No matching certificate for Tailscale domain

This topic is a continuation of Caddy is unable to fetch certificates for new domain, I’m making this a new topic as it’s a different problem.

1. Caddy version (caddy version):

v2.5.1 h1:bAWwslD1jNeCzDa+jDCNwb8M3UJ2tPa8UZFFzPVmGKs=

$ tailscale version
1.24.2
tailscale commit: 9d6867fb0ab30a33cbdfc8e583f5d39169dbb2e6
other commit: 2d0f7ddc35aa4149e67e27d11ea317669cccdd94
go version: go1.18.1-ts710a0d8610

2. How I run Caddy:

Linux Systemd

a. System environment:

$ uname -a
Linux 5.13.0-1025-raspi #27-Ubuntu SMP PREEMPT Tue Apr 5 12:05:22 UTC 2022 aarch64 aarch64 aarch64 GNU/Linux

b. Command:

sudo service caddy start

c. Service/unit/compose file:

[Unit]
Description=Caddy
Documentation=https://caddyserver.com/docs/
After=network.target network-online.target
Requires=network-online.target

[Service]
Type=notify
User=caddy
Group=caddy
ExecStart=/usr/bin/caddy run --environ --config /etc/caddy/Caddyfile
ExecReload=/usr/bin/caddy reload --config /etc/caddy/Caddyfile
TimeoutStopSec=5s
LimitNOFILE=1048576
LimitNPROC=512
PrivateTmp=true
ProtectSystem=full
AmbientCapabilities=CAP_NET_BIND_SERVICE

[Install]
WantedBy=multi-user.target

d. My complete Caddyfile or JSON config:

{
        debug
        email plorenzo@hey.com
        servers {
                protocol {
                        experimental_http3
                }
        }
}

azabache.narwhal-nominal.ts.net {
        encode zstd gzip
        rewrite * /admin{uri}
        reverse_proxy localhost:1080
        log {
                output file /var/log/caddy/pihole.log
        }
}

chat.pinayalcachofa.es {
        encode zstd gzip
        reverse_proxy localhost:3000
        log {
                output file /var/log/caddy/rocket-chat.log
        }
}

manual.pinayalcachofa.es {
        encode zstd gzip
        reverse_proxy unix//var/discourse/shared/standalone/nginx.http.sock
        log {
                output file /var/log/caddy/discourse.log
        }
}

metricas.pinayalcachofa.es {
        encode zstd gzip
        reverse_proxy 192.168.10.65:3000
        log {
                output file /var/log/caddy/grafana.log
        }
}

3. The problem I’m having:

I’m trying to use a tailscale domain to access a service I’m hosting. I’m getting an error because there is no certificate available for that domain.

May 08 06:51:15 azabache caddy[259395]: {"level":"debug","ts":1651992675.3014572,"logger":"tls.handshake","msg":"no matching certificates and no custom selection logic","identifier":"azabache.narwhal-nomi
nal.ts.net"}

I have other 3 domains in the same Caddyfile that work just fine.

