SSL handshake failed Error code 525

Gian · February 28, 2025, 1:07am

1. The problem I’m having:

Trying to setup caddy reverse-proxy --from bot.chat.adm.br --to 85.x.x.214:8091. 85.x.x is my exposed VPS server ip. But I get either connection timed out when i vist the domain, or 'SSL handshake error". I searched around here and didn’t find the same problem posted.

I tried both the machine ip and the ‘localhost’ word, not sure which one is correct. Or maybe 127.0.0.1?

my domain bot.chat.adm.br is on cloudflare, using proxy, and the BOT subdomain is correctly pointed to my server ip 85.x.x.214

curl "https://cloudflare-dns.com/dns-query?name=bot.chat.adm.br&type=A" \
  -H "accept: application/dns-json"
{"Status":0,"TC":false,"RD":true,"RA":true,"AD":false,"CD":false,"Question":[{"name":"bot.chat.adm.br","type":1}],"Answer":[{"name":"bot.chat.adm.br","type":1,"TTL":300,"data":"172.67.158.97"},{"name":"bot.chat.adm.br","type":1,"TTL":300,"data":"104.21.74.127"}]}

The certificate was generated when I ran. Then I waited a few minutes and nothign was happening so I pressed CTRL C. Not sure if the cert was saved? I lost the logs so cant paste here, I have no idea how to see past logs.

2. Error messages and/or full log output:

(I noticed a listen tcp 127.0.0.1:2019: bind: address already in use , i listed process using 2019, it was caddy itself, i stop caddy, kill the process, start caddy again, still failed to start service because of the error for some reason)

