Supported cipher not enabled

lucar · October 5, 2021, 3:30pm

1. Caddy version (`caddy version`):

v2.3.0

2. How I run Caddy:

a. System environment:

Debian GNU/Linux 9.13

b. Command:

sudo service caddy start

c. Service/unit/compose file:

Paste full file contents here.
[Unit]
Description=Caddy
Documentation=https://caddyserver.com/docs/
After=network.target network-online.target
Requires=network-online.target

[Service]
User=caddy
Group=caddy
ExecStart=/usr/bin/caddy run --environ --config /etc/caddy/Caddyfile
ExecReload=/usr/bin/caddy reload --config /etc/caddy/Caddyfile
TimeoutStopSec=5s
LimitNOFILE=1048576
LimitNPROC=512
PrivateTmp=true
ProtectSystem=full
AmbientCapabilities=CAP_NET_BIND_SERVICE

[Install]
WantedBy=multi-user.target

d. My complete Caddyfile or JSON config:

{
	debug
	default_sni iot-dev.castalie.net
}
iot-dev.castalie.net {
	log {
		output file /var/log/caddy/caddy.log
		format single_field common_log
	}

	tls {
		protocols tls1.2
		ciphers TLS_RSA_WITH_AES_128_GCM_SHA256 TLS_RSA_WITH_AES_256_CBC_SHA
	}

	# Set this path to your site's directory.
	root * /usr/share/caddy
}

3. The problem I’m having:

I am using an IoT device communicating with caddy server. This IoT device has only 2 ciphers in common with supported Caddy ciphers: TLS_RSA_WITH_AES_128_GCM_SHA256 and TLS_RSA_WITH_AES_256_CBC_SHA.

So I want to use these ciphers but it is not working.

4. Error messages and/or full log output:

2021/10/05 14:47:02.431 INFO using provided configuration {“config_file”: “Caddyfile”, “config_adapter”: “”}
2021/10/05 14:47:02.433 INFO admin admin endpoint started {“address”: “tcp/localhost:2019”, “enforce_origin”: false, “origins”: [“127.0.0.1:2019”, “localhost:2019”, “[::1]:2019”]}
2021/10/05 14:47:02.433 INFO tls.cache.maintenance started background certificate maintenance {“cache”: “0xc000242bd0”}
2021/10/05 14:47:02.433 INFO http enabling automatic HTTP->HTTPS redirects {“server_name”: “srv0”}
2021/10/05 14:47:02.434 DEBUG http starting server loop {“address”: “[::]:443”, “http3”: false, “tls”: true}
2021/10/05 14:47:02.434 DEBUG http starting server loop {“address”: “[::]:80”, “http3”: false, “tls”: false}
2021/10/05 14:47:02.434 INFO http enabling automatic TLS certificate management {“domains”: [“iot-dev.castalie.net”]}
2021/10/05 14:47:02.435 DEBUG tls loading managed certificate {“domain”: “iot-dev.castalie.net”, “expiration”: “2021/12/16 08:21:12.000”, “issuer_key”: “acme-v02.api.letsencrypt.org-directory”, “storage”: “FileStorage:/root/.local/share/caddy”}
2021/10/05 14:47:02.447 INFO autosaved config {“file”: “/root/.config/caddy/autosave.json”}
2021/10/05 14:47:02.447 INFO serving initial configuration
2021/10/05 14:47:02.448 INFO tls cleaned up storage units
2021/10/05 14:47:08.559 DEBUG http.stdlib http: TLS handshake error from 81.250.210.141:44152: tls: no cipher suite supported by both client and server

5. What I already tried:

I am doing this command with openssl:
openssl s_client -connect myserver:443 -tls1_2 -cipher AES128-GCM-SHA256
openssl s_client -connect myserver:443 -tls1_2 -cipher AES256-SHA

It is not working either. I collected wireshark traces and I can see the “Alert Fatal. Handshake failure” packet coming from the server.

When I try with google.com instead of my server, I am able to connect.

It looks like the cipher is not enabled even though I added it to the Caddyfile. Do you have any idea why it is not working?

