1. The problem I’m having:
Not being able to get CA certificate with tailscale after the first time.
2. Error messages and/or full log output:
{"level":"info","ts":1711194450.518464,"msg":"using provided configuration","config_file":"/etc/caddy/Cad}
{"level":"warn","ts":1711194450.6241379,"msg":"Caddyfile input is not formatted; run 'caddy fmt --overwri}
{"level":"info","ts":1711194450.671978,"logger":"admin","msg":"admin endpoint started","address":"localho}
{"level":"info","ts":1711194450.6745296,"logger":"http.auto_https","msg":"server is listening only on the}
{"level":"info","ts":1711194450.6748042,"logger":"http.auto_https","msg":"enabling automatic HTTP->HTTPS }
{"level":"debug","ts":1711194450.6752484,"logger":"http.auto_https","msg":"adjusted config","tls":{"autom}
{"level":"debug","ts":1711194450.6856575,"logger":"http","msg":"starting server loop","address":"[::]:80"}
{"level":"info","ts":1711194450.6863039,"logger":"http.log","msg":"server running","name":"remaining_auto}
{"level":"info","ts":1711194450.687011,"logger":"http","msg":"enabling HTTP/3 listener","addr":":443"}
{"level":"info","ts":1711194450.6914823,"logger":"tls.cache.maintenance","msg":"started background certif}
{"level":"info","ts":1711194450.7327113,"msg":"failed to sufficiently increase receive buffer size (was: }
{"level":"debug","ts":1711194450.7348628,"logger":"http","msg":"starting server loop","address":"[::]:443}
{"level":"info","ts":1711194450.7350845,"logger":"http.log","msg":"server running","name":"srv0","protoco}
{"level":"info","ts":1711194450.7642596,"msg":"autosaved config (load with --resume flag)","file":"/confi}
{"level":"info","ts":1711194450.7648487,"msg":"serving initial configuration"}
{"level":"warn","ts":1711194450.82002,"logger":"tls","msg":"storage cleaning happened too recently; skipp}
{"level":"info","ts":1711194450.8221798,"logger":"tls","msg":"finished cleaning storage units"}
{"level":"debug","ts":1711194528.9645557,"logger":"events","msg":"event","name":"tls_get_certificate","id}
{"level":"debug","ts":1711194528.975552,"logger":"tls.handshake","msg":"no matching certificates and no c}
{"level":"debug","ts":1711194528.975886,"logger":"tls.handshake","msg":"no matching certificates and no c}
{"level":"debug","ts":1711194528.9759614,"logger":"tls.handshake","msg":"no matching certificates and no }
{"level":"debug","ts":1711194528.9760218,"logger":"tls.handshake","msg":"no matching certificates and no }
{"level":"debug","ts":1711194528.9760816,"logger":"tls.handshake","msg":"no matching certificates and no }
{"level":"debug","ts":1711194528.9762642,"logger":"tls.handshake","msg":"no certificate matching TLS Clie}
{"level":"debug","ts":1711194528.9836023,"logger":"http.stdlib","msg":"http: TLS handshake error from 172}{"level":"debug","ts":1711194529.9345684,"logger":"events","msg":"event","name":"tls_get_certificate","id}
{"level":"debug","ts":1711194529.9361234,"logger":"tls.handshake","msg":"no matching certificates and no }
{"level":"debug","ts":1711194529.9363244,"logger":"tls.handshake","msg":"no matching certificates and no }
{"level":"debug","ts":1711194529.9364479,"logger":"tls.handshake","msg":"no matching certificates and no }
{"level":"debug","ts":1711194529.9365647,"logger":"tls.handshake","msg":"no matching certificates and no }
{"level":"debug","ts":1711194529.9366813,"logger":"tls.handshake","msg":"no matching certificates and no }
{"level":"debug","ts":1711194529.9369273,"logger":"tls.handshake","msg":"no certificate matching TLS Clie}
