Server sites which does not return 200 on ask in On demand tls

Help
1

1. Caddy version:

v2.6.2 h1:wKoFIxpmOJLGl3QXoo6PNbYvGW4xLEgo32GPBEjWL8o=

2. How I installed, and run Caddy:

Downloaded from static binaries: Download Caddy with redis feature

a. System environment:

Debian 10 systemd service

b. Command:

service caddy start

c. Service/unit/compose file:

[Unit]
Description=Caddy
Documentation=https://caddyserver.com/docs/
After=network.target network-online.target
Requires=network-online.target

[Service]
Type=notify
ExecStart=/usr/bin/caddy run --environ --config /etc/caddy/Caddyfile
ExecReload=/usr/bin/caddy reload --config /etc/caddy/Caddyfile --force
TimeoutStopSec=5s
LimitNOFILE=1048576
LimitNPROC=512
PrivateTmp=true
ProtectSystem=full
AmbientCapabilities=CAP_NET_BIND_SERVICE

[Install]
WantedBy=multi-user.target

d. My complete Caddy config:

{
	# General Options
	debug
	storage redis {
		address redis_addr
		db 0
		host redis_addr
		port port
	}
	admin 0.0.0.0:2019
	servers {
		metrics
	}
	on_demand_tls {
        ask  http://localhost:9090/check
    }
}

https:// {
	tls {
		on_demand
		issuer acme
		issuer zerossl {
			email 
		}
	}
	log {
		output file /var/log/caddy/caddy.log
	}
	reverse_proxy proxy-addr
}

3. The problem I’m having:

If ask endpoints return a status code other than 200 it resets the connection. I want to serve the website with a test certificate so that warning page happens and if user allows it then it can see the website with test certificate.

Screenshot 2023-01-20 at 3.15.34 PM
Screenshot 2023-01-20 at 3.15.34 PM2090×698 25.7 KB

2

That request sounds similar to this issue on GitHub:

Please add your thoughts to that issue so it can be considered.

3

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.