6. Links to relevant resources:

francislavoie · October 5, 2021, 4:24pm

By default, Caddy uses ECC keys, not RSA. Those ciphers require RSA keys.

You’ll need to configure key_type to rsa2048.

Then, also remove ciphers and protocol from your config. Let Caddy negotiate the ciphers and protocol version with the client.

Before restarting Caddy with the config changes, you’ll need to delete the existing certificates and keys from Caddy’s trust store to force it to re-issue the certificates with a fresh key.

lucar · October 6, 2021, 1:24pm

Hi Francis,

Thank you for your reply.

I trie to configure key_type to rsa2048 in my tls block but it was not working, error was:
run: adapting config using caddyfile: parsing caddyfile tokens for ‘tls’: Caddyfile:22 - Error during parsing: unknown subdirective: key_type

I put the key_type in my global options and caddy was able to start. Can you confirm it is the right place to put key_type?

I am using letsencrypt for the certificate part.
To delete the certificate and keys should I remove the live and archive folder?
And to renew I need to do the “certbot renew” command?

francislavoie · October 6, 2021, 2:45pm

No, it goes within the tls directive, i.e. where you currently have ciphers and protocols (but remove those options – they aren’t helpful in this case)

It’s probably because you’re using an old version of Caddy. please upgrade to v2.4.5.

Don’t use certbot. Caddy is the ACME client.

Caddy’s storage locations are mentioned at the top of your logs when Caddy starts up.

lucar · October 6, 2021, 4:00pm

I have upgraded caddy to the v2.4.5. Removed the ciphers and protocols options.

I deleted all the folders in the data directory, then started Caddy but I had the same issue.

I added the ciphers option and I was able to establish a TLS connection but not fully. Caddy sent a TLS: Internal error packet, do you have any idea why?

2021/10/06 15:57:26.996	DEBUG	tls.handshake	no matching certificates and no custom selection logic	{"identifier": "145.239.187.25"}
2021/10/06 15:57:26.996	DEBUG	tls.handshake	choosing certificate	{"identifier": "iot-dev.castalie.net", "num_choices": 1}
2021/10/06 15:57:26.996	DEBUG	tls.handshake	default certificate selection results	{"identifier": "iot-dev.castalie.net", "subjects": ["iot-dev.castalie.net"], "managed": true, "issuer_key": "acme-v02.api.letsencrypt.org-directory", "hash": "54b75d2f5a5d71cf5c474e2d06a90d72c19ac1373695e9e1d385a0fe23cf6f39"}
2021/10/06 15:57:26.996	DEBUG	tls.handshake	fell back to default certificate	{"subjects": ["iot-dev.castalie.net"], "managed": true, "expiration": "2022/01/04 14:20:45.000", "hash": "54b75d2f5a5d71cf5c474e2d06a90d72c19ac1373695e9e1d385a0fe23cf6f39"}
2021/10/06 15:57:32.335	DEBUG	http.stdlib	http: TLS handshake error from 90.134.57.251:16924: remote error: tls: internal error

francislavoie · October 6, 2021, 4:09pm

Do you see log messages showing that Caddy reissued the certificates? If not, then you might have deleted the wrong ones. Did you restart Caddy after deleting the certificates?

lucar · October 6, 2021, 5:57pm

I did restarted Caddy after deleting the certificate. Here is the log I had when I restarted it

