this is the result I get:
Activating privacy features… 2018/08/18 17:39:30 [mysite.duckdns.org] failed to get certificate: [mysite.duckdns.org] error presenting token: presenting with standard HTTP provider server: Could not start HTTP server for challenge → listen tcp :80: bind: An attempt was made to access a socket in a way forbidden by its access permissions.
port 80 and 443 are opened on the router and firewall,
I DO run IIS with this site running live, should I not be able to run the site with IIS and then get https from Caddy, am I missunderstanding?
IIS and Caddy are both web servers, and to run a website from them, they’ll need port 80 and 443. They can’t share them, so you can only run one at a time on the standard ports. You can run one on non-standard ports, of course… with the obvious downsides associated with that.
I use https://certifytheweb.com/ for the Windows Server I’m responsible for that needs IIS running for an application (but if I could run Caddy instead and ditch IIS entirely, I would).
Now I try with just home-assistant in docker that I want to run with SSL and a ddns.
this is the Caddyfile
mysite.ddns.net {
proxy / http://localhost:8123 {
transparent
websocket
}
tls mymail@gmail.com
}
I get this errormsg: 2018/09/11 20:35:33 [WARNING] Sending telemetry (attempt 1): telemetry server replied with unknown content-type: 'text/plain; charset=utf-8' and HTTP 502 Bad Gateway - backing off and retrying
Don’t understand the error. I test with localhost:8123 and the container is working
I understand the telemetry server has had a hard time of things lately, on account of some pretty massive transient traffic spikes. Telemetry is optional and not integral to the core webserver functionality, you can safely ignore this warning.
Caddy should occasionally retry the connection to the telemetry server until it succeeds, so you might see a few - no more than one an hour, I think.
https://palmhierta.ddns.net/ is currently presenting a self-signed certificate.
The certificate is signed by/for VMware:
whitestrake at apollo in ~
❯ echo | openssl s_client -showcerts -servername palmhierta.ddns.net -connect palmhierta.ddns.net:443 2>/dev/null | openssl x509 -inform pem -noout -text
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 14177236238379900396 (0xc4bfa93e9d6dddec)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, L=Palo Alto, OU=VMware, CN=VMware/emailAddress=none@vmware.com
Validity
Not Before: Jul 3 12:40:30 2018 GMT
Not After : Jul 3 12:40:30 2019 GMT
Subject: C=US, L=Palo Alto, OU=VMware, CN=VMware/emailAddress=none@vmware.com
And another quick check for headers:
whitestrake at apollo in ~
❯ curl -kIL palmhierta.ddns.net
HTTP/1.1 301 Moved Permanently
Connection: close
Content-Type: text/html; charset=utf-8
Location: https://palmhierta.ddns.net/
Server: Caddy
Date: Sun, 16 Sep 2018 23:07:46 GMT
HTTP/1.1 403 Forbidden
Date: Sun, 16 Sep 2018 23:07:48 GMT
Connection: close
Content-Type: text/plain; charset=utf-8
X-Frame-Options: DENY
Content-Length: 0
Tells us, in the first block, that Caddy is listening on HTTP port 80, but not on HTTPS port 443 (note the missing Server header and the added X-Frame-Options header, which you didn’t specify in your Caddyfile, present in the second block).
This leads me to believe that your HTTPS port (443) is forwarded incorrectly, probably to your VM and not the Caddy host.
thank you, what should I do then you think?
I’ve checked firewall and router portforwarding seems to be working.
Im running docker toolbox on win7 machine I have checked so the ports are also open in virtualbox.
If I try with traefik I can get the http forwarding working but also have problem there with https.
The port forwarding is definitely not working as expected.
I’d suggest you remove it entirely, verify that it’s removed (by getting timeouts when connecting to HTTPS), then add it again, pointing it to the IP/port that Caddy is serving HTTPS on.
Looks like there are no programs running at localhost:8123, based on the results. Caddy can’t proxy to whatever it is, because nothing is there listening.