Protecting http site with https

1. Caddy version (caddy version):


2. How I run Caddy:

a. System environment:

Windows Server 2019

b. Command:

caddy.exe run

c. Service/unit/compose file:


d. My complete Caddyfile or JSON config:

  auto_https off
} {
               tls C:\Tools\LetsEncrypt.pem C:\Tools\LetsEncrypt.pem

3. The problem I’m having:

I am attempting to secure a legacy application that doesn’t support HTTPS via caddy.

Server 1: Caddy - Listen on HTTPS port 8000
Server 2: Legacy Application - Listening on HTTP port 8000

I already manage the certificate using Certify The Web as the server is also has IIS installed and cannot bind to port 80. Certificate will be auto renewed, exported and the certify application restarted from within the Certify The Web applications.

4. Error messages and/or full log output:

Receiving ERR_SSL_PROTOCOL_ERROR in the browser when accessing the IP:8000

c:\Tools>Caddy.exe run
2022/02/18 15:04:41.778 e[34mINFOe[0m using adjacent Caddyfile
2022/02/18 15:04:41.780 e[33mWARNe[0m input is not formatted with ‘caddy fmt’ {“adapter”: “caddyfile”, “file”: “Caddyfile”, “line”: 2}
2022/02/18 15:04:41.781 e[34mINFOe[0m admin admin endpoint started {“address”: “tcp/localhost:2019”, “enforce_origin”: false, “origins”: [“localhost:2019”, “[::1]:2019”, “”]}
2022/02/18 15:04:41.782 e[34mINFOe[0m tls.cache.maintenance started background certificate maintenance {“cache”: “0xc0003998f0”}
2022/02/18 15:04:41.785 e[34mINFOe[0m tls cleaning storage unit {“description”: “FileStorage:C:\Users\Governor\AppData\Roaming\Caddy”}
2022/02/18 15:04:41.786 e[34mINFOe[0m autosaved config (load with --resume flag) {“file”: “C:\Users\Governor\AppData\Roaming\Caddy\autosave.json”}
2022/02/18 15:04:41.788 e[34mINFOe[0m serving initial configuration
2022/02/18 15:04:41.788 e[34mINFOe[0m tls finished cleaning storage units

5. What I already tried:

Many configuration changes!

6. Links to relevant resources:

That looks like you passed in the cert twice, but not the private key, to the tls option.

I was under the impression that you needed the cert file and key file, this .pem file should contain the full certificate chain and key.


They need to be separate files

Yeah. Though, one could use the folder loader which reads PEM files out of a folder. Those should have both cert and key in the same file.

Oh really? The Certify The Web app says it exports the full chain and the private key into a single file, that’s why I just referenced the same file twice…

I’ll try exporting it as the full chain and key separate and give it another go.

Does the config look good otherwise?


I tried splitting the files into cert and key and still had no luck, still getting ERR_SSL_PROTOCOL_ERROR


Please turn on the debug global option in Caddy, then look at Caddy’s logs after making a request. What do you see in the logs?

This topic was automatically closed after 30 days. New replies are no longer allowed.