Looks like the client cut the connection (connection reset by peer) in the middle of the TLS handshake. Try an openssl s_client -servername example.com -connect xxx.xxx.xxx.xxx:443 and see if Caddy’s misbehaving somehow, otherwise it’s worth investigating on the client’s end.