{"level":"debug","ts":1711194529.9427412,"logger":"http.stdlib","msg":"http: TLS handshake error from 172}{"level":"debug","ts":1711194530.6413088,"logger":"http.stdlib","msg":"http: TLS handshake error from 172}
{"level":"debug","ts":1711194553.0504,"logger":"events","msg":"event","name":"tls_get_certificate","id":"}{"level":"debug","ts":1711194553.0526292,"logger":"tls.handshake","msg":"no matching certificates and no }
{"level":"debug","ts":1711194553.0528328,"logger":"tls.handshake","msg":"no matching certificates and no }{"level":"debug","ts":1711194553.05296,"logger":"tls.handshake","msg":"no matching certificates and no cu}
{"level":"debug","ts":1711194553.053072,"logger":"tls.handshake","msg":"no matching certificates and no c}{"level":"debug","ts":1711194553.053182,"logger":"tls.handshake","msg":"no matching certificates and no c}
{"level":"debug","ts":1711194553.0535116,"logger":"tls.handshake","msg":"no certificate matching TLS Clie}
{"level":"debug","ts":1711194553.0554667,"logger":"http.stdlib","msg":"http: TLS handshake error from 172}
{"level":"info","ts":1711194690.6617126,"logger":"admin.api","msg":"received request","method":"POST","ho}
{"level":"info","ts":1711194690.669924,"msg":"config is unchanged"}
{"level":"info","ts":1711194690.6702116,"logger":"admin.api","msg":"load complete"}
{"level":"info","ts":1711194790.5546253,"logger":"admin.api","msg":"received request","method":"POST","ho}
{"level":"info","ts":1711194790.57294,"logger":"admin","msg":"admin endpoint started","address":"localhos}
{"level":"info","ts":1711194790.575305,"logger":"http.auto_https","msg":"server is listening only on the }
{"level":"info","ts":1711194790.5756228,"logger":"http.auto_https","msg":"enabling automatic HTTP->HTTPS }
{"level":"debug","ts":1711194790.5763958,"logger":"http.auto_https","msg":"adjusted config","tls":{"autom}
{"level":"debug","ts":1711194790.5839634,"logger":"http","msg":"starting server loop","address":"[::]:80"}
{"level":"info","ts":1711194790.5842729,"logger":"http.log","msg":"server running","name":"remaining_auto}
{"level":"info","ts":1711194790.5848498,"logger":"http","msg":"enabling HTTP/3 listener","addr":":443"}
{"level":"debug","ts":1711194790.5851398,"logger":"http","msg":"starting server loop","address":"[::]:443}{"level":"info","ts":1711194790.5852385,"logger":"http.log","msg":"server running","name":"srv0","protoco}
{"level":"info","ts":1711194790.5854242,"logger":"http","msg":"servers shutting down with eternal grace p}
{"level":"info","ts":1711194790.5934982,"msg":"autosaved config (load with --resume flag)","file":"/confi}{"level":"info","ts":1711194790.6022587,"logger":"admin.api","msg":"load complete"}
{"level":"info","ts":1711194790.6304986,"logger":"admin","msg":"stopped previous server","address":"local}
{"level":"debug","ts":1711194822.955547,"logger":"events","msg":"event","name":"tls_get_certificate","id"}
{"level":"debug","ts":1711194822.9566104,"logger":"tls.handshake","msg":"no matching certificates and no }
{"level":"debug","ts":1711194822.9567468,"logger":"tls.handshake","msg":"no matching certificates and no }
{"level":"debug","ts":1711194822.9568245,"logger":"tls.handshake","msg":"no matching certificates and no }
{"level":"debug","ts":1711194822.9568923,"logger":"tls.handshake","msg":"no matching certificates and no }
{"level":"debug","ts":1711194822.9569638,"logger":"tls.handshake","msg":"no matching certificates and no }
{"level":"debug","ts":1711194839.2144682,"logger":"tls.handshake","msg":"using externally-managed certifi}
{"level":"debug","ts":1711194839.2900548,"logger":"http.handlers.reverse_proxy","msg":"selected upstream"}
