Self-signed TLS doesn't work with proxy


(Stavros Korokithakis) #1

I have this very simple Caddyfile:

https://0.0.0.0:443 {
    tls self_signed
    proxy / localhost:8080
}

This produces TLS certificate errors in the browser (SSL_ERROR_INTERNAL_ERROR_ALERT, not just an “untrusted” message). Removing the proxy directive makes Caddy issue a proper self-signed cert with no errors.


(Matt Holt) #2

Which version of Caddy are you using? Or are you building from source.


(Stavros Korokithakis) #3

Sorry, I’m using the latest one on the site, 0.10.11, with just the stock free license option and no plugins.


(Matthew Fay) #4

Looks like https://github.com/mholt/caddy/issues/2035, except for the fact that proxy is provoking the issue.


(Matt Holt) #5

Confirmed, but this is not affected by the proxy directive. That must be something else.

The next release will allow the use of IP addresses in self-signed certificates. As a workaround for now, use :443 as the site address, rather than using 0.0.0.0.


(Matt Holt) #6

For anyone following along at home, the fix is in https://github.com/mholt/caddy/pull/2037


(system) #7

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.