SSL_ERROR_INTERNAL_ERROR_ALERT when trying to access the website with https

nicolanapa · March 28, 2024, 4:20pm

1. The problem I’m having:

I’m getting SSL_ERROR_INTERNAL_ERROR_ALERT when i’m trying to access the https page. I also tried using certbot to create an certification but when i put it on my Caddyfile it gives permission errors (had to add # to that phrase in the Caddyfile). Shouldn’t caddy already create a certification? It works if i log in with http but not https. I’ve already opened the 80 and 443 port. Before i had :80 and http:// in the caddyfile but i’ve read on the documentation that it won’t give the https tls if there was http://.
How do i the seventh step of cerbot?

Install your certificate

You'll need to install your new certificate in the configuration file for your webserver.

Tried with sudo caddy trust but it’s saying it’s already trusted

2. Error messages and/or full log output:

caddy.service - Caddy
     Loaded: loaded (/etc/systemd/system/caddy.service; enabled; vendor preset: enabled)
     Active: active (running) since Thu 2024-03-28 16:54:20 CET; 16min ago
       Docs: https://caddyserver.com/docs/
   Main PID: 22016 (caddy)
      Tasks: 13 (limit: 18960)
     Memory: 25.4M
        CPU: 571ms
     CGroup: /system.slice/caddy.service
             └─22016 /usr/bin/caddy run --environ --config /etc/caddy/Caddyfile


Mar 28 16:59:30 server caddy[22016]: {"level":"error","ts":1711641570.811931,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"domain.duckdns.org","issuer":"acme.zerossl.com-v2-DV90","error":"[domain.duckdns.org] solving challenges: presenting for challenge: could not determine zone for domain \"_acme-challenge.domain.duckdns.org\": unexpected response code 'SERVFAIL' for _acme-challenge.domain.duckdns.org. (order=https://acme.zerossl.com/v2/DV90/order/jw4uUIeTZzxBzc-njYHoKA) (ca=https://acme.zerossl.com/v2/DV90)"}
Mar 28 16:59:30 server caddy[22016]: {"level":"error","ts":1711641570.812019,"logger":"tls.obtain","msg":"will retry","error":"[domain.duckdns.org] Obtain: [domain.duckdns.org] solving challenges: presenting for challenge: could not determine zone for domain \"_acme-challenge.domain.duckdns.org\": unexpected response code 'SERVFAIL' for _acme-challenge.domain.duckdns.org. (order=https://acme.zerossl.com/v2/DV90/order/jw4uUIeTZzxBzc-njYHoKA) (ca=https://acme.zerossl.com/v2/DV90)","attempt":4,"retrying_in":300,"elapsed":310.602792727,"max_duration":2592000}
Mar 28 17:04:30 server caddy[22016]: {"level":"info","ts":1711641870.8150218,"logger":"tls.obtain","msg":"obtaining certificate","identifier":"domain.duckdns.org"}
Mar 28 17:04:31 server caddy[22016]: {"level":"info","ts":1711641871.8214467,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"domain.duckdns.org","challenge_type":"dns-01","ca":"https://acme-staging-v02.api.letsencrypt.org/directory"}
Mar 28 17:04:31 server caddy[22016]: {"level":"error","ts":1711641871.8242433,"logger":"tls.issuance.acme.acme_client","msg":"cleaning up solver","identifier":"domain.duckdns.org","challenge_type":"dns-01","error":"no memory of presenting a DNS record for \"_acme-challenge.domain.duckdns.org\" (usually OK if presenting also failed)"}
Mar 28 17:04:32 server caddy[22016]: {"level":"error","ts":1711641872.010698,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"domain.duckdns.org","issuer":"acme-v02.api.letsencrypt.org-directory","error":"[domain.duckdns.org] solving challenges: presenting for challenge: could not determine zone for domain \"_acme-challenge.domain.duckdns.org\": unexpected response code 'SERVFAIL' for _acme-challenge.domain.duckdns.org. (order=https://acme-staging-v02.api.letsencrypt.org/acme/order/142363154/15581037984) (ca=https://acme-staging-v02.api.letsencrypt.org/directory)"}
Mar 28 17:04:37 server caddy[22016]: {"level":"info","ts":1711641877.5764012,"logger":"tls.issuance.zerossl.acme_client","msg":"trying to solve challenge","identifier":"domain.duckdns.org","challenge_type":"dns-01","ca":"https://acme.zerossl.com/v2/DV90"}
Mar 28 17:04:37 server caddy[22016]: {"level":"error","ts":1711641877.5791638,"logger":"tls.issuance.zerossl.acme_client","msg":"cleaning up solver","identifier":"domain.duckdns.org","challenge_type":"dns-01","error":"no memory of presenting a DNS record for \"_acme-challenge.domain.duckdns.org\" (usually OK if presenting also failed)"}
Mar 28 17:04:38 server caddy[22016]: {"level":"error","ts":1711641878.0039,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"domain.duckdns.org","issuer":"acme.zerossl.com-v2-DV90","error":"[domain.duckdns.org] solving challenges: presenting for challenge: could not determine zone for domain \"_acme-challenge.domain.duckdns.org\": unexpected response code 'SERVFAIL' for _acme-challenge.domain.duckdns.org. (order=https://acme.zerossl.com/v2/DV90/order/8-jl-rv7cIelIhNdBhKKoA) (ca=https://acme.zerossl.com/v2/DV90)"}
Mar 28 17:04:38 server caddy[22016]: {"level":"error","ts":1711641878.0039842,"logger":"tls.obtain","msg":"will retry","error":"[domain.duckdns.org] Obtain: [domain.duckdns.org] solving challenges: presenting for challenge: could not determine zone for domain \"_acme-challenge.domain.duckdns.org\": unexpected response code 'SERVFAIL' for _acme-challenge.domain.duckdns.org. (order=https://acme.zerossl.com/v2/DV90/order/8-jl-rv7cIelIhNdBhKKoA) (ca=https://acme.zerossl.com/v2/DV90)","attempt":5,"retrying_in":600,"elapsed":617.794757792,"max_duration":2592000}

