Odd Behavior in Debian 10 buster (possibly unrelated)

drkstr101 · January 22, 2021, 7:04pm

1. Caddy version (`caddy version`):

v2.3.0 h1:fnrqJLa3G5vfxcxmOH/+kJOcunPLhSBnjgIvjXV/QTA=

2. How I run Caddy:

PRETTY_NAME=“Debian GNU/Linux 10 (buster)”
NAME=“Debian GNU/Linux”
VERSION_ID=“10”
VERSION=“10 (buster)”
VERSION_CODENAME=buster
ID=debian
HOME_URL=“https://www.debian.org/”
SUPPORT_URL=“Debian -- Support”
BUG_REPORT_URL=“https://bugs.debian.org/”
root@sfo3-watheia-gatekeeper-01:/etc/caddy# caddy version
v2.3.0 h1:fnrqJLa3G5vfxcxmOH/+kJOcunPLhSBnjgIvjXV/QTA=

Note:

xcaddy build \
  --with github.com/greenpau/caddy-auth-portal \
  --with github.com/greenpau/caddy-auth-jwt \
  --with github.com/greenpau/caddy-trace

cd /etc/caddy; caddy run --watch

d. My complete Caddyfile or JSON config:

{
  http_port 80
  https_port 443
  debug
  acme_ca "https://acme-staging-v02.api.letsencrypt.org/directory"
  email "amiller@watheia.org"
}

watheia.org {
  encode zstd gzip
  templates
  file_server browse

  root * /var/www/html

  route / {
    # redir https://{hostport}/auth 302
    respond * "OK" 200
  }
}

3. The problem I’m having:

I’m not exactly sure if it’s an error per-say, but I was hoping to understand some strange (to me) log output once I tried to setup caddy in production. I’ve gotten it to work fine on Ubuntu 20.04, but now I am trying to set it up on minimal Debian 10.

4. Error messages and/or full log output:

"]}}
2021/01/22 18:44:15.078 DEBUG   tls.issuance.acme.acme_client   no solver configured    {"challenge_type": "dns-01"}
2021/01/22 18:44:15.084 DEBUG   http.stdlib     http: TLS handshake error from 190.239.91.19:27828: no certificate available for 'whatsapp.net'
2021/01/22 18:44:15.133 DEBUG   tls.issuance.acme.acme_client   http request    {"method": "POST", "url": "https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/196658290", "headers": {"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.3.0 CertMagic acmez (linux; amd64)"]}, "status_code": 200, "response_headers": {"Boulder-Requester":["17655485"],"Cache-Control":["public, max-age=0, no-cache"],"Content-Length":["814"],"Content-Type":["application/json"],"Date":["Fri, 22 Jan 2021 18:44:15 GMT"],"Link":["<https://acme-staging-v02.api.letsencrypt.org/directory>;rel=\"index\""],"Replay-Nonce":["0003dkSL19H6V_sXxckSvv0L3KdwDcT7iT4to99iT9Z1vxc"],"Server":["nginx"],"Strict-Transport-Security":["max-age=604800"],"X-Frame-Options":["DENY"]}}
2021/01/22 18:44:15.133 ERROR   tls.obtain      will retry      {"error": "[watheia.org] Obtain: [watheia.org] solving challenges: watheia.org: no solvers available for remaining challenges (configured=[http-01 tls-alpn-01] offered=[http-01 dns-01 tls-alpn-01] remaining=[dns-01]) (order=https://acme-staging-v02.api.letsencrypt.org/acme/order/17655485/226692163) (ca=https://acme-staging-v02.api.letsencrypt.org/directory)", "attempt": 1, "retrying_in": 60, "elapsed": 3.225629839, "max_duration": 2592000}
2021/01/22 18:44:15.698 DEBUG   http.stdlib     http: TLS handshake error from 190.236.12.252:63808: no certificate available for 'whatsapp.net'
2021/01/22 18:44:17.032 DEBUG   http.stdlib     http: TLS handshake error from 190.239.91.19:27829: no certificate available for 'whatsapp.net'
2021/01/22 18:44:17.176 DEBUG   http.stdlib     http: TLS handshake error from 190.236.12.252:63809: no certificate available for 'whatsapp.net'
2021/01/22 18:44:18.379 DEBUG   http.stdlib     http: TLS handshake error from 190.236.6.133:6803: no certificate available for 'whatsapp.net'
2021/01/22 18:44:18.698 DEBUG   http.stdlib     http: TLS handshake error from 190.236.12.252:63810: no certificate available for 'whatsapp.net'
2021/01/22 18:44:20.300 DEBUG   http.stdlib     http: TLS handshake error from 190.236.12.252:63811: no certificate available for 'whatsapp.net'
2021/01/22 18:44:20.687 DEBUG   http.stdlib     http: TLS handshake error from 190.239.91.19:27830: no certificate available for 'whatsapp.net'
2021/01/22 18:44:21.870 DEBUG   http.stdlib     http: TLS handshake error from 190.236.12.252:63812: no certificate available for 'whatsapp.net'
2021/01/22 18:44:22.040 DEBUG   http.stdlib     http: TLS handshake error from 190.239.95.213:36584: no certificate available for 'whatsapp.net'
2021/01/22 18:44:23.383 DEBUG   http.stdlib     http: TLS handshake error from 190.236.12.252:63813: no certificate available for 'whatsapp.net'
2021/01/22 18:44:23.688 DEBUG   http.stdlib     http: TLS handshake error from 190.239.91.19:27831: no certificate available for 'whatsapp.net'
2021/01/22 18:44:24.855 DEBUG   http.stdlib     http: TLS handshake error from 190.236.12.252:63814: no certificate available for 'whatsapp.net'
2021/01/22 18:44:26.399 DEBUG   http.stdlib     http: TLS handshake error from 190.236.12.252:63815: no certificate available for 'whatsapp.net'
2021/01/22 18:44:28.011 DEBUG   http.stdlib     http: TLS handshake error from 190.236.12.252:63816: no certificate available for 'whatsapp.net'
2021/01/22 18:44:28.289 DEBUG   http.stdlib     http: TLS handshake error from 190.239.91.19:27776: no certificate available for 'whatsapp.net'
2021/01/22 18:44:29.328 DEBUG   http.stdlib     http: TLS handshake error from 190.236.6.133:6808: no certificate available for 'whatsapp.net'
2021/01/22 18:44:29.537 DEBUG   http.stdlib     http: TLS handshake error from 190.236.12.252:63817: no certificate available for 'whatsapp.net'
2021/01/22 18:44:30.996 DEBUG   http.stdlib     http: TLS handshake error from 190.236.12.252:63818: no certificate available for 'whatsapp.net'
2021/01/22 18:44:32.331 DEBUG   http.stdlib     http: TLS handshake error from 190.239.91.19:27778: no certificate available for 'whatsapp.net'
2021/01/22 18:44:32.458 DEBUG   http.stdlib     http: TLS handshake error from 190.236.12.252:63819: no certificate available for 'whatsapp.net'
2021/01/22 18:44:33.903 DEBUG   http.stdlib     http: TLS handshake error from 190.236.12.252:63821: no certificate available for 'whatsapp.net'
2021/01/22 18:44:35.385 DEBUG   http.stdlib     http: TLS handshake error from 190.236.12.252:63822: no certificate available for 'whatsapp.net'
2021/01/22 18:44:36.550 DEBUG   http.stdlib     http: TLS handshake error from 190.236.5.200:31415: no certificate available for 'whatsapp.net'
2021/01/22 18:44:36.854 DEBUG   http.stdlib     http: TLS handshake error from 190.236.12.252:63823: no certificate available for 'whatsapp.net'
2021/01/22 18:44:37.793 DEBUG   http.stdlib     http: TLS handshake error from 190.239.91.19:27780: no certificate available for 'whatsapp.net'
2021/01/22 18:44:38.396 DEBUG   http.stdlib     http: TLS handshake error from 190.236.12.252:63824: no certificate available for 'whatsapp.net'

