Well, for one thing, your last closing bracket is a close-parenthesis rather than a curly brace.
But even if I replace that with a curly brace, I can’t reproduce the error. This Caddyfile doesn’t have any sites in it using HTTPS, so it will not attempt to acquire LetsEncrypt certs. Can you post the real one, or something closer to it?
If you don’t want to do that, carefully check that you don’t have anything outside of curly braces except for site names. For example, if you had something like the following, gzip would be interpreted as a third site, not as a directive, and it would produce the error you’re seeing.
Sorry, the curly brace issue is a typing mistake, as I did not “cut & paste” from the caddyfile.
But, it looks that your advise help. I deleted spaces I had after the curly brace and I don’t have this error any more.
Thank you.
How can I check that the privacy process passed, just enter the site with https://?
What is the default location for the certificate?
Thank you all.
Matt, I checked the logfile. I got there: http://localhost
scanning for stale OCSP staples
done checking OCSP staples
.
.
.
and I dont see https.
(and of course that I cant access https).
I suspect that it is my router / firewall issue. I opened port 443 and marked port forwarding to my server ports 443 and 80.
Should I open another port that caddy is using?
I have to say that I am very satisfied with caddy . I believe that after solving the https issue it will be the perfect webserver for me…
I wrote the domains 2nd time with www after I saw that trying to enter with www the server return with an error message
that site does not exist on port 80
matt, I am not sure that I understood, I am sorry buy from my age I am better in DOS / UNIX and assembly
I tried to add another line with :443 but I gor an error message and caddy didn’t startup.
What should I do? delete the :80 and caddy will handle the ports?
The scheme http:// and port :80 in your site labels are explicitly instructing Caddy not to fetch certificates and enable HTTPS. Take them out for all sites, like in @matt’s example, and Caddy will serve both HTTP and HTTPS, redirecting people to upgrade.
Thanks, I understand the concept now, it worked but raised new problems:slight_smile:
the first site got certificate, the 2nd not (got en error message). I read that there is a problem in getting certificates for several domains with the same IP on the same server, but Matt wrote me :“HTTPS just works, don’t even think about it”
so I assume that it should work…
after the certificate process, trying to access the first site http is automatically replaced by https. I assume that it should be, but there is no access to the site. I suspect that now is a firewall / router probem, but I don’t know yet how to solve it. Any tip will be appreciated.
Is there a way to temporary cancel this http-https replacement to allow the site to be online till I solve it?
With really old server software that doesn’t support SNI, this was the case. It hasn’t been this way for a long time. Nowadays you can have as many certificates on a single IP address as you like because the client tells the server which domain it’s asking for, so the server knows which certificate to use for the handshake.
Can you elaborate? Do you get an error of some kind? A blank page with no data? What’s it look like after you get to HTTPS?
Yep - put http:// before each site name (like http://mmc-sys.com, http://www.mmc-sys.com) and Caddy won’t serve HTTPS or force upgrades for those sites in particular. You can mix and match some HTTPS and some non-HTTPS sites in the same Caddyfile this way.
I am glad to hear it. So it should work but I still got the error: Here are the details:
terminal message:
Activating privacy features…2017/04/24 10:22:45 [rts-development.com]
failed to get certificate: acme: Error 400 - urn:acme:error:connection -
Failed to connect to 62.219.193.33:443 for tls-sni-01 challenge
Error detail:
validation for rts-development.com:443
Resolved to:
62.219.193.33
Used: 62.219.193.33
logfile:
2017/04/24 10:22:30 [INFO][mmc-sys.com] acme: Obtaining bundled SAN certificate
2017/04/24 10:22:30 [INFO][mmc-sys.com] acme: Could not find solver for: dns-01
2017/04/24 10:22:30 [INFO][mmc-sys.com] acme: Trying to solve HTTP-01
2017/04/24 10:22:31 [INFO][mmc-sys.com] Served key authentication
2017/04/24 10:22:32 [INFO][mmc-sys.com] The server validated our request
2017/04/24 10:22:32 [INFO][mmc-sys.com] acme: Validations succeeded; requesting certificates
2017/04/24 10:22:33 [INFO] acme: Requesting issuer cert from https://acme-v01.api.letsencrypt.org/acme/issuer-cert
2017/04/24 10:22:33 [INFO][mmc-sys.com] Server responded with a certificate.
2017/04/24 10:22:34 [INFO][www.mmc-sys.com] acme: Obtaining bundled SAN certificate
2017/04/24 10:22:34 [INFO][www.mmc-sys.com] acme: Trying to solve HTTP-01
2017/04/24 10:22:35 [INFO][www.mmc-sys.com] Served key authentication
2017/04/24 10:22:36 [INFO][www.mmc-sys.com] The server validated our request
2017/04/24 10:22:36 [INFO][www.mmc-sys.com] acme: Validations succeeded; requesting certificates
2017/04/24 10:22:37 [INFO] acme: Requesting issuer cert from https://acme-v01.api.letsencrypt.org/acme/issuer-cert
2017/04/24 10:22:37 [INFO][www.mmc-sys.com] Server responded with a certificate.
2017/04/24 10:22:38 [INFO][rts-development.com] acme: Obtaining bundled SAN certificate
2017/04/24 10:22:38 [INFO][rts-development.com] acme: Trying to solve TLS-SNI-01
browser can not find the site. After a long delay I got the message: “This web page is not available”.