This produces TLS certificate errors in the browser (SSL_ERROR_INTERNAL_ERROR_ALERT, not just an “untrusted” message). Removing the proxy directive makes Caddy issue a proper self-signed cert with no errors.
Confirmed, but this is not affected by the proxy directive. That must be something else.
The next release will allow the use of IP addresses in self-signed certificates. As a workaround for now, use :443 as the site address, rather than using 0.0.0.0.