Self-signed TLS doesn't work with proxy

Stavros · 2018-03-05 15:40:01 UTC

I have this very simple Caddyfile:

https://0.0.0.0:443 {
    tls self_signed
    proxy / localhost:8080
}

This produces TLS certificate errors in the browser (SSL_ERROR_INTERNAL_ERROR_ALERT, not just an “untrusted” message). Removing the proxy directive makes Caddy issue a proper self-signed cert with no errors.

matt · 2018-03-05 15:51:04 UTC

Which version of Caddy are you using? Or are you building from source.

Stavros · 2018-03-07 14:27:55 UTC

Sorry, I’m using the latest one on the site, 0.10.11, with just the stock free license option and no plugins.

Whitestrake · 2018-03-08 00:24:12 UTC

Looks like https://github.com/mholt/caddy/issues/2035, except for the fact that proxy is provoking the issue.

matt · 2018-03-13 22:01:17 UTC

Confirmed, but this is not affected by the proxy directive. That must be something else.

The next release will allow the use of IP addresses in self-signed certificates. As a workaround for now, use :443 as the site address, rather than using 0.0.0.0.

matt · 2018-03-14 01:31:37 UTC

For anyone following along at home, the fix is in https://github.com/mholt/caddy/pull/2037

system · 2018-06-12 01:31:38 UTC

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.