On demand ssl not working - only first test domain is ssl active

Hi all,

i have installed caddy on ubuntu 24 and configured the Caddyfile

# The Caddyfile is an easy way to configure your Caddy web server.
#
# Unless the file starts with a global options block, the first
# uncommented line is always the address of your site.
#
# To use your own domain name (with automatic HTTPS), first make
# sure your domain's A/AAAA DNS records are properly pointed to
# this machine's public IP, then replace ":80" below with your
# domain name.


        # Set this path to your site's directory.
{
        on_demand_tls {
                ask http://expired.nameservers.ma/caddy/ask     
}
}

https:// {
    tls {
        on_demand
    }
    root *  /usr/share/caddy
    file_server
}
http://expired.nameservers.ma, https://expired.nameservers.ma {

    root *  /usr/share/caddy
    file_server
}

# Refer to the Caddy docs for more information:
# https://caddyserver.com/docs/caddyfile

Only expired.nameservers.ma serve with SSL, any other domain name pointing to the server ip only works ( without SSL ) in I enable http:// part

Please fill out the help topic template as per the forum rules. Show your logs. Show example requests using curl -v.

Dear,

Really I did not understood the topic template, but I’ll provide more details:

Ubuntu 24 with Caddy Version

root@ex:~# caddy -v
v2.8.4 h1:q3pe0wpBj1OcHFZ3n/1nl4V4bxBrYoSoab7rL9BMYNk=

The Caddy File

# The Caddyfile is an easy way to configure your Caddy web server.
#
# Unless the file starts with a global options block, the first
# uncommented line is always the address of your site.
#
# To use your own domain name (with automatic HTTPS), first make
# sure your domain's A/AAAA DNS records are properly pointed to
# this machine's public IP, then replace ":80" below with your
# domain name.


        # Set this path to your site's directory.
{
        on_demand_tls {
                ask http://expired.nameservers.ma/caddy/ask     
}
}

https:// {
    tls {
        on_demand
    }
    root *  /usr/share/caddy
    file_server
}
http://expired.nameservers.ma, https://expired.nameservers.ma {