3. Caddy version:

v2.7.6 h1:w0NymbG2m9PcvKWsrXO6EEkY9Ru4FJK8uQbYcev1p3A=

4. How I installed and ran Caddy:

Installed with a static binaries and installing it as a system service

a. System environment:

Ubuntu Server 22.04

b. Command:

sudo systemctl reload caddy

c. Service/unit/compose file:

[Unit]
Description=Caddy
Documentation=https://caddyserver.com/docs/
After=network.target network-online.target
Requires=network-online.target

[Service]
Type=notify
User=caddy
Group=caddy
Environment=DO_AUTH_TOKEN="key here"
ExecStart=/usr/bin/caddy run --environ --config /etc/caddy/Caddyfile
ExecReload=/usr/bin/caddy reload --config /etc/caddy/Caddyfile --force
TimeoutStopSec=5s
LimitNOFILE=1048576
PrivateTmp=true
ProtectSystem=full
AmbientCapabilities=CAP_NET_ADMIN CAP_NET_BIND_SERVICE

[Install]
WantedBy=multi-user.target

d. My complete Caddy config:

{
    email "email here"
}

(logging) {
        log {
                output file /var/log/caddy/caddy.log
                format json
        }
}


https://domain.duckdns.org,
https://,
:443 {
        root * /var/www/domain.duckdns.org
        file_server
        encode zstd gzip

        tls {
                dns duckdns "key here"
        }

        #tls /etc/letsencrypt/live/domain.duckdns.org/fullchain.pem /etc/letsencrypt/live/domain.duckdns.org/privkey.pem

        import logging
}

5. Links to relevant resources:

francislavoie · March 28, 2024, 6:41pm

Caddy is not certbot. Unrelated projects.

This was probably just an intermittent issue with DuckDNS.

I don’t think it makes sense to have https:// and :443 here. Change this to just nicolanapa.duckdns.org. You should only use https:// if you plan to use On-Demand TLS.

nicolanapa · March 28, 2024, 8:24pm

HTTPS now works after removing https:// and :443, thanks

system · April 27, 2024, 8:25pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.