1. The problem I’m having:
Hi, I am getting ERR_SSL_PROTOCOL_ERROR when I am accessing any pages on my reverse proxy. When I use curl, I get this result.
* Trying 45.119.154.104:8443...
* Connected to minecraftkm.asuscomm.com (45.119.154.104) port 8443 (#0)
* schannel: disabled automatic use of client certificate
* ALPN: offers http/1.1
* schannel: next InitializeSecurityContext failed: SEC_E_ILLEGAL_MESSAGE (0x80090326) - This error usually occurs when a fatal SSL/TLS alert is received (e.g. handshake failed). More detail may be available in the Windows System event log.
* Closing connection 0
curl: (35) schannel: next InitializeSecurityContext failed: SEC_E_ILLEGAL_MESSAGE (0x80090326) - This error usually occurs when a fatal SSL/TLS alert is received (e.g. handshake failed). More detail may be available in the Windows System event log.
2. Error messages and/or full log output:
{"level":"info","ts":1679132143.6215494,"msg":"using adjacent Caddyfile"}
{"level":"warn","ts":1679132143.6225502,"msg":"Caddyfile input is not formatted; run the 'caddy fmt' command to fix inconsistencies","adapter":"caddyfile","file":"Caddyfile","line":2}
{"level":"info","ts":1679132143.6285508,"logger":"admin","msg":"admin endpoint started","address":"localhost:2019","enforce_origin":false,"origins":["//localhost:2019","//[::1]:2019","//127.0.0.1:2019"]}
{"level":"info","ts":1679132143.6295326,"logger":"tls.cache.maintenance","msg":"started background certificate maintenance","cache":"0xc000226000"}
{"level":"info","ts":1679132143.6295326,"logger":"http","msg":"enabling automatic HTTP->HTTPS redirects","server_name":"srv0"}
{"level":"info","ts":1679132143.6295326,"logger":"http","msg":"enabling automatic HTTP->HTTPS redirects","server_name":"srv1"}
{"level":"info","ts":1679132143.6305459,"logger":"http","msg":"enabling HTTP/3 listener","addr":":8443"}
{"level":"info","ts":1679132143.6305459,"logger":"http.log","msg":"server running","name":"srv0","protocols":["h1","h2","h3"]}
{"level":"info","ts":1679132143.631535,"logger":"http","msg":"enabling HTTP/3 listener","addr":":8444"}
{"level":"info","ts":1679132143.631535,"logger":"http.log","msg":"server running","name":"srv1","protocols":["h1","h2","h3"]}
{"level":"info","ts":1679132143.631535,"logger":"http.log","msg":"server running","name":"remaining_auto_https_redirects","protocols":["h1","h2","h3"]}
{"level":"info","ts":1679132143.631535,"logger":"http","msg":"enabling automatic TLS certificate management","domains":["minecraftkm.asuscomm.com"]}
{"level":"info","ts":1679132143.631535,"logger":"tls","msg":"cleaning storage unit","description":"FileStorage:C:\\Users\\Samuel Tee\\AppData\\Roaming\\Caddy"}
{"level":"info","ts":1679132143.632535,"logger":"tls","msg":"finished cleaning storage units"}
{"level":"info","ts":1679132143.632535,"msg":"autosaved config (load with --resume flag)","file":"C:\\Users\\Samuel Tee\\AppData\\Roaming\\Caddy\\autosave.json"}
{"level":"info","ts":1679132143.632535,"msg":"serving initial configuration"}
{"level":"info","ts":1679132143.6395504,"logger":"tls.obtain","msg":"acquiring lock","identifier":"minecraftkm.asuscomm.com"}
{"level":"info","ts":1679132143.6456914,"logger":"tls.obtain","msg":"lock acquired","identifier":"minecraftkm.asuscomm.com"}
{"level":"info","ts":1679132143.6466682,"logger":"tls.obtain","msg":"obtaining certificate","identifier":"minecraftkm.asuscomm.com"}
