[259395]: caddy.AppConfigDir=/var/lib/caddy/.config/caddy
May 08 06:51:07 azabache caddy[259395]: caddy.ConfigAutosavePath=/var/lib/caddy/.config/caddy/autosave.json
May 08 06:51:07 azabache caddy[259395]: caddy.Version=v2.5.1 h1:bAWwslD1jNeCzDa+jDCNwb8M3UJ2tPa8UZFFzPVmGKs=
May 08 06:51:07 azabache caddy[259395]: runtime.GOOS=linux
May 08 06:51:07 azabache caddy[259395]: runtime.GOARCH=arm64
May 08 06:51:07 azabache caddy[259395]: runtime.Compiler=gc
May 08 06:51:07 azabache caddy[259395]: runtime.NumCPU=4
May 08 06:51:07 azabache caddy[259395]: runtime.GOMAXPROCS=4
May 08 06:51:07 azabache caddy[259395]: runtime.Version=go1.18.1
May 08 06:51:07 azabache caddy[259395]: os.Getwd=/
May 08 06:51:07 azabache caddy[259395]: LANG=C.UTF-8
May 08 06:51:07 azabache caddy[259395]: PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin
May 08 06:51:07 azabache caddy[259395]: NOTIFY_SOCKET=/run/systemd/notify
May 08 06:51:07 azabache caddy[259395]: HOME=/var/lib/caddy
May 08 06:51:07 azabache caddy[259395]: LOGNAME=caddy
May 08 06:51:07 azabache caddy[259395]: USER=caddy
May 08 06:51:07 azabache caddy[259395]: INVOCATION_ID=8863920c78814707a2271f90ee34925d
May 08 06:51:07 azabache caddy[259395]: JOURNAL_STREAM=8:734059
May 08 06:51:07 azabache caddy[259395]: SYSTEMD_EXEC_PID=259395
May 08 06:51:07 azabache caddy[259395]: {"level":"info","ts":1651992667.8538308,"msg":"using provided configuration","config_file":"/etc/caddy/Caddyfile","config_adapter":""}
May 08 06:51:07 azabache caddy[259395]: {"level":"info","ts":1651992667.8631885,"logger":"admin","msg":"admin endpoint started","address":"tcp/localhost:2019","enforce_origin":false,"origins":["//localhos
t:2019","//[::1]:2019","//127.0.0.1:2019"]}
May 08 06:51:07 azabache caddy[259395]: {"level":"info","ts":1651992667.8639967,"logger":"tls.cache.maintenance","msg":"started background certificate maintenance","cache":"0x40003bc150"}
May 08 06:51:07 azabache caddy[259395]: {"level":"info","ts":1651992667.8640704,"logger":"http","msg":"server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable T
LS","server_name":"srv0","https_port":443}
May 08 06:51:07 azabache caddy[259395]: {"level":"info","ts":1651992667.8641238,"logger":"http","msg":"enabling automatic HTTP->HTTPS redirects","server_name":"srv0"}
May 08 06:51:07 azabache caddy[259395]: {"level":"info","ts":1651992667.866303,"logger":"tls","msg":"cleaning storage unit","description":"FileStorage:/var/lib/caddy/.local/share/caddy"}
May 08 06:51:07 azabache caddy[259395]: {"level":"info","ts":1651992667.8664982,"logger":"http","msg":"enabling experimental HTTP/3 listener","addr":":443"}
May 08 06:51:07 azabache caddy[259395]: {"level":"info","ts":1651992667.8667746,"msg":"failed to sufficiently increase receive buffer size (was: 208 kiB, wanted: 2048 kiB, got: 416 kiB). See https://githu
b.com/lucas-clemente/quic-go/wiki/UDP-Receive-Buffer-Size for details."}
May 08 06:51:07 azabache caddy[259395]: {"level":"debug","ts":1651992667.867087,"logger":"http","msg":"starting server loop","address":"[::]:443","http3":true,"tls":true}
May 08 06:51:07 azabache caddy[259395]: {"level":"debug","ts":1651992667.8672907,"logger":"http","msg":"starting server loop","address":"[::]:80","http3":false,"tls":false}
May 08 06:51:07 azabache caddy[259395]: {"level":"info","ts":1651992667.8673344,"logger":"http","msg":"enabling automatic TLS certificate management","domains":["chat.pinayalcachofa.es","metricas.pinayalc
achofa.es","manual.pinayalcachofa.es"]}
May 08 06:51:07 azabache caddy[259395]: {"level":"debug","ts":1651992667.8686213,"logger":"tls","msg":"loading managed certificate","domain":"chat.pinayalcachofa.es","expiration":1655900097,"issuer_key":"
acme-v02.api.letsencrypt.org-directory","storage":"FileStorage:/var/lib/caddy/.local/share/caddy"}
May 08 06:51:07 azabache caddy[259395]: {"level":"debug","ts":1651992667.8696308,"logger":"tls.cache","msg":"added certificate to cache","subjects":["chat.pinayalcachofa.es"],"expiration":1655900097,"mana
ged":true,"issuer_key":"acme-v02.api.letsencrypt.org-directory","hash":"fec7c922ca4e153aa7f48830d1c81631028e0d810a362931db720346495c9efa","cache_size":1,"cache_capacity":10000}