{"level":"debug","ts":1711194839.3773313,"logger":"http.handlers.reverse_proxy","msg":"upstream roundtrip}
{"level":"debug","ts":1711194839.5522234,"logger":"http.handlers.reverse_proxy","msg":"selected upstream"}
{"level":"debug","ts":1711194839.5572228,"logger":"http.handlers.reverse_proxy","msg":"selected upstream"}
{"level":"debug","ts":1711194839.564637,"logger":"http.handlers.reverse_proxy","msg":"selected upstream",}
{"level":"debug","ts":1711194839.582307,"logger":"http.handlers.reverse_proxy","msg":"selected upstream",}
{"level":"debug","ts":1711194839.5844734,"logger":"http.handlers.reverse_proxy","msg":"selected upstream"}
{"level":"debug","ts":1711194839.5993066,"logger":"http.handlers.reverse_proxy","msg":"selected upstream"}
{"level":"debug","ts":1711194839.601491,"logger":"http.handlers.reverse_proxy","msg":"selected upstream",}
{"level":"debug","ts":1711194839.664308,"logger":"http.handlers.reverse_proxy","msg":"selected upstream",}
{"level":"debug","ts":1711194839.666504,"logger":"http.handlers.reverse_proxy","msg":"selected upstream",}
{"level":"debug","ts":1711194839.675325,"logger":"http.handlers.reverse_proxy","msg":"selected upstream",}
{"level":"debug","ts":1711194839.6802447,"logger":"http.handlers.reverse_proxy","msg":"selected upstream"}
{"level":"debug","ts":1711194839.6969726,"logger":"http.handlers.reverse_proxy","msg":"selected upstream"}
{"level":"debug","ts":1711194839.7135148,"logger":"http.handlers.reverse_proxy","msg":"selected upstream"}
{"level":"debug","ts":1711194839.7158349,"logger":"http.handlers.reverse_proxy","msg":"selected upstream"}
{"level":"debug","ts":1711194839.7210596,"logger":"http.handlers.reverse_proxy","msg":"selected upstream"}
{"level":"debug","ts":1711194839.723289,"logger":"http.handlers.reverse_proxy","msg":"selected upstream",}
{"level":"debug","ts":1711194839.7401738,"logger":"http.handlers.reverse_proxy","msg":"selected upstream"}
{"level":"debug","ts":1711194839.871429,"logger":"http.handlers.reverse_proxy","msg":"upstream roundtrip"}
{"level":"debug","ts":1711194839.8686006,"logger":"http.handlers.reverse_proxy","msg":"selected upstream"}
{"level":"debug","ts":1711194840.0354888,"logger":"http.handlers.reverse_proxy","msg":"upstream roundtrip}
{"level":"debug","ts":1711194840.9934971,"logger":"http.handlers.reverse_proxy","msg":"upstream roundtrip}
{"level":"debug","ts":1711194841.1424139,"logger":"http.handlers.reverse_proxy","msg":"upstream roundtrip}
{"level":"debug","ts":1711194841.4828594,"logger":"http.handlers.reverse_proxy","msg":"upstream roundtrip}
{"level":"debug","ts":1711194841.5101826,"logger":"http.handlers.reverse_proxy","msg":"upstream roundtrip}
{"level":"debug","ts":1711194841.5116918,"logger":"http.handlers.reverse_proxy","msg":"upstream roundtrip}
{"level":"debug","ts":1711194841.5125198,"logger":"http.handlers.reverse_proxy","msg":"upstream roundtrip}
{"level":"debug","ts":1711194841.5133953,"logger":"http.handlers.reverse_proxy","msg":"upstream roundtrip}
{"level":"debug","ts":1711194841.5144143,"logger":"http.handlers.reverse_proxy","msg":"upstream roundtrip}
{"level":"debug","ts":1711194841.5152748,"logger":"http.handlers.reverse_proxy","msg":"upstream roundtrip}
{"level":"debug","ts":1711194841.5161242,"logger":"http.handlers.reverse_proxy","msg":"upstream roundtrip}
{"level":"debug","ts":1711194841.5169623,"logger":"http.handlers.reverse_proxy","msg":"upstream roundtrip}
{"level":"debug","ts":1711194841.5206068,"logger":"http.handlers.reverse_proxy","msg":"upstream roundtrip}