    root *  /usr/share/caddy
    file_server
}

# Refer to the Caddy docs for more information:
# https://caddyserver.com/docs/caddyfile

The Caddy Log

journalctl --no-pager -u caddy

Nov 07 02:55:05 server systemd[1]: Reloading Caddy...
Nov 07 02:55:05 server caddy[2238]: {"level":"info","ts":1730948105.5361927,"msg":"using config from file","file":"/etc/caddy/Caddyfile"}
Nov 07 02:55:05 server caddy[2238]: {"level":"info","ts":1730948105.538317,"msg":"adapted config to JSON","adapter":"caddyfile"}
Nov 07 02:55:05 server caddy[2238]: {"level":"warn","ts":1730948105.5383446,"msg":"Caddyfile input is not formatted; run 'caddy fmt --overwrite' to fix inconsistencies","adapter":"caddyfile","file":"/etc/caddy/Caddyfile","line":12}
Nov 07 02:55:05 server caddy[663]: {"level":"info","ts":1730948105.5396686,"logger":"admin.api","msg":"received request","method":"POST","host":"localhost:2019","uri":"/load","remote_ip":"127.0.0.1","remote_port":"51926","headers":{"Accept-Encoding":["gzip"],"Cache-Control":["must-revalidate"],"Content-Length":["1302"],"Content-Type":["application/json"],"Origin":["http://localhost:2019"],"User-Agent":["Go-http-client/1.1"]}}
Nov 07 02:55:05 server caddy[663]: {"level":"info","ts":1730948105.541046,"logger":"admin","msg":"admin endpoint started","address":"localhost:2019","enforce_origin":false,"origins":["//127.0.0.1:2019","//localhost:2019","//[::1]:2019"]}
Nov 07 02:55:05 server caddy[663]: {"level":"info","ts":1730948105.5414145,"logger":"http.auto_https","msg":"enabling automatic HTTP->HTTPS redirects","server_name":"srv0"}
Nov 07 02:55:05 server caddy[663]: {"level":"warn","ts":1730948105.5414414,"logger":"http.auto_https","msg":"server is listening only on the HTTP port, so no automatic HTTPS will be applied to this server","server_name":"srv1","http_port":80}
Nov 07 02:55:05 server caddy[663]: {"level":"info","ts":1730948105.542047,"logger":"http","msg":"enabling HTTP/3 listener","addr":":443"}
Nov 07 02:55:05 server caddy[663]: {"level":"info","ts":1730948105.5420752,"logger":"http.log","msg":"server running","name":"srv0","protocols":["h1","h2","h3"]}
Nov 07 02:55:05 server caddy[663]: {"level":"info","ts":1730948105.5421145,"logger":"http.log","msg":"server running","name":"srv1","protocols":["h1","h2","h3"]}
Nov 07 02:55:05 server caddy[663]: {"level":"info","ts":1730948105.5421205,"logger":"http","msg":"enabling automatic TLS certificate management","domains":["expired.nameservers.ma"]}
Nov 07 02:55:05 server caddy[663]: {"level":"info","ts":1730948105.5428908,"logger":"http","msg":"servers shutting down with eternal grace period"}
Nov 07 02:55:05 server caddy[663]: {"level":"info","ts":1730948105.5437503,"msg":"autosaved config (load with --resume flag)","file":"/var/lib/caddy/.config/caddy/autosave.json"}
Nov 07 02:55:05 server caddy[663]: {"level":"info","ts":1730948105.5437996,"logger":"admin.api","msg":"load complete"}
Nov 07 02:55:05 server caddy[663]: {"level":"info","ts":1730948105.5462394,"logger":"admin","msg":"stopped previous server","address":"localhost:2019"}
Nov 07 02:55:05 server systemd[1]: Reloaded Caddy.
Nov 07 02:55:06 server caddy[663]: {"level":"error","ts":1730948106.090279,"logger":"tls","msg":"failed to get permission for on-demand certificate","domain":"expired.nameservers.ma","error":"checking https://expired.nameservers.ma/ask to determine if certificate for hostname 'expired.nameservers.ma' should be allowed: Get \"https://expired.nameservers.ma/ask?domain=expired.nameservers.ma\": EOF"}
Nov 07 02:58:18 server systemd[1]: Reloading Caddy...
Nov 07 02:58:19 server caddy[2253]: {"level":"info","ts":1730948299.002485,"msg":"using config from file","file":"/etc/caddy/Caddyfile"}
Nov 07 02:58:19 server caddy[2253]: {"level":"info","ts":1730948299.0082428,"msg":"adapted config to JSON","adapter":"caddyfile"}
Nov 07 02:58:19 server caddy[2253]: {"level":"warn","ts":1730948299.0086653,"msg":"Caddyfile input is not formatted; run 'caddy fmt --overwrite' to fix inconsistencies","adapter":"caddyfile","file":"/etc/caddy/Caddyfile","line":12}
Nov 07 02:58:19 server caddy[663]: {"level":"info","ts":1730948299.0118287,"logger":"admin.api","msg":"received request","method":"POST","host":"localhost:2019","uri":"/load","remote_ip":"127.0.0.1","remote_port":"37838","headers":{"Accept-Encoding":["gzip"],"Cache-Control":["must-revalidate"],"Content-Length":["974"],"Content-Type":["application/json"],"Origin":["http://localhost:2019"],"User-Agent":["Go-http-client/1.1"]}}
Nov 07 02:58:19 server caddy[663]: {"level":"info","ts":1730948299.0142498,"logger":"admin","msg":"admin endpoint started","address":"localhost:2019","enforce_origin":false,"origins":["//localhost:2019","//[::1]:2019","//127.0.0.1:2019"]}
Nov 07 02:58:19 server caddy[663]: {"level":"info","ts":1730948299.015237,"logger":"http.auto_https","msg":"enabling automatic HTTP->HTTPS redirects","server_name":"srv0"}
Nov 07 02:58:19 server caddy[663]: {"level":"warn","ts":1730948299.0153103,"logger":"http.auto_https","msg":"server is listening only on the HTTP port, so no automatic HTTPS will be applied to this server","server_name":"srv1","http_port":80}
Nov 07 02:58:19 server caddy[663]: {"level":"info","ts":1730948299.0160089,"logger":"http","msg":"enabling HTTP/3 listener","addr":":443"}
Nov 07 02:58:19 server caddy[663]: {"level":"info","ts":1730948299.016116,"logger":"http.log","msg":"server running","name":"srv0","protocols":["h1","h2","h3"]}
Nov 07 02:58:19 server caddy[663]: {"level":"info","ts":1730948299.016219,"logger":"http.log","msg":"server running","name":"srv1","protocols":["h1","h2","h3"]}
Nov 07 02:58:19 server caddy[663]: {"level":"info","ts":1730948299.016257,"logger":"http","msg":"servers shutting down with eternal grace period"}
Nov 07 02:58:19 server caddy[663]: {"level":"info","ts":1730948299.017369,"msg":"autosaved config (load with --resume flag)","file":"/var/lib/caddy/.config/caddy/autosave.json"}
Nov 07 02:58:19 server caddy[663]: {"level":"info","ts":1730948299.018239,"logger":"admin.api","msg":"load complete"}
Nov 07 02:58:19 server systemd[1]: Reloaded Caddy.
Nov 07 02:58:19 server caddy[663]: {"level":"info","ts":1730948299.0234504,"logger":"admin","msg":"stopped previous server","address":"localhost:2019"}
Nov 07 03:00:49 server systemd[1]: Reloading Caddy...
Nov 07 03:00:49 server caddy[2264]: {"level":"info","ts":1730948449.365153,"msg":"using config from file","file":"/etc/caddy/Caddyfile"}
Nov 07 03:00:49 server caddy[2264]: {"level":"info","ts":1730948449.368472,"msg":"adapted config to JSON","adapter":"caddyfile"}
Nov 07 03:00:49 server caddy[2264]: {"level":"warn","ts":1730948449.3685164,"msg":"Caddyfile input is not formatted; run 'caddy fmt --overwrite' to fix inconsistencies","adapter":"caddyfile","file":"/etc/caddy/Caddyfile","line":12}
Nov 07 03:00:49 server caddy[663]: {"level":"info","ts":1730948449.3712387,"logger":"admin.api","msg":"received request","method":"POST","host":"localhost:2019","uri":"/load","remote_ip":"127.0.0.1","remote_port":"34542","headers":{"Accept-Encoding":["gzip"],"Cache-Control":["must-revalidate"],"Content-Length":["974"],"Content-Type":["application/json"],"Origin":["http://localhost:2019"],"User-Agent":["Go-http-client/1.1"]}}
Nov 07 03:00:49 server caddy[663]: {"level":"info","ts":1730948449.3741136,"logger":"admin","msg":"admin endpoint started","address":"localhost:2019","enforce_origin":false,"origins":["//localhost:2019","//[::1]:2019","//127.0.0.1:2019"]}
Nov 07 03:00:49 server caddy[663]: {"level":"info","ts":1730948449.3745995,"logger":"http.auto_https","msg":"enabling automatic HTTP->HTTPS redirects","server_name":"srv0"}
Nov 07 03:00:49 server caddy[663]: {"level":"warn","ts":1730948449.3746605,"logger":"http.auto_https","msg":"server is listening only on the HTTP port, so no automatic HTTPS will be applied to this server","server_name":"srv1","http_port":80}
Nov 07 03:00:49 server caddy[663]: {"level":"info","ts":1730948449.3755262,"logger":"http","msg":"enabling HTTP/3 listener","addr":":443"}
Nov 07 03:00:49 server caddy[663]: {"level":"info","ts":1730948449.375622,"logger":"http.log","msg":"server running","name":"srv0","protocols":["h1","h2","h3"]}
Nov 07 03:00:49 server caddy[663]: {"level":"info","ts":1730948449.3757076,"logger":"http.log","msg":"server running","name":"srv1","protocols":["h1","h2","h3"]}
Nov 07 03:00:49 server caddy[663]: {"level":"info","ts":1730948449.375732,"logger":"http","msg":"servers shutting down with eternal grace period"}
Nov 07 03:00:49 server caddy[663]: {"level":"info","ts":1730948449.3764546,"msg":"autosaved config (load with --resume flag)","file":"/var/lib/caddy/.config/caddy/autosave.json"}
Nov 07 03:00:49 server caddy[663]: {"level":"info","ts":1730948449.3765292,"logger":"admin.api","msg":"load complete"}
Nov 07 03:00:49 server caddy[663]: {"level":"info","ts":1730948449.3773916,"logger":"admin","msg":"stopped previous server","address":"localhost:2019"}
Nov 07 03:00:49 server systemd[1]: Reloaded Caddy.
Nov 07 03:02:21 server systemd[1]: Reloading Caddy...
Nov 07 03:02:21 server caddy[2276]: {"level":"info","ts":1730948541.6313047,"msg":"using config from file","file":"/etc/caddy/Caddyfile"}
Nov 07 03:02:21 server caddy[2276]: {"level":"info","ts":1730948541.6327896,"msg":"adapted config to JSON","adapter":"caddyfile"}
Nov 07 03:02:21 server caddy[2276]: {"level":"warn","ts":1730948541.632815,"msg":"Caddyfile input is not formatted; run 'caddy fmt --overwrite' to fix inconsistencies","adapter":"caddyfile","file":"/etc/caddy/Caddyfile","line":12}
Nov 07 03:02:21 server caddy[663]: {"level":"info","ts":1730948541.6350768,"logger":"admin.api","msg":"received request","method":"POST","host":"localhost:2019","uri":"/load","remote_ip":"127.0.0.1","remote_port":"55498","headers":{"Accept-Encoding":["gzip"],"Cache-Control":["must-revalidate"],"Content-Length":["710"],"Content-Type":["application/json"],"Origin":["http://localhost:2019"],"User-Agent":["Go-http-client/1.1"]}}
Nov 07 03:02:21 server caddy[663]: {"level":"info","ts":1730948541.6397688,"logger":"admin","msg":"admin endpoint started","address":"localhost:2019","enforce_origin":false,"origins":["//localhost:2019","//[::1]:2019","//127.0.0.1:2019"]}
Nov 07 03:02:21 server caddy[663]: {"level":"warn","ts":1730948541.6405625,"logger":"http.auto_https","msg":"server is listening only on the HTTP port, so no automatic HTTPS will be applied to this server","server_name":"srv1","http_port":80}
Nov 07 03:02:21 server caddy[663]: {"level":"info","ts":1730948541.6405954,"logger":"http.auto_https","msg":"enabling automatic HTTP->HTTPS redirects","server_name":"srv0"}
Nov 07 03:02:21 server caddy[663]: {"level":"info","ts":1730948541.641702,"logger":"http","msg":"enabling HTTP/3 listener","addr":":443"}
Nov 07 03:02:21 server caddy[663]: {"level":"info","ts":1730948541.6420174,"logger":"http.log","msg":"server running","name":"srv0","protocols":["h1","h2","h3"]}
Nov 07 03:02:21 server caddy[663]: {"level":"info","ts":1730948541.6423862,"logger":"http.log","msg":"server running","name":"srv1","protocols":["h1","h2","h3"]}
Nov 07 03:02:21 server caddy[663]: {"level":"info","ts":1730948541.6426373,"logger":"http","msg":"servers shutting down with eternal grace period"}
Nov 07 03:02:21 server caddy[663]: {"level":"info","ts":1730948541.6431515,"msg":"autosaved config (load with --resume flag)","file":"/var/lib/caddy/.config/caddy/autosave.json"}
Nov 07 03:02:21 server caddy[663]: {"level":"info","ts":1730948541.6442747,"logger":"admin.api","msg":"load complete"}
Nov 07 03:02:21 server caddy[663]: {"level":"info","ts":1730948541.6483328,"logger":"admin","msg":"stopped previous server","address":"localhost:2019"}
Nov 07 03:02:21 server systemd[1]: Reloaded Caddy.
Nov 07 03:04:42 server systemd[1]: Reloading Caddy...
Nov 07 03:04:42 server caddy[2288]: {"level":"info","ts":1730948682.7220604,"msg":"using config from file","file":"/etc/caddy/Caddyfile"}
Nov 07 03:04:42 server caddy[2288]: {"level":"info","ts":1730948682.723369,"msg":"adapted config to JSON","adapter":"caddyfile"}
Nov 07 03:04:42 server caddy[2288]: {"level":"warn","ts":1730948682.7233844,"msg":"Caddyfile input is not formatted; run 'caddy fmt --overwrite' to fix inconsistencies","adapter":"caddyfile","file":"/etc/caddy/Caddyfile","line":12}
Nov 07 03:04:42 server caddy[663]: {"level":"info","ts":1730948682.7252007,"logger":"admin.api","msg":"received request","method":"POST","host":"localhost:2019","uri":"/load","remote_ip":"127.0.0.1","remote_port":"38676","headers":{"Accept-Encoding":["gzip"],"Cache-Control":["must-revalidate"],"Content-Length":["625"],"Content-Type":["application/json"],"Origin":["http://localhost:2019"],"User-Agent":["Go-http-client/1.1"]}}
Nov 07 03:04:42 server caddy[663]: {"level":"info","ts":1730948682.7280087,"logger":"admin","msg":"admin endpoint started","address":"localhost:2019","enforce_origin":false,"origins":["//localhost:2019","//[::1]:2019","//127.0.0.1:2019"]}
Nov 07 03:04:42 server caddy[663]: {"level":"info","ts":1730948682.7287147,"logger":"http.auto_https","msg":"enabling automatic HTTP->HTTPS redirects","server_name":"srv0"}
Nov 07 03:04:42 server caddy[663]: {"level":"warn","ts":1730948682.7293537,"logger":"http.auto_https","msg":"server is listening only on the HTTP port, so no automatic HTTPS will be applied to this server","server_name":"srv1","http_port":80}
Nov 07 03:04:42 server caddy[663]: {"level":"info","ts":1730948682.7303448,"logger":"http","msg":"enabling HTTP/3 listener","addr":":443"}
Nov 07 03:04:42 server caddy[663]: {"level":"info","ts":1730948682.730437,"logger":"http.log","msg":"server running","name":"srv0","protocols":["h1","h2","h3"]}
Nov 07 03:04:42 server caddy[663]: {"level":"info","ts":1730948682.731018,"logger":"http.log","msg":"server running","name":"srv1","protocols":["h1","h2","h3"]}
Nov 07 03:04:42 server caddy[663]: {"level":"info","ts":1730948682.7310803,"logger":"http","msg":"servers shutting down with eternal grace period"}
Nov 07 03:04:42 server caddy[663]: {"level":"info","ts":1730948682.731737,"msg":"autosaved config (load with --resume flag)","file":"/var/lib/caddy/.config/caddy/autosave.json"}
Nov 07 03:04:42 server caddy[663]: {"level":"info","ts":1730948682.7318604,"logger":"admin.api","msg":"load complete"}
Nov 07 03:04:42 server caddy[663]: {"level":"info","ts":1730948682.7368784,"logger":"admin","msg":"stopped previous server","address":"localhost:2019"}
Nov 07 03:04:42 server systemd[1]: Reloaded Caddy.
Nov 07 03:14:44 server systemd[1]: Reloading Caddy...
Nov 07 03:14:44 server caddy[2322]: {"level":"info","ts":1730949284.4176202,"msg":"using config from file","file":"/etc/caddy/Caddyfile"}
Nov 07 03:14:44 server caddy[2322]: {"level":"info","ts":1730949284.4201186,"msg":"adapted config to JSON","adapter":"caddyfile"}
Nov 07 03:14:44 server caddy[2322]: {"level":"warn","ts":1730949284.4204113,"msg":"Caddyfile input is not formatted; run 'caddy fmt --overwrite' to fix inconsistencies","adapter":"caddyfile","file":"/etc/caddy/Caddyfile","line":12}
Nov 07 03:14:44 server caddy[663]: {"level":"info","ts":1730949284.4301553,"logger":"admin.api","msg":"received request","method":"POST","host":"localhost:2019","uri":"/load","remote_ip":"127.0.0.1","remote_port":"47766","headers":{"Accept-Encoding":["gzip"],"Cache-Control":["must-revalidate"],"Content-Length":["631"],"Content-Type":["application/json"],"Origin":["http://localhost:2019"],"User-Agent":["Go-http-client/1.1"]}}
Nov 07 03:14:44 server caddy[663]: {"level":"info","ts":1730949284.4378026,"logger":"admin","msg":"admin endpoint started","address":"localhost:2019","enforce_origin":false,"origins":["//localhost:2019","//[::1]:2019","//127.0.0.1:2019"]}
Nov 07 03:14:44 server caddy[663]: {"level":"info","ts":1730949284.4382353,"logger":"http.auto_https","msg":"enabling automatic HTTP->HTTPS redirects","server_name":"srv0"}
Nov 07 03:14:44 server caddy[663]: {"level":"warn","ts":1730949284.4386423,"logger":"http.auto_https","msg":"server is listening only on the HTTP port, so no automatic HTTPS will be applied to this server","server_name":"srv1","http_port":80}
Nov 07 03:14:44 server caddy[663]: {"level":"info","ts":1730949284.4392657,"logger":"http","msg":"enabling HTTP/3 listener","addr":":443"}
Nov 07 03:14:44 server caddy[663]: {"level":"info","ts":1730949284.4393404,"logger":"http.log","msg":"server running","name":"srv0","protocols":["h1","h2","h3"]}
Nov 07 03:14:44 server caddy[663]: {"level":"info","ts":1730949284.439426,"logger":"http.log","msg":"server running","name":"srv1","protocols":["h1","h2","h3"]}
Nov 07 03:14:44 server caddy[663]: {"level":"info","ts":1730949284.4394534,"logger":"http","msg":"servers shutting down with eternal grace period"}
Nov 07 03:14:44 server caddy[663]: {"level":"info","ts":1730949284.4402454,"msg":"autosaved config (load with --resume flag)","file":"/var/lib/caddy/.config/caddy/autosave.json"}
Nov 07 03:14:44 server caddy[663]: {"level":"info","ts":1730949284.4414856,"logger":"admin.api","msg":"load complete"}
Nov 07 03:14:44 server caddy[663]: {"level":"info","ts":1730949284.442691,"logger":"admin","msg":"stopped previous server","address":"localhost:2019"}
Nov 07 03:14:44 server systemd[1]: Reloaded Caddy.
Nov 07 03:15:11 server caddy[663]: {"level":"info","ts":1730949311.1548917,"msg":"shutting down apps, then terminating","signal":"SIGTERM"}
Nov 07 03:15:11 server caddy[663]: {"level":"warn","ts":1730949311.1551805,"msg":"exiting; byeee!! 👋","signal":"SIGTERM"}
Nov 07 03:15:11 server caddy[663]: {"level":"info","ts":1730949311.1552176,"logger":"http","msg":"servers shutting down with eternal grace period"}
Nov 07 03:15:11 server caddy[663]: {"level":"info","ts":1730949311.155752,"logger":"admin","msg":"stopped previous server","address":"localhost:2019"}
Nov 07 03:15:11 server caddy[663]: {"level":"info","ts":1730949311.1557791,"msg":"shutdown complete","signal":"SIGTERM","exit_code":0}
Nov 07 03:15:11 server systemd[1]: Stopping Caddy...
Nov 07 03:15:11 server systemd[1]: caddy.service: Deactivated successfully.
Nov 07 03:15:11 server systemd[1]: Stopped Caddy.
Nov 07 03:15:11 server systemd[1]: caddy.service: Consumed 9.411s CPU time.
Nov 07 03:15:11 server systemd[1]: Starting Caddy...
Nov 07 03:15:11 server caddy[2332]: caddy.HomeDir=/var/lib/caddy
Nov 07 03:15:11 server caddy[2332]: caddy.AppDataDir=/var/lib/caddy/.local/share/caddy
Nov 07 03:15:11 server caddy[2332]: caddy.AppConfigDir=/var/lib/caddy/.config/caddy
Nov 07 03:15:11 server caddy[2332]: caddy.ConfigAutosavePath=/var/lib/caddy/.config/caddy/autosave.json
Nov 07 03:15:11 server caddy[2332]: caddy.Version=v2.8.4 h1:q3pe0wpBj1OcHFZ3n/1nl4V4bxBrYoSoab7rL9BMYNk=
Nov 07 03:15:11 server caddy[2332]: runtime.GOOS=linux
Nov 07 03:15:11 server caddy[2332]: runtime.GOARCH=amd64
Nov 07 03:15:11 server caddy[2332]: runtime.Compiler=gc
Nov 07 03:15:11 server caddy[2332]: runtime.NumCPU=2
Nov 07 03:15:11 server caddy[2332]: runtime.GOMAXPROCS=2
Nov 07 03:15:11 server caddy[2332]: runtime.Version=go1.22.3
Nov 07 03:15:11 server caddy[2332]: os.Getwd=/
Nov 07 03:15:11 server caddy[2332]: LANG=en_US.UTF-8
Nov 07 03:15:11 server caddy[2332]: PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin
Nov 07 03:15:11 server caddy[2332]: NOTIFY_SOCKET=/run/systemd/notify
Nov 07 03:15:11 server caddy[2332]: HOME=/var/lib/caddy
Nov 07 03:15:11 server caddy[2332]: LOGNAME=caddy
Nov 07 03:15:11 server caddy[2332]: USER=caddy
Nov 07 03:15:11 server caddy[2332]: INVOCATION_ID=5a452d7d013d4743bfe3ce5d7479a3ce
Nov 07 03:15:11 server caddy[2332]: JOURNAL_STREAM=8:28153
Nov 07 03:15:11 server caddy[2332]: SYSTEMD_EXEC_PID=2332
Nov 07 03:15:11 server caddy[2332]: {"level":"info","ts":1730949311.279801,"msg":"using config from file","file":"/etc/caddy/Caddyfile"}
Nov 07 03:15:11 server caddy[2332]: {"level":"info","ts":1730949311.284759,"msg":"adapted config to JSON","adapter":"caddyfile"}
Nov 07 03:15:11 server caddy[2332]: {"level":"warn","ts":1730949311.2848666,"msg":"Caddyfile input is not formatted; run 'caddy fmt --overwrite' to fix inconsistencies","adapter":"caddyfile","file":"/etc/caddy/Caddyfile","line":12}
Nov 07 03:15:11 server caddy[2332]: {"level":"info","ts":1730949311.2881112,"logger":"admin","msg":"admin endpoint started","address":"localhost:2019","enforce_origin":false,"origins":["//localhost:2019","//[::1]:2019","//127.0.0.1:2019"]}
Nov 07 03:15:11 server caddy[2332]: {"level":"info","ts":1730949311.2891095,"logger":"tls.cache.maintenance","msg":"started background certificate maintenance","cache":"0xc00064b880"}
Nov 07 03:15:11 server caddy[2332]: {"level":"info","ts":1730949311.2893722,"logger":"http.auto_https","msg":"enabling automatic HTTP->HTTPS redirects","server_name":"srv0"}
Nov 07 03:15:11 server caddy[2332]: {"level":"warn","ts":1730949311.2895622,"logger":"http.auto_https","msg":"server is listening only on the HTTP port, so no automatic HTTPS will be applied to this server","server_name":"srv1","http_port":80}
Nov 07 03:15:11 server caddy[2332]: {"level":"info","ts":1730949311.290864,"logger":"http","msg":"enabling HTTP/3 listener","addr":":443"}
Nov 07 03:15:11 server caddy[2332]: {"level":"info","ts":1730949311.291565,"logger":"http.log","msg":"server running","name":"srv0","protocols":["h1","h2","h3"]}
Nov 07 03:15:11 server caddy[2332]: {"level":"info","ts":1730949311.2920702,"logger":"http.log","msg":"server running","name":"srv1","protocols":["h1","h2","h3"]}
Nov 07 03:15:11 server caddy[2332]: {"level":"info","ts":1730949311.2924385,"msg":"autosaved config (load with --resume flag)","file":"/var/lib/caddy/.config/caddy/autosave.json"}
Nov 07 03:15:11 server caddy[2332]: {"level":"info","ts":1730949311.2925708,"msg":"serving initial configuration"}
Nov 07 03:15:11 server systemd[1]: Started Caddy.
Nov 07 03:15:11 server caddy[2332]: {"level":"info","ts":1730949311.29916,"logger":"tls","msg":"storage cleaning happened too recently; skipping for now","storage":"FileStorage:/var/lib/caddy/.local/share/caddy","instance":"2cb213fe-f469-4ff6-a9c7-c75fff7fae93","try_again":1731035711.299111,"try_again_in":86399.999998217}
Nov 07 03:15:11 server caddy[2332]: {"level":"info","ts":1730949311.3003056,"logger":"tls","msg":"finished cleaning storage units"}
Nov 07 03:15:18 server systemd[1]: Reloading Caddy...
Nov 07 03:15:18 server caddy[2342]: {"level":"info","ts":1730949318.5259867,"msg":"using config from file","file":"/etc/caddy/Caddyfile"}
Nov 07 03:15:18 server caddy[2342]: {"level":"info","ts":1730949318.5281842,"msg":"adapted config to JSON","adapter":"caddyfile"}
Nov 07 03:15:18 server caddy[2342]: {"level":"warn","ts":1730949318.5282238,"msg":"Caddyfile input is not formatted; run 'caddy fmt --overwrite' to fix inconsistencies","adapter":"caddyfile","file":"/etc/caddy/Caddyfile","line":12}
Nov 07 03:15:18 server caddy[2332]: {"level":"info","ts":1730949318.5310962,"logger":"admin.api","msg":"received request","method":"POST","host":"localhost:2019","uri":"/load","remote_ip":"127.0.0.1","remote_port":"58488","headers":{"Accept-Encoding":["gzip"],"Cache-Control":["must-revalidate"],"Content-Length":["631"],"Content-Type":["application/json"],"Origin":["http://localhost:2019"],"User-Agent":["Go-http-client/1.1"]}}
Nov 07 03:15:18 server caddy[2332]: {"level":"info","ts":1730949318.536857,"logger":"admin","msg":"admin endpoint started","address":"localhost:2019","enforce_origin":false,"origins":["//localhost:2019","//[::1]:2019","//127.0.0.1:2019"]}
Nov 07 03:15:18 server caddy[2332]: {"level":"info","ts":1730949318.5374398,"logger":"http.auto_https","msg":"enabling automatic HTTP->HTTPS redirects","server_name":"srv0"}
