1. The problem I’m having:
caddy auto tls fails
Can I do tls with a domain that points to a LAN address?
2. Error messages and/or full log output:
2023/11/02 16:16:20.875 debug http.stdlib http: TLS handshake error from 127.0.0.1:54466: EOF
2023/11/02 16:16:20.876 debug tls.issuance.acme.acme_client done waiting for solver {"identifier": "git.debased.earth", "challenge_type": "tls-alpn-01"}
2023/11/02 16:16:20.925 debug tls.issuance.acme.acme_client http request {"method": "POST", "url": "https://acme-v02.api.letsencrypt.org/acme/authz-v3/279926149426", "headers": {"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.7.5 CertMagic acmez (windows; amd64)"]}, "response_headers": {"Boulder-Requester":["1392420186"],"Cache-Control":["public, max-age=0, no-cache"],"Content-Length":["801"],"Content-Type":["application/json"],"Date":["Thu, 02 Nov 2023 16:16:21 GMT"],"Link":["<https://acme-v02.api.letsencrypt.org/directory>;rel=\"index\""],"Replay-Nonce":["x2pLemUfA_76BmMjZuOiSrYKCh7YFFQK1tAOki2VPI8d0P2lIiE"],"Server":["nginx"],"Strict-Transport-Security":["max-age=604800"],"X-Frame-Options":["DENY"]}, "status_code": 200}
2023/11/02 16:16:20.926 info tls.issuance.acme.acme_client trying to solve challenge {"identifier": "www.debased.earth", "challenge_type": "tls-alpn-01", "ca": "https://acme-v02.api.letsencrypt.org/directory"}
2023/11/02 16:16:20.928 debug tls.issuance.acme.acme_client waiting for solver before continuing {"identifier": "www.debased.earth", "challenge_type": "tls-alpn-01"}
2023/11/02 16:16:20.928 debug http.stdlib http: TLS handshake error from 127.0.0.1:54467: EOF
...
2023/11/02 16:16:23.060 error tls.issuance.acme.acme_client challenge failed {"identifier": "git.debased.earth", "challenge_type": "tls-alpn-01", "problem": {"type": "urn:ietf:params:acme:error:connection", "title": "", "detail": "123:777:666:bad:dad:dead:beef:cafe: Network unreachable", "instance": "", "subproblems": []}}
2023/11/02 16:16:23.060 error tls.issuance.acme.acme_client validating authorization {"identifier": "git.debased.earth", "problem": {"type": "urn:ietf:params:acme:error:connection", "title": "", "detail": "123:456:789:12:345:dead:beef:cafe: Network unreachable", "instance": "", "subproblems": []}, "order": "https://acme-v02.api.letsencrypt.org/acme/order/1392420176/219408498536", "attempt": 1, "max_attempts": 3}
3. Caddy version:
v2.7.5 h1:HoysvZkLcN2xJExEepaFHK92Qgs7xAiCFydN5x5Hs6Q=
4. How I installed and ran Caddy:
~/.go/bin/xcaddy.exe build v2.7.5 --with github.com/abiosoft/caddy-exec --with github.com/caddyserver/cache-handler --with github.com/aksdb/caddy-cgi/v2 --with github.com/greenpau/caddy-git --with github.com/Elegant996/scgi-transport
Also I’m using msys2-mingw64 and have verified that %APPDATA%\caddy folder exists
a. System environment:
b. Command:
./caddy.exe run -c caddyfile -a caddyfile
c. Service/unit/compose file:
n/a
d. My complete Caddy config:
{
debug
email <$MY_EMAIL>
log default {
output file ./access.log {
roll_size 8MB
roll_keep 5
roll_keep_for 720h
}
}
log other {
output stdout
}
order cgi before respond
}
www.debased.earth {
encode zstd gzip
reverse_proxy /* 127.0.0.1:3000 {
}
@gaiastatic {
path /static /static/*
}
handle @gaiastatic {
encode zstd gzip
file_server browse {
root ...\\folder\\etc
}
}
}
git.debased.earth {
encode zstd gzip
reverse_proxy /* 127.0.0.1:3001 {
}
}
5. Links to relevant resources:
DNS BIND
; A BIND file is a .TXT file that's used to export
; DNS records from one domain to another. BIND
; files are commonly used by lots of domain
; registrars, so they're a good choice if
; you're exporting resource records to a domain
; that's managed by a different registrar.
debased.earth. 3600 IN A 10.0.0.3
debased.earth. 3600 IN AAAA 123:456:789:012:345:dead:beef:cafe
debased.earth. 3600 IN MX 10 mail.debased.earth.
auth.debased.earth. 3600 IN CNAME debased.earth.
cdn.debased.earth. 3600 IN CNAME debased.earth.
ci.debased.earth. 3600 IN CNAME debased.earth.
error.debased.earth. 3600 IN CNAME debased.earth.
git.debased.earth. 3600 IN CNAME debased.earth.
id.debased.earth. 3600 IN CNAME debased.earth.
login.debased.earth. 3600 IN CNAME debased.earth.
mail.debased.earth. 3600 IN CNAME debased.earth.
ssl.debased.earth. 3600 IN CNAME debased.earth.
www.debased.earth. 3600 IN CNAME debased.earth.