{"level":"info","ts":1679132144.827557,"logger":"http","msg":"waiting on internal rate limiter","identifiers":["minecraftkm.asuscomm.com"],"ca":"https://acme-v02.api.letsencrypt.org/directory","account":""}
{"level":"info","ts":1679132144.827557,"logger":"http","msg":"done waiting on internal rate limiter","identifiers":["minecraftkm.asuscomm.com"],"ca":"https://acme-v02.api.letsencrypt.org/directory","account":""}
{"level":"info","ts":1679132145.2819724,"logger":"http.acme_client","msg":"trying to solve challenge","identifier":"minecraftkm.asuscomm.com","challenge_type":"http-01","ca":"https://acme-v02.api.letsencrypt.org/directory"}
{"level":"error","ts":1679132156.1264706,"logger":"http.acme_client","msg":"challenge failed","identifier":"minecraftkm.asuscomm.com","challenge_type":"http-01","problem":{"type":"urn:ietf:params:acme:error:connection","title":"","detail":"45.119.154.104: Fetching http://minecraftkm.asuscomm.com/.well-known/acme-challenge/5u-1cEfTOMsxAcgW_S8jexkbLIHwQ64zCyVtX048ljs: Timeout during connect (likely firewall problem)","instance":"","subproblems":[]}}
{"level":"error","ts":1679132156.1270115,"logger":"http.acme_client","msg":"validating authorization","identifier":"minecraftkm.asuscomm.com","problem":{"type":"urn:ietf:params:acme:error:connection","title":"","detail":"45.119.154.104: Fetching http://minecraftkm.asuscomm.com/.well-known/acme-challenge/5u-1cEfTOMsxAcgW_S8jexkbLIHwQ64zCyVtX048ljs: Timeout during connect (likely firewall problem)","instance":"","subproblems":[]},"order":"https://acme-v02.api.letsencrypt.org/acme/order/1015208057/170786880547","attempt":1,"max_attempts":3}
{"level":"info","ts":1679132157.6051261,"logger":"http.acme_client","msg":"trying to solve challenge","identifier":"minecraftkm.asuscomm.com","challenge_type":"tls-alpn-01","ca":"https://acme-v02.api.letsencrypt.org/directory"}
{"level":"error","ts":1679132158.8602135,"logger":"http.acme_client","msg":"challenge failed","identifier":"minecraftkm.asuscomm.com","challenge_type":"tls-alpn-01","problem":{"type":"urn:ietf:params:acme:error:unauthorized","title":"","detail":"Cannot negotiate ALPN protocol \"acme-tls/1\" for tls-alpn-01 challenge","instance":"","subproblems":[]}}
{"level":"error","ts":1679132158.8606596,"logger":"http.acme_client","msg":"validating authorization","identifier":"minecraftkm.asuscomm.com","problem":{"type":"urn:ietf:params:acme:error:unauthorized","title":"","detail":"Cannot negotiate ALPN protocol \"acme-tls/1\" for tls-alpn-01 challenge","instance":"","subproblems":[]},"order":"https://acme-v02.api.letsencrypt.org/acme/order/1015208057/170786902327","attempt":2,"max_attempts":3}
{"level":"error","ts":1679132158.8615136,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"minecraftkm.asuscomm.com","issuer":"acme-v02.api.letsencrypt.org-directory","error":"HTTP 403 urn:ietf:params:acme:error:unauthorized - Cannot negotiate ALPN protocol \"acme-tls/1\" for tls-alpn-01 challenge"}
{"level":"warn","ts":1679132158.8627477,"logger":"http","msg":"missing email address for ZeroSSL; it is strongly recommended to set one for next time"}
{"level":"info","ts":1679132160.4313283,"logger":"http","msg":"generated EAB credentials","key_id":"pDqXl--TmFe5Movao4JgTw"}
{"level":"info","ts":1679132162.1756687,"logger":"http","msg":"waiting on internal rate limiter","identifiers":["minecraftkm.asuscomm.com"],"ca":"https://acme.zerossl.com/v2/DV90","account":""}
{"level":"info","ts":1679132162.1762345,"logger":"http","msg":"done waiting on internal rate limiter","identifiers":["minecraftkm.asuscomm.com"],"ca":"https://acme.zerossl.com/v2/DV90","account":""}