{"level":"debug","ts":1711194841.5498998,"logger":"http.handlers.reverse_proxy","msg":"upstream roundtrip}
{"level":"debug","ts":1711194842.0106542,"logger":"http.handlers.reverse_proxy","msg":"upstream roundtrip}
{"level":"debug","ts":1711194842.2072084,"logger":"http.handlers.reverse_proxy","msg":"upstream roundtrip}
{"level":"debug","ts":1711194842.2298312,"logger":"http.handlers.reverse_proxy","msg":"upstream roundtrip}
{"level":"debug","ts":1711194843.3666027,"logger":"http.handlers.reverse_proxy","msg":"selected upstream"}
{"level":"debug","ts":1711194843.381461,"logger":"http.handlers.reverse_proxy","msg":"selected upstream",}
{"level":"debug","ts":1711194843.964385,"logger":"http.handlers.reverse_proxy","msg":"upstream roundtrip"}
{"level":"debug","ts":1711194844.489565,"logger":"http.handlers.reverse_proxy","msg":"upstream roundtrip"}
{"level":"debug","ts":1711194845.5469456,"logger":"http.handlers.reverse_proxy","msg":"selected upstream"}
{"level":"debug","ts":1711194845.561147,"logger":"http.handlers.reverse_proxy","msg":"selected upstream",}
{"level":"debug","ts":1711194845.5622318,"logger":"http.handlers.reverse_proxy","msg":"selected upstream"}
{"level":"debug","ts":1711194845.5725946,"logger":"http.handlers.reverse_proxy","msg":"selected upstream"}
{"level":"debug","ts":1711194845.5737743,"logger":"http.handlers.reverse_proxy","msg":"selected upstream"}
{"level":"debug","ts":1711194845.574588,"logger":"http.handlers.reverse_proxy","msg":"selected upstream",}
{"level":"debug","ts":1711194845.575336,"logger":"http.handlers.reverse_proxy","msg":"selected upstream",}
{"level":"debug","ts":1711194845.5761313,"logger":"http.handlers.reverse_proxy","msg":"selected upstream"}
{"level":"debug","ts":1711194845.5768821,"logger":"http.handlers.reverse_proxy","msg":"selected upstream"}
{"level":"debug","ts":1711194845.5817556,"logger":"http.handlers.reverse_proxy","msg":"selected upstream"}
{"level":"debug","ts":1711194845.5882196,"logger":"http.handlers.reverse_proxy","msg":"selected upstream"}
{"level":"debug","ts":1711194845.5895686,"logger":"http.handlers.reverse_proxy","msg":"selected upstream"}
{"level":"debug","ts":1711194845.5919898,"logger":"http.handlers.reverse_proxy","msg":"selected upstream"}
{"level":"debug","ts":1711194845.8510666,"logger":"http.handlers.reverse_proxy","msg":"selected upstream"}
{"level":"debug","ts":1711194847.6211653,"logger":"http.handlers.reverse_proxy","msg":"upstream roundtrip}
{"level":"debug","ts":1711194847.7406003,"logger":"http.handlers.reverse_proxy","msg":"upstream roundtrip}
{"level":"debug","ts":1711194847.845113,"logger":"events","msg":"event","name":"tls_get_certificate","id"}
{"level":"debug","ts":1711194847.916819,"logger":"tls.handshake","msg":"no matching certificates and no c}
{"level":"debug","ts":1711194848.0288198,"logger":"tls.handshake","msg":"no matching certificates and no }
{"level":"debug","ts":1711194848.0484116,"logger":"tls.handshake","msg":"no matching certificates and no }
{"level":"debug","ts":1711194848.0488267,"logger":"tls.handshake","msg":"no matching certificates and no }
{"level":"debug","ts":1711194848.0489101,"logger":"tls.handshake","msg":"no matching certificates and no }
{"level":"debug","ts":1711194848.1241672,"logger":"http.handlers.reverse_proxy","msg":"upstream roundtrip}
{"level":"debug","ts":1711194848.3001683,"logger":"http.handlers.reverse_proxy","msg":"upstream roundtrip}
{"level":"debug","ts":1711194848.5094032,"logger":"http.handlers.reverse_proxy","msg":"upstream roundtrip}