Nov 07 03:15:18 server caddy[2332]: {"level":"warn","ts":1730949318.5376673,"logger":"http.auto_https","msg":"server is listening only on the HTTP port, so no automatic HTTPS will be applied to this server","server_name":"srv1","http_port":80}
Nov 07 03:15:18 server caddy[2332]: {"level":"info","ts":1730949318.5384958,"logger":"http","msg":"enabling HTTP/3 listener","addr":":443"}
Nov 07 03:15:18 server caddy[2332]: {"level":"info","ts":1730949318.538578,"logger":"http.log","msg":"server running","name":"srv0","protocols":["h1","h2","h3"]}
Nov 07 03:15:18 server caddy[2332]: {"level":"info","ts":1730949318.5387578,"logger":"http.log","msg":"server running","name":"srv1","protocols":["h1","h2","h3"]}
Nov 07 03:15:18 server caddy[2332]: {"level":"info","ts":1730949318.538794,"logger":"http","msg":"servers shutting down with eternal grace period"}
Nov 07 03:15:18 server caddy[2332]: {"level":"info","ts":1730949318.5412998,"msg":"autosaved config (load with --resume flag)","file":"/var/lib/caddy/.config/caddy/autosave.json"}
Nov 07 03:15:18 server caddy[2332]: {"level":"info","ts":1730949318.5449173,"logger":"admin.api","msg":"load complete"}
Nov 07 03:15:18 server caddy[2332]: {"level":"info","ts":1730949318.5470521,"logger":"admin","msg":"stopped previous server","address":"localhost:2019"}
Nov 07 03:15:18 server systemd[1]: Reloaded Caddy.
Nov 07 03:19:20 server caddy[2332]: {"level":"info","ts":1730949560.3452816,"msg":"shutting down apps, then terminating","signal":"SIGTERM"}
Nov 07 03:19:20 server caddy[2332]: {"level":"warn","ts":1730949560.3454924,"msg":"exiting; byeee!! 👋","signal":"SIGTERM"}
Nov 07 03:19:20 server caddy[2332]: {"level":"info","ts":1730949560.3455434,"logger":"http","msg":"servers shutting down with eternal grace period"}
Nov 07 03:19:20 server caddy[2332]: {"level":"info","ts":1730949560.3461125,"logger":"admin","msg":"stopped previous server","address":"localhost:2019"}
Nov 07 03:19:20 server caddy[2332]: {"level":"info","ts":1730949560.3461406,"msg":"shutdown complete","signal":"SIGTERM","exit_code":0}
Nov 07 03:19:20 server systemd[1]: Stopping Caddy...
Nov 07 03:19:20 server systemd[1]: caddy.service: Deactivated successfully.
Nov 07 03:19:20 server systemd[1]: Stopped Caddy.
-- Boot 85f8e016d3e5496ba4ae807663cdda70 --
Nov 07 03:19:36 server systemd[1]: Starting Caddy...
Nov 07 03:19:36 server caddy[663]: caddy.HomeDir=/var/lib/caddy
Nov 07 03:19:36 server caddy[663]: caddy.AppDataDir=/var/lib/caddy/.local/share/caddy
Nov 07 03:19:36 server caddy[663]: caddy.AppConfigDir=/var/lib/caddy/.config/caddy
Nov 07 03:19:36 server caddy[663]: caddy.ConfigAutosavePath=/var/lib/caddy/.config/caddy/autosave.json
Nov 07 03:19:36 server caddy[663]: caddy.Version=v2.8.4 h1:q3pe0wpBj1OcHFZ3n/1nl4V4bxBrYoSoab7rL9BMYNk=
Nov 07 03:19:36 server caddy[663]: runtime.GOOS=linux
Nov 07 03:19:36 server caddy[663]: runtime.GOARCH=amd64
Nov 07 03:19:36 server caddy[663]: runtime.Compiler=gc
Nov 07 03:19:36 server caddy[663]: runtime.NumCPU=2
Nov 07 03:19:36 server caddy[663]: runtime.GOMAXPROCS=2
Nov 07 03:19:36 server caddy[663]: runtime.Version=go1.22.3
Nov 07 03:19:36 server caddy[663]: os.Getwd=/
Nov 07 03:19:36 server caddy[663]: LANG=en_US.UTF-8
Nov 07 03:19:36 server caddy[663]: PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin
Nov 07 03:19:36 server caddy[663]: NOTIFY_SOCKET=/run/systemd/notify
Nov 07 03:19:36 server caddy[663]: HOME=/var/lib/caddy
Nov 07 03:19:36 server caddy[663]: LOGNAME=caddy
Nov 07 03:19:36 server caddy[663]: USER=caddy
Nov 07 03:19:36 server caddy[663]: INVOCATION_ID=21ffb2ddcca84a0997b90643b9f071f5
Nov 07 03:19:36 server caddy[663]: JOURNAL_STREAM=8:17692
Nov 07 03:19:36 server caddy[663]: SYSTEMD_EXEC_PID=663
Nov 07 03:19:36 server caddy[663]: {"level":"info","ts":1730949576.8936687,"msg":"using config from file","file":"/etc/caddy/Caddyfile"}
Nov 07 03:19:36 server caddy[663]: {"level":"info","ts":1730949576.8979664,"msg":"adapted config to JSON","adapter":"caddyfile"}
Nov 07 03:19:36 server caddy[663]: {"level":"warn","ts":1730949576.8984504,"msg":"Caddyfile input is not formatted; run 'caddy fmt --overwrite' to fix inconsistencies","adapter":"caddyfile","file":"/etc/caddy/Caddyfile","line":12}
Nov 07 03:19:36 server caddy[663]: {"level":"info","ts":1730949576.9033928,"logger":"admin","msg":"admin endpoint started","address":"localhost:2019","enforce_origin":false,"origins":["//localhost:2019","//[::1]:2019","//127.0.0.1:2019"]}
Nov 07 03:19:36 server caddy[663]: {"level":"info","ts":1730949576.9063263,"logger":"tls.cache.maintenance","msg":"started background certificate maintenance","cache":"0xc00052ec00"}
Nov 07 03:19:36 server caddy[663]: {"level":"info","ts":1730949576.9071572,"logger":"http.auto_https","msg":"enabling automatic HTTP->HTTPS redirects","server_name":"srv0"}
Nov 07 03:19:36 server caddy[663]: {"level":"warn","ts":1730949576.9077265,"logger":"http.auto_https","msg":"server is listening only on the HTTP port, so no automatic HTTPS will be applied to this server","server_name":"srv1","http_port":80}
Nov 07 03:19:36 server caddy[663]: {"level":"info","ts":1730949576.9107707,"logger":"http","msg":"enabling HTTP/3 listener","addr":":443"}
Nov 07 03:19:36 server caddy[663]: {"level":"info","ts":1730949576.9141965,"logger":"http.log","msg":"server running","name":"srv0","protocols":["h1","h2","h3"]}
Nov 07 03:19:36 server caddy[663]: {"level":"info","ts":1730949576.9148085,"logger":"http.log","msg":"server running","name":"srv1","protocols":["h1","h2","h3"]}
Nov 07 03:19:36 server caddy[663]: {"level":"info","ts":1730949576.9159915,"msg":"autosaved config (load with --resume flag)","file":"/var/lib/caddy/.config/caddy/autosave.json"}
Nov 07 03:19:36 server caddy[663]: {"level":"info","ts":1730949576.916432,"msg":"serving initial configuration"}
Nov 07 03:19:36 server systemd[1]: Started Caddy.
Nov 07 03:19:36 server caddy[663]: {"level":"info","ts":1730949576.919368,"logger":"tls","msg":"storage cleaning happened too recently; skipping for now","storage":"FileStorage:/var/lib/caddy/.local/share/caddy","instance":"2cb213fe-f469-4ff6-a9c7-c75fff7fae93","try_again":1731035976.919332,"try_again_in":86399.999999064}
Nov 07 03:19:36 server caddy[663]: {"level":"info","ts":1730949576.9195054,"logger":"tls","msg":"finished cleaning storage units"}
Nov 07 03:26:15 server systemd[1]: Reloading Caddy...
Nov 07 03:26:15 server caddy[939]: {"level":"info","ts":1730949975.5076644,"msg":"using config from file","file":"/etc/caddy/Caddyfile"}
Nov 07 03:26:15 server caddy[939]: {"level":"info","ts":1730949975.511775,"msg":"adapted config to JSON","adapter":"caddyfile"}
Nov 07 03:26:15 server caddy[939]: {"level":"warn","ts":1730949975.5118382,"msg":"Caddyfile input is not formatted; run 'caddy fmt --overwrite' to fix inconsistencies","adapter":"caddyfile","file":"/etc/caddy/Caddyfile","line":12}
Nov 07 03:26:15 server caddy[663]: {"level":"info","ts":1730949975.5163722,"logger":"admin.api","msg":"received request","method":"POST","host":"localhost:2019","uri":"/load","remote_ip":"127.0.0.1","remote_port":"37800","headers":{"Accept-Encoding":["gzip"],"Cache-Control":["must-revalidate"],"Content-Length":["797"],"Content-Type":["application/json"],"Origin":["http://localhost:2019"],"User-Agent":["Go-http-client/1.1"]}}
Nov 07 03:26:15 server caddy[663]: {"level":"info","ts":1730949975.5181508,"logger":"admin","msg":"admin endpoint started","address":"localhost:2019","enforce_origin":false,"origins":["//localhost:2019","//[::1]:2019","//127.0.0.1:2019"]}
Nov 07 03:26:15 server caddy[663]: {"level":"info","ts":1730949975.518549,"logger":"http.auto_https","msg":"enabling automatic HTTP->HTTPS redirects","server_name":"srv0"}
Nov 07 03:26:15 server caddy[663]: {"level":"warn","ts":1730949975.5187473,"logger":"http.auto_https","msg":"server is listening only on the HTTP port, so no automatic HTTPS will be applied to this server","server_name":"srv1","http_port":80}
Nov 07 03:26:15 server caddy[663]: {"level":"info","ts":1730949975.5220957,"logger":"http","msg":"enabling HTTP/3 listener","addr":":443"}
Nov 07 03:26:15 server caddy[663]: {"level":"info","ts":1730949975.5221593,"logger":"http.log","msg":"server running","name":"srv0","protocols":["h1","h2","h3"]}
Nov 07 03:26:15 server caddy[663]: {"level":"info","ts":1730949975.522247,"logger":"http.log","msg":"server running","name":"srv1","protocols":["h1","h2","h3"]}
Nov 07 03:26:15 server caddy[663]: {"level":"info","ts":1730949975.5222924,"logger":"http","msg":"servers shutting down with eternal grace period"}
Nov 07 03:26:15 server caddy[663]: {"level":"info","ts":1730949975.5236068,"msg":"autosaved config (load with --resume flag)","file":"/var/lib/caddy/.config/caddy/autosave.json"}
Nov 07 03:26:15 server caddy[663]: {"level":"info","ts":1730949975.524537,"logger":"admin.api","msg":"load complete"}
Nov 07 03:26:15 server systemd[1]: Reloaded Caddy.
Nov 07 03:26:15 server caddy[663]: {"level":"info","ts":1730949975.535272,"logger":"admin","msg":"stopped previous server","address":"localhost:2019"}
Nov 07 03:30:42 server systemd[1]: Reloading Caddy...
Nov 07 03:30:42 server caddy[956]: {"level":"info","ts":1730950242.9168973,"msg":"using config from file","file":"/etc/caddy/Caddyfile"}
Nov 07 03:30:42 server caddy[956]: {"level":"info","ts":1730950242.9190035,"msg":"adapted config to JSON","adapter":"caddyfile"}
Nov 07 03:30:42 server caddy[956]: {"level":"warn","ts":1730950242.919038,"msg":"Caddyfile input is not formatted; run 'caddy fmt --overwrite' to fix inconsistencies","adapter":"caddyfile","file":"/etc/caddy/Caddyfile","line":12}
Nov 07 03:30:42 server caddy[663]: {"level":"info","ts":1730950242.9288082,"logger":"admin.api","msg":"received request","method":"POST","host":"localhost:2019","uri":"/load","remote_ip":"127.0.0.1","remote_port":"52180","headers":{"Accept-Encoding":["gzip"],"Cache-Control":["must-revalidate"],"Content-Length":["522"],"Content-Type":["application/json"],"Origin":["http://localhost:2019"],"User-Agent":["Go-http-client/1.1"]}}
Nov 07 03:30:42 server caddy[663]: {"level":"info","ts":1730950242.9312067,"logger":"admin","msg":"admin endpoint started","address":"localhost:2019","enforce_origin":false,"origins":["//localhost:2019","//[::1]:2019","//127.0.0.1:2019"]}
Nov 07 03:30:42 server caddy[663]: {"level":"info","ts":1730950242.9354925,"logger":"http.auto_https","msg":"enabling automatic HTTP->HTTPS redirects","server_name":"srv0"}
Nov 07 03:30:42 server caddy[663]: {"level":"warn","ts":1730950242.9355106,"logger":"http.auto_https","msg":"server is listening only on the HTTP port, so no automatic HTTPS will be applied to this server","server_name":"srv1","http_port":80}
Nov 07 03:30:42 server caddy[663]: {"level":"info","ts":1730950242.9359303,"logger":"http","msg":"enabling HTTP/3 listener","addr":":443"}
Nov 07 03:30:42 server caddy[663]: {"level":"info","ts":1730950242.935975,"logger":"http.log","msg":"server running","name":"srv0","protocols":["h1","h2","h3"]}
Nov 07 03:30:42 server caddy[663]: {"level":"info","ts":1730950242.936024,"logger":"http.log","msg":"server running","name":"srv1","protocols":["h1","h2","h3"]}
Nov 07 03:30:42 server caddy[663]: {"level":"info","ts":1730950242.9360602,"logger":"http","msg":"servers shutting down with eternal grace period"}
Nov 07 03:30:42 server caddy[663]: {"level":"info","ts":1730950242.9376254,"msg":"autosaved config (load with --resume flag)","file":"/var/lib/caddy/.config/caddy/autosave.json"}
Nov 07 03:30:42 server caddy[663]: {"level":"info","ts":1730950242.937714,"logger":"admin.api","msg":"load complete"}
Nov 07 03:30:42 server systemd[1]: Reloaded Caddy.
Nov 07 03:30:42 server caddy[663]: {"level":"info","ts":1730950242.9472952,"logger":"admin","msg":"stopped previous server","address":"localhost:2019"}
Nov 07 03:33:59 server systemd[1]: Reloading Caddy...
Nov 07 03:33:59 server caddy[970]: {"level":"info","ts":1730950439.1301243,"msg":"using config from file","file":"/etc/caddy/Caddyfile"}
Nov 07 03:33:59 server caddy[970]: {"level":"info","ts":1730950439.137727,"msg":"adapted config to JSON","adapter":"caddyfile"}
Nov 07 03:33:59 server caddy[970]: {"level":"warn","ts":1730950439.1378148,"msg":"Caddyfile input is not formatted; run 'caddy fmt --overwrite' to fix inconsistencies","adapter":"caddyfile","file":"/etc/caddy/Caddyfile","line":12}
Nov 07 03:33:59 server caddy[663]: {"level":"info","ts":1730950439.1427705,"logger":"admin.api","msg":"received request","method":"POST","host":"localhost:2019","uri":"/load","remote_ip":"127.0.0.1","remote_port":"36394","headers":{"Accept-Encoding":["gzip"],"Cache-Control":["must-revalidate"],"Content-Length":["1138"],"Content-Type":["application/json"],"Origin":["http://localhost:2019"],"User-Agent":["Go-http-client/1.1"]}}
Nov 07 03:33:59 server caddy[663]: {"level":"info","ts":1730950439.1453512,"logger":"admin","msg":"admin endpoint started","address":"localhost:2019","enforce_origin":false,"origins":["//localhost:2019","//[::1]:2019","//127.0.0.1:2019"]}
Nov 07 03:33:59 server caddy[663]: {"level":"info","ts":1730950439.1463192,"logger":"http.auto_https","msg":"enabling automatic HTTP->HTTPS redirects","server_name":"srv0"}
Nov 07 03:33:59 server caddy[663]: {"level":"warn","ts":1730950439.146696,"logger":"http.auto_https","msg":"server is listening only on the HTTP port, so no automatic HTTPS will be applied to this server","server_name":"srv1","http_port":80}
Nov 07 03:33:59 server caddy[663]: {"level":"info","ts":1730950439.1475542,"logger":"http","msg":"enabling HTTP/3 listener","addr":":443"}
Nov 07 03:33:59 server caddy[663]: {"level":"info","ts":1730950439.1478407,"logger":"http.log","msg":"server running","name":"srv0","protocols":["h1","h2","h3"]}
Nov 07 03:33:59 server caddy[663]: {"level":"info","ts":1730950439.1482484,"logger":"http.log","msg":"server running","name":"srv1","protocols":["h1","h2","h3"]}
Nov 07 03:33:59 server caddy[663]: {"level":"info","ts":1730950439.1485343,"logger":"http","msg":"enabling automatic TLS certificate management","domains":["expired.nameservers.ma"]}
Nov 07 03:33:59 server caddy[663]: {"level":"info","ts":1730950439.1527557,"logger":"http","msg":"servers shutting down with eternal grace period"}
Nov 07 03:33:59 server caddy[663]: {"level":"info","ts":1730950439.153719,"msg":"autosaved config (load with --resume flag)","file":"/var/lib/caddy/.config/caddy/autosave.json"}
Nov 07 03:33:59 server caddy[663]: {"level":"info","ts":1730950439.1546454,"logger":"admin.api","msg":"load complete"}
Nov 07 03:33:59 server systemd[1]: Reloaded Caddy.
Nov 07 03:33:59 server caddy[663]: {"level":"info","ts":1730950439.1643522,"logger":"admin","msg":"stopped previous server","address":"localhost:2019"}
Nov 07 03:37:42 server systemd[1]: Reloading Caddy...
Nov 07 03:37:42 server caddy[989]: {"level":"info","ts":1730950662.410815,"msg":"using config from file","file":"/etc/caddy/Caddyfile"}
Nov 07 03:37:42 server caddy[989]: {"level":"info","ts":1730950662.4156086,"msg":"adapted config to JSON","adapter":"caddyfile"}
Nov 07 03:37:42 server caddy[989]: {"level":"warn","ts":1730950662.4156735,"msg":"Caddyfile input is not formatted; run 'caddy fmt --overwrite' to fix inconsistencies","adapter":"caddyfile","file":"/etc/caddy/Caddyfile","line":12}
Nov 07 03:37:42 server caddy[663]: {"level":"info","ts":1730950662.4205244,"logger":"admin.api","msg":"received request","method":"POST","host":"localhost:2019","uri":"/load","remote_ip":"127.0.0.1","remote_port":"34808","headers":{"Accept-Encoding":["gzip"],"Cache-Control":["must-revalidate"],"Content-Length":["959"],"Content-Type":["application/json"],"Origin":["http://localhost:2019"],"User-Agent":["Go-http-client/1.1"]}}
Nov 07 03:37:42 server caddy[663]: {"level":"info","ts":1730950662.4228091,"logger":"admin","msg":"admin endpoint started","address":"localhost:2019","enforce_origin":false,"origins":["//localhost:2019","//[::1]:2019","//127.0.0.1:2019"]}
Nov 07 03:37:42 server caddy[663]: {"level":"info","ts":1730950662.4237275,"logger":"http.auto_https","msg":"enabling automatic HTTP->HTTPS redirects","server_name":"srv0"}
Nov 07 03:37:42 server caddy[663]: {"level":"warn","ts":1730950662.4237697,"logger":"http.auto_https","msg":"server is listening only on the HTTP port, so no automatic HTTPS will be applied to this server","server_name":"srv1","http_port":80}
Nov 07 03:37:42 server caddy[663]: {"level":"info","ts":1730950662.4244516,"logger":"http","msg":"enabling HTTP/3 listener","addr":":443"}
Nov 07 03:37:42 server caddy[663]: {"level":"info","ts":1730950662.4245093,"logger":"http.log","msg":"server running","name":"srv0","protocols":["h1","h2","h3"]}
Nov 07 03:37:42 server caddy[663]: {"level":"info","ts":1730950662.424579,"logger":"http.log","msg":"server running","name":"srv1","protocols":["h1","h2","h3"]}
Nov 07 03:37:42 server caddy[663]: {"level":"info","ts":1730950662.4245875,"logger":"http","msg":"enabling automatic TLS certificate management","domains":["expired.nameservers.ma"]}
Nov 07 03:37:42 server caddy[663]: {"level":"info","ts":1730950662.424651,"logger":"http","msg":"servers shutting down with eternal grace period"}
Nov 07 03:37:42 server caddy[663]: {"level":"info","ts":1730950662.4253235,"msg":"autosaved config (load with --resume flag)","file":"/var/lib/caddy/.config/caddy/autosave.json"}
Nov 07 03:37:42 server caddy[663]: {"level":"info","ts":1730950662.4253967,"logger":"admin.api","msg":"load complete"}
Nov 07 03:37:42 server caddy[663]: {"level":"info","ts":1730950662.4348278,"logger":"admin","msg":"stopped previous server","address":"localhost:2019"}
Nov 07 03:37:42 server systemd[1]: Reloaded Caddy.
Nov 07 03:38:04 server caddy[663]: {"level":"info","ts":1730950684.5953896,"msg":"shutting down apps, then terminating","signal":"SIGTERM"}
Nov 07 03:38:04 server caddy[663]: {"level":"warn","ts":1730950684.5957146,"msg":"exiting; byeee!! 👋","signal":"SIGTERM"}
Nov 07 03:38:04 server caddy[663]: {"level":"info","ts":1730950684.595816,"logger":"http","msg":"servers shutting down with eternal grace period"}
Nov 07 03:38:04 server caddy[663]: {"level":"info","ts":1730950684.5964818,"logger":"admin","msg":"stopped previous server","address":"localhost:2019"}
Nov 07 03:38:04 server caddy[663]: {"level":"info","ts":1730950684.5965078,"msg":"shutdown complete","signal":"SIGTERM","exit_code":0}
Nov 07 03:38:04 server systemd[1]: Stopping Caddy...
Nov 07 03:38:04 server systemd[1]: caddy.service: Deactivated successfully.
Nov 07 03:38:04 server systemd[1]: Stopped Caddy.
Nov 07 03:38:04 server systemd[1]: caddy.service: Consumed 1.251s CPU time.
Nov 07 03:38:42 server systemd[1]: Starting Caddy...
Nov 07 03:38:42 server caddy[1005]: caddy.HomeDir=/var/lib/caddy
Nov 07 03:38:42 server caddy[1005]: caddy.AppDataDir=/var/lib/caddy/.local/share/caddy
Nov 07 03:38:42 server caddy[1005]: caddy.AppConfigDir=/var/lib/caddy/.config/caddy
Nov 07 03:38:42 server caddy[1005]: caddy.ConfigAutosavePath=/var/lib/caddy/.config/caddy/autosave.json
Nov 07 03:38:42 server caddy[1005]: caddy.Version=v2.8.4 h1:q3pe0wpBj1OcHFZ3n/1nl4V4bxBrYoSoab7rL9BMYNk=
Nov 07 03:38:42 server caddy[1005]: runtime.GOOS=linux
Nov 07 03:38:42 server caddy[1005]: runtime.GOARCH=amd64
Nov 07 03:38:42 server caddy[1005]: runtime.Compiler=gc
Nov 07 03:38:42 server caddy[1005]: runtime.NumCPU=2
Nov 07 03:38:42 server caddy[1005]: runtime.GOMAXPROCS=2
Nov 07 03:38:42 server caddy[1005]: runtime.Version=go1.22.3
Nov 07 03:38:42 server caddy[1005]: os.Getwd=/
Nov 07 03:38:42 server caddy[1005]: LANG=en_US.UTF-8
Nov 07 03:38:42 server caddy[1005]: PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin
Nov 07 03:38:42 server caddy[1005]: NOTIFY_SOCKET=/run/systemd/notify
Nov 07 03:38:42 server caddy[1005]: HOME=/var/lib/caddy
Nov 07 03:38:42 server caddy[1005]: LOGNAME=caddy
Nov 07 03:38:42 server caddy[1005]: USER=caddy
Nov 07 03:38:42 server caddy[1005]: INVOCATION_ID=ff1fad31c5ad4fd7bce52133b751aa7e
Nov 07 03:38:42 server caddy[1005]: JOURNAL_STREAM=8:19309
Nov 07 03:38:42 server caddy[1005]: SYSTEMD_EXEC_PID=1005
Nov 07 03:38:42 server caddy[1005]: {"level":"info","ts":1730950722.4667313,"msg":"using config from file","file":"/etc/caddy/Caddyfile"}
Nov 07 03:38:42 server caddy[1005]: {"level":"info","ts":1730950722.4686897,"msg":"adapted config to JSON","adapter":"caddyfile"}
Nov 07 03:38:42 server caddy[1005]: {"level":"warn","ts":1730950722.4689112,"msg":"Caddyfile input is not formatted; run 'caddy fmt --overwrite' to fix inconsistencies","adapter":"caddyfile","file":"/etc/caddy/Caddyfile","line":12}
Nov 07 03:38:42 server caddy[1005]: {"level":"info","ts":1730950722.4711711,"logger":"admin","msg":"admin endpoint started","address":"localhost:2019","enforce_origin":false,"origins":["//localhost:2019","//[::1]:2019","//127.0.0.1:2019"]}
Nov 07 03:38:42 server caddy[1005]: {"level":"info","ts":1730950722.4718199,"logger":"http.auto_https","msg":"enabling automatic HTTP->HTTPS redirects","server_name":"srv0"}
Nov 07 03:38:42 server caddy[1005]: {"level":"warn","ts":1730950722.4721107,"logger":"http.auto_https","msg":"server is listening only on the HTTP port, so no automatic HTTPS will be applied to this server","server_name":"srv1","http_port":80}
Nov 07 03:38:42 server caddy[1005]: {"level":"info","ts":1730950722.471916,"logger":"tls.cache.maintenance","msg":"started background certificate maintenance","cache":"0xc00029dd80"}
Nov 07 03:38:42 server caddy[1005]: {"level":"info","ts":1730950722.4728277,"logger":"http","msg":"enabling HTTP/3 listener","addr":":443"}
Nov 07 03:38:42 server caddy[1005]: {"level":"info","ts":1730950722.4733152,"logger":"http.log","msg":"server running","name":"srv0","protocols":["h1","h2","h3"]}
Nov 07 03:38:42 server caddy[1005]: {"level":"info","ts":1730950722.473691,"logger":"http.log","msg":"server running","name":"srv1","protocols":["h1","h2","h3"]}
Nov 07 03:38:42 server caddy[1005]: {"level":"info","ts":1730950722.4738386,"logger":"http","msg":"enabling automatic TLS certificate management","domains":["expired.nameservers.ma"]}
Nov 07 03:38:42 server caddy[1005]: {"level":"info","ts":1730950722.4750056,"msg":"autosaved config (load with --resume flag)","file":"/var/lib/caddy/.config/caddy/autosave.json"}
Nov 07 03:38:42 server caddy[1005]: {"level":"info","ts":1730950722.475278,"msg":"serving initial configuration"}
Nov 07 03:38:42 server systemd[1]: Started Caddy.
Nov 07 03:38:42 server caddy[1005]: {"level":"info","ts":1730950722.4809952,"logger":"tls","msg":"storage cleaning happened too recently; skipping for now","storage":"FileStorage:/var/lib/caddy/.local/share/caddy","instance":"2cb213fe-f469-4ff6-a9c7-c75fff7fae93","try_again":1731037122.480989,"try_again_in":86399.99999845}
Nov 07 03:38:42 server caddy[1005]: {"level":"info","ts":1730950722.4811761,"logger":"tls","msg":"finished cleaning storage units"}
Nov 07 06:58:43 ex.htoubbi.com caddy[1005]: {"level":"info","ts":1730962723.1141305,"logger":"tls.acme_client","msg":"got renewal info","names":["expired.nameservers.ma"],"window_start":1736036287.6666667,"window_end":1736209087.6666667,"selected_time":1736054080,"recheck_after":1730984323.1141162,"explanation_url":""}
Nov 07 06:58:43 ex.htoubbi.com caddy[1005]: {"level":"info","ts":1730962723.1168501,"logger":"tls.cache.maintenance","msg":"updated ACME renewal information","identifiers":["expired.nameservers.ma"],"cert_hash":"762211c7521734fc9bb782456bbed9c3f160f76608d587a3fc3d9d151158186b","ari_unique_id":"nytfzzwhT50Et-0rLMTGcIvS1w0.BFGmtKAwRRtPcvEG3qvB1BMJ","cert_expiry":1738713517,"selected_time":1736183170,"next_update":1730984323.1141162,"explanation_url":""}