May 08 06:51:07 azabache caddy[259395]: {"level":"debug","ts":1651992667.8709266,"logger":"tls","msg":"loading managed certificate","domain":"metricas.pinayalcachofa.es","expiration":1659450230,"issuer_ke
y":"acme-v02.api.letsencrypt.org-directory","storage":"FileStorage:/var/lib/caddy/.local/share/caddy"}
May 08 06:51:07 azabache caddy[259395]: {"level":"info","ts":1651992667.8721385,"logger":"tls","msg":"finished cleaning storage units"}
May 08 06:51:08 azabache caddy[259395]: {"level":"debug","ts":1651992668.1629841,"logger":"tls.cache","msg":"added certificate to cache","subjects":["metricas.pinayalcachofa.es"],"expiration":1659450230,"
managed":true,"issuer_key":"acme-v02.api.letsencrypt.org-directory","hash":"1c6be685344dac028c2a38068204834019a5c66a0f866f8f5b16444daae6277e","cache_size":2,"cache_capacity":10000}
May 08 06:51:08 azabache caddy[259395]: {"level":"debug","ts":1651992668.1654341,"logger":"tls","msg":"loading managed certificate","domain":"manual.pinayalcachofa.es","expiration":1658843638,"issuer_key"
:"acme-v02.api.letsencrypt.org-directory","storage":"FileStorage:/var/lib/caddy/.local/share/caddy"}
May 08 06:51:08 azabache caddy[259395]: {"level":"debug","ts":1651992668.1673896,"logger":"tls.cache","msg":"added certificate to cache","subjects":["manual.pinayalcachofa.es"],"expiration":1658843638,"ma
naged":true,"issuer_key":"acme-v02.api.letsencrypt.org-directory","hash":"c97b6021e56237a48d22eed5c1a7dd77c4677aeec32dcad0f9473137d05cb49a","cache_size":3,"cache_capacity":10000}
May 08 06:51:08 azabache caddy[259395]: {"level":"info","ts":1651992668.1683724,"msg":"autosaved config (load with --resume flag)","file":"/var/lib/caddy/.config/caddy/autosave.json"}
May 08 06:51:08 azabache caddy[259395]: {"level":"info","ts":1651992668.1688359,"msg":"serving initial configuration"}
May 08 06:51:08 azabache systemd[1]: Started Caddy.
May 08 06:51:14 azabache caddy[259395]: {"level":"debug","ts":1651992674.9387019,"logger":"admin.api","msg":"received request","method":"GET","host":"localhost:2019","uri":"/metrics","remote_ip":"127.0.0.
1","remote_port":"36826","headers":{"Accept":["application/openmetrics-text; version=0.0.1,text/plain;version=0.0.4;q=0.5,*/*;q=0.1"],"Accept-Encoding":["gzip"],"User-Agent":["Prometheus/2.31.2+ds1"],"X-P
rometheus-Scrape-Timeout-Seconds":["10"]}}
May 08 06:51:15 azabache caddy[259395]: {"level":"debug","ts":1651992675.3014572,"logger":"tls.handshake","msg":"no matching certificates and no custom selection logic","identifier":"azabache.narwhal-nomi
nal.ts.net"}
May 08 06:51:15 azabache caddy[259395]: {"level":"debug","ts":1651992675.301618,"logger":"tls.handshake","msg":"no matching certificates and no custom selection logic","identifier":"*.narwhal-nominal.ts.n
et"}
May 08 06:51:15 azabache caddy[259395]: {"level":"debug","ts":1651992675.3016558,"logger":"tls.handshake","msg":"no matching certificates and no custom selection logic","identifier":"*.*.ts.net"}
May 08 06:51:15 azabache caddy[259395]: {"level":"debug","ts":1651992675.3016884,"logger":"tls.handshake","msg":"no matching certificates and no custom selection logic","identifier":"*.*.*.net"}
May 08 06:51:15 azabache caddy[259395]: {"level":"debug","ts":1651992675.3017228,"logger":"tls.handshake","msg":"no matching certificates and no custom selection logic","identifier":"*.*.*.*"}
May 08 06:51:15 azabache caddy[259395]: {"level":"debug","ts":1651992675.3017678,"logger":"tls.handshake","msg":"no certificate matching TLS ClientHello","server_name":"azabache.narwhal-nominal.ts.net","r
emote":"100.106.90.42:56628","identifier":"azabache.narwhal-nominal.ts.net","cipher_suites":[4865,4867,4866,49195,49199,52393,52392,49196,49200,49162,49161,49171,49172,156,157,47,53],"cert_cache_fill":0.0
003,"load_if_necessary":true,"obtain_if_necessary":true,"on_demand":false}
May 08 06:51:15 azabache caddy[259395]: {"level":"debug","ts":1651992675.3019917,"logger":"http.stdlib","msg":"http: TLS handshake error from 100.106.90.42:56628: no certificate available for 'azabache.na
rwhal-nominal.ts.net'"}
5. What I already tried:
I’ve tried removing the domain from Caddyfile and add it again, I tried to remove all other domains and just leave Tailscale one, I’ve also tired restarting Tailscale.