{"level":"debug","ts":1711194848.604773,"logger":"http.handlers.reverse_proxy","msg":"upstream roundtrip"}
{"level":"debug","ts":1711194848.6215885,"logger":"http.handlers.reverse_proxy","msg":"upstream roundtrip}
{"level":"debug","ts":1711194848.626401,"logger":"http.handlers.reverse_proxy","msg":"upstream roundtrip"}
{"level":"debug","ts":1711194848.9027667,"logger":"http.handlers.reverse_proxy","msg":"selected upstream"}
{"level":"debug","ts":1711194848.906048,"logger":"http.handlers.reverse_proxy","msg":"selected upstream",}
{"level":"debug","ts":1711194848.94389,"logger":"http.handlers.reverse_proxy","msg":"selected upstream","}
{"level":"debug","ts":1711194849.122429,"logger":"http.handlers.reverse_proxy","msg":"selected upstream",}
{"level":"debug","ts":1711194849.1793482,"logger":"events","msg":"event","name":"tls_get_certificate","id}
{"level":"debug","ts":1711194849.189608,"logger":"tls.handshake","msg":"no matching certificates and no c}
{"level":"debug","ts":1711194849.1899195,"logger":"tls.handshake","msg":"no matching certificates and no }
{"level":"debug","ts":1711194849.1900136,"logger":"tls.handshake","msg":"no matching certificates and no }
{"level":"debug","ts":1711194849.1900933,"logger":"tls.handshake","msg":"no matching certificates and no }
{"level":"debug","ts":1711194849.1901715,"logger":"tls.handshake","msg":"no matching certificates and no }
{"level":"debug","ts":1711194849.2604697,"logger":"http.handlers.reverse_proxy","msg":"upstream roundtrip}
{"level":"debug","ts":1711194849.3602483,"logger":"http.handlers.reverse_proxy","msg":"upstream roundtrip}
{"level":"debug","ts":1711194849.4890554,"logger":"http.handlers.reverse_proxy","msg":"upstream roundtrip}
{"level":"debug","ts":1711194849.5269866,"logger":"http.handlers.reverse_proxy","msg":"selected upstream"}
{"level":"debug","ts":1711194849.8606732,"logger":"http.handlers.reverse_proxy","msg":"selected upstream"}
{"level":"debug","ts":1711194850.3103137,"logger":"http.handlers.reverse_proxy","msg":"upstream roundtrip}
{"level":"debug","ts":1711194850.5788128,"logger":"http.handlers.reverse_proxy","msg":"upstream roundtrip}
{"level":"debug","ts":1711194850.6565144,"logger":"http.handlers.reverse_proxy","msg":"upstream roundtrip}
{"level":"debug","ts":1711194851.1351876,"logger":"http.handlers.reverse_proxy","msg":"upstream roundtrip}
{"level":"debug","ts":1711194851.1948972,"logger":"http.handlers.reverse_proxy","msg":"upstream roundtrip}
{"level":"debug","ts":1711194851.993243,"logger":"http.handlers.reverse_proxy","msg":"upstream roundtrip"}
{"level":"debug","ts":1711194851.997027,"logger":"http.handlers.reverse_proxy","msg":"selected upstream",}
{"level":"debug","ts":1711194852.5241306,"logger":"http.handlers.reverse_proxy","msg":"upstream roundtrip}
{"level":"debug","ts":1711194852.7802434,"logger":"http.handlers.reverse_proxy","msg":"upstream roundtrip}
{"level":"debug","ts":1711194852.8750503,"logger":"http.handlers.reverse_proxy","msg":"upstream roundtrip}
{"level":"debug","ts":1711194854.8863745,"logger":"http.handlers.reverse_proxy","msg":"upstream roundtrip}
{"level":"debug","ts":1711194855.9628356,"logger":"http.handlers.reverse_proxy","msg":"selected upstream"}
{"level":"debug","ts":1711194855.9657376,"logger":"http.handlers.reverse_proxy","msg":"selected upstream"}
{"level":"debug","ts":1711194855.9669333,"logger":"http.handlers.reverse_proxy","msg":"selected upstream"}
{"level":"debug","ts":1711194856.014142,"logger":"http.handlers.reverse_proxy","msg":"selected upstream",}
{"level":"debug","ts":1711194856.062575,"logger":"http.handlers.reverse_proxy","msg":"selected upstream",}