4. Error messages and/or full log output:

May 08 06:51:07 azabache caddy[851]: {"level":"info","ts":1651992667.7019594,"msg":"shutting down apps, then terminating","signal":"SIGTERM"}
May 08 06:51:07 azabache caddy[851]: {"level":"warn","ts":1651992667.7020538,"msg":"exiting; byeee!! 👋","signal":"SIGTERM"}
May 08 06:51:07 azabache systemd[1]: Stopping Caddy...
May 08 06:51:07 azabache caddy[851]: {"level":"info","ts":1651992667.705332,"logger":"tls.cache.maintenance","msg":"stopped background certificate maintenance","cache":"0x40001ccd90"}
May 08 06:51:07 azabache caddy[851]: {"level":"info","ts":1651992667.7072873,"logger":"admin","msg":"stopped previous server","address":"tcp/localhost:2019"}
May 08 06:51:07 azabache caddy[851]: {"level":"info","ts":1651992667.7074153,"msg":"shutdown complete","signal":"SIGTERM","exit_code":0}
May 08 06:51:07 azabache systemd[1]: caddy.service: Deactivated successfully.
May 08 06:51:07 azabache systemd[1]: Stopped Caddy.
May 08 06:51:07 azabache systemd[1]: caddy.service: Consumed 8min 30.016s CPU time.
May 08 06:51:07 azabache systemd[1]: Starting Caddy...
May 08 06:51:07 azabache caddy[259395]: caddy.HomeDir=/var/lib/caddy
May 08 06:51:07 azabache caddy[259395]: caddy.AppDataDir=/var/lib/caddy/.local/share/caddy
May 08 06:51:07 azabache caddy[259395]: caddy.AppConfigDir=/var/lib/caddy/.config/caddy
May 08 06:51:07 azabache caddy[259395]: caddy.ConfigAutosavePath=/var/lib/caddy/.config/caddy/autosave.json
May 08 06:51:07 azabache caddy[259395]: caddy.Version=v2.5.1 h1:bAWwslD1jNeCzDa+jDCNwb8M3UJ2tPa8UZFFzPVmGKs=
May 08 06:51:07 azabache caddy[259395]: runtime.GOOS=linux
May 08 06:51:07 azabache caddy[259395]: runtime.GOARCH=arm64
May 08 06:51:07 azabache caddy[259395]: runtime.Compiler=gc
May 08 06:51:07 azabache caddy[259395]: runtime.NumCPU=4
May 08 06:51:07 azabache caddy[259395]: runtime.GOMAXPROCS=4
May 08 06:51:07 azabache caddy[259395]: runtime.Version=go1.18.1
May 08 06:51:07 azabache caddy[259395]: os.Getwd=/
May 08 06:51:07 azabache caddy[259395]: LANG=C.UTF-8
May 08 06:51:07 azabache caddy[259395]: PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin
May 08 06:51:07 azabache caddy[259395]: NOTIFY_SOCKET=/run/systemd/notify
May 08 06:51:07 azabache caddy[259395]: HOME=/var/lib/caddy
May 08 06:51:07 azabache caddy[259395]: LOGNAME=caddy
May 08 06:51:07 azabache caddy[259395]: USER=caddy
May 08 06:51:07 azabache caddy[259395]: INVOCATION_ID=8863920c78814707a2271f90ee34925d
May 08 06:51:07 azabache caddy[259395]: JOURNAL_STREAM=8:734059
May 08 06:51:07 azabache caddy[259395]: SYSTEMD_EXEC_PID=259395
May 08 06:51:07 azabache caddy[259395]: {"level":"info","ts":1651992667.8538308,"msg":"using provided configuration","config_file":"/etc/caddy/Caddyfile","config_adapter":""}
May 08 06:51:07 azabache caddy[259395]: {"level":"info","ts":1651992667.8631885,"logger":"admin","msg":"admin endpoint started","address":"tcp/localhost:2019","enforce_origin":false,"origins":["//localhos
t:2019","//[::1]:2019","//127.0.0.1:2019"]}
May 08 06:51:07 azabache caddy[259395]: {"level":"info","ts":1651992667.8639967,"logger":"tls.cache.maintenance","msg":"started background certificate maintenance","cache":"0x40003bc150"}