Caddy Status

 caddy.service - Caddy
     Loaded: loaded (/lib/systemd/system/caddy.service; enabled; vendor preset: enabled)
     Active: active (running) since Thu 2024-11-07 03:38:42 UTC; 8h ago
       Docs: https://caddyserver.com/docs/
   Main PID: 1005 (caddy)
      Tasks: 9 (limit: 4532)
     Memory: 11.1M
        CPU: 5.044s
     CGroup: /system.slice/caddy.service
             └─1005 /usr/bin/caddy run --environ --config /etc/caddy/Caddyfile

Nov 07 03:38:42 server caddy[1005]: {"level":"info","ts":1730950722.4733152,"logger":"http.log","msg":"server running","name":"srv0","protocols":["h1","h2","h3"]}
Nov 07 03:38:42 server caddy[1005]: {"level":"info","ts":1730950722.473691,"logger":"http.log","msg":"server running","name":"srv1","protocols":["h1","h2","h3"]}
Nov 07 03:38:42 server caddy[1005]: {"level":"info","ts":1730950722.4738386,"logger":"http","msg":"enabling automatic TLS certificate management","domains":["expired.nameservers.ma"]}
Nov 07 03:38:42 server caddy[1005]: {"level":"info","ts":1730950722.4750056,"msg":"autosaved config (load with --resume flag)","file":"/var/lib/caddy/.config/caddy/autosave.json"}
Nov 07 03:38:42 server caddy[1005]: {"level":"info","ts":1730950722.475278,"msg":"serving initial configuration"}
Nov 07 03:38:42 server systemd[1]: Started Caddy.
Nov 07 03:38:42 server caddy[1005]: {"level":"info","ts":1730950722.4809952,"logger":"tls","msg":"storage cleaning happened too recently; skipping for now","storage":"FileStorage:/var/l>
Nov 07 03:38:42 server caddy[1005]: {"level":"info","ts":1730950722.4811761,"logger":"tls","msg":"finished cleaning storage units"}
Nov 07 06:58:43 ex.htoubbi.com caddy[1005]: {"level":"info","ts":1730962723.1141305,"logger":"tls.acme_client","msg":"got renewal info","names":["expired.nameservers.ma"],"window_start">
Nov 07 06:58:43 ex.htoubbi.com caddy[1005]: {"level":"info","ts":1730962723.1168501,"logger":"tls.cache.maintenance","msg":"updated ACME renewal information","identifiers":["expired.nam>
~

Another log

root@ex:~# journalctl -xeu caddy.service
░░ 
░░ The unit caddy.service completed and consumed the indicated resources.
Nov 07 03:38:42 server systemd[1]: Starting Caddy...
░░ Subject: A start job for unit caddy.service has begun execution
░░ Defined-By: systemd
░░ Support: http://www.ubuntu.com/support
░░ 
░░ A start job for unit caddy.service has begun execution.
░░ 
░░ The job identifier is 627.
Nov 07 03:38:42 server caddy[1005]: caddy.HomeDir=/var/lib/caddy
Nov 07 03:38:42 server caddy[1005]: caddy.AppDataDir=/var/lib/caddy/.local/share/caddy
Nov 07 03:38:42 server caddy[1005]: caddy.AppConfigDir=/var/lib/caddy/.config/caddy
Nov 07 03:38:42 server caddy[1005]: caddy.ConfigAutosavePath=/var/lib/caddy/.config/caddy/autosave.json
Nov 07 03:38:42 server caddy[1005]: caddy.Version=v2.8.4 h1:q3pe0wpBj1OcHFZ3n/1nl4V4bxBrYoSoab7rL9BMYNk=
Nov 07 03:38:42 server caddy[1005]: runtime.GOOS=linux
Nov 07 03:38:42 server caddy[1005]: runtime.GOARCH=amd64
Nov 07 03:38:42 server caddy[1005]: runtime.Compiler=gc
Nov 07 03:38:42 server caddy[1005]: runtime.NumCPU=2
Nov 07 03:38:42 server caddy[1005]: runtime.GOMAXPROCS=2
Nov 07 03:38:42 server caddy[1005]: runtime.Version=go1.22.3
Nov 07 03:38:42 server caddy[1005]: os.Getwd=/
Nov 07 03:38:42 server caddy[1005]: LANG=en_US.UTF-8
Nov 07 03:38:42 server caddy[1005]: PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin
Nov 07 03:38:42 server caddy[1005]: NOTIFY_SOCKET=/run/systemd/notify
Nov 07 03:38:42 server caddy[1005]: HOME=/var/lib/caddy
Nov 07 03:38:42 server caddy[1005]: LOGNAME=caddy
Nov 07 03:38:42 server caddy[1005]: USER=caddy
Nov 07 03:38:42 server caddy[1005]: INVOCATION_ID=ff1fad31c5ad4fd7bce52133b751aa7e
Nov 07 03:38:42 server caddy[1005]: JOURNAL_STREAM=8:19309
Nov 07 03:38:42 server caddy[1005]: SYSTEMD_EXEC_PID=1005
Nov 07 03:38:42 server caddy[1005]: {"level":"info","ts":1730950722.4667313,"msg":"using config from file","file":"/etc/caddy/Caddyfile"}
Nov 07 03:38:42 server caddy[1005]: {"level":"info","ts":1730950722.4686897,"msg":"adapted config to JSON","adapter":"caddyfile"}
Nov 07 03:38:42 server caddy[1005]: {"level":"warn","ts":1730950722.4689112,"msg":"Caddyfile input is not formatted; run 'caddy fmt --overwrite' to fix inconsistencies","adapter":"caddyfile","file":"/etc>
Nov 07 03:38:42 server caddy[1005]: {"level":"info","ts":1730950722.4711711,"logger":"admin","msg":"admin endpoint started","address":"localhost:2019","enforce_origin":false,"origins":["//localhost:2019">
Nov 07 03:38:42 server caddy[1005]: {"level":"info","ts":1730950722.4718199,"logger":"http.auto_https","msg":"enabling automatic HTTP->HTTPS redirects","server_name":"srv0"}
Nov 07 03:38:42 server caddy[1005]: {"level":"warn","ts":1730950722.4721107,"logger":"http.auto_https","msg":"server is listening only on the HTTP port, so no automatic HTTPS will be applied to this serv>
Nov 07 03:38:42 server caddy[1005]: {"level":"info","ts":1730950722.471916,"logger":"tls.cache.maintenance","msg":"started background certificate maintenance","cache":"0xc00029dd80"}
Nov 07 03:38:42 server caddy[1005]: {"level":"info","ts":1730950722.4728277,"logger":"http","msg":"enabling HTTP/3 listener","addr":":443"}
Nov 07 03:38:42 server caddy[1005]: {"level":"info","ts":1730950722.4733152,"logger":"http.log","msg":"server running","name":"srv0","protocols":["h1","h2","h3"]}
Nov 07 03:38:42 server caddy[1005]: {"level":"info","ts":1730950722.473691,"logger":"http.log","msg":"server running","name":"srv1","protocols":["h1","h2","h3"]}
Nov 07 03:38:42 server caddy[1005]: {"level":"info","ts":1730950722.4738386,"logger":"http","msg":"enabling automatic TLS certificate management","domains":["expired.nameservers.ma"]}
Nov 07 03:38:42 server caddy[1005]: {"level":"info","ts":1730950722.4750056,"msg":"autosaved config (load with --resume flag)","file":"/var/lib/caddy/.config/caddy/autosave.json"}
Nov 07 03:38:42 server caddy[1005]: {"level":"info","ts":1730950722.475278,"msg":"serving initial configuration"}
Nov 07 03:38:42 server systemd[1]: Started Caddy.
░░ Subject: A start job for unit caddy.service has finished successfully
░░ Defined-By: systemd
░░ Support: http://www.ubuntu.com/support
░░ 
░░ A start job for unit caddy.service has finished successfully.
░░ 
░░ The job identifier is 627.
Nov 07 03:38:42 server caddy[1005]: {"level":"info","ts":1730950722.4809952,"logger":"tls","msg":"storage cleaning happened too recently; skipping for now","storage":"FileStorage:/var/lib/caddy/.local/sh>
Nov 07 03:38:42 server caddy[1005]: {"level":"info","ts":1730950722.4811761,"logger":"tls","msg":"finished cleaning storage units"}
Nov 07 06:58:43 ex.htoubbi.com caddy[1005]: {"level":"info","ts":1730962723.1141305,"logger":"tls.acme_client","msg":"got renewal info","names":["expired.nameservers.ma"],"window_start":1736036287.666666>
Nov 07 06:58:43 ex.htoubbi.com caddy[1005]: {"level":"info","ts":1730962723.1168501,"logger":"tls.cache.maintenance","msg":"updated ACME renewal information","identifiers":["expired.nameservers.ma"],"cer>
lines 1970-2025/2025 (END)

The curl -v result

root@ex:~# curl -v http://expired.nameservers.ma/caddy/ask?domain=ex.htoubbi.com
*   Trying 116.202.12.10:80...
* Connected to expired.nameservers.ma (116.202.12.10) port 80 (#0)
> GET /caddy/ask?domain=ex.htoubbi.com HTTP/1.1
> Host: expired.nameservers.ma
> User-Agent: curl/7.81.0
> Accept: */*
> 
* Mark bundle as not supporting multiuse
< HTTP/1.1 404 Not Found
< Server: Caddy
< Date: Thu, 07 Nov 2024 12:42:30 GMT
< Content-Length: 0
< 
* Connection #0 to host expired.nameservers.ma left intact

another curl -v Test

root@ex:~# curl -v https://expired.nameservers.ma/caddy/ask?domain=vps.htoubbi.com
*   Trying 116.202.12.10:443...
* Connected to expired.nameservers.ma (116.202.12.10) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
*  CAfile: /etc/ssl/certs/ca-certificates.crt
*  CApath: /etc/ssl/certs
* TLSv1.0 (OUT), TLS header, Certificate Status (22):
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS header, Certificate Status (22):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS header, Finished (20):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.2 (OUT), TLS header, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_128_GCM_SHA256
* ALPN, server accepted to use h2
* Server certificate:
*  subject: CN=expired.nameservers.ma
*  start date: Nov  6 23:58:38 2024 GMT
*  expire date: Feb  4 23:58:37 2025 GMT
*  subjectAltName: host "expired.nameservers.ma" matched cert's "expired.nameservers.ma"
*  issuer: C=US; O=Let's Encrypt; CN=E5
*  SSL certificate verify ok.
* Using HTTP2, server supports multiplexing
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
* Using Stream ID: 1 (easy handle 0x5647029aaeb0)
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
> GET /caddy/ask?domain=vps.htoubbi.com HTTP/2
> Host: expired.nameservers.ma
> user-agent: curl/7.81.0
> accept: */*
> 
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* Connection state changed (MAX_CONCURRENT_STREAMS == 250)!
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
< HTTP/2 404 
< alt-svc: h3=":443"; ma=2592000
< server: Caddy
< content-length: 0
< date: Thu, 07 Nov 2024 12:47:02 GMT
< 
* Connection #0 to host expired.nameservers.ma left intact
root@ex:~# 

I only see one error in your logs, from hours ago, where the on-demand check was cancelled due to a config reload, I think.

With your current config, Caddy will be looking for a file at /usr/share/caddy/caddy/ask. That doesn’t really make sense. Obviously that file doesn’t exist, so Caddy responds with a 404.

Use the debug global option (as the help topic template would have instructed you to do) to see more detailed logs.

What are you trying to do exactly?

Hello,

Simply I need to use Caddy to catch all domains pointing to the server and show the html index file with SSL active for any domain pointing to the server

i have enabled the debug

the curl -v test again

root@ex:~# curl -v https://expired.nameservers.ma/ask?domain=ex.htoubbi.com
*   Trying 116.202.12.10:443...
* Connected to expired.nameservers.ma (116.202.12.10) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
*  CAfile: /etc/ssl/certs/ca-certificates.crt
*  CApath: /etc/ssl/certs
* TLSv1.0 (OUT), TLS header, Certificate Status (22):
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS header, Certificate Status (22):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS header, Finished (20):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.2 (OUT), TLS header, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_128_GCM_SHA256
* ALPN, server accepted to use h2
* Server certificate:
*  subject: CN=expired.nameservers.ma
*  start date: Nov  6 23:58:38 2024 GMT
*  expire date: Feb  4 23:58:37 2025 GMT
*  subjectAltName: host "expired.nameservers.ma" matched cert's "expired.nameservers.ma"
*  issuer: C=US; O=Let's Encrypt; CN=E5
*  SSL certificate verify ok.
* Using HTTP2, server supports multiplexing
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
* Using Stream ID: 1 (easy handle 0x56454d591eb0)
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
> GET /ask?domain=ex.htoubbi.com HTTP/2
> Host: expired.nameservers.ma
> user-agent: curl/7.81.0
> accept: */*
> 
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* Connection state changed (MAX_CONCURRENT_STREAMS == 250)!
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
< HTTP/2 404 
< alt-svc: h3=":443"; ma=2592000
< server: Caddy
< content-length: 0
< date: Thu, 07 Nov 2024 13:09:58 GMT
< 
* Connection #0 to host expired.nameservers.ma left intact

the Caddy file config

root@ex:~# cat /etc/caddy/Caddyfile
# The Caddyfile is an easy way to configure your Caddy web server.
#
# Unless the file starts with a global options block, the first
# uncommented line is always the address of your site.
#
# To use your own domain name (with automatic HTTPS), first make
# sure your domain's A/AAAA DNS records are properly pointed to
# this machine's public IP, then replace ":80" below with your
# domain name.


	# Set this path to your site's directory.
{
debug
	on_demand_tls {
		ask http://expired.nameservers.ma/ask	
}
}

https:// {
    tls {
        on_demand
    }
    root *  /usr/share/caddy
    file_server
}
http://expired.nameservers.ma, https://expired.nameservers.ma {