Feb 28 00:28:44 srv556089 systemd[1]: Stopped caddy.service - Caddy.
Feb 28 00:28:44 srv556089 systemd[1]: Starting caddy.service - Caddy...
Feb 28 00:28:44 srv556089 caddy[1475135]: caddy.HomeDir=/var/lib/caddy
Feb 28 00:28:44 srv556089 caddy[1475135]: caddy.AppDataDir=/var/lib/caddy/.local/share/caddy
Feb 28 00:28:44 srv556089 caddy[1475135]: caddy.AppConfigDir=/var/lib/caddy/.config/caddy
Feb 28 00:28:44 srv556089 caddy[1475135]: caddy.ConfigAutosavePath=/var/lib/caddy/.config/caddy/autosave.json
Feb 28 00:28:44 srv556089 caddy[1475135]: caddy.Version=2.6.2
Feb 28 00:28:44 srv556089 caddy[1475135]: runtime.GOOS=linux
Feb 28 00:28:44 srv556089 caddy[1475135]: runtime.GOARCH=amd64
Feb 28 00:28:44 srv556089 caddy[1475135]: runtime.Compiler=gc
Feb 28 00:28:44 srv556089 caddy[1475135]: runtime.NumCPU=2
Feb 28 00:28:44 srv556089 caddy[1475135]: runtime.GOMAXPROCS=2
Feb 28 00:28:44 srv556089 caddy[1475135]: runtime.Version=go1.22.2
Feb 28 00:28:44 srv556089 caddy[1475135]: os.Getwd=/
Feb 28 00:28:44 srv556089 caddy[1475135]: LANG=C.UTF-8
Feb 28 00:28:44 srv556089 caddy[1475135]: PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/snap/bin
Feb 28 00:28:44 srv556089 caddy[1475135]: NOTIFY_SOCKET=/run/systemd/notify
Feb 28 00:28:44 srv556089 caddy[1475135]: USER=caddy
Feb 28 00:28:44 srv556089 caddy[1475135]: LOGNAME=caddy
Feb 28 00:28:44 srv556089 caddy[1475135]: HOME=/var/lib/caddy
Feb 28 00:28:44 srv556089 caddy[1475135]: INVOCATION_ID=197d64f7e1fb4ff6bbc72514af738994
Feb 28 00:28:44 srv556089 caddy[1475135]: JOURNAL_STREAM=8:39558364
Feb 28 00:28:44 srv556089 caddy[1475135]: SYSTEMD_EXEC_PID=1475135
Feb 28 00:28:44 srv556089 caddy[1475135]: MEMORY_PRESSURE_WATCH=/sys/fs/cgroup/system.slice/caddy.service/memory.pressure
Feb 28 00:28:44 srv556089 caddy[1475135]: MEMORY_PRESSURE_WRITE=c29tZSAyMDAwMDAgMjAwMDAwMAA=
Feb 28 00:28:44 srv556089 caddy[1475135]: {"level":"info","ts":1740702524.13,"msg":"using provided configuration","config_file":"/etc/caddy/Caddyfile","config_adapter":""}
Feb 28 00:28:44 srv556089 caddy[1475135]: {"level":"info","ts":1740702524.1332142,"logger":"admin","msg":"admin endpoint started","address":"localhost:2019","enforce_origin":false,"origins":["//localhost:2019","//[::1]:2019","//127.
0.0.1:2019"]}
Feb 28 00:28:44 srv556089 caddy[1475135]: {"level":"warn","ts":1740702524.1333075,"logger":"http","msg":"server is listening only on the HTTP port, so no automatic HTTPS will be applied to this server","server_name":"srv0","http_por
t":80}
Feb 28 00:28:44 srv556089 caddy[1475135]: {"level":"info","ts":1740702524.1335208,"logger":"http.log","msg":"server running","name":"srv0","protocols":["h1","h2","h3"]}
Feb 28 00:28:44 srv556089 caddy[1475135]: {"level":"info","ts":1740702524.1337178,"msg":"autosaved config (load with --resume flag)","file":"/var/lib/caddy/.config/caddy/autosave.json"}
Feb 28 00:28:44 srv556089 caddy[1475135]: {"level":"info","ts":1740702524.1338649,"logger":"tls.cache.maintenance","msg":"started background certificate maintenance","cache":"0xc000238af0"}
Feb 28 00:28:44 srv556089 systemd[1]: Started caddy.service - Caddy.
Feb 28 00:28:44 srv556089 caddy[1475135]: {"level":"info","ts":1740702524.134493,"logger":"tls","msg":"cleaning storage unit","description":"FileStorage:/var/lib/caddy/.local/share/caddy"}
Feb 28 00:28:44 srv556089 caddy[1475135]: {"level":"info","ts":1740702524.1345253,"logger":"tls","msg":"finished cleaning storage units"}
Feb 28 00:28:44 srv556089 caddy[1475135]: {"level":"info","ts":1740702524.1353977,"msg":"serving initial configuration"}
Feb 28 00:33:56 srv556089 caddy[1475135]: {"level":"info","ts":1740702836.0305922,"logger":"admin.api","msg":"received request","method":"POST","host":"localhost:2019","uri":"/stop","remote_ip":"127.0.0.1","remote_port":"58516","hea
ders":{"Accept-Encoding":["gzip"],"Content-Length":["0"],"Origin":["http://localhost:2019"],"User-Agent":["Go-http-client/1.1"]}}
Feb 28 00:33:56 srv556089 caddy[1475135]: {"level":"warn","ts":1740702836.0306783,"logger":"admin.api","msg":"exiting; byeee!! 👋"}
Feb 28 00:33:56 srv556089 caddy[1475135]: {"level":"info","ts":1740702836.0307941,"logger":"tls.cache.maintenance","msg":"stopped background certificate maintenance","cache":"0xc000238af0"}
Feb 28 00:33:56 srv556089 caddy[1475135]: {"level":"info","ts":1740702836.0309112,"logger":"admin","msg":"stopped previous server","address":"localhost:2019"}
Feb 28 00:33:56 srv556089 caddy[1475135]: {"level":"info","ts":1740702836.0309184,"logger":"admin.api","msg":"shutdown complete","exit_code":0}
Feb 28 00:33:56 srv556089 systemd[1]: caddy.service: Deactivated successfully.
Feb 28 00:38:50 srv556089 systemd[1]: Starting caddy.service - Caddy...
Feb 28 00:38:50 srv556089 caddy[1480156]: caddy.HomeDir=/var/lib/caddy
Feb 28 00:38:50 srv556089 caddy[1480156]: caddy.AppDataDir=/var/lib/caddy/.local/share/caddy