May 08 06:51:07 azabache caddy[259395]: {"level":"info","ts":1651992667.8640704,"logger":"http","msg":"server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable T
LS","server_name":"srv0","https_port":443}
May 08 06:51:07 azabache caddy[259395]: {"level":"info","ts":1651992667.8641238,"logger":"http","msg":"enabling automatic HTTP->HTTPS redirects","server_name":"srv0"}
May 08 06:51:07 azabache caddy[259395]: {"level":"info","ts":1651992667.866303,"logger":"tls","msg":"cleaning storage unit","description":"FileStorage:/var/lib/caddy/.local/share/caddy"}
May 08 06:51:07 azabache caddy[259395]: {"level":"info","ts":1651992667.8664982,"logger":"http","msg":"enabling experimental HTTP/3 listener","addr":":443"}
May 08 06:51:07 azabache caddy[259395]: {"level":"info","ts":1651992667.8667746,"msg":"failed to sufficiently increase receive buffer size (was: 208 kiB, wanted: 2048 kiB, got: 416 kiB). See https://githu
b.com/lucas-clemente/quic-go/wiki/UDP-Receive-Buffer-Size for details."}
May 08 06:51:07 azabache caddy[259395]: {"level":"debug","ts":1651992667.867087,"logger":"http","msg":"starting server loop","address":"[::]:443","http3":true,"tls":true}
May 08 06:51:07 azabache caddy[259395]: {"level":"debug","ts":1651992667.8672907,"logger":"http","msg":"starting server loop","address":"[::]:80","http3":false,"tls":false}
May 08 06:51:07 azabache caddy[259395]: {"level":"info","ts":1651992667.8673344,"logger":"http","msg":"enabling automatic TLS certificate management","domains":["chat.pinayalcachofa.es","metricas.pinayalc
achofa.es","manual.pinayalcachofa.es"]}
May 08 06:51:07 azabache caddy[259395]: {"level":"debug","ts":1651992667.8686213,"logger":"tls","msg":"loading managed certificate","domain":"chat.pinayalcachofa.es","expiration":1655900097,"issuer_key":"
acme-v02.api.letsencrypt.org-directory","storage":"FileStorage:/var/lib/caddy/.local/share/caddy"}
May 08 06:51:07 azabache caddy[259395]: {"level":"debug","ts":1651992667.8696308,"logger":"tls.cache","msg":"added certificate to cache","subjects":["chat.pinayalcachofa.es"],"expiration":1655900097,"mana
ged":true,"issuer_key":"acme-v02.api.letsencrypt.org-directory","hash":"fec7c922ca4e153aa7f48830d1c81631028e0d810a362931db720346495c9efa","cache_size":1,"cache_capacity":10000}
May 08 06:51:07 azabache caddy[259395]: {"level":"debug","ts":1651992667.8709266,"logger":"tls","msg":"loading managed certificate","domain":"metricas.pinayalcachofa.es","expiration":1659450230,"issuer_ke
y":"acme-v02.api.letsencrypt.org-directory","storage":"FileStorage:/var/lib/caddy/.local/share/caddy"}
May 08 06:51:07 azabache caddy[259395]: {"level":"info","ts":1651992667.8721385,"logger":"tls","msg":"finished cleaning storage units"}
May 08 06:51:08 azabache caddy[259395]: {"level":"debug","ts":1651992668.1629841,"logger":"tls.cache","msg":"added certificate to cache","subjects":["metricas.pinayalcachofa.es"],"expiration":1659450230,"
managed":true,"issuer_key":"acme-v02.api.letsencrypt.org-directory","hash":"1c6be685344dac028c2a38068204834019a5c66a0f866f8f5b16444daae6277e","cache_size":2,"cache_capacity":10000}
