1. The problem I’m having:
I am getting the below error for this global config, it is using the string “env.caddy_host}” as certificate name. The request was for the bare IP of the host.
2. Error messages and/or full log output:
{
“insertId”: “fte4ugfcf24ze”,
“jsonPayload”: {
“container”: {
“imageName”: “jumager/caddy:develop”,
“created”: “2026-06-08T19:35:46.830030493Z”,
“imageId”: “sha256:f5131c52f7dbb44a961fb65441f7ef81da68e88fea3c15b75e519d891060464a”,
“id”: “a524875a8de4648e3f7bc2457c0a8620e811d041938c6d32881809e95df6074b”,
“name”: “/caddy”
},
“logger”: “http.stdlib”,
“message”: “http: TLS handshake error from 144.202.82.88:61234: certificate is not allowed for server name {env.caddy_host}: subject name does not qualify for certificate: {env.caddy_host}”,
“instance”: {
“zone”: “redacted”,
“id”: “redacted”
}
},
“resource”: {
“type”: “gce_instance”,
“labels”: {
“project_id”: “redacted”,
“zone”: “redacted”,
“instance_id”: “redacted”
}
},
“timestamp”: “2026-06-09T12:35:34.975880513Z”,
“severity”: “DEBUG”,
“logName”: “projects/redacted/logs/ngcplogs-docker-driver”,
“receiveTimestamp”: “2026-06-09T12:35:36.056063542Z”
}
3. Caddy version:
v2.11.5-0.20260603034900-fcc7860d038a h1:3Xp13FOrIusjyZNLM2Vlx3WZhkMUYkztdszCc+21JUA=
4. How I installed and ran Caddy:
I am runnig caddy from a docker container in host mode with the following plugins:
xcaddy build ${CADDY_VERSION} \
--with github.com/pberkel/caddy-storage-redis@main \
--with github.com/caddy-dns/cloudflare \
--with github.com/jum/caddy-simpletrace \
--with github.com/lucaslorentz/caddy-docker-proxy/v2@master
4a. System environment:
Docker on an debian x86 bookworm install.
4b. Command:
caddy docker-proxy
4c. Service/unit/compose file:
{
email redacted
cert_issuer acme
auto_https disable_redirects
acme_dns cloudflare {env.CF_API_KEY}
default_sni {env.CADDY_HOST}
storage redis {
host “{env.CADDY_REDIS_HOST}”
}
log {
level DEBUG
}
}
4d. My complete Caddy config:
email redacted
cert_issuer acme
auto_https disable_redirects
acme_dns cloudflare {env.CF_API_KEY}
default_sni {env.CADDY_HOST}
storage redis {
host “{env.CADDY_REDIS_HOST}”
}
log {
level DEBUG
}
}
5. What I already tried, and links to relevant resources:
I would like to use place holders in the default_sni global config. Is there a particular reason to not being able to use env vars here?
Assistance disclosure
No AI used.