2021/10/06 15:20:43.789	INFO	admin	admin endpoint started	{"address": "tcp/localhost:2019", "enforce_origin": false, "origins": ["localhost:2019", "[::1]:2019", "127.0.0.1:2019"]}
2021/10/06 15:20:43.789	INFO	http	enabling automatic HTTP->HTTPS redirects	{"server_name": "srv0"}
2021/10/06 15:20:43.789	INFO	tls.cache.maintenance	started background certificate maintenance	{"cache": "0xc000351c00"}
2021/10/06 15:20:43.790	DEBUG	http	starting server loop	{"address": "[::]:80", "http3": false, "tls": false}
2021/10/06 15:20:43.790	INFO	tls	cleaning storage unit	{"description": "FileStorage:/root/.local/share/caddy"}
2021/10/06 15:20:43.790	DEBUG	http	starting server loop	{"address": "[::]:443", "http3": false, "tls": true}
2021/10/06 15:20:43.790	INFO	tls	finished cleaning storage units
2021/10/06 15:20:43.790	INFO	http	enabling automatic TLS certificate management	{"domains": ["iot-dev.castalie.net"]}
2021/10/06 15:20:43.790	INFO	autosaved config (load with --resume flag)	{"file": "/root/.config/caddy/autosave.json"}
2021/10/06 15:20:43.790	INFO	serving initial configuration
2021/10/06 15:20:43.791	INFO	tls.obtain	acquiring lock	{"identifier": "iot-dev.castalie.net"}
2021/10/06 15:20:43.902	INFO	tls.obtain	lock acquired	{"identifier": "iot-dev.castalie.net"}
2021/10/06 15:20:44.169	DEBUG	tls.obtain	trying issuer 1/2	{"issuer": "acme-v02.api.letsencrypt.org-directory"}
2021/10/06 15:20:44.711	DEBUG	tls.issuance.acme.acme_client	http request	{"method": "GET", "url": "https://acme-v02.api.letsencrypt.org/directory", "headers": {"User-Agent":["Caddy/2.4.5 CertMagic acmez (linux; amd64)"]}, "response_headers": {"Cache-Control":["public, max-age=0, no-cache"],"Content-Length":["658"],"Content-Type":["application/json"],"Date":["Wed, 06 Oct 2021 15:20:44 GMT"],"Server":["nginx"],"Strict-Transport-Security":["max-age=604800"],"X-Frame-Options":["DENY"]}, "status_code": 200}
2021/10/06 15:20:44.839	DEBUG	tls.issuance.acme.acme_client	http request	{"method": "HEAD", "url": "https://acme-v02.api.letsencrypt.org/acme/new-nonce", "headers": {"User-Agent":["Caddy/2.4.5 CertMagic acmez (linux; amd64)"]}, "response_headers": {"Cache-Control":["public, max-age=0, no-cache"],"Date":["Wed, 06 Oct 2021 15:20:44 GMT"],"Link":["<https://acme-v02.api.letsencrypt.org/directory>;rel=\"index\""],"Replay-Nonce":["01018VI1nC_9tI4xuwkhGY_EwQbLch8AoEXbpovtbPwHHsA"],"Server":["nginx"],"Strict-Transport-Security":["max-age=604800"],"X-Frame-Options":["DENY"]}, "status_code": 200}
2021/10/06 15:20:45.053	DEBUG	tls.issuance.acme.acme_client	http request	{"method": "POST", "url": "https://acme-v02.api.letsencrypt.org/acme/new-acct", "headers": {"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.4.5 CertMagic acmez (linux; amd64)"]}, "response_headers": {"Boulder-Requester":["228825740"],"Cache-Control":["public, max-age=0, no-cache"],"Content-Length":["269"],"Content-Type":["application/json"],"Date":["Wed, 06 Oct 2021 15:20:44 GMT"],"Link":["<https://acme-v02.api.letsencrypt.org/directory>;rel=\"index\"","<https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf>;rel=\"terms-of-service\""],"Location":["https://acme-v02.api.letsencrypt.org/acme/acct/228825740"],"Replay-Nonce":["0102Fo8ROrPhHDtM0vfHIipaO64OLRRtdFEKoqqyGzFOuRI"],"Server":["nginx"],"Strict-Transport-Security":["max-age=604800"],"X-Frame-Options":["DENY"]}, "status_code": 201}
2021/10/06 15:20:45.053	INFO	tls.issuance.acme	waiting on internal rate limiter	{"identifiers": ["iot-dev.castalie.net"], "ca": "https://acme-v02.api.letsencrypt.org/directory", "account": ""}
2021/10/06 15:20:45.053	INFO	tls.issuance.acme	done waiting on internal rate limiter	{"identifiers": ["iot-dev.castalie.net"], "ca": "https://acme-v02.api.letsencrypt.org/directory", "account": ""}
2021/10/06 15:20:45.322	DEBUG	tls.issuance.acme.acme_client	http request	{"method": "POST", "url": "https://acme-v02.api.letsencrypt.org/acme/new-order", "headers": {"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.4.5 CertMagic acmez (linux; amd64)"]}, "response_headers": {"Boulder-Requester":["228825740"],"Cache-Control":["public, max-age=0, no-cache"],"Content-Length":["343"],"Content-Type":["application/json"],"Date":["Wed, 06 Oct 2021 15:20:45 GMT"],"Link":["<https://acme-v02.api.letsencrypt.org/directory>;rel=\"index\""],"Location":["https://acme-v02.api.letsencrypt.org/acme/order/228825740/29903597190"],"Replay-Nonce":["0102YWgFRSl9vY0Qy8oYyBKvn-OdTNwjhs4AaAeF713Nf4g"],"Server":["nginx"],"Strict-Transport-Security":["max-age=604800"],"X-Frame-Options":["DENY"]}, "status_code": 201}
2021/10/06 15:20:45.480	DEBUG	tls.issuance.acme.acme_client	http request	{"method": "POST", "url": "https://acme-v02.api.letsencrypt.org/acme/authz-v3/37565424500", "headers": {"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.4.5 CertMagic acmez (linux; amd64)"]}, "response_headers": {"Boulder-Requester":["228825740"],"Cache-Control":["public, max-age=0, no-cache"],"Content-Length":["801"],"Content-Type":["application/json"],"Date":["Wed, 06 Oct 2021 15:20:45 GMT"],"Link":["<https://acme-v02.api.letsencrypt.org/directory>;rel=\"index\""],"Replay-Nonce":["01022IVPoQjV1ewk7OdM0GiB2UqI87-dsAz82NmtyDFA0RE"],"Server":["nginx"],"Strict-Transport-Security":["max-age=604800"],"X-Frame-Options":["DENY"]}, "status_code": 200}
2021/10/06 15:20:45.481	INFO	tls.issuance.acme.acme_client	trying to solve challenge	{"identifier": "iot-dev.castalie.net", "challenge_type": "http-01", "ca": "https://acme-v02.api.letsencrypt.org/directory"}
2021/10/06 15:20:45.655	DEBUG	tls.issuance.acme.acme_client	http request	{"method": "POST", "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/37565424500/ydn30g", "headers": {"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.4.5 CertMagic acmez (linux; amd64)"]}, "response_headers": {"Boulder-Requester":["228825740"],"Cache-Control":["public, max-age=0, no-cache"],"Content-Length":["186"],"Content-Type":["application/json"],"Date":["Wed, 06 Oct 2021 15:20:45 GMT"],"Link":["<https://acme-v02.api.letsencrypt.org/directory>;rel=\"index\"","<https://acme-v02.api.letsencrypt.org/acme/authz-v3/37565424500>;rel=\"up\""],"Location":["https://acme-v02.api.letsencrypt.org/acme/chall-v3/37565424500/ydn30g"],"Replay-Nonce":["0101uL8Y0M5W_3_g5MFxh-t-OKmxcfdXvimaZdgZQasCzhg"],"Server":["nginx"],"Strict-Transport-Security":["max-age=604800"],"X-Frame-Options":["DENY"]}, "status_code": 200}
2021/10/06 15:20:45.655	DEBUG	tls.issuance.acme.acme_client	challenge accepted	{"identifier": "iot-dev.castalie.net", "challenge_type": "http-01"}
2021/10/06 15:20:45.704	INFO	tls.issuance.acme	served key authentication	{"identifier": "iot-dev.castalie.net", "challenge": "http-01", "remote": "18.159.196.172:50150", "distributed": false}
2021/10/06 15:20:45.965	INFO	tls.issuance.acme	served key authentication	{"identifier": "iot-dev.castalie.net", "challenge": "http-01", "remote": "3.142.122.14:31772", "distributed": false}
2021/10/06 15:20:46.067	DEBUG	tls.issuance.acme.acme_client	http request	{"method": "POST", "url": "https://acme-v02.api.letsencrypt.org/acme/authz-v3/37565424500", "headers": {"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.4.5 CertMagic acmez (linux; amd64)"]}, "response_headers": {"Boulder-Requester":["228825740"],"Cache-Control":["public, max-age=0, no-cache"],"Content-Length":["801"],"Content-Type":["application/json"],"Date":["Wed, 06 Oct 2021 15:20:46 GMT"],"Link":["<https://acme-v02.api.letsencrypt.org/directory>;rel=\"index\""],"Replay-Nonce":["0102mYvhVCgSS93nhCrNetB22Lr6uswYao9P_qRJrNHiQC4"],"Server":["nginx"],"Strict-Transport-Security":["max-age=604800"],"X-Frame-Options":["DENY"]}, "status_code": 200}
2021/10/06 15:20:46.134	INFO	tls.issuance.acme	served key authentication	{"identifier": "iot-dev.castalie.net", "challenge": "http-01", "remote": "64.78.149.164:21134", "distributed": false}
2021/10/06 15:20:46.209	INFO	tls.issuance.acme	served key authentication	{"identifier": "iot-dev.castalie.net", "challenge": "http-01", "remote": "34.219.87.132:11970", "distributed": false}
2021/10/06 15:20:46.498	DEBUG	tls.issuance.acme.acme_client	http request	{"method": "POST", "url": "https://acme-v02.api.letsencrypt.org/acme/authz-v3/37565424500", "headers": {"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.4.5 CertMagic acmez (linux; amd64)"]}, "response_headers": {"Boulder-Requester":["228825740"],"Cache-Control":["public, max-age=0, no-cache"],"Content-Length":["776"],"Content-Type":["application/json"],"Date":["Wed, 06 Oct 2021 15:20:46 GMT"],"Link":["<https://acme-v02.api.letsencrypt.org/directory>;rel=\"index\""],"Replay-Nonce":["0102pPZPUQ9UMiLuQK3CAByELJKmhae5hR-dxZWrX55-VXs"],"Server":["nginx"],"Strict-Transport-Security":["max-age=604800"],"X-Frame-Options":["DENY"]}, "status_code": 200}
2021/10/06 15:20:46.499	INFO	tls.issuance.acme.acme_client	validations succeeded; finalizing order	{"order": "https://acme-v02.api.letsencrypt.org/acme/order/228825740/29903597190"}
2021/10/06 15:20:47.576	DEBUG	tls.issuance.acme.acme_client	http request	{"method": "POST", "url": "https://acme-v02.api.letsencrypt.org/acme/finalize/228825740/29903597190", "headers": {"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.4.5 CertMagic acmez (linux; amd64)"]}, "response_headers": {"Boulder-Requester":["228825740"],"Cache-Control":["public, max-age=0, no-cache"],"Content-Length":["445"],"Content-Type":["application/json"],"Date":["Wed, 06 Oct 2021 15:20:47 GMT"],"Link":["<https://acme-v02.api.letsencrypt.org/directory>;rel=\"index\""],"Location":["https://acme-v02.api.letsencrypt.org/acme/order/228825740/29903597190"],"Replay-Nonce":["01013QxREOS-jnxaxxOL0LK2jBTdylHLKDOdwO9WwkhEW_w"],"Server":["nginx"],"Strict-Transport-Security":["max-age=604800"],"X-Frame-Options":["DENY"]}, "status_code": 200}
2021/10/06 15:20:47.739	DEBUG	tls.issuance.acme.acme_client	http request	{"method": "POST", "url": "https://acme-v02.api.letsencrypt.org/acme/cert/04baa0b888087d29802c2611917af606b307", "headers": {"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.4.5 CertMagic acmez (linux; amd64)"]}, "response_headers": {"Cache-Control":["public, max-age=0, no-cache"],"Content-Length":["5609"],"Content-Type":["application/pem-certificate-chain"],"Date":["Wed, 06 Oct 2021 15:20:47 GMT"],"Link":["<https://acme-v02.api.letsencrypt.org/directory>;rel=\"index\"","<https://acme-v02.api.letsencrypt.org/acme/cert/04baa0b888087d29802c2611917af606b307/1>;rel=\"alternate\""],"Replay-Nonce":["0101k4zwVd42HHdVVVj6EyMnnWAqtSyfr0nGzlNDXLV3HCs"],"Server":["nginx"],"Strict-Transport-Security":["max-age=604800"],"X-Frame-Options":["DENY"]}, "status_code": 200}
2021/10/06 15:20:47.898	DEBUG	tls.issuance.acme.acme_client	http request	{"method": "POST", "url": "https://acme-v02.api.letsencrypt.org/acme/cert/04baa0b888087d29802c2611917af606b307/1", "headers": {"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.4.5 CertMagic acmez (linux; amd64)"]}, "response_headers": {"Cache-Control":["public, max-age=0, no-cache"],"Content-Length":["3685"],"Content-Type":["application/pem-certificate-chain"],"Date":["Wed, 06 Oct 2021 15:20:47 GMT"],"Link":["<https://acme-v02.api.letsencrypt.org/directory>;rel=\"index\"","<https://acme-v02.api.letsencrypt.org/acme/cert/04baa0b888087d29802c2611917af606b307/0>;rel=\"alternate\""],"Replay-Nonce":["01024TZntTHD6fNtVHNNjwMplvBT4EjmxIc2G2_KoVW0KKY"],"Server":["nginx"],"Strict-Transport-Security":["max-age=604800"],"X-Frame-Options":["DENY"]}, "status_code": 200}
2021/10/06 15:20:47.898	INFO	tls.issuance.acme.acme_client	successfully downloaded available certificate chains	{"count": 2, "first_url": "https://acme-v02.api.letsencrypt.org/acme/cert/04baa0b888087d29802c2611917af606b307"}
2021/10/06 15:20:47.898	INFO	tls.obtain	certificate obtained successfully	{"identifier": "iot-dev.castalie.net"}
2021/10/06 15:20:47.898	INFO	tls.obtain	releasing lock	{"identifier": "iot-dev.castalie.net"}
2021/10/06 15:20:47.899	DEBUG	tls	loading managed certificate	{"domain": "iot-dev.castalie.net", "expiration": "2022/01/04 14:20:45.000", "issuer_key": "acme-v02.api.letsencrypt.org-directory", "storage": "FileStorage:/root/.local/share/caddy"}
2021/10/06 15:20:48.053	DEBUG	tls.cache	added certificate to cache	{"subjects": ["iot-dev.castalie.net"], "expiration": "2022/01/04 14:20:45.000", "managed": true, "issuer_key": "acme-v02.api.letsencrypt.org-directory", "hash": "54b75d2f5a5d71cf5c474e2d06a90d72c19ac1373695e9e1d385a0fe23cf6f39"}

Then I tried to connect and had the same issue than before (no cipher match). I added ciphers option in Caddyfile, restart caddy and I had these logs

2021/10/06 15:21:42.790	INFO	tls.cache.maintenance	started background certificate maintenance	{"cache": "0xc0003e7f80"}
2021/10/06 15:21:42.790	DEBUG	http	starting server loop	{"address": "[::]:443", "http3": false, "tls": true}
2021/10/06 15:21:42.790	DEBUG	http	starting server loop	{"address": "[::]:80", "http3": false, "tls": false}
2021/10/06 15:21:42.790	INFO	http	enabling automatic TLS certificate management	{"domains": ["iot-dev.castalie.net"]}
2021/10/06 15:21:42.791	DEBUG	tls	loading managed certificate	{"domain": "iot-dev.castalie.net", "expiration": "2022/01/04 14:20:45.000", "issuer_key": "acme-v02.api.letsencrypt.org-directory", "storage": "FileStorage:/root/.local/share/caddy"}
2021/10/06 15:21:42.791	DEBUG	tls.cache	added certificate to cache	{"subjects": ["iot-dev.castalie.net"], "expiration": "2022/01/04 14:20:45.000", "managed": true, "issuer_key": "acme-v02.api.letsencrypt.org-directory", "hash": "54b75d2f5a5d71cf5c474e2d06a90d72c19ac1373695e9e1d385a0fe23cf6f39"}
2021/10/06 15:21:42.792	INFO	autosaved config (load with --resume flag)	{"file": "/root/.config/caddy/autosave.json"}
2021/10/06 15:21:42.792	INFO	serving initial configuration
2021/10/06 15:21:42.792	INFO	tls	cleaning storage unit	{"description": "FileStorage:/root/.local/share/caddy"}
2021/10/06 15:21:42.793	INFO	tls	finished cleaning storage units
2021/10/06 15:21:48.597	DEBUG	tls.handshake	choosing certificate	{"identifier": "iot-dev.castalie.net", "num_choices": 1}
2021/10/06 15:21:48.597	DEBUG	tls.handshake	default certificate selection results	{"identifier": "iot-dev.castalie.net", "subjects": ["iot-dev.castalie.net"], "managed": true, "issuer_key": "acme-v02.api.letsencrypt.org-directory", "hash": "54b75d2f5a5d71cf5c474e2d06a90d72c19ac1373695e9e1d385a0fe23cf6f39"}
2021/10/06 15:21:48.597	DEBUG	tls.handshake	matched certificate in cache	{"subjects": ["iot-dev.castalie.net"], "managed": true, "expiration": "2022/01/04 14:20:45.000", "hash": "54b75d2f5a5d71cf5c474e2d06a90d72c19ac1373695e9e1d385a0fe23cf6f39"}
2021/10/06 15:21:55.589	DEBUG	tls.handshake	choosing certificate	{"identifier": "iot-dev.castalie.net", "num_choices": 1}
2021/10/06 15:21:55.589	DEBUG	tls.handshake	default certificate selection results	{"identifier": "iot-dev.castalie.net", "subjects": ["iot-dev.castalie.net"], "managed": true, "issuer_key": "acme-v02.api.letsencrypt.org-directory", "hash": "54b75d2f5a5d71cf5c474e2d06a90d72c19ac1373695e9e1d385a0fe23cf6f39"}
2021/10/06 15:21:55.589	DEBUG	tls.handshake	matched certificate in cache	{"subjects": ["iot-dev.castalie.net"], "managed": true, "expiration": "2022/01/04 14:20:45.000", "hash": "54b75d2f5a5d71cf5c474e2d06a90d72c19ac1373695e9e1d385a0fe23cf6f39"}
2021/10/06 15:22:00.464	DEBUG	tls.handshake	choosing certificate	{"identifier": "iot-dev.castalie.net", "num_choices": 1}
2021/10/06 15:22:00.464	DEBUG	tls.handshake	default certificate selection results	{"identifier": "iot-dev.castalie.net", "subjects": ["iot-dev.castalie.net"], "managed": true, "issuer_key": "acme-v02.api.letsencrypt.org-directory", "hash": "54b75d2f5a5d71cf5c474e2d06a90d72c19ac1373695e9e1d385a0fe23cf6f39"}
2021/10/06 15:22:00.464	DEBUG	tls.handshake	matched certificate in cache	{"subjects": ["iot-dev.castalie.net"], "managed": true, "expiration": "2022/01/04 14:20:45.000", "hash": "54b75d2f5a5d71cf5c474e2d06a90d72c19ac1373695e9e1d385a0fe23cf6f39"}
2021/10/06 15:22:00.477	INFO	http.log.access.log0	handled request	{"request": {"remote_addr": "81.250.210.141:58412", "proto": "HTTP/2.0", "method": "GET", "host": "iot-dev.castalie.net", "uri": "/", "headers": {"Accept": ["text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9"], "Sec-Fetch-Mode": ["navigate"], "Accept-Language": ["fr-FR,fr;q=0.9,en-US;q=0.8,en;q=0.7"], "Cache-Control": ["max-age=0"], "Sec-Ch-Ua": ["\";Not A Brand\";v=\"99\", \"Chromium\";v=\"94\""], "Upgrade-Insecure-Requests": ["1"], "Sec-Fetch-User": ["?1"], "Sec-Ch-Ua-Platform": ["\"Linux\""], "User-Agent": ["Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.71 Safari/537.36"], "Sec-Fetch-Site": ["none"], "Sec-Fetch-Dest": ["document"], "Accept-Encoding": ["gzip, deflate, br"], "Sec-Ch-Ua-Mobile": ["?0"], "Cookie": ["_ga=GA1.2.1186139985.1601383527; _hjid=f8f0643d-a2f6-4d5f-8ebb-c8095c13939c; _gid=GA1.2.1977762586.1633333826; C-SESSION=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6IjU5ZjdmOTM2LWY3MjItNDk0ZS05MjM1LTcxMjdkOTU5OGNhMyIsImVtYWlsIjoidHNpZmVpQGNhc3RhbGllLmNvbSIsInJvbGVzIjp7IjllM2ZmOThkLTlkZWItNDUyNy1iNTU0LTdmOThiY2JhY2FmMSI6WyJhZG1pbiJdfSwiaWF0IjoxNjMzNDM2NzE1LCJleHAiOjE2MzM1MjMxMTV9.F2coFMHlHdwpTg5uC8xa8wyauVGiwqdtf3ViDn4mLwM; _hjAbsoluteSessionInProgress=0"]}, "tls": {"resumed": false, "version": 772, "cipher_suite": 4865, "proto": "h2", "proto_mutual": true, "server_name": "iot-dev.castalie.net"}}, "common_log": "81.250.210.141 - - [06/Oct/2021:17:22:00 +0200] \"GET / HTTP/2.0\" 0 0", "user_id": "", "duration": 0.000059122, "size": 0, "status": 0, "resp_headers": {"Server": ["Caddy"]}}
2021/10/06 15:22:00.593	INFO	http.log.access.log0	handled request	{"request": {"remote_addr": "81.250.210.141:58412", "proto": "HTTP/2.0", "method": "GET", "host": "iot-dev.castalie.net", "uri": "/favicon.ico", "headers": {"Accept": ["image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8"], "Referer": ["https://iot-dev.castalie.net/"], "Sec-Fetch-Dest": ["image"], "Accept-Language": ["fr-FR,fr;q=0.9,en-US;q=0.8,en;q=0.7"], "Cookie": ["_ga=GA1.2.1186139985.1601383527; _hjid=f8f0643d-a2f6-4d5f-8ebb-c8095c13939c; _gid=GA1.2.1977762586.1633333826; C-SESSION=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6IjU5ZjdmOTM2LWY3MjItNDk0ZS05MjM1LTcxMjdkOTU5OGNhMyIsImVtYWlsIjoidHNpZmVpQGNhc3RhbGllLmNvbSIsInJvbGVzIjp7IjllM2ZmOThkLTlkZWItNDUyNy1iNTU0LTdmOThiY2JhY2FmMSI6WyJhZG1pbiJdfSwiaWF0IjoxNjMzNDM2NzE1LCJleHAiOjE2MzM1MjMxMTV9.F2coFMHlHdwpTg5uC8xa8wyauVGiwqdtf3ViDn4mLwM; _hjAbsoluteSessionInProgress=0"], "Sec-Ch-Ua-Platform": ["\"Linux\""], "Accept-Encoding": ["gzip, deflate, br"], "Sec-Fetch-Mode": ["no-cors"], "Pragma": ["no-cache"], "Cache-Control": ["no-cache"], "Sec-Ch-Ua": ["\";Not A Brand\";v=\"99\", \"Chromium\";v=\"94\""], "Sec-Ch-Ua-Mobile": ["?0"], "User-Agent": ["Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.71 Safari/537.36"], "Sec-Fetch-Site": ["same-origin"]}, "tls": {"resumed": false, "version": 772, "cipher_suite": 4865, "proto": "h2", "proto_mutual": true, "server_name": "iot-dev.castalie.net"}}, "common_log": "81.250.210.141 - - [06/Oct/2021:17:22:00 +0200] \"GET /favicon.ico HTTP/2.0\" 0 0", "user_id": "", "duration": 0.000039843, "size": 0, "status": 0, "resp_headers": {"Server": ["Caddy"]}}

Did I delete the right keys and certificates?

system · November 4, 2021, 3:31pm

This topic was automatically closed after 30 days. New replies are no longer allowed.