May 08 06:51:08 azabache caddy[259395]: {"level":"debug","ts":1651992668.1654341,"logger":"tls","msg":"loading managed certificate","domain":"manual.pinayalcachofa.es","expiration":1658843638,"issuer_key"
:"acme-v02.api.letsencrypt.org-directory","storage":"FileStorage:/var/lib/caddy/.local/share/caddy"}
May 08 06:51:08 azabache caddy[259395]: {"level":"debug","ts":1651992668.1673896,"logger":"tls.cache","msg":"added certificate to cache","subjects":["manual.pinayalcachofa.es"],"expiration":1658843638,"ma
naged":true,"issuer_key":"acme-v02.api.letsencrypt.org-directory","hash":"c97b6021e56237a48d22eed5c1a7dd77c4677aeec32dcad0f9473137d05cb49a","cache_size":3,"cache_capacity":10000}
May 08 06:51:08 azabache caddy[259395]: {"level":"info","ts":1651992668.1683724,"msg":"autosaved config (load with --resume flag)","file":"/var/lib/caddy/.config/caddy/autosave.json"}
May 08 06:51:08 azabache caddy[259395]: {"level":"info","ts":1651992668.1688359,"msg":"serving initial configuration"}
May 08 06:51:08 azabache systemd[1]: Started Caddy.
May 08 06:51:14 azabache caddy[259395]: {"level":"debug","ts":1651992674.9387019,"logger":"admin.api","msg":"received request","method":"GET","host":"localhost:2019","uri":"/metrics","remote_ip":"127.0.0.
1","remote_port":"36826","headers":{"Accept":["application/openmetrics-text; version=0.0.1,text/plain;version=0.0.4;q=0.5,*/*;q=0.1"],"Accept-Encoding":["gzip"],"User-Agent":["Prometheus/2.31.2+ds1"],"X-P
rometheus-Scrape-Timeout-Seconds":["10"]}}
May 08 06:51:15 azabache caddy[259395]: {"level":"debug","ts":1651992675.3014572,"logger":"tls.handshake","msg":"no matching certificates and no custom selection logic","identifier":"azabache.narwhal-nomi
nal.ts.net"}
May 08 06:51:15 azabache caddy[259395]: {"level":"debug","ts":1651992675.301618,"logger":"tls.handshake","msg":"no matching certificates and no custom selection logic","identifier":"*.narwhal-nominal.ts.n
et"}
May 08 06:51:15 azabache caddy[259395]: {"level":"debug","ts":1651992675.3016558,"logger":"tls.handshake","msg":"no matching certificates and no custom selection logic","identifier":"*.*.ts.net"}
May 08 06:51:15 azabache caddy[259395]: {"level":"debug","ts":1651992675.3016884,"logger":"tls.handshake","msg":"no matching certificates and no custom selection logic","identifier":"*.*.*.net"}
May 08 06:51:15 azabache caddy[259395]: {"level":"debug","ts":1651992675.3017228,"logger":"tls.handshake","msg":"no matching certificates and no custom selection logic","identifier":"*.*.*.*"}
May 08 06:51:15 azabache caddy[259395]: {"level":"debug","ts":1651992675.3017678,"logger":"tls.handshake","msg":"no certificate matching TLS ClientHello","server_name":"azabache.narwhal-nominal.ts.net","r
emote":"100.106.90.42:56628","identifier":"azabache.narwhal-nominal.ts.net","cipher_suites":[4865,4867,4866,49195,49199,52393,52392,49196,49200,49162,49161,49171,49172,156,157,47,53],"cert_cache_fill":0.0
003,"load_if_necessary":true,"obtain_if_necessary":true,"on_demand":false}
May 08 06:51:15 azabache caddy[259395]: {"level":"debug","ts":1651992675.3019917,"logger":"http.stdlib","msg":"http: TLS handshake error from 100.106.90.42:56628: no certificate available for 'azabache.na
rwhal-nominal.ts.net'"}

