1. The problem I’m having:
Hi everyone, I am running SaasCustomDomains.com.
I want to redirect from aellion.com to www.aellion.com but I’m having issues. Caddy doesn’t issue certificate for www.aellion.com.
This is my setup:
root domain matcher
This matcher matches aellion.com
and redirects to www.aellion.com
{
"match": [
{
"host": [
"aellion.com"
]
}
],
"handle": [
{
"handler": "static_response",
"headers": {
"Location": [
"https://www.{http.request.host}{http.request.uri}"
]
},
"status_code": 302
}
],
"terminal": true
}
www
matcher
This matcher matches www.aellion.com
and proxies the request to domain.com:443
{
"match": [
{
"host": [
"www.aellion.com"
]
}
],
"handle": [
{
"handler": "reverse_proxy",
"upstreams": [
{
"dial": "domain.com:443"
}
],
"transport": {
"protocol": "http",
"tls": {}
},
"headers": {
"request": {
"set": {
"Host": [
"{http.reverse_proxy.upstream.host}"
]
}
}
}
}
],
"terminal": true
}
What happens when I visit aellion.com is Caddy issues a certificate for aellion.com and redirects to www.aellion.com.
But then browsers (Chrome/Firefox/Safari) show the SSL issue for www.aellion.com:
Why doesn’t Caddy issue a cert for the www.aellion.com too?
The confusing part is, when I removed the matcher that redirects aellion.com to www.aellion.com, and visited www.aellion.com, then Caddy issued the certificate for www.aellion.com. Then I brought back the matcher-redirector and aellion.com would redirect to www.aellion.com and everything worked as expected.
Can anyone explain to me what is going on?
How can I just have a config that redirects to www and handles all the certificates properly?
3. Caddy version:
2.6.4
4. How I installed and ran Caddy:
a. System environment:
Docker (Linux)
b. Command:
caddy run --config /etc/caddy/caddy.json
d. My complete Caddy config:
{
"apps": {
"http": {
"servers": {
"proxy_status_server": {
"listen": [
":8082"
],
"automatic_https": {
"disable": true,
"disable_redirects": true
},
"routes": [
{
"match": [
{
"path": [
"/custom-domains-proxy-status"
]
}
],
"handle": [
{
"handler": "static_response",
"status_code": 200,
"body": "OK"
}
],
"terminal": true
}
]
},
"tls_terminator": {
"listen": [
":443"
],
"routes": [
{
"match": [
{
"host": [
"www.aellion.com"
]
}
],
"handle": [
{
"handler": "reverse_proxy",
"upstreams": [
{
"dial": "domain.com:443"
}
],
"transport": {
"protocol": "http",
"tls": {}
},
"headers": {
"request": {
"set": {
"Host": [
"{http.reverse_proxy.upstream.host}"
]
}
}
}
}
],
"terminal": true
},
{
"match": [
{
"host": [
"aellion.com"
]
}
],
"handle": [
{
"handler": "static_response",
"headers": {
"Location": [
"https://www.{http.request.host}{http.request.uri}"
]
},
"status_code": 302
}
],
"terminal": true
}
],
"logs": {}
}
}
},
"tls": {
"automation": {
"policies": [
{
"on_demand": true
}
],
"on_demand": {
"ask": "https://[redacted_domain]/control/caddy/ask",
"rate_limit": {
"interval": "10m",
"burst": 100
}
}
},
"cache": {
"capacity": 100000
}
}
},
"admin": {
"identity": {
"issuers": [
{
"module": "acme",
"email": "[redacted]"
}
]
}
},
"logging": {
"logs": {
"default": {
"exclude": [
"http.log.access"
],
"writer": {
"output": "file",
"filename": "/var/log/caddy/caddy.log",
"roll": true,
"roll_size_mb": 64,
"roll_keep": 20
},
"encoder": {
"format": "json",
"time_format": "iso8601"
}
},
"log0": {
"writer": {
"output": "file",
"filename": "/var/log/caddy/access.log",
"roll": true,
"roll_size_mb": 64,
"roll_keep": 20
},
"encoder": {
"format": "json",
"time_format": "iso8601"
},
"include": [
"http.log.access"
]
}
}
},
"storage": {
"module": "s3",
"host": "s3.amazonaws.com",
"bucket": "[redacted_bucket_name]",
"prefix": "[redacted]",
"insecure": false
}
}
Thank you all