{"level":"debug","ts":1711194856.086894,"logger":"http.handlers.reverse_proxy","msg":"selected upstream",}
{"level":"debug","ts":1711194856.0899377,"logger":"http.handlers.reverse_proxy","msg":"selected upstream"}
{"level":"debug","ts":1711194856.092723,"logger":"http.handlers.reverse_proxy","msg":"selected upstream",}
{"level":"debug","ts":1711194856.1149828,"logger":"http.handlers.reverse_proxy","msg":"selected upstream"}
{"level":"debug","ts":1711194856.116997,"logger":"http.handlers.reverse_proxy","msg":"selected upstream",}
{"level":"debug","ts":1711194856.1302695,"logger":"http.handlers.reverse_proxy","msg":"selected upstream"}
{"level":"debug","ts":1711194856.146892,"logger":"http.handlers.reverse_proxy","msg":"selected upstream",}
{"level":"debug","ts":1711194856.1357882,"logger":"http.handlers.reverse_proxy","msg":"selected upstream"}
{"level":"debug","ts":1711194856.1347992,"logger":"http.handlers.reverse_proxy","msg":"selected upstream"}
{"level":"debug","ts":1711194856.3998826,"logger":"http.handlers.reverse_proxy","msg":"upstream roundtrip}
{"level":"debug","ts":1711194857.9246788,"logger":"http.handlers.reverse_proxy","msg":"upstream roundtrip}
{"level":"debug","ts":1711194858.1870034,"logger":"http.handlers.reverse_proxy","msg":"upstream roundtrip}
{"level":"debug","ts":1711194858.4656112,"logger":"http.handlers.reverse_proxy","msg":"upstream roundtrip}
{"level":"debug","ts":1711194858.6036708,"logger":"http.handlers.reverse_proxy","msg":"upstream roundtrip}
{"level":"debug","ts":1711194859.4273186,"logger":"http.handlers.reverse_proxy","msg":"selected upstream"}
{"level":"debug","ts":1711194859.473549,"logger":"http.handlers.reverse_proxy","msg":"upstream roundtrip"}
{"level":"debug","ts":1711194859.629727,"logger":"http.handlers.reverse_proxy","msg":"upstream roundtrip"}
{"level":"debug","ts":1711194859.702844,"logger":"http.handlers.reverse_proxy","msg":"upstream roundtrip"}
{"level":"debug","ts":1711194860.3401885,"logger":"http.handlers.reverse_proxy","msg":"upstream roundtrip}
{"level":"debug","ts":1711194861.1108086,"logger":"http.handlers.reverse_proxy","msg":"upstream roundtrip}
{"level":"debug","ts":1711194861.1598299,"logger":"http.handlers.reverse_proxy","msg":"upstream roundtrip}
{"level":"debug","ts":
3. Caddy version:
v2.7.6 h1:w0NymbG2m9PcvKWsrXO6EEkY9Ru4FJK8uQbYcev1p3A=
4. How I installed and ran Caddy:
I used this docker-composed:
version: "3.7"
networks:
proxy-network:
name: proxy-network
services:
caddy:
image: caddy:latest
restart: unless-stopped
container_name: caddy
networks:
- proxy-network
hostname: caddy
depends_on:
- tailscale
ports:
- "8080:80"
- "8443:443"
- "8443:443/udp"
volumes:
- /home/aikooo7/.docker/caddy/Caddyfile:/etc/caddy/Caddyfile
- /home/aikooo7/.docker/caddy/data:/data
- /home/aikooo7/.docker/caddy/config:/config
- /home/aikooo7/.docker/tailscale/tmp/tailscaled.sock:/var/run/tailscale/tailscaled.sock
tailscale:
container_name: tailscaled
image: tailscale/tailscale
network_mode: host
cap_add:
- NET_ADMIN
- NET_RAW
volumes:
- /home/aikooo7/.docker/tailscale/varlib:/var/lib
- /home/aikooo7/.docker/tailscale/tmp:/tmp
environment:
- TS_STATE_DIR=/var/lib/tailscale
- TS_EXTRA_ARGS=--advertise-tags=tag:container
- TS_AUTH_KEY=supersecretkey
restart: unless-stopped
a. System environment:
Alpine Linux;
Docker version 25.0.4, build 1a576c50a9a33dd7ab2bcd78db1982cb965812b0
b. Command:
Cited at the docker compose
c. Service/unit/compose file:
Not revelant
d. My complete Caddy config:
{
debug
}
testtt.tail4fad.ts.net {
reverse_proxy homepage:3000
}