    root *  /usr/share/caddy
    file_server
}

# Refer to the Caddy docs for more information:
# https://caddyserver.com/docs/caddyfile

the logs

Nov 07 13:13:47 ex.htoubbi.com caddy[1005]: {"level":"debug","ts":1730985227.5922816,"logger":"events","msg":"event","name":"tls_get_certificate","id":"a107504a-79df-4d2d-9524-79cbbeb649f8","origin":"tls","data":{"client_hello":{"CipherSuites":[23130,4865,4866,4867,49196,49195,52393,49200,49199,52392,49162,49161,49172,49171,157,156,53,47,49160,49170,10],"ServerName":"edd.htoubbi.com","SupportedCurves":[31354,29,23,24,25],"SupportedPoints":"AA==","SignatureSchemes":[1027,2052,1025,1283,515,2053,2053,1281,2054,1537,513],"SupportedProtos":["h2","http/1.1"],"SupportedVersions":[56026,772,771,770,769],"RemoteAddr":{"IP":"186.224.145.99","Port":63885,"Zone":""},"LocalAddr":{"IP":"116.202.12.10","Port":443,"Zone":""}}}}
Nov 07 13:13:47 ex.htoubbi.com caddy[1005]: {"level":"debug","ts":1730985227.59236,"logger":"tls.handshake","msg":"no matching certificates and no custom selection logic","identifier":"edd.htoubbi.com"}
Nov 07 13:13:47 ex.htoubbi.com caddy[1005]: {"level":"debug","ts":1730985227.5923877,"logger":"tls.handshake","msg":"no matching certificates and no custom selection logic","identifier":"*.htoubbi.com"}
Nov 07 13:13:47 ex.htoubbi.com caddy[1005]: {"level":"debug","ts":1730985227.5923984,"logger":"tls.handshake","msg":"no matching certificates and no custom selection logic","identifier":"*.*.com"}
Nov 07 13:13:47 ex.htoubbi.com caddy[1005]: {"level":"debug","ts":1730985227.5924096,"logger":"tls.handshake","msg":"no matching certificates and no custom selection logic","identifier":"*.*.*"}
Nov 07 13:13:47 ex.htoubbi.com caddy[1005]: {"level":"debug","ts":1730985227.592434,"logger":"tls.handshake","msg":"all external certificate managers yielded no certificates and no errors","remote_ip":"186.224.145.99","remote_port":"63885","sni":"edd.htoubbi.com"}
Nov 07 13:13:47 ex.htoubbi.com caddy[1005]: {"level":"debug","ts":1730985227.592464,"logger":"tls","msg":"asking for permission for on-demand certificate","remote_ip":"186.224.145.99","domain":"edd.htoubbi.com"}
Nov 07 13:13:47 ex.htoubbi.com caddy[1005]: {"level":"debug","ts":1730985227.592531,"logger":"tls.permission.http","msg":"asking permission endpoint","remote":"186.224.145.99:63885","domain":"edd.htoubbi.com","url":"http://expired.nameservers.ma/ask?domain=edd.htoubbi.com"}
Nov 07 13:13:47 ex.htoubbi.com caddy[1005]: {"level":"debug","ts":1730985227.5930114,"logger":"http.handlers.file_server","msg":"sanitized path join","site_root":"/usr/share/caddy","fs":"","request_path":"/ask","result":"/usr/share/caddy/ask"}
Nov 07 13:13:47 ex.htoubbi.com caddy[1005]: {"level":"debug","ts":1730985227.5931904,"logger":"http.log.error","msg":"{id=48tbst97e} fileserver.(*FileServer).notFound (staticfiles.go:651): HTTP 404","request":{"remote_ip":"116.202.12.10","remote_port":"40404","client_ip":"116.202.12.10","proto":"HTTP/1.1","method":"GET","host":"expired.nameservers.ma","uri":"/ask?domain=edd.htoubbi.com","headers":{"User-Agent":["Go-http-client/1.1"],"Accept-Encoding":["gzip"]}},"duration":0.000202972,"status":404,"err_id":"48tbst97e","err_trace":"fileserver.(*FileServer).notFound (staticfiles.go:651)"}
Nov 07 13:13:47 ex.htoubbi.com caddy[1005]: {"level":"debug","ts":1730985227.5933743,"logger":"tls.permission.http","msg":"response from permission endpoint","remote":"186.224.145.99:63885","domain":"edd.htoubbi.com","url":"http://expired.nameservers.ma/ask?domain=edd.htoubbi.com","status":404}
Nov 07 13:13:47 ex.htoubbi.com caddy[1005]: {"level":"debug","ts":1730985227.5934095,"logger":"tls","msg":"on-demand certificate issuance denied","domain":"edd.htoubbi.com","error":"edd.htoubbi.com: certificate not allowed by permission module http://expired.nameservers.ma/ask - non-2xx status code 404"}
Nov 07 13:13:47 ex.htoubbi.com caddy[1005]: {"level":"debug","ts":1730985227.5934975,"logger":"http.stdlib","msg":"http: TLS handshake error from 186.224.145.99:63885: certificate is not allowed for server name edd.htoubbi.com: decision func: edd.htoubbi.com: certificate not allowed by permission module http://expired.nameservers.ma/ask - non-2xx status code 404"}
Nov 07 13:13:47 ex.htoubbi.com caddy[1005]: {"level":"debug","ts":1730985227.9778345,"logger":"events","msg":"event","name":"tls_get_certificate","id":"80efc273-de19-425f-ba82-f7de3314e5a8","origin":"tls","data":{"client_hello":{"CipherSuites":[6682,4865,4866,4867,49196,49195,52393,49200,49199,52392,49162,49161,49172,49171,157,156,53,47,49160,49170,10,22016],"ServerName":"edd.htoubbi.com","SupportedCurves":[56026,29,23,24,25],"SupportedPoints":"AA==","SignatureSchemes":[1027,2052,1025,1283,515,2053,2053,1281,2054,1537,513],"SupportedProtos":["h2","http/1.1"],"SupportedVersions":[51914,772,771,770,769],"RemoteAddr":{"IP":"186.224.145.99","Port":64183,"Zone":""},"LocalAddr":{"IP":"116.202.12.10","Port":443,"Zone":""}}}}
Nov 07 13:13:47 ex.htoubbi.com caddy[1005]: {"level":"debug","ts":1730985227.9779532,"logger":"tls.handshake","msg":"no matching certificates and no custom selection logic","identifier":"edd.htoubbi.com"}
Nov 07 13:13:47 ex.htoubbi.com caddy[1005]: {"level":"debug","ts":1730985227.9780211,"logger":"tls.handshake","msg":"no matching certificates and no custom selection logic","identifier":"*.htoubbi.com"}
Nov 07 13:13:47 ex.htoubbi.com caddy[1005]: {"level":"debug","ts":1730985227.9780426,"logger":"tls.handshake","msg":"no matching certificates and no custom selection logic","identifier":"*.*.com"}
Nov 07 13:13:47 ex.htoubbi.com caddy[1005]: {"level":"debug","ts":1730985227.9780617,"logger":"tls.handshake","msg":"no matching certificates and no custom selection logic","identifier":"*.*.*"}
Nov 07 13:13:47 ex.htoubbi.com caddy[1005]: {"level":"debug","ts":1730985227.978087,"logger":"tls.handshake","msg":"all external certificate managers yielded no certificates and no errors","remote_ip":"186.224.145.99","remote_port":"64183","sni":"edd.htoubbi.com"}
Nov 07 13:13:47 ex.htoubbi.com caddy[1005]: {"level":"debug","ts":1730985227.9781132,"logger":"tls","msg":"asking for permission for on-demand certificate","remote_ip":"186.224.145.99","domain":"edd.htoubbi.com"}
Nov 07 13:13:47 ex.htoubbi.com caddy[1005]: {"level":"debug","ts":1730985227.9788637,"logger":"tls.permission.http","msg":"asking permission endpoint","remote":"186.224.145.99:64183","domain":"edd.htoubbi.com","url":"http://expired.nameservers.ma/ask?domain=edd.htoubbi.com"}
Nov 07 13:13:47 ex.htoubbi.com caddy[1005]: {"level":"debug","ts":1730985227.9794452,"logger":"http.handlers.file_server","msg":"sanitized path join","site_root":"/usr/share/caddy","fs":"","request_path":"/ask","result":"/usr/share/caddy/ask"}
Nov 07 13:13:47 ex.htoubbi.com caddy[1005]: {"level":"debug","ts":1730985227.9795942,"logger":"http.log.error","msg":"{id=zj0r71f38} fileserver.(*FileServer).notFound (staticfiles.go:651): HTTP 404","request":{"remote_ip":"116.202.12.10","remote_port":"40404","client_ip":"116.202.12.10","proto":"HTTP/1.1","method":"GET","host":"expired.nameservers.ma","uri":"/ask?domain=edd.htoubbi.com","headers":{"User-Agent":["Go-http-client/1.1"],"Accept-Encoding":["gzip"]}},"duration":0.000166443,"status":404,"err_id":"zj0r71f38","err_trace":"fileserver.(*FileServer).notFound (staticfiles.go:651)"}
Nov 07 13:13:47 ex.htoubbi.com caddy[1005]: {"level":"debug","ts":1730985227.9798138,"logger":"tls.permission.http","msg":"response from permission endpoint","remote":"186.224.145.99:64183","domain":"edd.htoubbi.com","url":"http://expired.nameservers.ma/ask?domain=edd.htoubbi.com","status":404}
Nov 07 13:13:47 ex.htoubbi.com caddy[1005]: {"level":"debug","ts":1730985227.9798543,"logger":"tls","msg":"on-demand certificate issuance denied","domain":"edd.htoubbi.com","error":"edd.htoubbi.com: certificate not allowed by permission module http://expired.nameservers.ma/ask - non-2xx status code 404"}
Nov 07 13:13:47 ex.htoubbi.com caddy[1005]: {"level":"debug","ts":1730985227.980001,"logger":"http.stdlib","msg":"http: TLS handshake error from 186.224.145.99:64183: certificate is not allowed for server name edd.htoubbi.com: decision func: edd.htoubbi.com: certificate not allowed by permission module http://expired.nameservers.ma/ask - non-2xx status code 404"}
Nov 07 13:13:48 ex.htoubbi.com caddy[1005]: {"level":"debug","ts":1730985228.3530269,"logger":"http.stdlib","msg":"http: TLS handshake error from 186.224.145.99:64019: tls: client offered only unsupported versions: [301]"}
Nov 07 13:13:56 ex.htoubbi.com caddy[1005]: {"level":"debug","ts":1730985236.9427617,"logger":"events","msg":"event","name":"tls_get_certificate","id":"d212abf8-2805-47e6-a3a2-2d17721a0b8c","origin":"tls","data":{"client_hello":{"CipherSuites":[14906,4865,4866,4867,49196,49195,52393,49200,49199,52392,49162,49161,49172,49171,157,156,53,47,49160,49170,10],"ServerName":"edd.htoubbi.com","SupportedCurves":[14906,29,23,24,25],"SupportedPoints":"AA==","SignatureSchemes":[1027,2052,1025,1283,515,2053,2053,1281,2054,1537,513],"SupportedProtos":["h2","http/1.1"],"SupportedVersions":[56026,772,771,770,769],"RemoteAddr":{"IP":"186.224.145.99","Port":64582,"Zone":""},"LocalAddr":{"IP":"116.202.12.10","Port":443,"Zone":""}}}}
Nov 07 13:13:56 ex.htoubbi.com caddy[1005]: {"level":"debug","ts":1730985236.9428263,"logger":"tls.handshake","msg":"no matching certificates and no custom selection logic","identifier":"edd.htoubbi.com"}
Nov 07 13:13:56 ex.htoubbi.com caddy[1005]: {"level":"debug","ts":1730985236.9428482,"logger":"tls.handshake","msg":"no matching certificates and no custom selection logic","identifier":"*.htoubbi.com"}
Nov 07 13:13:56 ex.htoubbi.com caddy[1005]: {"level":"debug","ts":1730985236.942862,"logger":"tls.handshake","msg":"no matching certificates and no custom selection logic","identifier":"*.*.com"}
Nov 07 13:13:56 ex.htoubbi.com caddy[1005]: {"level":"debug","ts":1730985236.9428747,"logger":"tls.handshake","msg":"no matching certificates and no custom selection logic","identifier":"*.*.*"}
Nov 07 13:13:56 ex.htoubbi.com caddy[1005]: {"level":"debug","ts":1730985236.9429045,"logger":"tls.handshake","msg":"all external certificate managers yielded no certificates and no errors","remote_ip":"186.224.145.99","remote_port":"64582","sni":"edd.htoubbi.com"}
Nov 07 13:13:56 ex.htoubbi.com caddy[1005]: {"level":"debug","ts":1730985236.942931,"logger":"tls","msg":"asking for permission for on-demand certificate","remote_ip":"186.224.145.99","domain":"edd.htoubbi.com"}
Nov 07 13:13:56 ex.htoubbi.com caddy[1005]: {"level":"debug","ts":1730985236.942973,"logger":"tls.permission.http","msg":"asking permission endpoint","remote":"186.224.145.99:64582","domain":"edd.htoubbi.com","url":"http://expired.nameservers.ma/ask?domain=edd.htoubbi.com"}
Nov 07 13:13:56 ex.htoubbi.com caddy[1005]: {"level":"debug","ts":1730985236.9433084,"logger":"http.handlers.file_server","msg":"sanitized path join","site_root":"/usr/share/caddy","fs":"","request_path":"/ask","result":"/usr/share/caddy/ask"}
Nov 07 13:13:56 ex.htoubbi.com caddy[1005]: {"level":"debug","ts":1730985236.9434178,"logger":"http.log.error","msg":"{id=hrp5tmpgc} fileserver.(*FileServer).notFound (staticfiles.go:651): HTTP 404","request":{"remote_ip":"116.202.12.10","remote_port":"40404","client_ip":"116.202.12.10","proto":"HTTP/1.1","method":"GET","host":"expired.nameservers.ma","uri":"/ask?domain=edd.htoubbi.com","headers":{"User-Agent":["Go-http-client/1.1"],"Accept-Encoding":["gzip"]}},"duration":0.000120227,"status":404,"err_id":"hrp5tmpgc","err_trace":"fileserver.(*FileServer).notFound (staticfiles.go:651)"}
Nov 07 13:13:56 ex.htoubbi.com caddy[1005]: {"level":"debug","ts":1730985236.9435573,"logger":"tls.permission.http","msg":"response from permission endpoint","remote":"186.224.145.99:64582","domain":"edd.htoubbi.com","url":"http://expired.nameservers.ma/ask?domain=edd.htoubbi.com","status":404}
Nov 07 13:13:56 ex.htoubbi.com caddy[1005]: {"level":"debug","ts":1730985236.943578,"logger":"tls","msg":"on-demand certificate issuance denied","domain":"edd.htoubbi.com","error":"edd.htoubbi.com: certificate not allowed by permission module http://expired.nameservers.ma/ask - non-2xx status code 404"}
Nov 07 13:13:56 ex.htoubbi.com caddy[1005]: {"level":"debug","ts":1730985236.9436386,"logger":"http.stdlib","msg":"http: TLS handshake error from 186.224.145.99:64582: certificate is not allowed for server name edd.htoubbi.com: decision func: edd.htoubbi.com: certificate not allowed by permission module http://expired.nameservers.ma/ask - non-2xx status code 404"}
Nov 07 13:13:57 ex.htoubbi.com caddy[1005]: {"level":"debug","ts":1730985237.3187246,"logger":"events","msg":"event","name":"tls_get_certificate","id":"76def3a8-160e-447b-922f-49ceb4ffff8a","origin":"tls","data":{"client_hello":{"CipherSuites":[47802,4865,4866,4867,49196,49195,52393,49200,49199,52392,49162,49161,49172,49171,157,156,53,47,49160,49170,10,22016],"ServerName":"edd.htoubbi.com","SupportedCurves":[35466,29,23,24,25],"SupportedPoints":"AA==","SignatureSchemes":[1027,2052,1025,1283,515,2053,2053,1281,2054,1537,513],"SupportedProtos":["h2","http/1.1"],"SupportedVersions":[19018,772,771,770,769],"RemoteAddr":{"IP":"186.224.145.99","Port":65210,"Zone":""},"LocalAddr":{"IP":"116.202.12.10","Port":443,"Zone":""}}}}
Nov 07 13:13:57 ex.htoubbi.com caddy[1005]: {"level":"debug","ts":1730985237.318797,"logger":"tls.handshake","msg":"no matching certificates and no custom selection logic","identifier":"edd.htoubbi.com"}
Nov 07 13:13:57 ex.htoubbi.com caddy[1005]: {"level":"debug","ts":1730985237.318849,"logger":"tls.handshake","msg":"no matching certificates and no custom selection logic","identifier":"*.htoubbi.com"}
Nov 07 13:13:57 ex.htoubbi.com caddy[1005]: {"level":"debug","ts":1730985237.3188689,"logger":"tls.handshake","msg":"no matching certificates and no custom selection logic","identifier":"*.*.com"}
Nov 07 13:13:57 ex.htoubbi.com caddy[1005]: {"level":"debug","ts":1730985237.3188887,"logger":"tls.handshake","msg":"no matching certificates and no custom selection logic","identifier":"*.*.*"}
Nov 07 13:13:57 ex.htoubbi.com caddy[1005]: {"level":"debug","ts":1730985237.3189123,"logger":"tls.handshake","msg":"all external certificate managers yielded no certificates and no errors","remote_ip":"186.224.145.99","remote_port":"65210","sni":"edd.htoubbi.com"}
Nov 07 13:13:57 ex.htoubbi.com caddy[1005]: {"level":"debug","ts":1730985237.3189394,"logger":"tls","msg":"asking for permission for on-demand certificate","remote_ip":"186.224.145.99","domain":"edd.htoubbi.com"}
Nov 07 13:13:57 ex.htoubbi.com caddy[1005]: {"level":"debug","ts":1730985237.3189852,"logger":"tls.permission.http","msg":"asking permission endpoint","remote":"186.224.145.99:65210","domain":"edd.htoubbi.com","url":"http://expired.nameservers.ma/ask?domain=edd.htoubbi.com"}
Nov 07 13:13:57 ex.htoubbi.com caddy[1005]: {"level":"debug","ts":1730985237.3194366,"logger":"http.handlers.file_server","msg":"sanitized path join","site_root":"/usr/share/caddy","fs":"","request_path":"/ask","result":"/usr/share/caddy/ask"}
Nov 07 13:13:57 ex.htoubbi.com caddy[1005]: {"level":"debug","ts":1730985237.319538,"logger":"http.log.error","msg":"{id=fk850nmf2} fileserver.(*FileServer).notFound (staticfiles.go:651): HTTP 404","request":{"remote_ip":"116.202.12.10","remote_port":"40404","client_ip":"116.202.12.10","proto":"HTTP/1.1","method":"GET","host":"expired.nameservers.ma","uri":"/ask?domain=edd.htoubbi.com","headers":{"User-Agent":["Go-http-client/1.1"],"Accept-Encoding":["gzip"]}},"duration":0.000118364,"status":404,"err_id":"fk850nmf2","err_trace":"fileserver.(*FileServer).notFound (staticfiles.go:651)"}
Nov 07 13:13:57 ex.htoubbi.com caddy[1005]: {"level":"debug","ts":1730985237.3197176,"logger":"tls.permission.http","msg":"response from permission endpoint","remote":"186.224.145.99:65210","domain":"edd.htoubbi.com","url":"http://expired.nameservers.ma/ask?domain=edd.htoubbi.com","status":404}
Nov 07 13:13:57 ex.htoubbi.com caddy[1005]: {"level":"debug","ts":1730985237.3197463,"logger":"tls","msg":"on-demand certificate issuance denied","domain":"edd.htoubbi.com","error":"edd.htoubbi.com: certificate not allowed by permission module http://expired.nameservers.ma/ask - non-2xx status code 404"}
Nov 07 13:13:57 ex.htoubbi.com caddy[1005]: {"level":"debug","ts":1730985237.3198547,"logger":"http.stdlib","msg":"http: TLS handshake error from 186.224.145.99:65210: certificate is not allowed for server name edd.htoubbi.com: decision func: edd.htoubbi.com: certificate not allowed by permission module http://expired.nameservers.ma/ask - non-2xx status code 404"}
Nov 07 13:13:57 ex.htoubbi.com caddy[1005]: {"level":"debug","ts":1730985237.6916506,"logger":"http.stdlib","msg":"http: TLS handshake error from 186.224.145.99:64166: tls: client offered only unsupported versions: [301]"}

in the browser you get ERR_SSL_PROTOCOL_ERROR

You need to write a small server that handles the /ask endpoint, doing a lookup against your database to see if a domain is allowed.