Feb 28 00:38:50 srv556089 caddy[1480156]: caddy.AppConfigDir=/var/lib/caddy/.config/caddy
Feb 28 00:38:50 srv556089 caddy[1480156]: caddy.ConfigAutosavePath=/var/lib/caddy/.config/caddy/autosave.json
Feb 28 00:38:50 srv556089 caddy[1480156]: caddy.Version=v2.9.1 h1:OEYiZ7DbCzAWVb6TNEkjRcSCRGHVoZsJinoDR/n9oaY=
Feb 28 00:38:50 srv556089 caddy[1480156]: runtime.GOOS=linux
Feb 28 00:38:50 srv556089 caddy[1480156]: runtime.GOARCH=amd64
Feb 28 00:38:50 srv556089 caddy[1480156]: runtime.Compiler=gc
Feb 28 00:38:50 srv556089 caddy[1480156]: runtime.NumCPU=2
Feb 28 00:38:50 srv556089 caddy[1480156]: runtime.GOMAXPROCS=2
Feb 28 00:38:50 srv556089 caddy[1480156]: runtime.Version=go1.23.4
Feb 28 00:38:50 srv556089 caddy[1480156]: os.Getwd=/
Feb 28 00:38:50 srv556089 caddy[1480156]: LANG=C.UTF-8
Feb 28 00:38:50 srv556089 caddy[1480156]: PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/snap/bin
Feb 28 00:38:50 srv556089 caddy[1480156]: NOTIFY_SOCKET=/run/systemd/notify
Feb 28 00:38:50 srv556089 caddy[1480156]: USER=caddy
Feb 28 00:38:50 srv556089 caddy[1480156]: LOGNAME=caddy
Feb 28 00:38:50 srv556089 caddy[1480156]: HOME=/var/lib/caddy
Feb 28 00:38:50 srv556089 caddy[1480156]: INVOCATION_ID=09b5c2a584bb475fb1d56ac00f6f9f90
Feb 28 00:38:50 srv556089 caddy[1480156]: JOURNAL_STREAM=8:39577170
Feb 28 00:38:50 srv556089 caddy[1480156]: SYSTEMD_EXEC_PID=1480156
Feb 28 00:38:50 srv556089 caddy[1480156]: MEMORY_PRESSURE_WATCH=/sys/fs/cgroup/system.slice/caddy.service/memory.pressure
Feb 28 00:38:50 srv556089 caddy[1480156]: MEMORY_PRESSURE_WRITE=c29tZSAyMDAwMDAgMjAwMDAwMAA=
Feb 28 00:38:50 srv556089 caddy[1480156]: {"level":"info","ts":1740703130.3552544,"msg":"using config from file","file":"/etc/caddy/Caddyfile"}
Feb 28 00:38:50 srv556089 caddy[1480156]: {"level":"info","ts":1740703130.3559437,"msg":"adapted config to JSON","adapter":"caddyfile"}
Feb 28 00:38:50 srv556089 caddy[1480156]: Error: loading initial config: loading new config: starting caddy administration endpoint: listen tcp 127.0.0.1:2019: bind: address already in use
Feb 28 00:38:50 srv556089 systemd[1]: caddy.service: Main process exited, code=exited, status=1/FAILURE
Feb 28 00:38:50 srv556089 systemd[1]: caddy.service: Failed with result 'exit-code'.
Feb 28 00:38:50 srv556089 systemd[1]: Failed to start caddy.service - Caddy.
Feb 28 01:12:26 srv556089 systemd[1]: Starting caddy.service - Caddy...
Feb 28 01:12:26 srv556089 caddy[1489788]: caddy.HomeDir=/var/lib/caddy
Feb 28 01:12:26 srv556089 caddy[1489788]: caddy.AppDataDir=/var/lib/caddy/.local/share/caddy
Feb 28 01:12:26 srv556089 caddy[1489788]: caddy.AppConfigDir=/var/lib/caddy/.config/caddy
Feb 28 01:12:26 srv556089 caddy[1489788]: caddy.ConfigAutosavePath=/var/lib/caddy/.config/caddy/autosave.json
Feb 28 01:12:26 srv556089 caddy[1489788]: caddy.Version=v2.9.1 h1:OEYiZ7DbCzAWVb6TNEkjRcSCRGHVoZsJinoDR/n9oaY=
Feb 28 01:12:26 srv556089 caddy[1489788]: runtime.GOOS=linux
Feb 28 01:12:26 srv556089 caddy[1489788]: runtime.GOARCH=amd64
Feb 28 01:12:26 srv556089 caddy[1489788]: runtime.Compiler=gc
Feb 28 01:12:26 srv556089 caddy[1489788]: runtime.NumCPU=2
Feb 28 01:12:26 srv556089 caddy[1489788]: runtime.GOMAXPROCS=2
Feb 28 01:12:26 srv556089 caddy[1489788]: runtime.Version=go1.23.4
Feb 28 01:12:26 srv556089 caddy[1489788]: os.Getwd=/
Feb 28 01:12:26 srv556089 caddy[1489788]: LANG=C.UTF-8
Feb 28 01:12:26 srv556089 caddy[1489788]: PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/snap/bin
Feb 28 01:12:26 srv556089 caddy[1489788]: NOTIFY_SOCKET=/run/systemd/notify
Feb 28 01:12:26 srv556089 caddy[1489788]: USER=caddy
Feb 28 01:12:26 srv556089 caddy[1489788]: LOGNAME=caddy
Feb 28 01:12:26 srv556089 caddy[1489788]: HOME=/var/lib/caddy
Feb 28 01:12:26 srv556089 caddy[1489788]: INVOCATION_ID=76dbcaba1c0d482489887ee9568f487f
Feb 28 01:12:26 srv556089 caddy[1489788]: JOURNAL_STREAM=8:39610622
Feb 28 01:12:26 srv556089 caddy[1489788]: SYSTEMD_EXEC_PID=1489788
Feb 28 01:12:26 srv556089 caddy[1489788]: MEMORY_PRESSURE_WATCH=/sys/fs/cgroup/system.slice/caddy.service/memory.pressure
Feb 28 01:12:26 srv556089 caddy[1489788]: MEMORY_PRESSURE_WRITE=c29tZSAyMDAwMDAgMjAwMDAwMAA=
Feb 28 01:12:26 srv556089 caddy[1489788]: {"level":"info","ts":1740705146.89377,"msg":"using config from file","file":"/etc/caddy/Caddyfile"}
Feb 28 01:12:26 srv556089 caddy[1489788]: {"level":"info","ts":1740705146.8946579,"msg":"adapted config to JSON","adapter":"caddyfile"}
Feb 28 01:12:26 srv556089 caddy[1489788]: Error: loading initial config: loading new config: starting caddy administration endpoint: listen tcp 127.0.0.1:2019: bind: address already in use
Feb 28 01:12:26 srv556089 systemd[1]: caddy.service: Main process exited, code=exited, status=1/FAILURE
Feb 28 01:12:26 srv556089 systemd[1]: caddy.service: Failed with result 'exit-code'.
Feb 28 01:12:26 srv556089 systemd[1]: Failed to start caddy.service - Caddy.