5. What I already tried:

I’ve tried removing the domain from Caddyfile and add it again, I tried to remove all other domains and just leave Tailscale one, I’ve also tired restarting Tailscale.

6. Links to relevant resources:

Please post the full logs, there has to be more than just the one line.

@matt here they are

Thanks. Are you sure you have Tailscale configured for HTTPS and Magic DNS? And it’s running on the same host machine? (They’re under Feature Previews currently.)

What happens if you explicitly configure Tailscale manager inside a tls directive? You should get slightly different logs I’d think:

tls {
    get_certificate tailscale 
}

thanks @matt ! after adding the directive you mention, the domains is now working.

but if I remove it and reload again, it fails.

Is this normal behavior? are we supposed to include the tls directive for all Tailscale domains?

Logs:

May 08 16:16:29 azabache systemd[1]: Reloaded Caddy.
May 08 16:16:29 azabache caddy[259395]: {"level":"info","ts":1652026589.7921042,"logger":"admin","msg":"stopped previous server","address":"tcp/localhost:2019"}
May 08 16:16:29 azabache caddy[259395]: {"level":"debug","ts":1652026589.9368486,"logger":"admin.api","msg":"received request","method":"GET","host":"localhost:2019","uri":"/metrics","remote_ip":"127.0.0.
1","remote_port":"36832","headers":{"Accept":["application/openmetrics-text; version=0.0.1,text/plain;version=0.0.4;q=0.5,*/*;q=0.1"],"Accept-Encoding":["gzip"],"User-Agent":["Prometheus/2.31.2+ds1"],"X-P
rometheus-Scrape-Timeout-Seconds":["10"]}}
May 08 16:16:33 azabache caddy[259395]: {"level":"debug","ts":1652026593.5092242,"logger":"tls.handshake","msg":"no matching certificates and no custom selection logic","identifier":"azabache.narwhal-nomi
nal.ts.net"}
May 08 16:16:33 azabache caddy[259395]: {"level":"debug","ts":1652026593.509342,"logger":"tls.handshake","msg":"no matching certificates and no custom selection logic","identifier":"*.narwhal-nominal.ts.n
et"}
May 08 16:16:33 azabache caddy[259395]: {"level":"debug","ts":1652026593.5093896,"logger":"tls.handshake","msg":"no matching certificates and no custom selection logic","identifier":"*.*.ts.net"}
May 08 16:16:33 azabache caddy[259395]: {"level":"debug","ts":1652026593.5094297,"logger":"tls.handshake","msg":"no matching certificates and no custom selection logic","identifier":"*.*.*.net"}
May 08 16:16:33 azabache caddy[259395]: {"level":"debug","ts":1652026593.5094728,"logger":"tls.handshake","msg":"no matching certificates and no custom selection logic","identifier":"*.*.*.*"}
May 08 16:16:33 azabache caddy[259395]: {"level":"debug","ts":1652026593.5240483,"logger":"tls.handshake","msg":"using externally-managed certificate","sni":"azabache.narwhal-nominal.ts.net","names":["aza
bache.narwhal-nominal.ts.net"],"expiration":1656667578}
May 08 16:16:33 azabache caddy[259395]: {"level":"debug","ts":1652026593.817083,"logger":"http.handlers.rewrite","msg":"rewrote request","request":{"remote_ip":"100.106.90.42","remote_port":"59058","proto
":"HTTP/2.0","method":"GET","host":"azabache.narwhal-nominal.ts.net","uri":"/","headers":{"Sec-Fetch-User":["?1"],"Dnt":["1"],"Accept":["text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,im
age/webp,*/*;q=0.8"],"Accept-Language":["en-US,en;q=0.5"],"Accept-Encoding":["gzip, deflate, br"],"Upgrade-Insecure-Requests":["1"],"Sec-Fetch-Dest":["document"],"Sec-Fetch-Mode":["navigate"],"Sec-Fetch-S
ite":["none"],"User-Agent":["Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:102.0) Gecko/20100101 Firefox/102.0"],"Te":["trailers"]},"tls":{"resumed":false,"version":772,"cipher_suite":4867,"proto":"h2"
,"server_name":"azabache.narwhal-nominal.ts.net"}},"method":"GET","uri":"/admin/"}
May 08 16:16:33 azabache caddy[259395]: {"level":"debug","ts":1652026593.8174858,"logger":"http.handlers.reverse_proxy","msg":"selected upstream","dial":"localhost:1080","total_upstreams":1}