i have build another server to test

with the same caddy file config on the TOP

with changing only domains

{
debug
        on_demand_tls {
                ask http://whmcspanel.ssh.ma/ask
}
}

https:// {
    tls {
        on_demand
    }
    root *  /usr/share/caddy
    file_server
}
http://whmcspanel.ssh.ma, https://whmcspanel.ssh.ma {

    root *  /usr/share/caddy
    file_server
}

# Refer to the Caddy docs for more information:
# https://caddyserver.com/docs/caddyfile

the debug log

servers.ma","url":"http://whmcspanel.ssh.ma/ask?domain=test.nameservers.ma"}
Nov 07 14:27:27 whmcspanel.ssh.ma caddy[1636]: {"level":"debug","ts":1730986047.684167,"logger":"http.handlers.file_server","msg":"sanitized path join","site_root":"/usr/share/caddy","fs":"","request_path":"/ask","result":"/usr/share/caddy/ask"}
Nov 07 14:27:27 whmcspanel.ssh.ma caddy[1636]: {"level":"debug","ts":1730986047.684476,"logger":"http.log.error","msg":"{id=w9qm4bsvn} fileserver.(*FileServer).notFound (staticfiles.go:651): HTTP 404","request":{"remote_ip":"185.244.195.102","remote_port":"49642","client_ip":"185.244.195.102","proto":"HTTP/1.1","method":"GET","host":"whmcspanel.ssh.ma","uri":"/ask?domain=test.nameservers.ma","headers":{"User-Agent":["Go-http-client/1.1"],"Accept-Encoding":["gzip"]}},"duration":0.000213664,"status":404,"err_id":"w9qm4bsvn","err_trace":"fileserver.(*FileServer).notFound (staticfiles.go:651)"}
Nov 07 14:27:27 whmcspanel.ssh.ma caddy[1636]: {"level":"debug","ts":1730986047.684677,"logger":"tls.permission.http","msg":"response from permission endpoint","remote":"186.224.145.99:64645","domain":"test.nameservers.ma","url":"http://whmcspanel.ssh.ma/ask?domain=test.nameservers.ma","status":404}
Nov 07 14:27:27 whmcspanel.ssh.ma caddy[1636]: {"level":"debug","ts":1730986047.6846936,"logger":"tls","msg":"on-demand certificate issuance denied","domain":"test.nameservers.ma","error":"test.nameservers.ma: certificate not allowed by permission module http://whmcspanel.ssh.ma/ask - non-2xx status code 404"}
Nov 07 14:27:27 whmcspanel.ssh.ma caddy[1636]: {"level":"debug","ts":1730986047.6847532,"logger":"http.stdlib","msg":"http: TLS handshake error from 186.224.145.99:64645: certificate is not allowed for server name test.nameservers.ma: decision func: test.nameservers.ma: certificate not allowed by permission module http://whmcspanel.ssh.ma/ask - non-2xx status code 404"}
Nov 07 14:27:28 whmcspanel.ssh.ma caddy[1636]: {"level":"debug","ts":1730986048.0358992,"logger":"events","msg":"event","name":"tls_get_certificate","id":"7709e09f-9595-44c8-a84c-530c91d3e082","origin":"tls","data":{"client_hello":{"CipherSuites":[10794,4865,4866,4867,49195,49199,49196,49200,52393,52392,49171,49172,156,157,47,53],"ServerName":"test.nameservers.ma","SupportedCurves":[51914,25497,29,23,24],"SupportedPoints":"AA==","SignatureSchemes":[1027,2052,1025,1283,2053,1281,2054,1537],"SupportedProtos":["h2","http/1.1"],"SupportedVersions":[2570,772,771],"RemoteAddr":{"IP":"186.224.145.99","Port":65504,"Zone":""},"LocalAddr":{"IP":"185.244.195.102","Port":443,"Zone":""}}}}
Nov 07 14:27:28 whmcspanel.ssh.ma caddy[1636]: {"level":"debug","ts":1730986048.0359585,"logger":"tls.handshake","msg":"no matching certificates and no custom selection logic","identifier":"test.nameservers.ma"}
Nov 07 14:27:28 whmcspanel.ssh.ma caddy[1636]: {"level":"debug","ts":1730986048.0359697,"logger":"tls.handshake","msg":"no matching certificates and no custom selection logic","identifier":"*.nameservers.ma"}
Nov 07 14:27:28 whmcspanel.ssh.ma caddy[1636]: {"level":"debug","ts":1730986048.0359764,"logger":"tls.handshake","msg":"no matching certificates and no custom selection logic","identifier":"*.*.ma"}
Nov 07 14:27:28 whmcspanel.ssh.ma caddy[1636]: {"level":"debug","ts":1730986048.0359824,"logger":"tls.handshake","msg":"no matching certificates and no custom selection logic","identifier":"*.*.*"}
Nov 07 14:27:28 whmcspanel.ssh.ma caddy[1636]: {"level":"debug","ts":1730986048.0359929,"logger":"tls.handshake","msg":"all external certificate managers yielded no certificates and no errors","remote_ip":"186.224.145.99","remote_port":"65504","sni":"test.nameservers.ma"}
Nov 07 14:27:28 whmcspanel.ssh.ma caddy[1636]: {"level":"debug","ts":1730986048.0360029,"logger":"tls","msg":"asking for permission for on-demand certificate","remote_ip":"186.224.145.99","domain":"test.nameservers.ma"}
Nov 07 14:27:28 whmcspanel.ssh.ma caddy[1636]: {"level":"debug","ts":1730986048.0360217,"logger":"tls.permission.http","msg":"asking permission endpoint","remote":"186.224.145.99:65504","domain":"test.nameservers.ma","url":"http://whmcspanel.ssh.ma/ask?domain=test.nameservers.ma"}
Nov 07 14:27:28 whmcspanel.ssh.ma caddy[1636]: {"level":"debug","ts":1730986048.0362258,"logger":"http.handlers.file_server","msg":"sanitized path join","site_root":"/usr/share/caddy","fs":"","request_path":"/ask","result":"/usr/share/caddy/ask"}
Nov 07 14:27:28 whmcspanel.ssh.ma caddy[1636]: {"level":"debug","ts":1730986048.036298,"logger":"http.log.error","msg":"{id=tqjnmkk1r} fileserver.(*FileServer).notFound (staticfiles.go:651): HTTP 404","request":{"remote_ip":"185.244.195.102","remote_port":"49642","client_ip":"185.244.195.102","proto":"HTTP/1.1","method":"GET","host":"whmcspanel.ssh.ma","uri":"/ask?domain=test.nameservers.ma","headers":{"User-Agent":["Go-http-client/1.1"],"Accept-Encoding":["gzip"]}},"duration":0.000084741,"status":404,"err_id":"tqjnmkk1r","err_trace":"fileserver.(*FileServer).notFound (staticfiles.go:651)"}
Nov 07 14:27:28 whmcspanel.ssh.ma caddy[1636]: {"level":"debug","ts":1730986048.0363796,"logger":"tls.permission.http","msg":"response from permission endpoint","remote":"186.224.145.99:65504","domain":"test.nameservers.ma","url":"http://whmcspanel.ssh.ma/ask?domain=test.nameservers.ma","status":404}
Nov 07 14:27:28 whmcspanel.ssh.ma caddy[1636]: {"level":"debug","ts":1730986048.0363934,"logger":"tls","msg":"on-demand certificate issuance denied","domain":"test.nameservers.ma","error":"test.nameservers.ma: certificate not allowed by permission module http://whmcspanel.ssh.ma/ask - non-2xx status code 404"}
Nov 07 14:27:28 whmcspanel.ssh.ma caddy[1636]: {"level":"debug","ts":1730986048.0364404,"logger":"http.stdlib","msg":"http: TLS handshake error from 186.224.145.99:65504: certificate is not allowed for server name test.nameservers.ma: decision func: test.nameservers.ma: certificate not allowed by permission module http://whmcspanel.ssh.ma/ask - non-2xx status code 404"}
Nov 07 14:27:28 whmcspanel.ssh.ma caddy[1636]: {"level":"debug","ts":1730986048.3677871,"logger":"events","msg":"event","name":"tls_get_certificate","id":"b9b7a768-c8cc-4df6-bbf1-0f7ac58023d2","origin":"tls","data":{"client_hello":{"CipherSuites":[14906,4865,4866,4867,49195,49199,49196,49200,52393,52392,49171,49172,156,157,47,53],"ServerName":"test.nameservers.ma","SupportedCurves":[51914,25497,29,23,24],"SupportedPoints":"AA==","SignatureSchemes":[1027,2052,1025,1283,2053,1281,2054,1537],"SupportedProtos":["h2","http/1.1"],"SupportedVersions":[2570,772,771],"RemoteAddr":{"IP":"186.224.145.99","Port":64485,"Zone":""},"LocalAddr":{"IP":"185.244.195.102","Port":443,"Zone":""}}}}
Nov 07 14:27:28 whmcspanel.ssh.ma caddy[1636]: {"level":"debug","ts":1730986048.3678267,"logger":"tls.handshake","msg":"no matching certificates and no custom selection logic","identifier":"test.nameservers.ma"}
Nov 07 14:27:28 whmcspanel.ssh.ma caddy[1636]: {"level":"debug","ts":1730986048.3678377,"logger":"tls.handshake","msg":"no matching certificates and no custom selection logic","identifier":"*.nameservers.ma"}
Nov 07 14:27:28 whmcspanel.ssh.ma caddy[1636]: {"level":"debug","ts":1730986048.3678443,"logger":"tls.handshake","msg":"no matching certificates and no custom selection logic","identifier":"*.*.ma"}
Nov 07 14:27:28 whmcspanel.ssh.ma caddy[1636]: {"level":"debug","ts":1730986048.3678505,"logger":"tls.handshake","msg":"no matching certificates and no custom selection logic","identifier":"*.*.*"}
Nov 07 14:27:28 whmcspanel.ssh.ma caddy[1636]: {"level":"debug","ts":1730986048.36786,"logger":"tls.handshake","msg":"all external certificate managers yielded no certificates and no errors","remote_ip":"186.224.145.99","remote_port":"64485","sni":"test.nameservers.ma"}
Nov 07 14:27:28 whmcspanel.ssh.ma caddy[1636]: {"level":"debug","ts":1730986048.3678699,"logger":"tls","msg":"asking for permission for on-demand certificate","remote_ip":"186.224.145.99","domain":"test.nameservers.ma"}
Nov 07 14:27:28 whmcspanel.ssh.ma caddy[1636]: {"level":"debug","ts":1730986048.3678892,"logger":"tls.permission.http","msg":"asking permission endpoint","remote":"186.224.145.99:64485","domain":"test.nameservers.ma","url":"http://whmcspanel.ssh.ma/ask?domain=test.nameservers.ma"}
Nov 07 14:27:28 whmcspanel.ssh.ma caddy[1636]: {"level":"debug","ts":1730986048.368828,"logger":"http.handlers.file_server","msg":"sanitized path join","site_root":"/usr/share/caddy","fs":"","request_path":"/ask","result":"/usr/share/caddy/ask"}
Nov 07 14:27:28 whmcspanel.ssh.ma caddy[1636]: {"level":"debug","ts":1730986048.3689237,"logger":"http.log.error","msg":"{id=jkehvx313} fileserver.(*FileServer).notFound (staticfiles.go:651): HTTP 404","request":{"remote_ip":"185.244.195.102","remote_port":"49642","client_ip":"185.244.195.102","proto":"HTTP/1.1","method":"GET","host":"whmcspanel.ssh.ma","uri":"/ask?domain=test.nameservers.ma","headers":{"User-Agent":["Go-http-client/1.1"],"Accept-Encoding":["gzip"]}},"duration":0.00009271,"status":404,"err_id":"jkehvx313","err_trace":"fileserver.(*FileServer).notFound (staticfiles.go:651)"}
Nov 07 14:27:28 whmcspanel.ssh.ma caddy[1636]: {"level":"debug","ts":1730986048.3723187,"logger":"tls.permission.http","msg":"response from permission endpoint","remote":"186.224.145.99:64485","domain":"test.nameservers.ma","url":"http://whmcspanel.ssh.ma/ask?domain=test.nameservers.ma","status":404}
Nov 07 14:27:28 whmcspanel.ssh.ma caddy[1636]: {"level":"debug","ts":1730986048.3731356,"logger":"tls","msg":"on-demand certificate issuance denied","domain":"test.nameservers.ma","error":"test.nameservers.ma: certificate not allowed by permission module http://whmcspanel.ssh.ma/ask - non-2xx status code 404"}
Nov 07 14:27:28 whmcspanel.ssh.ma caddy[1636]: {"level":"debug","ts":1730986048.373264,"logger":"http.stdlib","msg":"http: TLS handshake error from 186.224.145.99:64485: certificate is not allowed for server name test.nameservers.ma: decision func: test.nameservers.ma: certificate not allowed by permission module http://whmcspanel.ssh.ma/ask - non-2xx status code 404"}
Nov 07 14:27:28 whmcspanel.ssh.ma caddy[1636]: {"level":"debug","ts":1730986048.8737702,"logger":"events","msg":"event","name":"tls_get_certificate","id":"413d8a79-2bf8-49a2-8e3f-c0a3760f8346","origin":"tls","data":{"client_hello":{"CipherSuites":[43690,4865,4866,4867,49195,49199,49196,49200,52393,52392,49171,49172,156,157,47,53],"ServerName":"test.nameservers.ma","SupportedCurves":[27242,25497,29,23,24],"SupportedPoints":"AA==","SignatureSchemes":[1027,2052,1025,1283,2053,1281,2054,1537],"SupportedProtos":["h2","http/1.1"],"SupportedVersions":[6682,772,771],"RemoteAddr":{"IP":"186.224.145.99","Port":64046,"Zone":""},"LocalAddr":{"IP":"185.244.195.102","Port":443,"Zone":""}}}}
Nov 07 14:27:28 whmcspanel.ssh.ma caddy[1636]: {"level":"debug","ts":1730986048.8738105,"logger":"tls.handshake","msg":"no matching certificates and no custom selection logic","identifier":"test.nameservers.ma"}
Nov 07 14:27:28 whmcspanel.ssh.ma caddy[1636]: {"level":"debug","ts":1730986048.873821,"logger":"tls.handshake","msg":"no matching certificates and no custom selection logic","identifier":"*.nameservers.ma"}
Nov 07 14:27:28 whmcspanel.ssh.ma caddy[1636]: {"level":"debug","ts":1730986048.8738282,"logger":"tls.handshake","msg":"no matching certificates and no custom selection logic","identifier":"*.*.ma"}
Nov 07 14:27:28 whmcspanel.ssh.ma caddy[1636]: {"level":"debug","ts":1730986048.8738348,"logger":"tls.handshake","msg":"no matching certificates and no custom selection logic","identifier":"*.*.*"}
Nov 07 14:27:28 whmcspanel.ssh.ma caddy[1636]: {"level":"debug","ts":1730986048.8738458,"logger":"tls.handshake","msg":"all external certificate managers yielded no certificates and no errors","remote_ip":"186.224.145.99","remote_port":"64046","sni":"test.nameservers.ma"}
Nov 07 14:27:28 whmcspanel.ssh.ma caddy[1636]: {"level":"debug","ts":1730986048.873855,"logger":"tls","msg":"asking for permission for on-demand certificate","remote_ip":"186.224.145.99","domain":"test.nameservers.ma"}
Nov 07 14:27:28 whmcspanel.ssh.ma caddy[1636]: {"level":"debug","ts":1730986048.8738742,"logger":"tls.permission.http","msg":"asking permission endpoint","remote":"186.224.145.99:64046","domain":"test.nameservers.ma","url":"http://whmcspanel.ssh.ma/ask?domain=test.nameservers.ma"}
Nov 07 14:27:28 whmcspanel.ssh.ma caddy[1636]: {"level":"debug","ts":1730986048.8741372,"logger":"http.handlers.file_server","msg":"sanitized path join","site_root":"/usr/share/caddy","fs":"","request_path":"/ask","result":"/usr/share/caddy/ask"}
Nov 07 14:27:28 whmcspanel.ssh.ma caddy[1636]: {"level":"debug","ts":1730986048.8741992,"logger":"http.log.error","msg":"{id=15gdmumcg} fileserver.(*FileServer).notFound (staticfiles.go:651): HTTP 404","request":{"remote_ip":"185.244.195.102","remote_port":"49642","client_ip":"185.244.195.102","proto":"HTTP/1.1","method":"GET","host":"whmcspanel.ssh.ma","uri":"/ask?domain=test.nameservers.ma","headers":{"Accept-Encoding":["gzip"],"User-Agent":["Go-http-client/1.1"]}},"duration":0.000162207,"status":404,"err_id":"15gdmumcg","err_trace":"fileserver.(*FileServer).notFound (staticfiles.go:651)"}
Nov 07 14:27:28 whmcspanel.ssh.ma caddy[1636]: {"level":"debug","ts":1730986048.874288,"logger":"tls.permission.http","msg":"response from permission endpoint","remote":"186.224.145.99:64046","domain":"test.nameservers.ma","url":"http://whmcspanel.ssh.ma/ask?domain=test.nameservers.ma","status":404}
Nov 07 14:27:28 whmcspanel.ssh.ma caddy[1636]: {"level":"debug","ts":1730986048.874304,"logger":"tls","msg":"on-demand certificate issuance denied","domain":"test.nameservers.ma","error":"test.nameservers.ma: certificate not allowed by permission module http://whmcspanel.ssh.ma/ask - non-2xx status code 404"}
Nov 07 14:27:28 whmcspanel.ssh.ma caddy[1636]: {"level":"debug","ts":1730986048.874349,"logger":"http.stdlib","msg":"http: TLS handshake error from 186.224.145.99:64046: certificate is not allowed for server name test.nameservers.ma: decision func: test.nameservers.ma: certificate not allowed by permission module http://whmcspanel.ssh.ma/ask - non-2xx status code 404"}
Nov 07 14:27:29 whmcspanel.ssh.ma caddy[1636]: {"level":"debug","ts":1730986049.2041557,"logger":"events","msg":"event","name":"tls_get_certificate","id":"20e68903-5e87-4383-8ce2-9bfc1db84fe1","origin":"tls","data":{"client_hello":{"CipherSuites":[60138,4865,4866,4867,49195,49199,49196,49200,52393,52392,49171,49172,156,157,47,53],"ServerName":"test.nameservers.ma","SupportedCurves":[64250,25497,29,23,24],"SupportedPoints":"AA==","SignatureSchemes":[1027,2052,1025,1283,2053,1281,2054,1537],"SupportedProtos":["h2","http/1.1"],"SupportedVersions":[64250,772,771],"RemoteAddr":{"IP":"186.224.145.99","Port":65092,"Zone":""},"LocalAddr":{"IP":"185.244.195.102","Port":443,"Zone":""}}}}
Nov 07 14:27:29 whmcspanel.ssh.ma caddy[1636]: {"level":"debug","ts":1730986049.2041972,"logger":"tls.handshake","msg":"no matching certificates and no custom selection logic","identifier":"test.nameservers.ma"}
Nov 07 14:27:29 whmcspanel.ssh.ma caddy[1636]: {"level":"debug","ts":1730986049.2042217,"logger":"tls.handshake","msg":"no matching certificates and no custom selection logic","identifier":"*.nameservers.ma"}
Nov 07 14:27:29 whmcspanel.ssh.ma caddy[1636]: {"level":"debug","ts":1730986049.204229,"logger":"tls.handshake","msg":"no matching certificates and no custom selection logic","identifier":"*.*.ma"}
Nov 07 14:27:29 whmcspanel.ssh.ma caddy[1636]: {"level":"debug","ts":1730986049.2042356,"logger":"tls.handshake","msg":"no matching certificates and no custom selection logic","identifier":"*.*.*"}
Nov 07 14:27:29 whmcspanel.ssh.ma caddy[1636]: {"level":"debug","ts":1730986049.204246,"logger":"tls.handshake","msg":"all external certificate managers yielded no certificates and no errors","remote_ip":"186.224.145.99","remote_port":"65092","sni":"test.nameservers.ma"}
Nov 07 14:27:29 whmcspanel.ssh.ma caddy[1636]: {"level":"debug","ts":1730986049.2042568,"logger":"tls","msg":"asking for permission for on-demand certificate","remote_ip":"186.224.145.99","domain":"test.nameservers.ma"}
Nov 07 14:27:29 whmcspanel.ssh.ma caddy[1636]: {"level":"debug","ts":1730986049.2042744,"logger":"tls.permission.http","msg":"asking permission endpoint","remote":"186.224.145.99:65092","domain":"test.nameservers.ma","url":"http://whmcspanel.ssh.ma/ask?domain=test.nameservers.ma"}
Nov 07 14:27:29 whmcspanel.ssh.ma caddy[1636]: {"level":"debug","ts":1730986049.2044618,"logger":"http.handlers.file_server","msg":"sanitized path join","site_root":"/usr/share/caddy","fs":"","request_path":"/ask","result":"/usr/share/caddy/ask"}
Nov 07 14:27:29 whmcspanel.ssh.ma caddy[1636]: {"level":"debug","ts":1730986049.2045255,"logger":"http.log.error","msg":"{id=6t3e0u4sc} fileserver.(*FileServer).notFound (staticfiles.go:651): HTTP 404","request":{"remote_ip":"185.244.195.102","remote_port":"49642","client_ip":"185.244.195.102","proto":"HTTP/1.1","method":"GET","host":"whmcspanel.ssh.ma","uri":"/ask?domain=test.nameservers.ma","headers":{"User-Agent":["Go-http-client/1.1"],"Accept-Encoding":["gzip"]}},"duration":0.000086104,"status":404,"err_id":"6t3e0u4sc","err_trace":"fileserver.(*FileServer).notFound (staticfiles.go:651)"}
Nov 07 14:27:29 whmcspanel.ssh.ma caddy[1636]: {"level":"debug","ts":1730986049.2046087,"logger":"tls.permission.http","msg":"response from permission endpoint","remote":"186.224.145.99:65092","domain":"test.nameservers.ma","url":"http://whmcspanel.ssh.ma/ask?domain=test.nameservers.ma","status":404}
Nov 07 14:27:29 whmcspanel.ssh.ma caddy[1636]: {"level":"debug","ts":1730986049.2046242,"logger":"tls","msg":"on-demand certificate issuance denied","domain":"test.nameservers.ma","error":"test.nameservers.ma: certificate not allowed by permission module http://whmcspanel.ssh.ma/ask - non-2xx status code 404"}