Now when I run caddy reverse-proxy --from bot.chat.adm.br --to 85.x.x.214:8091

root@srv556089:~# caddy reverse-proxy --from bot.chat.adm.br --to localhost:8091
2025/02/28 01:01:50.639 WARN    admin   admin endpoint disabled
2025/02/28 01:01:50.640 INFO    http.auto_https server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS {"server_name": "proxy", "https_port": 443}
2025/02/28 01:01:50.640 INFO    http.auto_https enabling automatic HTTP->HTTPS redirects        {"server_name": "proxy"}
2025/02/28 01:01:50.640 INFO    http    enabling HTTP/3 listener        {"addr": ":443"}
2025/02/28 01:01:50.640 INFO    tls.cache.maintenance   started background certificate maintenance      {"cache": "0xc000375b00"}
2025/02/28 01:01:50.640 INFO    http.log        server running  {"name": "proxy", "protocols": ["h1", "h2", "h3"]}
2025/02/28 01:01:50.640 WARN    http    HTTP/2 skipped because it requires TLS  {"network": "tcp", "addr": ":80"}
2025/02/28 01:01:50.640 WARN    http    HTTP/3 skipped because it requires TLS  {"network": "tcp", "addr": ":80"}
2025/02/28 01:01:50.640 INFO    http.log        server running  {"name": "remaining_auto_https_redirects", "protocols": ["h1", "h2", "h3"]}
2025/02/28 01:01:50.640 INFO    http    enabling automatic TLS certificate management   {"domains": ["bot.chat.adm.br"]}
2025/02/28 01:01:50.641 INFO    caddy proxying  {"from": "https://bot.chat.adm.br", "to": ["localhost:8091"]}
2025/02/28 01:01:50.645 INFO    tls     storage cleaning happened too recently; skipping for now        {"storage": "FileStorage:/root/.local/share/caddy", "instance": "a6de250d-f2b5-48b6-9d5f-9fb0844f5abd", "try_again": "2025/03/01 01:01:50.645", "try_again_in": 86399.99999915}
2025/02/28 01:01:50.645 INFO    tls     finished cleaning storage units

