OpenSsl Error when accessing with https

Pechi · March 17, 2025, 9:45am

Hi, I just installed caddy to access and trying to test it , I have a caddy file like this

:3333 {
        respond 'Thanks'
}

When I run without https I get correct response

curl localhost:3333 'Thanks'(env)

but when I access with https I get this error,

 curl https://localhost:3333
curl: (35) OpenSSL/3.0.13: error:0A00010B:SSL routines::wrong version number

Please help in this.

timelordx · March 17, 2025, 2:03pm

Caddy doesn’t know whether this non-standard port should be HTTP or HTTPS.

See Addresses and https_port for more details about that.

You can try:

(
        https_port 3333
}

:3333 {
        respond 'Thanks'
}

Pechi · March 17, 2025, 3:03pm

@ timelordx

Thank you for your response,

I modified my Caddyfile like this

{

https_port 3333
}
:3333 {
        respond 'Thanks'
}

but now I get this error

curl https://localhost:3333
curl: (35) OpenSSL/3.0.13: error:0A000438:SSL routines::tlsv1 alert internal error
----------------------------------

Mohammed90 · March 17, 2025, 3:07pm

HTTPS needs a domain name.

And you can’t use the same port for both HTTP and HTTPS, at least not without some magic.

Pechi · March 17, 2025, 4:31pm

thanks , Mohammed90modified my config file with domain,

I get this message now

curl: (60) SSL certificate problem: unable to get local issuer certificate
More details here: https://curl.se/docs/sslcerts.html

curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.

I checked ls /usr/local/share/ca-certificates/ but nothing present.

Mohammed90 · March 17, 2025, 4:36pm

You will have to share your config file and the exact curl command you ran

timelordx · March 17, 2025, 6:41pm

For testing purposes, add -k to your curl command to ignore the invalid certificate. For example:

curl -kv https://localhost:3333

Pechi · March 18, 2025, 3:30am

My config file

 {

https_port 3333

}

<vps-ip>:443 {
   reverse_proxy localhost:5678 {
      flush_interval -1
    }
}


<vps-ip>:3333 {
        respond 'Thanks'
}

command I ran:

curl https://<vps-ip>:3333

response:

curl: (60) SSL certificate problem: unable to get local issuer certificate
More details here: https://curl.se/docs/sslcerts.html

curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.

curl -kv https://<vps-ip>:3333
```  works but it is insecure,

ferrybig · March 18, 2025, 8:36am

There are no public certificate providers that make certificates for ip addresses yet. Use a domain name, use it instead of the <vps-ip> in the config

system · April 17, 2025, 8:37am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.