Self-signed TLS doesn't work with proxy

Stavros · March 5, 2018, 3:40pm

I have this very simple Caddyfile:

https://0.0.0.0:443 {
    tls self_signed
    proxy / localhost:8080
}

This produces TLS certificate errors in the browser (SSL_ERROR_INTERNAL_ERROR_ALERT, not just an “untrusted” message). Removing the proxy directive makes Caddy issue a proper self-signed cert with no errors.

matt · March 5, 2018, 3:51pm

Which version of Caddy are you using? Or are you building from source.

Stavros · March 7, 2018, 2:27pm

Sorry, I’m using the latest one on the site, 0.10.11, with just the stock free license option and no plugins.

Whitestrake · March 8, 2018, 12:24am

Looks like https://github.com/mholt/caddy/issues/2035, except for the fact that proxy is provoking the issue.

matt · March 13, 2018, 10:01pm

Confirmed, but this is not affected by the proxy directive. That must be something else.

The next release will allow the use of IP addresses in self-signed certificates. As a workaround for now, use :443 as the site address, rather than using 0.0.0.0.

matt · March 14, 2018, 1:31am

For anyone following along at home, the fix is in https://github.com/mholt/caddy/pull/2037

system · June 12, 2018, 1:31am

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.