One subdomain works but not the others

mattias · August 19, 2021, 6:59am

1. Caddy version (`caddy version`):

Latest docker image

2. How I run Caddy:

From a docker-compose file

a. System environment:

Latest docker and latest docker-compose using version 3.9.

b. Command:

docker-compose up -d

c. Service/unit/compose file:

    caddy:
        image: caddy
        container_name: caddy
        restart: unless-stopped
        environment:
          - CLOUDFLARE_EMAIL=${CF_MAIL}
          - CLOUDFLARE_API_TOKEN=${CF_TOKEN}
        ports:
          - "80:80"
          - "443:443"
        volumes:
          - ./appdata/caddy/Caddyfile:/etc/caddy/Caddyfile
          - ./appdata/caddy/data:/data
          - ./appdata/caddy/config:/config
        networks:
          - web

    nextcloud:
        image: ghcr.io/linuxserver/nextcloud:latest
        container_name: nextcloud
        networks:
            - web  
        environment:
            - PUID=1000
            - PGID=1000
            - TZ=Europe/Stockholm
        volumes:
            - ./appdata/nextcloud:/config
            - Cloud:/data
        depends_on:
            - nextclouddb
        ports:
            - 8282:80
            - 8484:443
        restart: unless-stopped

d. My complete Caddyfile or JSON config:

grillgeek.se {
  reverse_proxy grillgeekse
}

start.grillgeek.se {
  reverse_proxy heimdall
}

cloud.grillgeek.se {
  reverse_proxy nextcloud
}

unifi.grillgeek.se {
  reverse_proxy unifi
}

wish.grillgeek.se {
  reverse_proxy 10.1.1.30:5055
}```

### 3. The problem I’m having:
The first and the last subdomain works, thus start.* and wish.* but not the others.

### 4. Error messages and/or full log output:

{“level”:“error”,“ts”:1629355766.2525675,“logger”:“tls.issuance.acme.acme_client”,“msg”:“validating authorization”,“identifier”:“cloud.grillgeek.se”,“error”:“authorization failed: HTTP 403 urn:ietf:params:acme:error:unauthorized - Cannot negotiate ALPN protocol “acme-tls/1” for tls-alpn-01 challenge”,“order”:“https://acme-v02.api.letsencrypt.org/acme/order/166717140/17991436030",“attempt”:1,"max_attempts”:3}


### 5. What I already tried:

The documentation only.

francislavoie · August 19, 2021, 8:29am

Are you using Cloudflare for these? Are all the subdomains configured the same way? Make sure you don’t have something intercepting requests to Caddy.

mattias · August 19, 2021, 8:32am

Yes they are all specifies in the same way at Cloudflare.
Well coming from Swag the only ports forwarded from the router is 80 and 443, also 32400 for plex and 8080 from Unifi inform.

francislavoie · August 19, 2021, 8:37am

Sounds like you’re planning on setting up the DNS challenge as per your other topic, so that’ll get around this issue anyways. Setting up the DNS challenge turns off the other challenge types (HTTP and TLS-ALPN) and in this case that error was from a failed TLS-ALPN attempt.

Are you sure that’s all that’s in your logs though? There should be much more. It might have succeeded soon after with the HTTP challenge instead.

system · September 18, 2021, 7:00am

This topic was automatically closed after 30 days. New replies are no longer allowed.