It’s all the whatsapp.net entries I’m curious about. To my knowledge there is no reason for this server to be communicating with whatsapp.net, unless it was something that came with default Debian 10, go14, or caddy (plus dependencies to run all the above).

A couple notes:

DNS hasn’t resolved yet, so the failed ACME challenge is expected
I was unable to actually build w/ xcaddy on that machine itself, so I built on devbox and rsync over (possibly with different versions of go, now that I think about it…).
I think this is actually a new version than the one I confirmed as working on staging (2.2 then => 2.3 now), so maybe this is just a new feature working as expected

5. What I already tried:

Searching for any relevant info did not turn up mutch, but I am on a fresh “Google” so it hasn’t really learned my search habits yet.

Update: I just confirmed these messages do not show up in Ubuntu 20.04 using same build/Caddyfile

Any relevant info, even a “this probably has nothing to do with caddy” would be greatly appreciated.

Cheers, and thank you for your time!

~Aaron

francislavoie · January 23, 2021, 2:09am

Those messages mean that Caddy received requests for whatsapp.net but could not handle them because it doesn’t have a matching certificate. I couldn’t say why you’re getting these requests, but it’s harmless. Often it’s just bots/crawlers that happen to hit your IP address, trying to scan for potentially vulnerable servers.

drkstr101 · January 23, 2021, 3:29am

Hmm, I’m not so sure it’s just bots, because they only show up in Debian 10. Possibly it’s Debian 10 itself, which means there is something going on here that I don’t understand, which I will need to address somehow. (hardened webserver in default mode, constantly talking to talking whatsapp… they just keep coming until I shut it down, about a 1/2 sec interval…)

Luckily this was just an experiment to see if I could upgrade without issue. Even if it’s harmless, would like to better understand the source before sending it out in the wild.

Thank you for your feedback! You gave me what I needed to know to move forward. I need to do some tracing at the edge, or do some more reading/debugging on Debian 10 update.

If no one minds, I will leave this thread up and report back any findings here, in case anyone is as interested in the mystery as I am. =)

system · February 21, 2021, 7:05pm

This topic was automatically closed after 30 days. New replies are no longer allowed.