Does this: "try_again": "2025/03/01 01:01:50.645", "try_again_in": 86399.99 mean that I’m banned from generating certs for days? wtf?

3. Caddy version:

v2.9.1 h1:OEYiZ7DbCzAWVb6TNEkjRcSCRGHVoZsJinoDR/n9oaY=

4. How I installed and ran Caddy:

sudo apt install -y debian-keyring debian-archive-keyring apt-transport-https curl
curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/gpg.key' | sudo gpg --dearmor -o /usr/share/keyrings/caddy-stable-archive-keyring.gpg
curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/debian.deb.txt' | sudo tee /etc/apt/sources.list.d/caddy-stable.list
sudo apt update
sudo apt install caddy
caddy stop && caddy start

a. System environment:

Ubuntu 24.04 LTS (GNU/Linux 6.8.0-52-generic x86_64)

b. Command:

 caddy reverse-proxy --from bot.chat.adm.br --to 85.209.92.214:8091

c. Service/unit/compose file:

d. My complete Caddy config:

i didnt make any

extra info


f723744f592f   baptistearno/typebot-viewer:latest    "/bin/sh -c ./${SCOP…"   19 minutes ago      Up 19 minutes             0.0.0.0:8091->3000/tcp, [::]:8091->3000/tcp   typebot-typebot-viewer-1

For now , trying to just setup https (not even sure if possible lol) without the domain, same thing:

 caddy reverse-proxy --from :8191 --to :8091
2025/02/28 01:06:13.088 WARN    admin   admin endpoint disabled
2025/02/28 01:06:13.088 INFO    http.auto_https automatic HTTPS is completely disabled for server       {"server_name": "proxy"}
2025/02/28 01:06:13.088 INFO    tls.cache.maintenance   started background certificate maintenance      {"cache": "0xc00055e500"}
2025/02/28 01:06:13.088 WARN    http    HTTP/2 skipped because it requires TLS  {"network": "tcp", "addr": ":8191"}
2025/02/28 01:06:13.088 WARN    http    HTTP/3 skipped because it requires TLS  {"network": "tcp", "addr": ":8191"}
2025/02/28 01:06:13.088 INFO    http.log        server running  {"name": "proxy", "protocols": ["h1", "h2", "h3"]}
2025/02/28 01:06:13.088 INFO    caddy proxying  {"from": "http://:8191", "to": [":8091"]}
2025/02/28 01:06:13.090 INFO    tls     storage cleaning happened too recently; skipping for now        {"storage": "FileStorage:/root/.local/share/caddy", "instance": "a6de250d-f2b5-48b6-9d5f-9fb0844f5abd", "try_again": "2025/03/01 01:06:13.090", "try_again_in": 86399.99999896}
2025/02/28 01:06:13.090 INFO    tls     finished cleaning storage units

Update: I just set up my reverse proxy with nginx and certbot, sad i couldn’t get this to work, but would accept tips to make it work properly

Mohammed90 · March 1, 2025, 6:12pm

There’s a fight between the Caddy process started by systemd versus the process you’re running in your shell. Pick one and let’s try to troubleshoot from there.

Gian · March 1, 2025, 7:21pm

The install was weird. If I remember correctly, the first time i installed it I used just “apt install caddy”. I later noticed I had a version very behind the current version so I used the full command I pasted there, from the docs. Then I had the latest version, but with problems to start.

I’ll try again later and update here, thanks