May 08 16:16:33 azabache caddy[259395]: {"level":"debug","ts":1652026593.8708634,"logger":"http.handlers.reverse_proxy","msg":"upstream roundtrip","upstream":"localhost:1080","duration":0.053225097,"reque
st":{"remote_ip":"100.106.90.42","remote_port":"59058","proto":"HTTP/2.0","method":"GET","host":"azabache.narwhal-nominal.ts.net","uri":"/admin/","headers":{"Upgrade-Insecure-Requests":["1"],"User-Agent":
["Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:102.0) Gecko/20100101 Firefox/102.0"],"X-Forwarded-For":["100.106.90.42"],"Sec-Fetch-User":["?1"],"Sec-Fetch-Dest":["document"],"Accept":["text/html,appl
ication/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8"],"Accept-Encoding":["gzip, deflate, br"],"Te":["trailers"],"Sec-Fetch-Mode":["navigate"],"X-Forwarded-Proto":["https"],"Dnt":["1"],
"Sec-Fetch-Site":["none"],"Accept-Language":["en-US,en;q=0.5"],"X-Forwarded-Host":["azabache.narwhal-nominal.ts.net"]},"tls":{"resumed":false,"version":772,"cipher_suite":4867,"proto":"h2","server_name":"
azabache.narwhal-nominal.ts.net"}},"headers":{"Date":["Sun, 08 May 2022 16:16:33 GMT"],"Cache-Control":["no-store, no-cache, must-revalidate"],"X-Pi-Hole":["The Pi-hole Web interface is working!"],"Set-Co
okie":[],"X-Frame-Options":["DENY"],"Server":["lighttpd/1.4.63"],"Content-Type":["text/html; charset=UTF-8"],"Pragma":["no-cache"],"Expires":["Thu, 19 Nov 1981 08:52:00 GMT"]},"status":200}
May 08 16:16:33 azabache caddy[259395]: {"level":"debug","ts":1652026593.8882332,"logger":"tls.handshake","msg":"no matching certificates and no custom selection logic","identifier":"azabache.narwhal-nomi
nal.ts.net"}
May 08 16:16:33 azabache caddy[259395]: {"level":"debug","ts":1652026593.8883207,"logger":"tls.handshake","msg":"no matching certificates and no custom selection logic","identifier":"*.narwhal-nominal.ts.
net"}
May 08 16:16:33 azabache caddy[259395]: {"level":"debug","ts":1652026593.888344,"logger":"tls.handshake","msg":"no matching certificates and no custom selection logic","identifier":"*.*.ts.net"}
May 08 16:16:33 azabache caddy[259395]: {"level":"debug","ts":1652026593.8883643,"logger":"tls.handshake","msg":"no matching certificates and no custom selection logic","identifier":"*.*.*.net"}
May 08 16:16:33 azabache caddy[259395]: {"level":"debug","ts":1652026593.8883843,"logger":"tls.handshake","msg":"no matching certificates and no custom selection logic","identifier":"*.*.*.*"}
May 08 16:16:33 azabache caddy[259395]: {"level":"debug","ts":1652026593.8884294,"logger":"tls.handshake","msg":"no certificate matching TLS ClientHello","server_name":"azabache.narwhal-nominal.ts.net","r
emote":"100.106.90.42:56370","identifier":"azabache.narwhal-nominal.ts.net","cipher_suites":[4865,4867,4866],"cert_cache_fill":0.0003,"load_if_necessary":true,"obtain_if_necessary":true,"on_demand":false}
May 08 16:16:33 azabache caddy[259395]: {"level":"debug","ts":1652026593.9792194,"logger":"http.handlers.rewrite","msg":"rewrote request","request":{"remote_ip":"100.106.90.42","remote_port":"59058","prot
o":"HTTP/2.0","method":"GET","host":"azabache.narwhal-nominal.ts.net","uri":"/style/vendor/SourceSansPro/SourceSansPro.css?v=1650858919","headers":{"Sec-Fetch-Dest":["style"],"Sec-Fetch-Mode":["no-cors"],
"Sec-Fetch-Site":["same-origin"],"Te":["trailers"],"Accept":["text/css,*/*;q=0.1"],"Accept-Language":["en-US,en;q=0.5"],"Dnt":["1"],"Referer":["https://azabache.narwhal-nominal.ts.net/"],"User-Agent":["Mo
zilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:102.0) Gecko/20100101 Firefox/102.0"],"Accept-Encoding":["gzip, deflate, br"],"Cookie":[]},"tls":{"resumed":false,"version":772,"cipher_suite":4867,"proto":"
h2","server_name":"azabache.narwhal-nominal.ts.net"}},"method":"GET","uri":"/admin/style/vendor/SourceSansPro/SourceSansPro.css?v=1650858919"}