Nov 07 14:27:29 whmcspanel.ssh.ma caddy[1636]: {"level":"debug","ts":1730986049.2046673,"logger":"http.stdlib","msg":"http: TLS handshake error from 186.224.145.99:65092: certificate is not allowed for server name test.nameservers.ma: decision func: test.nameservers.ma: certificate not allowed by permission module http://whmcspanel.ssh.ma/ask - non-2xx status code 404"}
Nov 07 14:27:56 whmcspanel.ssh.ma caddy[1636]: {"level":"debug","ts":1730986076.7794378,"logger":"events","msg":"event","name":"tls_get_certificate","id":"62f2d18b-503e-409a-8faf-e93139037ca3","origin":"tls","data":{"client_hello":{"CipherSuites":[27242,4865,4866,4867,49195,49199,49196,49200,52393,52392,49171,49172,156,157,47,53],"ServerName":"test.nameservers.ma","SupportedCurves":[60138,25497,29,23,24],"SupportedPoints":"AA==","SignatureSchemes":[1027,2052,1025,1283,2053,1281,2054,1537],"SupportedProtos":["h2","http/1.1"],"SupportedVersions":[19018,772,771],"RemoteAddr":{"IP":"186.224.145.99","Port":65293,"Zone":""},"LocalAddr":{"IP":"185.244.195.102","Port":443,"Zone":""}}}}
Nov 07 14:27:56 whmcspanel.ssh.ma caddy[1636]: {"level":"debug","ts":1730986076.7798607,"logger":"tls.handshake","msg":"no matching certificates and no custom selection logic","identifier":"test.nameservers.ma"}
Nov 07 14:27:56 whmcspanel.ssh.ma caddy[1636]: {"level":"debug","ts":1730986076.7798965,"logger":"tls.handshake","msg":"no matching certificates and no custom selection logic","identifier":"*.nameservers.ma"}
Nov 07 14:27:56 whmcspanel.ssh.ma caddy[1636]: {"level":"debug","ts":1730986076.7799063,"logger":"tls.handshake","msg":"no matching certificates and no custom selection logic","identifier":"*.*.ma"}
Nov 07 14:27:56 whmcspanel.ssh.ma caddy[1636]: {"level":"debug","ts":1730986076.7800212,"logger":"tls.handshake","msg":"no matching certificates and no custom selection logic","identifier":"*.*.*"}
Nov 07 14:27:56 whmcspanel.ssh.ma caddy[1636]: {"level":"debug","ts":1730986076.7803006,"logger":"tls.handshake","msg":"all external certificate managers yielded no certificates and no errors","remote_ip":"186.224.145.99","remote_port":"65293","sni":"test.nameservers.ma"}
Nov 07 14:27:56 whmcspanel.ssh.ma caddy[1636]: {"level":"debug","ts":1730986076.7803442,"logger":"tls","msg":"asking for permission for on-demand certificate","remote_ip":"186.224.145.99","domain":"test.nameservers.ma"}
Nov 07 14:27:56 whmcspanel.ssh.ma caddy[1636]: {"level":"debug","ts":1730986076.780756,"logger":"tls.permission.http","msg":"asking permission endpoint","remote":"186.224.145.99:65293","domain":"test.nameservers.ma","url":"http://whmcspanel.ssh.ma/ask?domain=test.nameservers.ma"}
Nov 07 14:27:56 whmcspanel.ssh.ma caddy[1636]: {"level":"debug","ts":1730986076.782975,"logger":"events","msg":"event","name":"tls_get_certificate","id":"197a61dc-276d-4a98-982d-25d20b71e6a4","origin":"tls","data":{"client_hello":{"CipherSuites":[19018,4865,4866,4867,49195,49199,49196,49200,52393,52392,49171,49172,156,157,47,53],"ServerName":"test.nameservers.ma","SupportedCurves":[2570,25497,29,23,24],"SupportedPoints":"AA==","SignatureSchemes":[1027,2052,1025,1283,2053,1281,2054,1537],"SupportedProtos":["h2","http/1.1"],"SupportedVersions":[47802,772,771],"RemoteAddr":{"IP":"186.224.145.99","Port":64313,"Zone":""},"LocalAddr":{"IP":"185.244.195.102","Port":443,"Zone":""}}}}
Nov 07 14:27:56 whmcspanel.ssh.ma caddy[1636]: {"level":"debug","ts":1730986076.7830036,"logger":"tls.handshake","msg":"no matching certificates and no custom selection logic","identifier":"test.nameservers.ma"}
Nov 07 14:27:56 whmcspanel.ssh.ma caddy[1636]: {"level":"debug","ts":1730986076.7830224,"logger":"tls.handshake","msg":"no matching certificates and no custom selection logic","identifier":"*.nameservers.ma"}
Nov 07 14:27:56 whmcspanel.ssh.ma caddy[1636]: {"level":"debug","ts":1730986076.7850895,"logger":"tls.handshake","msg":"no matching certificates and no custom selection logic","identifier":"*.*.ma"}
Nov 07 14:27:56 whmcspanel.ssh.ma caddy[1636]: {"level":"debug","ts":1730986076.7851028,"logger":"tls.handshake","msg":"no matching certificates and no custom selection logic","identifier":"*.*.*"}
Nov 07 14:27:56 whmcspanel.ssh.ma caddy[1636]: {"level":"debug","ts":1730986076.786499,"logger":"http.handlers.file_server","msg":"sanitized path join","site_root":"/usr/share/caddy","fs":"","request_path":"/ask","result":"/usr/share/caddy/ask"}
Nov 07 14:27:56 whmcspanel.ssh.ma caddy[1636]: {"level":"debug","ts":1730986076.7877374,"logger":"http.log.error","msg":"{id=wsepkaw0e} fileserver.(*FileServer).notFound (staticfiles.go:651): HTTP 404","request":{"remote_ip":"185.244.195.102","remote_port":"49642","client_ip":"185.244.195.102","proto":"HTTP/1.1","method":"GET","host":"whmcspanel.ssh.ma","uri":"/ask?domain=test.nameservers.ma","headers":{"User-Agent":["Go-http-client/1.1"],"Accept-Encoding":["gzip"]}},"duration":0.001032797,"status":404,"err_id":"wsepkaw0e","err_trace":"fileserver.(*FileServer).notFound (staticfiles.go:651)"}
Nov 07 14:27:56 whmcspanel.ssh.ma caddy[1636]: {"level":"debug","ts":1730986076.7880003,"logger":"tls.permission.http","msg":"response from permission endpoint","remote":"186.224.145.99:65293","domain":"test.nameservers.ma","url":"http://whmcspanel.ssh.ma/ask?domain=test.nameservers.ma","status":404}
Nov 07 14:27:56 whmcspanel.ssh.ma caddy[1636]: {"level":"debug","ts":1730986076.7880836,"logger":"tls","msg":"on-demand certificate issuance denied","domain":"test.nameservers.ma","error":"test.nameservers.ma: certificate not allowed by permission module http://whmcspanel.ssh.ma/ask - non-2xx status code 404"}
Nov 07 14:27:56 whmcspanel.ssh.ma caddy[1636]: {"level":"debug","ts":1730986076.7882454,"logger":"http.stdlib","msg":"http: TLS handshake error from 186.224.145.99:65293: certificate is not allowed for server name test.nameservers.ma: decision func: test.nameservers.ma: certificate not allowed by permission module http://whmcspanel.ssh.ma/ask - non-2xx status code 404"}
Nov 07 14:27:56 whmcspanel.ssh.ma caddy[1636]: {"level":"debug","ts":1730986076.7884173,"logger":"tls.handshake","msg":"no matching certificates and no custom selection logic","identifier":"test.nameservers.ma"}
Nov 07 14:27:56 whmcspanel.ssh.ma caddy[1636]: {"level":"debug","ts":1730986076.7884464,"logger":"tls.handshake","msg":"no matching certificates and no custom selection logic","identifier":"*.nameservers.ma"}
Nov 07 14:27:56 whmcspanel.ssh.ma caddy[1636]: {"level":"debug","ts":1730986076.788456,"logger":"tls.handshake","msg":"no matching certificates and no custom selection logic","identifier":"*.*.ma"}
Nov 07 14:27:56 whmcspanel.ssh.ma caddy[1636]: {"level":"debug","ts":1730986076.7884636,"logger":"tls.handshake","msg":"no matching certificates and no custom selection logic","identifier":"*.*.*"}
Nov 07 14:27:56 whmcspanel.ssh.ma caddy[1636]: {"level":"debug","ts":1730986076.788474,"logger":"tls.handshake","msg":"all external certificate managers yielded no certificates and no errors","remote_ip":"186.224.145.99","remote_port":"64313","sni":"test.nameservers.ma"}
Nov 07 14:27:56 whmcspanel.ssh.ma caddy[1636]: {"level":"debug","ts":1730986076.7884865,"logger":"tls","msg":"asking for permission for on-demand certificate","remote_ip":"186.224.145.99","domain":"test.nameservers.ma"}
Nov 07 14:27:56 whmcspanel.ssh.ma caddy[1636]: {"level":"debug","ts":1730986076.788506,"logger":"tls.permission.http","msg":"asking permission endpoint","remote":"186.224.145.99:64313","domain":"test.nameservers.ma","url":"http://whmcspanel.ssh.ma/ask?domain=test.nameservers.ma"}
Nov 07 14:27:56 whmcspanel.ssh.ma caddy[1636]: {"level":"debug","ts":1730986076.7904067,"logger":"http.handlers.file_server","msg":"sanitized path join","site_root":"/usr/share/caddy","fs":"","request_path":"/ask","result":"/usr/share/caddy/ask"}
Nov 07 14:27:56 whmcspanel.ssh.ma caddy[1636]: {"level":"debug","ts":1730986076.7904754,"logger":"http.log.error","msg":"{id=vkqv12vhi} fileserver.(*FileServer).notFound (staticfiles.go:651): HTTP 404","request":{"remote_ip":"185.244.195.102","remote_port":"49642","client_ip":"185.244.195.102","proto":"HTTP/1.1","method":"GET","host":"whmcspanel.ssh.ma","uri":"/ask?domain=test.nameservers.ma","headers":{"User-Agent":["Go-http-client/1.1"],"Accept-Encoding":["gzip"]}},"duration":0.000075681,"status":404,"err_id":"vkqv12vhi","err_trace":"fileserver.(*FileServer).notFound (staticfiles.go:651)"}
Nov 07 14:27:56 whmcspanel.ssh.ma caddy[1636]: {"level":"debug","ts":1730986076.7905772,"logger":"tls.permission.http","msg":"response from permission endpoint","remote":"186.224.145.99:64313","domain":"test.nameservers.ma","url":"http://whmcspanel.ssh.ma/ask?domain=test.nameservers.ma","status":404}
Nov 07 14:27:56 whmcspanel.ssh.ma caddy[1636]: {"level":"debug","ts":1730986076.790595,"logger":"tls","msg":"on-demand certificate issuance denied","domain":"test.nameservers.ma","error":"test.nameservers.ma: certificate not allowed by permission module http://whmcspanel.ssh.ma/ask - non-2xx status code 404"}
Nov 07 14:27:56 whmcspanel.ssh.ma caddy[1636]: {"level":"debug","ts":1730986076.7906456,"logger":"http.stdlib","msg":"http: TLS handshake error from 186.224.145.99:64313: certificate is not allowed for server name test.nameservers.ma: decision func: test.nameservers.ma: certificate not allowed by permission module http://whmcspanel.ssh.ma/ask - non-2xx status code 404"}
Nov 07 14:27:57 whmcspanel.ssh.ma caddy[1636]: {"level":"debug","ts":1730986077.1197069,"logger":"events","msg":"event","name":"tls_get_certificate","id":"821b3fbb-2e33-42a8-abef-9e4600940c3b","origin":"tls","data":{"client_hello":{"CipherSuites":[23130,4865,4866,4867,49195,49199,49196,49200,52393,52392,49171,49172,156,157,47,53],"ServerName":"test.nameservers.ma","SupportedCurves":[27242,25497,29,23,24],"SupportedPoints":"AA==","SignatureSchemes":[1027,2052,1025,1283,2053,1281,2054,1537],"SupportedProtos":["h2","http/1.1"],"SupportedVersions":[10794,772,771],"RemoteAddr":{"IP":"186.224.145.99","Port":63677,"Zone":""},"LocalAddr":{"IP":"185.244.195.102","Port":443,"Zone":""}}}}
Nov 07 14:27:57 whmcspanel.ssh.ma caddy[1636]: {"level":"debug","ts":1730986077.1197736,"logger":"tls.handshake","msg":"no matching certificates and no custom selection logic","identifier":"test.nameservers.ma"}
Nov 07 14:27:57 whmcspanel.ssh.ma caddy[1636]: {"level":"debug","ts":1730986077.1197894,"logger":"tls.handshake","msg":"no matching certificates and no custom selection logic","identifier":"*.nameservers.ma"}
Nov 07 14:27:57 whmcspanel.ssh.ma caddy[1636]: {"level":"debug","ts":1730986077.1197975,"logger":"tls.handshake","msg":"no matching certificates and no custom selection logic","identifier":"*.*.ma"}
Nov 07 14:27:57 whmcspanel.ssh.ma caddy[1636]: {"level":"debug","ts":1730986077.1198041,"logger":"tls.handshake","msg":"no matching certificates and no custom selection logic","identifier":"*.*.*"}
Nov 07 14:27:57 whmcspanel.ssh.ma caddy[1636]: {"level":"debug","ts":1730986077.1198173,"logger":"tls.handshake","msg":"all external certificate managers yielded no certificates and no errors","remote_ip":"186.224.145.99","remote_port":"63677","sni":"test.nameservers.ma"}
Nov 07 14:27:57 whmcspanel.ssh.ma caddy[1636]: {"level":"debug","ts":1730986077.1198306,"logger":"tls","msg":"asking for permission for on-demand certificate","remote_ip":"186.224.145.99","domain":"test.nameservers.ma"}
Nov 07 14:27:57 whmcspanel.ssh.ma caddy[1636]: {"level":"debug","ts":1730986077.1198535,"logger":"tls.permission.http","msg":"asking permission endpoint","remote":"186.224.145.99:63677","domain":"test.nameservers.ma","url":"http://whmcspanel.ssh.ma/ask?domain=test.nameservers.ma"}
Nov 07 14:27:57 whmcspanel.ssh.ma caddy[1636]: {"level":"debug","ts":1730986077.1223183,"logger":"events","msg":"event","name":"tls_get_certificate","id":"227dc3fa-cc0c-4471-9ffe-4dfba9e7e30b","origin":"tls","data":{"client_hello":{"CipherSuites":[2570,4865,4866,4867,49195,49199,49196,49200,52393,52392,49171,49172,156,157,47,53],"ServerName":"test.nameservers.ma","SupportedCurves":[64250,25497,29,23,24],"SupportedPoints":"AA==","SignatureSchemes":[1027,2052,1025,1283,2053,1281,2054,1537],"SupportedProtos":["h2","http/1.1"],"SupportedVersions":[19018,772,771],"RemoteAddr":{"IP":"186.224.145.99","Port":64701,"Zone":""},"LocalAddr":{"IP":"185.244.195.102","Port":443,"Zone":""}}}}
Nov 07 14:27:57 whmcspanel.ssh.ma caddy[1636]: {"level":"debug","ts":1730986077.1223984,"logger":"tls.handshake","msg":"no matching certificates and no custom selection logic","identifier":"test.nameservers.ma"}
Nov 07 14:27:57 whmcspanel.ssh.ma caddy[1636]: {"level":"debug","ts":1730986077.1224113,"logger":"tls.handshake","msg":"no matching certificates and no custom selection logic","identifier":"*.nameservers.ma"}
Nov 07 14:27:57 whmcspanel.ssh.ma caddy[1636]: {"level":"debug","ts":1730986077.12242,"logger":"tls.handshake","msg":"no matching certificates and no custom selection logic","identifier":"*.*.ma"}
Nov 07 14:27:57 whmcspanel.ssh.ma caddy[1636]: {"level":"debug","ts":1730986077.1224384,"logger":"tls.handshake","msg":"no matching certificates and no custom selection logic","identifier":"*.*.*"}
Nov 07 14:27:57 whmcspanel.ssh.ma caddy[1636]: {"level":"debug","ts":1730986077.1225505,"logger":"http.handlers.file_server","msg":"sanitized path join","site_root":"/usr/share/caddy","fs":"","request_path":"/ask","result":"/usr/share/caddy/ask"}
Nov 07 14:27:57 whmcspanel.ssh.ma caddy[1636]: {"level":"debug","ts":1730986077.1226394,"logger":"http.log.error","msg":"{id=u4rbq83rc} fileserver.(*FileServer).notFound (staticfiles.go:651): HTTP 404","request":{"remote_ip":"185.244.195.102","remote_port":"49642","client_ip":"185.244.195.102","proto":"HTTP/1.1","method":"GET","host":"whmcspanel.ssh.ma","uri":"/ask?domain=test.nameservers.ma","headers":{"User-Agent":["Go-http-client/1.1"],"Accept-Encoding":["gzip"]}},"duration":0.00009644,"status":404,"err_id":"u4rbq83rc","err_trace":"fileserver.(*FileServer).notFound (staticfiles.go:651)"}
Nov 07 14:27:57 whmcspanel.ssh.ma caddy[1636]: {"level":"debug","ts":1730986077.1227894,"logger":"tls.permission.http","msg":"response from permission endpoint","remote":"186.224.145.99:63677","domain":"test.nameservers.ma","url":"http://whmcspanel.ssh.ma/ask?domain=test.nameservers.ma","status":404}
Nov 07 14:27:57 whmcspanel.ssh.ma caddy[1636]: {"level":"debug","ts":1730986077.1228063,"logger":"tls","msg":"on-demand certificate issuance denied","domain":"test.nameservers.ma","error":"test.nameservers.ma: certificate not allowed by permission module http://whmcspanel.ssh.ma/ask - non-2xx status code 404"}
Nov 07 14:27:57 whmcspanel.ssh.ma caddy[1636]: {"level":"debug","ts":1730986077.1228533,"logger":"http.stdlib","msg":"http: TLS handshake error from 186.224.145.99:63677: certificate is not allowed for server name test.nameservers.ma: decision func: test.nameservers.ma: certificate not allowed by permission module http://whmcspanel.ssh.ma/ask - non-2xx status code 404"}
Nov 07 14:27:57 whmcspanel.ssh.ma caddy[1636]: {"level":"debug","ts":1730986077.1229813,"logger":"tls.handshake","msg":"no matching certificates and no custom selection logic","identifier":"test.nameservers.ma"}
Nov 07 14:27:57 whmcspanel.ssh.ma caddy[1636]: {"level":"debug","ts":1730986077.1230206,"logger":"tls.handshake","msg":"no matching certificates and no custom selection logic","identifier":"*.nameservers.ma"}
Nov 07 14:27:57 whmcspanel.ssh.ma caddy[1636]: {"level":"debug","ts":1730986077.1230772,"logger":"tls.handshake","msg":"no matching certificates and no custom selection logic","identifier":"*.*.ma"}
Nov 07 14:27:57 whmcspanel.ssh.ma caddy[1636]: {"level":"debug","ts":1730986077.1230853,"logger":"tls.handshake","msg":"no matching certificates and no custom selection logic","identifier":"*.*.*"}
Nov 07 14:27:57 whmcspanel.ssh.ma caddy[1636]: {"level":"debug","ts":1730986077.123095,"logger":"tls.handshake","msg":"all external certificate managers yielded no certificates and no errors","remote_ip":"186.224.145.99","remote_port":"64701","sni":"test.nameservers.ma"}
Nov 07 14:27:57 whmcspanel.ssh.ma caddy[1636]: {"level":"debug","ts":1730986077.1231084,"logger":"tls","msg":"asking for permission for on-demand certificate","remote_ip":"186.224.145.99","domain":"test.nameservers.ma"}
Nov 07 14:27:57 whmcspanel.ssh.ma caddy[1636]: {"level":"debug","ts":1730986077.123127,"logger":"tls.permission.http","msg":"asking permission endpoint","remote":"186.224.145.99:64701","domain":"test.nameservers.ma","url":"http://whmcspanel.ssh.ma/ask?domain=test.nameservers.ma"}
Nov 07 14:27:57 whmcspanel.ssh.ma caddy[1636]: {"level":"debug","ts":1730986077.1234884,"logger":"http.handlers.file_server","msg":"sanitized path join","site_root":"/usr/share/caddy","fs":"","request_path":"/ask","result":"/usr/share/caddy/ask"}
Nov 07 14:27:57 whmcspanel.ssh.ma caddy[1636]: {"level":"debug","ts":1730986077.123963,"logger":"http.log.error","msg":"{id=722v7wa0t} fileserver.(*FileServer).notFound (staticfiles.go:651): HTTP 404","request":{"remote_ip":"185.244.195.102","remote_port":"49642","client_ip":"185.244.195.102","proto":"HTTP/1.1","method":"GET","host":"whmcspanel.ssh.ma","uri":"/ask?domain=test.nameservers.ma","headers":{"User-Agent":["Go-http-client/1.1"],"Accept-Encoding":["gzip"]}},"duration":0.00047809,"status":404,"err_id":"722v7wa0t","err_trace":"fileserver.(*FileServer).notFound (staticfiles.go:651)"}
Nov 07 14:27:57 whmcspanel.ssh.ma caddy[1636]: {"level":"debug","ts":1730986077.124304,"logger":"tls.permission.http","msg":"response from permission endpoint","remote":"186.224.145.99:64701","domain":"test.nameservers.ma","url":"http://whmcspanel.ssh.ma/ask?domain=test.nameservers.ma","status":404}
Nov 07 14:27:57 whmcspanel.ssh.ma caddy[1636]: {"level":"debug","ts":1730986077.1243591,"logger":"tls","msg":"on-demand certificate issuance denied","domain":"test.nameservers.ma","error":"test.nameservers.ma: certificate not allowed by permission module http://whmcspanel.ssh.ma/ask - non-2xx status code 404"}
Nov 07 14:27:57 whmcspanel.ssh.ma caddy[1636]: {"level":"debug","ts":1730986077.124419,"logger":"http.stdlib","msg":"http: TLS handshake error from 186.224.145.99:64701: certificate is not allowed for server name test.nameservers.ma: decision func: test.nameservers.ma: certificate not allowed by permission module http://whmcspanel.ssh.ma/ask - non-2xx status code 404"}

