[SOLVED] Get SSL protocol error

JuliusA · January 21, 2021, 8:10pm

1. Caddy version (`caddy version`):

v2.3.0

2. How I run Caddy:

I run caddy as a service on a raspberry PI

a. System environment:

Installed as instructed on this site as a service in RPi 4

b. Command:

sudo caddy run

c. Service/unit/compose file:

paste full file contents here

d. My complete Caddyfile or JSON config:

service-1.nl {
reverse_proxy * http://192.168.3.201:5000
}
service-2.nl {
reverse_proxy * 192.168.3.200:31417
}

3. The problem I’m having:

On my network I run two synology servers, a home automation server and a wordpress website on one of the synology’s. I want to access them through different domains:
www.service-1.nl should lead to Synology 1 over http on 192.168.3.201:5000
www.service-2.nl should lead to Synology 2 over http on 192.168.3.200:31417
I don’t bother about the rest right now, as I can’t get this to work.
When I try to access the services, I get ERR_SSL_PROTOCOL_ERROR

4. Error messages and/or full log output:

pi@raspberrypi:~ $ sudo caddy run
2021/01/21 20:01:19.704	INFO	using adjacent Caddyfile
2021/01/21 20:01:19.710	INFO	admin	admin endpoint started	{"address": "tcp/localhost:2019", "enforce_origin": false, "origins": ["localhost:2019", "[::1]:2019", "127.0.0.1:2019"]}
2021/01/21 20:01:19.711	INFO	tls.cache.maintenance	started background certificate maintenance	{"cache": "0x311ba40"}
2021/01/21 20:01:19.711	INFO	http	server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS	{"server_name": "srv0", "https_port": 443}
2021/01/21 20:01:19.711	INFO	http	enabling automatic HTTP->HTTPS redirects	{"server_name": "srv0"}
2021/01/21 20:01:19.713	INFO	http	enabling automatic TLS certificate management	{"domains": ["service-1.nl", "service-2.nl"]}
2021/01/21 20:01:19.722	INFO	autosaved config	{"file": "/root/.config/caddy/autosave.json"}
2021/01/21 20:01:19.722	INFO	serving initial configuration
2021/01/21 20:01:19.790	INFO	tls	cleaned up storage units

5. What I already tried:

I read through the tutorials and this forum for answers. I just found the wiki that was posted a little bit earlier, but couldn’t find the mistake. I can ping my the services from my phone, from inside and outside the network.
When I turn to http, it works:

http://www.service-1.nl {
reverse_proxy * http://192.168.3.201:5000
}
http://www.service-2.nl {
reverse_proxy * 192.168.3.200:31417
}

So there is something wrong in the certification process.

6. Links to relevant resources:

francislavoie · January 21, 2021, 9:30pm

service-1.nl is not the same as www.service-1.nl. Those are distinct domains. If you’re configuring one, but requesting the other, it won’t work.

Are you sure your raspberry pi is publicly accessible on ports 80 and 443? Are you forwarding those ports to your raspberry pi?

Are you making the request from inside your network, or from outside? That often matters.

Some of your questions may be answered in this article:

JuliusA · January 21, 2021, 9:41pm

Thanks Francis, I’ll try this right away.

This was too easy! Thanks for the help. I assumed that just mentioning the domain would act as a wildcard, but it doesn’t.

I now have one issue left. I want to route site.domain.nl to 192.168.3.200/wordpress. I want to host a website there. Caddy reports http.log.error dial 192.168.3.200: unknown network 192.168.3.200.

It’ll have to be tomorrow. I’m calling it a day.

system · February 20, 2021, 8:10pm

This topic was automatically closed after 30 days. New replies are no longer allowed.