That’s weird. I have a hunch. What if you remove the email global option and also remove the TLS directive?

Indeed, removing both email and tls directives makes it work again.

Logs:

May 09 01:37:10 azabache systemd[1]: Reloaded Caddy.
May 09 01:37:14 azabache caddy[259395]: {"level":"debug","ts":1652060234.70634,"logger":"tls.handshake","msg":"no matching certificates and no custom selection logic","identifier":"azabache.narwhal-nominal.ts.net"}
May 09 01:37:14 azabache caddy[259395]: {"level":"debug","ts":1652060234.7071037,"logger":"tls.handshake","msg":"no matching certificates and no custom selection logic","identifier":"*.narwhal-nominal.ts.net"}
May 09 01:37:14 azabache caddy[259395]: {"level":"debug","ts":1652060234.7071908,"logger":"tls.handshake","msg":"no matching certificates and no custom selection logic","identifier":"*.*.ts.net"}
May 09 01:37:14 azabache caddy[259395]: {"level":"debug","ts":1652060234.7072437,"logger":"tls.handshake","msg":"no matching certificates and no custom selection logic","identifier":"*.*.*.net"}
May 09 01:37:14 azabache caddy[259395]: {"level":"debug","ts":1652060234.7072904,"logger":"tls.handshake","msg":"no matching certificates and no custom selection logic","identifier":"*.*.*.*"}
May 09 01:37:14 azabache caddy[259395]: {"level":"debug","ts":1652060234.7073534,"logger":"tls.handshake","msg":"no certificate matching TLS ClientHello","server_name":"azabache.narwhal-nominal.ts.net","remote":"100.113.84.16:60780","identifier":"azabach
e.narwhal-nominal.ts.net","cipher_suites":[4865,4867,4866],"cert_cache_fill":0.0003,"load_if_necessary":true,"obtain_if_necessary":true,"on_demand":false}
May 09 01:37:14 azabache caddy[259395]: {"level":"debug","ts":1652060234.7066667,"logger":"tls.handshake","msg":"no matching certificates and no custom selection logic","identifier":"azabache.narwhal-nominal.ts.net"}
May 09 01:37:14 azabache caddy[259395]: {"level":"debug","ts":1652060234.7075121,"logger":"tls.handshake","msg":"no matching certificates and no custom selection logic","identifier":"*.narwhal-nominal.ts.net"}
May 09 01:37:14 azabache caddy[259395]: {"level":"debug","ts":1652060234.7075765,"logger":"tls.handshake","msg":"no matching certificates and no custom selection logic","identifier":"*.*.ts.net"}
May 09 01:37:14 azabache caddy[259395]: {"level":"debug","ts":1652060234.7076259,"logger":"tls.handshake","msg":"no matching certificates and no custom selection logic","identifier":"*.*.*.net"}
May 09 01:37:14 azabache caddy[259395]: {"level":"debug","ts":1652060234.7076771,"logger":"tls.handshake","msg":"no matching certificates and no custom selection logic","identifier":"*.*.*.*"}
May 09 01:37:14 azabache caddy[259395]: {"level":"debug","ts":1652060234.725419,"logger":"tls.handshake","msg":"using externally-managed certificate","sni":"azabache.narwhal-nominal.ts.net","names":["azabache.narwhal-nominal.ts.net"],"expiration":1656667
578}
May 09 01:37:14 azabache caddy[259395]: {"level":"debug","ts":1652060234.7373838,"logger":"tls.handshake","msg":"no matching certificates and no custom selection logic","identifier":"azabache.narwhal-nominal.ts.net"}
May 09 01:37:14 azabache caddy[259395]: {"level":"debug","ts":1652060234.7374876,"logger":"tls.handshake","msg":"no matching certificates and no custom selection logic","identifier":"*.narwhal-nominal.ts.net"}
May 09 01:37:14 azabache caddy[259395]: {"level":"debug","ts":1652060234.7375221,"logger":"tls.handshake","msg":"no matching certificates and no custom selection logic","identifier":"*.*.ts.net"}
May 09 01:37:14 azabache caddy[259395]: {"level":"debug","ts":1652060234.7375517,"logger":"tls.handshake","msg":"no matching certificates and no custom selection logic","identifier":"*.*.*.net"}