{"level":"info","ts":1679132163.8648388,"logger":"http.acme_client","msg":"trying to solve challenge","identifier":"minecraftkm.asuscomm.com","challenge_type":"http-01","ca":"https://acme.zerossl.com/v2/DV90"}
{"level":"error","ts":1679132175.5259948,"logger":"http.acme_client","msg":"challenge failed","identifier":"minecraftkm.asuscomm.com","challenge_type":"http-01","problem":{"type":"","title":"","detail":"","instance":"","subproblems":[]}}
{"level":"error","ts":1679132175.5259948,"logger":"http.acme_client","msg":"validating authorization","identifier":"minecraftkm.asuscomm.com","problem":{"type":"","title":"","detail":"","instance":"","subproblems":[]},"order":"https://acme.zerossl.com/v2/DV90/order/mtoSedQLWuM46go1OveBnQ","attempt":1,"max_attempts":3}
{"level":"error","ts":1679132175.5265772,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"minecraftkm.asuscomm.com","issuer":"acme.zerossl.com-v2-DV90","error":"HTTP 0 - "}
{"level":"error","ts":1679132175.5265772,"logger":"tls.obtain","msg":"will retry","error":"[minecraftkm.asuscomm.com] Obtain: [minecraftkm.asuscomm.com] solving challenge: minecraftkm.asuscomm.com: [minecraftkm.asuscomm.com] authorization failed: HTTP 0 - (ca=https://acme.zerossl.com/v2/DV90)","attempt":1,"retrying_in":60,"elapsed":31.8799087,"max_duration":2592000}
{"level":"info","ts":1679132235.537468,"logger":"tls.obtain","msg":"obtaining certificate","identifier":"minecraftkm.asuscomm.com"}
{"level":"info","ts":1679132237.104419,"logger":"http.acme_client","msg":"trying to solve challenge","identifier":"minecraftkm.asuscomm.com","challenge_type":"tls-alpn-01","ca":"https://acme-staging-v02.api.letsencrypt.org/directory"}
{"level":"error","ts":1679132238.284125,"logger":"http.acme_client","msg":"challenge failed","identifier":"minecraftkm.asuscomm.com","challenge_type":"tls-alpn-01","problem":{"type":"urn:ietf:params:acme:error:unauthorized","title":"","detail":"Cannot negotiate ALPN protocol \"acme-tls/1\" for tls-alpn-01 challenge","instance":"","subproblems":[]}}
{"level":"error","ts":1679132238.2843885,"logger":"http.acme_client","msg":"validating authorization","identifier":"minecraftkm.asuscomm.com","problem":{"type":"urn:ietf:params:acme:error:unauthorized","title":"","detail":"Cannot negotiate ALPN protocol \"acme-tls/1\" for tls-alpn-01 challenge","instance":"","subproblems":[]},"order":"https://acme-staging-v02.api.letsencrypt.org/acme/order/93799474/7810273744","attempt":1,"max_attempts":3}
{"level":"info","ts":1679132239.7490246,"logger":"http.acme_client","msg":"trying to solve challenge","identifier":"minecraftkm.asuscomm.com","challenge_type":"http-01","ca":"https://acme-staging-v02.api.letsencrypt.org/directory"}
{"level":"error","ts":1679132250.046415,"logger":"http.acme_client","msg":"challenge failed","identifier":"minecraftkm.asuscomm.com","challenge_type":"http-01","problem":{"type":"urn:ietf:params:acme:error:connection","title":"","detail":"45.119.154.104: Fetching http://minecraftkm.asuscomm.com/.well-known/acme-challenge/xGyJNS_kqbc0EDrudHuEBaosNnhMmHCDeVB-HwBr1vI: Timeout during connect (likely firewall problem)","instance":"","subproblems":[]}}
{"level":"error","ts":1679132250.0470784,"logger":"http.acme_client","msg":"validating authorization","identifier":"minecraftkm.asuscomm.com","problem":{"type":"urn:ietf:params:acme:error:connection","title":"","detail":"45.119.154.104: Fetching http://minecraftkm.asuscomm.com/.well-known/acme-challenge/xGyJNS_kqbc0EDrudHuEBaosNnhMmHCDeVB-HwBr1vI: Timeout during connect (likely firewall problem)","instance":"","subproblems":[]},"order":"https://acme-staging-v02.api.letsencrypt.org/acme/order/93799474/7810274264","attempt":2,"max_attempts":3}
{"level":"error","ts":1679132250.047793,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"minecraftkm.asuscomm.com","issuer":"acme-v02.api.letsencrypt.org-directory","error":"HTTP 400 urn:ietf:params:acme:error:connection - 45.119.154.104: Fetching http://minecraftkm.asuscomm.com/.well-known/acme-challenge/xGyJNS_kqbc0EDrudHuEBaosNnhMmHCDeVB-HwBr1vI: Timeout during connect (likely firewall problem)"}
{"level":"info","ts":1679132253.4974916,"logger":"http.acme_client","msg":"trying to solve challenge","identifier":"minecraftkm.asuscomm.com","challenge_type":"http-01","ca":"https://acme.zerossl.com/v2/DV90"}
{"level":"error","ts":1679132266.138996,"logger":"http.acme_client","msg":"challenge failed","identifier":"minecraftkm.asuscomm.com","challenge_type":"http-01","problem":{"type":"","title":"","detail":"","instance":"","subproblems":[]}}
{"level":"error","ts":1679132266.1395974,"logger":"http.acme_client","msg":"validating authorization","identifier":"minecraftkm.asuscomm.com","problem":{"type":"","title":"","detail":"","instance":"","subproblems":[]},"order":"https://acme.zerossl.com/v2/DV90/order/5Ac3aTkKd_2GVVV98tMw-A","attempt":1,"max_attempts":3}
{"level":"error","ts":1679132266.1402748,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"minecraftkm.asuscomm.com","issuer":"acme.zerossl.com-v2-DV90","error":"HTTP 0 - "}
{"level":"error","ts":1679132266.140334,"logger":"tls.obtain","msg":"will retry","error":"[minecraftkm.asuscomm.com] Obtain: [minecraftkm.asuscomm.com] solving challenge: minecraftkm.asuscomm.com: [minecraftkm.asuscomm.com] authorization failed: HTTP 0 - (ca=https://acme.zerossl.com/v2/DV90)","attempt":2,"retrying_in":120,"elapsed":122.4936655,"max_duration":2592000}
{"level":"info","ts":1679132347.9955878,"msg":"shutting down","signal":"SIGINT"}
{"level":"warn","ts":1679132347.995725,"msg":"exiting; byeee!! 👋","signal":"SIGINT"}
{"level":"info","ts":1679132348.0005145,"logger":"tls.cache.maintenance","msg":"stopped background certificate maintenance","cache":"0xc000226000"}
{"level":"info","ts":1679132348.0005145,"logger":"tls.obtain","msg":"releasing lock","identifier":"minecraftkm.asuscomm.com"}
{"level":"info","ts":1679132348.0025349,"logger":"admin","msg":"stopped previous server","address":"localhost:2019"}
{"level":"info","ts":1679132348.0032532,"msg":"shutdown complete","signal":"SIGINT","exit_code":0}
3. Caddy version:
v2.6.3 h1:QRVBNIqfpqZ1eJacY44I6eUC1OcxQ8D04EKImzpj7S8=
4. How I installed and ran Caddy:
Downloaded from release from GitHub.
a. System environment:
Windows 10 Pro. Caddy Windows Executable.
b. Command:
caddy run
d. My complete Caddy config:
minecraftkm.asuscomm.com:8443 {
route /mcmap* {
reverse_proxy localhost:25540
}
route /navidrome* {
reverse_proxy localhost:4533
}
route /ombi* {
reverse_proxy localhost:3579
}
route /speedtest* {
reverse_proxy localhost:3000
}
handle_path /requests* {
redir https://minecraftkm.asuscomm.com:8444{uri}
}
file_server
}
minecraftkm.asuscomm.com:8444 {
reverse_proxy localhost:5055
}
I have tried deleting the %appdata%/Caddy folder to clear whatever configuration Caddy stored and the result is still the same.