As you see, you can open whmcspanel.ssh.ma with or without SSL ( that’s normal due to http:// and https:// are enabled for the server hostname ( only testing server )

others only https:// permitted

The curl -v test

ot@whmcspanel:~# curl -v http://whmcspanel.ssh.ma/ask?domain=test.nameservers.ma
* Host whmcspanel.ssh.ma:80 was resolved.
* IPv6: (none)
* IPv4: 127.0.1.1, 185.244.195.102
*   Trying 127.0.1.1:80...
* Connected to whmcspanel.ssh.ma (127.0.1.1) port 80
> GET /ask?domain=test.nameservers.ma HTTP/1.1
> Host: whmcspanel.ssh.ma
> User-Agent: curl/8.5.0
> Accept: */*
> 
< HTTP/1.1 404 Not Found
< Server: Caddy
< Date: Thu, 07 Nov 2024 13:36:37 GMT
< Content-Length: 0
< 
* Connection #0 to host whmcspanel.ssh.ma left intact
root@whmcspanel:~# 

i have made a small change on the Caddyfile by enabling http:// and https:// for all other domains

{
debug
        on_demand_tls {
                ask http://whmcspanel.ssh.ma/ask   
}
}

http://, https:// {
    tls {
        on_demand
    }
    root *  /usr/share/caddy
    file_server
}
http://whmcspanel.ssh.ma, https://whmcspanel.ssh.ma {

    root *  /usr/share/caddy
    file_server
}

you can now open the website without ssl but when you try to open the https:// website give SSL Error

the logs

Nov 07 14:46:42 whmcspanel.ssh.ma caddy[1636]: {"level":"debug","ts":1730987202.6628315,"logger":"tls.permission.http","msg":"response from permission endpoint","remote":"186.224.145.99:64676","domain":"test.nameservers.ma","url":"http://whmcspanel.ssh.ma/ask?domain=test.nameservers.ma","status":404}
Nov 07 14:46:42 whmcspanel.ssh.ma caddy[1636]: {"level":"debug","ts":1730987202.6628451,"logger":"tls","msg":"on-demand certificate issuance denied","domain":"test.nameservers.ma","error":"test.nameservers.ma: certificate not allowed by permission module http://whmcspanel.ssh.ma/ask - non-2xx status code 404"}
Nov 07 14:46:42 whmcspanel.ssh.ma caddy[1636]: {"level":"debug","ts":1730987202.6629043,"logger":"http.stdlib","msg":"http: TLS handshake error from 186.224.145.99:64676: certificate is not allowed for server name test.nameservers.ma: decision func: test.nameservers.ma: certificate not allowed by permission module http://whmcspanel.ssh.ma/ask - non-2xx status code 404"}
Nov 07 14:46:42 whmcspanel.ssh.ma caddy[1636]: {"level":"debug","ts":1730987202.9946997,"logger":"events","msg":"event","name":"tls_get_certificate","id":"45f79355-47f4-4332-8a31-cc484030bc87","origin":"tls","data":{"client_hello":{"CipherSuites":[51914,4865,4866,4867,49196,49195,52393,49200,49199,52392,49162,49161,49172,49171,157,156,53,47,49160,49170,10,22016],"ServerName":"test.nameservers.ma","SupportedCurves":[39578,29,23,24,25],"SupportedPoints":"AA==","SignatureSchemes":[1027,2052,1025,1283,515,2053,2053,1281,2054,1537,513],"SupportedProtos":["h2","http/1.1"],"SupportedVersions":[6682,772,771,770,769],"RemoteAddr":{"IP":"186.224.145.99","Port":64523,"Zone":""},"LocalAddr":{"IP":"185.244.195.102","Port":443,"Zone":""}}}}
Nov 07 14:46:42 whmcspanel.ssh.ma caddy[1636]: {"level":"debug","ts":1730987202.9947517,"logger":"tls.handshake","msg":"no matching certificates and no custom selection logic","identifier":"test.nameservers.ma"}
Nov 07 14:46:42 whmcspanel.ssh.ma caddy[1636]: {"level":"debug","ts":1730987202.9947696,"logger":"tls.handshake","msg":"no matching certificates and no custom selection logic","identifier":"*.nameservers.ma"}
Nov 07 14:46:42 whmcspanel.ssh.ma caddy[1636]: {"level":"debug","ts":1730987202.9947762,"logger":"tls.handshake","msg":"no matching certificates and no custom selection logic","identifier":"*.*.ma"}
Nov 07 14:46:42 whmcspanel.ssh.ma caddy[1636]: {"level":"debug","ts":1730987202.9947832,"logger":"tls.handshake","msg":"no matching certificates and no custom selection logic","identifier":"*.*.*"}
Nov 07 14:46:42 whmcspanel.ssh.ma caddy[1636]: {"level":"debug","ts":1730987202.9947932,"logger":"tls.handshake","msg":"all external certificate managers yielded no certificates and no errors","remote_ip":"186.224.145.99","remote_port":"64523","sni":"test.nameservers.ma"}
Nov 07 14:46:42 whmcspanel.ssh.ma caddy[1636]: {"level":"debug","ts":1730987202.9948056,"logger":"tls","msg":"asking for permission for on-demand certificate","remote_ip":"186.224.145.99","domain":"test.nameservers.ma"}
Nov 07 14:46:42 whmcspanel.ssh.ma caddy[1636]: {"level":"debug","ts":1730987202.9948235,"logger":"tls.permission.http","msg":"asking permission endpoint","remote":"186.224.145.99:64523","domain":"test.nameservers.ma","url":"http://whmcspanel.ssh.ma/ask?domain=test.nameservers.ma"}
Nov 07 14:46:42 whmcspanel.ssh.ma caddy[1636]: {"level":"debug","ts":1730987202.9950886,"logger":"http.handlers.file_server","msg":"sanitized path join","site_root":"/usr/share/caddy","fs":"","request_path":"/ask","result":"/usr/share/caddy/ask"}
Nov 07 14:46:42 whmcspanel.ssh.ma caddy[1636]: {"level":"debug","ts":1730987202.9951565,"logger":"http.log.error","msg":"{id=mv7kx7sd8} fileserver.(*FileServer).notFound (staticfiles.go:651): HTTP 404","request":{"remote_ip":"185.244.195.102","remote_port":"32858","client_ip":"185.244.195.102","proto":"HTTP/1.1","method":"GET","host":"whmcspanel.ssh.ma","uri":"/ask?domain=test.nameservers.ma","headers":{"User-Agent":["Go-http-client/1.1"],"Accept-Encoding":["gzip"]}},"duration":0.000080825,"status":404,"err_id":"mv7kx7sd8","err_trace":"fileserver.(*FileServer).notFound (staticfiles.go:651)"}
Nov 07 14:46:42 whmcspanel.ssh.ma caddy[1636]: {"level":"debug","ts":1730987202.995245,"logger":"tls.permission.http","msg":"response from permission endpoint","remote":"186.224.145.99:64523","domain":"test.nameservers.ma","url":"http://whmcspanel.ssh.ma/ask?domain=test.nameservers.ma","status":404}
Nov 07 14:46:42 whmcspanel.ssh.ma caddy[1636]: {"level":"debug","ts":1730987202.9952602,"logger":"tls","msg":"on-demand certificate issuance denied","domain":"test.nameservers.ma","error":"test.nameservers.ma: certificate not allowed by permission module http://whmcspanel.ssh.ma/ask - non-2xx status code 404"}
Nov 07 14:46:42 whmcspanel.ssh.ma caddy[1636]: {"level":"debug","ts":1730987202.995305,"logger":"http.stdlib","msg":"http: TLS handshake error from 186.224.145.99:64523: certificate is not allowed for server name test.nameservers.ma: decision func: test.nameservers.ma: certificate not allowed by permission module http://whmcspanel.ssh.ma/ask - non-2xx status code 404"}
Nov 07 14:46:43 whmcspanel.ssh.ma caddy[1636]: {"level":"debug","ts":1730987203.3278663,"logger":"http.stdlib","msg":"http: TLS handshake error from 186.224.145.99:64084: tls: client offered only unsupported versions: [301]"}

the curl -v test

root@whmcspanel:~# curl -v https://whmcspanel.ssh.ma/ask?domain=test.nameservers.ma
* Host whmcspanel.ssh.ma:443 was resolved.
* IPv6: (none)
* IPv4: 127.0.1.1, 185.244.195.102
*   Trying 127.0.1.1:443...
* Connected to whmcspanel.ssh.ma (127.0.1.1) port 443
* ALPN: curl offers h2,http/1.1
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
*  CAfile: /etc/ssl/certs/ca-certificates.crt
*  CApath: /etc/ssl/certs
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_128_GCM_SHA256 / X25519 / id-ecPublicKey
* ALPN: server accepted h2
* Server certificate:
*  subject: CN=whmcspanel.ssh.ma
*  start date: Nov  7 12:28:30 2024 GMT
*  expire date: Feb  5 12:28:29 2025 GMT
*  subjectAltName: host "whmcspanel.ssh.ma" matched cert's "whmcspanel.ssh.ma"
*  issuer: C=US; O=Let's Encrypt; CN=E5
*  SSL certificate verify ok.
*   Certificate level 0: Public key type EC/prime256v1 (256/128 Bits/secBits), signed using ecdsa-with-SHA384
*   Certificate level 1: Public key type EC/secp384r1 (384/192 Bits/secBits), signed using sha256WithRSAEncryption
*   Certificate level 2: Public key type RSA (4096/152 Bits/secBits), signed using sha256WithRSAEncryption
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* using HTTP/2
* [HTTP/2] [1] OPENED stream for https://whmcspanel.ssh.ma/ask?domain=test.nameservers.ma
* [HTTP/2] [1] [:method: GET]
* [HTTP/2] [1] [:scheme: https]
* [HTTP/2] [1] [:authority: whmcspanel.ssh.ma]
* [HTTP/2] [1] [:path: /ask?domain=test.nameservers.ma]
* [HTTP/2] [1] [user-agent: curl/8.5.0]
* [HTTP/2] [1] [accept: */*]
> GET /ask?domain=test.nameservers.ma HTTP/2
> Host: whmcspanel.ssh.ma
> User-Agent: curl/8.5.0
> Accept: */*
> 
< HTTP/2 404 
< alt-svc: h3=":443"; ma=2592000
< server: Caddy
< content-length: 0
< date: Thu, 07 Nov 2024 13:48:10 GMT
< 
* Connection #0 to host whmcspanel.ssh.ma left intact

another curl -v test on the same hostname

root@whmcspanel:~# curl -v http://whmcspanel.ssh.ma/ask?domain=whmcspanel.ssh.ma
* Host whmcspanel.ssh.ma:80 was resolved.
* IPv6: (none)
* IPv4: 127.0.1.1, 185.244.195.102
*   Trying 127.0.1.1:80...
* Connected to whmcspanel.ssh.ma (127.0.1.1) port 80
> GET /ask?domain=whmcspanel.ssh.ma HTTP/1.1
> Host: whmcspanel.ssh.ma
> User-Agent: curl/8.5.0
> Accept: */*
> 
< HTTP/1.1 404 Not Found
< Server: Caddy
< Date: Thu, 07 Nov 2024 13:52:42 GMT
< Content-Length: 0
< 
* Connection #0 to host whmcspanel.ssh.ma left intact

another error log

Nov 07 21:36:49 whmcspanel.ssh.ma caddy[1636]: {"level":"debug","ts":1731011809.8885083,"logger":"tls.permission.http","msg":"response from permission endpoint","remote":"186.224.145.99:63909","domain":"test.nameservers.ma","url":"http://whmcspanel.ssh.ma/ask?domain=test.nameservers.ma","status":404}
Nov 07 21:36:49 whmcspanel.ssh.ma caddy[1636]: {"level":"debug","ts":1731011809.8885238,"logger":"tls","msg":"on-demand certificate issuance denied","domain":"test.nameservers.ma","error":"test.nameservers.ma: certificate not allowed by permission module http://whmcspanel.ssh.ma/ask - non-2xx status code 404"}
Nov 07 21:36:49 whmcspanel.ssh.ma caddy[1636]: {"level":"debug","ts":1731011809.888568,"logger":"http.stdlib","msg":"http: TLS handshake error from 186.224.145.99:63909: certificate is not allowed for server name test.nameservers.ma: decision func: test.nameservers.ma: certificate not allowed by permission module http://whmcspanel.ssh.ma/ask - non-2xx status code 404"}
Nov 07 21:36:50 whmcspanel.ssh.ma caddy[1636]: {"level":"debug","ts":1731011810.2182,"logger":"http.stdlib","msg":"http: TLS handshake error from 186.224.145.99:64790: tls: client offered only unsupported versions: [301]"}

really no idea why this happened.

You’re not using ask properly. I think you don’t understand what On Demand TLS is for. Please review the docs.

Can you please share with me this part on how to use the ask

Also, read what I wrote above

That’s good now

i have edited the part of ask with http://mywebserverdomainexample.com

and it’s working fine

I don’t know what you mean by that. But if you’re saying that you’re making all domains respond with 200 status for ask then you are vulnerable to DDOS. You must only allow domains you trust, otherwise an attacker can force your server to issue certs infinitely until you hit rate limits or run out of storage space. That’s why there’s a ?domain= query parameter. You need to compare that against a database/list of domains.

Only our domains that are authorized for only expired or suspended domains we want to show them an html page

What I’m trying to explain is an attacker can point a *.evil.com CNAME to your domain, then make requests like a.evil.com then b.evil.com to infinity (because subdomains are infinite) until you run out of memory. Are you actually checking the domain in the ask? You showed no evidence of that.

Really I forgot this part, Do you have an idea how to integrate our civ or txt domains list ?

Sorry but I’m new in Caddy, that’s why I’m asking

I explained already. You need to write your own server (like, an app in a programming language of your choice) which does a lookup in whatever database you use. Your app should track registration of domains from your customers.

If you’re not doing this to support customers pointing their domains to your server, then you should probably not be using On-Demand TLS at all.

Got it! Thank you

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.