May 09 01:37:14 azabache caddy[259395]: {"level":"debug","ts":1652060234.7375803,"logger":"tls.handshake","msg":"no matching certificates and no custom selection logic","identifier":"*.*.*.*"}
May 09 01:37:14 azabache caddy[259395]: {"level":"debug","ts":1652060234.7472384,"logger":"tls.handshake","msg":"using externally-managed certificate","sni":"azabache.narwhal-nominal.ts.net","names":["azabache.narwhal-nominal.ts.net"],"expiration":165666
7578}
May 09 01:37:14 azabache caddy[259395]: {"level":"debug","ts":1652060234.937771,"logger":"admin.api","msg":"received request","method":"GET","host":"localhost:2019","uri":"/metrics","remote_ip":"127.0.0.1","remote_port":"36844","headers":{"Accept":["appl
ication/openmetrics-text; version=0.0.1,text/plain;version=0.0.4;q=0.5,*/*;q=0.1"],"Accept-Encoding":["gzip"],"User-Agent":["Prometheus/2.31.2+ds1"],"X-Prometheus-Scrape-Timeout-Seconds":["10"]}}
May 09 01:37:15 azabache caddy[259395]: {"level":"debug","ts":1652060235.1253004,"logger":"http.handlers.rewrite","msg":"rewrote request","request":{"remote_ip":"100.113.84.16","remote_port":"49546","proto":"HTTP/2.0","method":"GET","host":"azabache.narw
hal-nominal.ts.net","uri":"/","headers":{"Cookie":[],"Upgrade-Insecure-Requests":["1"],"Sec-Fetch-User":["?1"],"User-Agent":["Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:102.0) Gecko/20100101 Firefox/102.0"],"Accept-Language":["en-US,en;q=0.5"],"Dnt
":["1"],"Sec-Fetch-Dest":["document"],"Sec-Fetch-Mode":["navigate"],"Sec-Fetch-Site":["none"],"Te":["trailers"],"Accept":["text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8"],"Accept-Encoding":["gzip, deflate, br"],"Al
t-Used":["azabache.narwhal-nominal.ts.net"]},"tls":{"resumed":false,"version":772,"cipher_suite":4867,"proto":"h2","server_name":"azabache.narwhal-nominal.ts.net"}},"method":"GET","uri":"/admin/"}
May 09 01:37:15 azabache caddy[259395]: {"level":"debug","ts":1652060235.1256385,"logger":"http.handlers.reverse_proxy","msg":"selected upstream","dial":"localhost:1080","total_upstreams":1}
May 09 01:37:15 azabache caddy[259395]: {"level":"debug","ts":1652060235.1797087,"logger":"http.handlers.reverse_proxy","msg":"upstream roundtrip","upstream":"localhost:1080","duration":0.053918875,"request":{"remote_ip":"100.113.84.16","remote_port":"49
546","proto":"HTTP/2.0","method":"GET","host":"azabache.narwhal-nominal.ts.net","uri":"/admin/","headers":{"Cookie":[],"X-Forwarded-Proto":["https"],"X-Forwarded-Host":["azabache.narwhal-nominal.ts.net"],"Sec-Fetch-User":["?1"],"Accept-Language":["en-US,
en;q=0.5"],"Dnt":["1"],"Accept":["text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8"],"Upgrade-Insecure-Requests":["1"],"Sec-Fetch-Site":["none"],"Te":["trailers"],"Accept-Encoding":["gzip, deflate, br"],"X-Forwarded-F
or":["100.113.84.16"],"User-Agent":["Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:102.0) Gecko/20100101 Firefox/102.0"],"Sec-Fetch-Mode":["navigate"],"Alt-Used":["azabache.narwhal-nominal.ts.net"],"Sec-Fetch-Dest":["document"]},"tls":{"resumed":false
,"version":772,"cipher_suite":4867,"proto":"h2","server_name":"azabache.narwhal-nominal.ts.net"}},"headers":{"Content-Type":["text/html; charset=UTF-8"],"Date":["Mon, 09 May 2022 01:37:14 GMT"],"Server":["lighttpd/1.4.63"],"Cache-Control":["no-store, no-
cache, must-revalidate"],"Set-Cookie":[],"X-Frame-Options":["DENY"],"X-Pi-Hole":["The Pi-hole Web interface is working!"],"Expires":["Thu, 19 Nov 1981 08:52:00 GMT"],"Pragma":["no-cache"]},"status":200}
1 Like

Okay, so probably a faulty Caddyfile → JSON adaptation. Hmmm. :thinking:

should I open an issue in Github then?

1 Like

Actually, yes! That would be helpful. Thanks.

Bonus points if you want to help investigate the cause :eyes: