if I keep tls self_signed in the config block, then it works (with the certificate error), but if I take it out, it does not.
I need to figure out how to free port 80 at least on 1 interface of my QNAP (I will check on my side).
If I manage to do so, I think I can execute caddy and having it listening on a specific address (e.g. 192.168.1.5) and then I should portforward on the router on that address right?
So, how do I need to configure http.bind? Shall I execute caddy as follows?
What do you mean by it does not work? What happens, where does it break exactly, what errors are shown?
If it’s what I’m thinking of off the top of my head, you might be able to get away without using the bind directive but instead the -http-port flag, but we’ll need more detail.
2018/07/11 17:41:31 [service.mydomain.com] failed to get certificate: [service.mydomain.com] error presenting token: presenting with standard HTTP provider server: Could not start HTTP server for challenge → listen tcp :80: listen: address already in use
How would I use the -http-port in my case? Would it solve the certificate verification?
Run Caddy with the additional flag, -http-port 8963. You can then also optionally change your HTTP-only site label to http://service.mydomain.com (removing the port).
One of its best use cases is your very setup, an external port 80 forwarded to an internal arbitrary port, as it tells Caddy to expect default HTTP traffic on the nominated port instead. This includes LetsEncrypt traffic, so Caddy should then be able to start up Automatic HTTPS without needing to bind port 80.
Incidentally, if you’re going to be using those two ports permanently, you could also add -https-port 8964, remove the HTTP-only site definition entirely, remove the scheme and port from the HTTPS site, and let Caddy take care of the rest, e.g.