SSL certificate for new subdomain not issued

lukasig · June 18, 2023, 7:02am

1. The problem I’m having:

I have been using caddy on a ubuntu 22.04 server for a while now with no issues. Recently I have added a subdomain to my caddyfile. When I try to access that subdomain I get a 526 error of a invalid certificate page from cloudflare, which I am proxied through. The subdomain is setup just as all my other subdomains on my cloudflare DNS settings (CNAME).

2. Error messages and/or full log output:

$ journalctl -u caddy --no-pager | less +G`

this command gives me a prompt but no info.

3. Caddy version:

v2.6.4

4. How I installed and ran Caddy:

a. System environment:

Ubuntu 22.04 server, systemd

d. My complete Caddy config:

domain.me {
	redir https://cloud.domain.me{uri}
}
cloud.domain.me {
	header Strict-Transport-Security max-age=31536000;
	reverse_proxy localhost:11000
}
fmd.domain.me {
	reverse_proxy localhost:1020
}
#eye.domain.me {
#       reverse_proxy localhost:8081
#}
cctv.domain.me {
	reverse_proxy localhost:8765
}
speed.domain.me {
	reverse_proxy localhost:3000
}
#test.domain.me {
#        reverse_proxy localhost:9081
#}

fmd is the new subdomain I have problems with.

I have tried uninstalling and reinstalling caddy, but no change.
Thanks for your help

francislavoie · June 18, 2023, 9:08am

If you’re proxying Caddy behind Cloudflare, then Cloudflare prevents Caddy from successfully completing ACME challenges. Your logs would show that’s the case.

Did you include that backtick character at the end? You should not. It should look like this:

$ journalctl -u caddy --no-pager | less +G

Your options are either to get a build of Caddy with the Cloudflare DNS plugin and configure Caddy with your Cloudflare API key to use the ACME DNS challenge, or you could just turn off Cloudflare proxying (i.e. orange cloud → grey cloud).

matt · June 18, 2023, 3:00pm

Hmm, shouldn’t ACME still work with the HTTP challenge though?

lukasig · June 18, 2023, 3:04pm

That did it.

and wow, the command without the backtick character at the end displayed a huuugggeeee log.
Do you know a way of clearing that log?

thanks again

francislavoie · June 18, 2023, 3:30pm

You don’t need to manually clear it, it should be rotated automatically by the journal. You can check how it’s configured on your system journald.conf(5) — systemd — Debian testing — Debian Manpages

system · July 18, 2023, 3:30pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.