No redirection to HTTPS site

Ashfaque_Shaikh · July 17, 2023, 11:54am

1. The problem I’m having:

Certain devices, when accessed with Caddy, redirect to HTTP rather than HTTPS. If I enter the device IP directly into the browser, it works great in HTTPS but not through caddy.

2. Error messages and/or full log output:

Jul 17 15:34:48 LA-255 caddy[1449]: {"level":"warn","ts":1689588288.9644248,"logger":"tls","msg":"stapling OCSP","error":"no OCSP stapling for [northciscos1.idfy.local]: no OCSP server specified in certificate","identifiers":["northciscos1.idfy.local"]}
Jul 17 15:34:48 LA-255 caddy[1449]: {"level":"debug","ts":1689588288.9644325,"logger":"tls.cache","msg":"added certificate to cache","subjects":["northciscos1.idfy.local"],"expiration":1689630167,"managed":true,"issuer_key":"local","hash":"f60f849fbf5565b7f1ad130d85cc6da5407fdf349715fe1a2319b674fd543351","cache_size":7,"cache_capacity":10000}
Jul 17 15:34:48 LA-255 caddy[1449]: {"level":"debug","ts":1689588288.9644432,"logger":"events","msg":"event","name":"cached_managed_cert","id":"e4621a43-b298-4284-9843-3214df883a61","origin":"tls","data":{"sans":["northciscos1.idfy.local"]}}
Jul 17 15:34:48 LA-255 caddy[1449]: {"level":"debug","ts":1689588288.964459,"logger":"http","msg":"servers shutting down with eternal grace period"}
Jul 17 15:34:48 LA-255 caddy[1449]: {"level":"info","ts":1689588288.9645457,"logger":"tls.cache.maintenance","msg":"stopped background certificate maintenance","cache":"0xc0003f87e0"}
Jul 17 15:34:48 LA-255 caddy[1449]: {"level":"info","ts":1689588288.9647782,"msg":"autosaved config (load with --resume flag)","file":"/var/lib/caddy/.config/caddy/autosave.json"}
Jul 17 15:34:48 LA-255 caddy[1449]: {"level":"info","ts":1689588288.9648135,"logger":"admin.api","msg":"load complete"}
Jul 17 15:34:48 LA-255 caddy[1449]: {"level":"info","ts":1689588288.9658685,"logger":"admin","msg":"stopped previous server","address":"localhost:2019"}

3. Caddy version:

v2.6.4 h1:2hwYqiRwk1tf3VruhMpLcYTg+11fCdr8S3jhNAdnPy8=

4. Curl command output:

*   Trying 10.10.10.10:443...
* Connected to northciscos1.idfy.local (10.10.10.10) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
*  CAfile: /etc/ssl/certs/ca-certificates.crt
*  CApath: /etc/ssl/certs
* TLSv1.0 (OUT), TLS header, Certificate Status (22):
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS header, Certificate Status (22):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS header, Finished (20):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (OUT), TLS header, Unknown (21):
* TLSv1.3 (OUT), TLS alert, unknown CA (560):
* SSL certificate problem: self-signed certificate
* Closing connection 0
curl: (60) SSL certificate problem: self-signed certificate
More details here: https://curl.se/docs/sslcerts.html

curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.

a. System environment:

Ubuntu 22.04.2 LTS

b. My complete Caddy config:

{
        debug
}


northciscos1.idfy.local {
        reverse_proxy 10.10.10.10
        tls internal    
}
northciscos2.idfy.local {
        reverse_proxy 10.10.10.8
        tls internal
}
firewall.idfy.local {
        reverse_proxy 10.10.10.1:17322
        tls internal
}

southciscos1.idfy.local {
        reverse_proxy 10.10.20.10
        tls internal
}
southciscos2.idfy.local {
        reverse_proxy 10.10.20.11
        tls internal
}
arubawifi.idfy.local {
        reverse_proxy 10.10.30.2
        tls internal
}
smartoffice.idfy.local {
        reverse_proxy 172.16.3.251:82
        tls internal
}

francislavoie · July 18, 2023, 1:47am

I don’t understand. Neither your logs nor your curl command show evidence of a redirect. And you omitted the actual curl command you ran and only shared its output, so I don’t know what you tried.

Are you sure your DNS is correctly pointed to your Caddy server’s IP address?

Ashfaque_Shaikh · July 18, 2023, 5:39am

I’m having trouble with two devices: northciscos1.idfy.local and northciscos2.idfy.local. The issue is that when I try to visit the device using the above domain name, I get a device page but the browser bar says HTTP rather than HTTPS. So I’m not sure if it’s related to Caddy or some other configuration. If you look at the Curl command output, you’ll notice that one message says, curl failed to verify legitimacy of the server.

francislavoie · July 18, 2023, 7:20am

Okay, and are you sure those domains have their DNS pointing to your Caddy server?

Ashfaque_Shaikh · July 21, 2023, 5:31am

Please accept my apologies for the delay. Thank you; it is now working.

system · August 20, 2023, 5:32am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.