Self-signed TLS doesn't work with proxy

I have this very simple Caddyfile:

https://0.0.0.0:443 {
    tls self_signed
    proxy / localhost:8080
}

This produces TLS certificate errors in the browser (SSL_ERROR_INTERNAL_ERROR_ALERT, not just an “untrusted” message). Removing the proxy directive makes Caddy issue a proper self-signed cert with no errors.

Which version of Caddy are you using? Or are you building from source.

Sorry, I’m using the latest one on the site, 0.10.11, with just the stock free license option and no plugins.

Looks like https://github.com/mholt/caddy/issues/2035, except for the fact that proxy is provoking the issue.

1 Like

Confirmed, but this is not affected by the proxy directive. That must be something else.

The next release will allow the use of IP addresses in self-signed certificates. As a workaround for now, use :443 as the site address, rather than using 0.0.0.0.

For anyone following along at home, the fix is in https://github.com/mholt/caddy/pull/2037

1 Like

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.