TLS Handshake error on simple config

Help
1

I´m not able to connect to HTTPS. Tried deleting .caddy folder. Didn’t find any post similar to this and was wondering if I could get help diagnosing the problem. HTTP works fine, would like to have HTTPS though.

Server OS is Linux Ubuntu 16.04 LTS

Caddyfile:

http://xxx.com http://*.xxx.com {
    tls admin@xxx.com
    root /var/www
    ext .html
}

tlstest.xxx.com {
    tls admin@xxx.com
    root /var/www
    ext .html
}

Command:

$ caddy -log caddy.log
Activating privacy features... done.
http://xxx.com
http://*.xxx.com
http://tlstest.xxx.com
https://tlstest.xxx.com

Log file:

2017/10/18 22:48:12 [WARNING] TLS disabled for http://xxx.com
2017/10/18 22:48:12 [WARNING] TLS disabled for http://*.xxx.com
2017/10/18 22:48:12 http://xxx.com
2017/10/18 22:48:12 http://*.xxx.com
2017/10/18 22:48:12 http://tlstest.xxx.com
2017/10/18 22:48:12 https://tlstest.xxx.com

HTTPie:

$ http https://tlstest.xxx.com

http: error: SSLError: ("bad handshake: SysCallError(54, 'ECONNRESET')",) while doing GET request to URL: https://tlstest.xxx.com/

curl:

curl https://tlstest.xxx.com/
curl: (35) Server aborted the SSL handshake
2

Hi @medecau,

Maybe your tlstest subdomain is being handled by the *.xxx.com site definition which is HTTP-only?

Add errors and log directives for each site definition. Point them at separate files, e.g. http.access/http.errors and https.access/https.errors. Then curl your HTTPS site and see which site definition was used to handle the request.

https://caddyserver.com/docs/log
https://caddyserver.com/docs/errors

3

Thank for your reply.

It makes sense that tlstest sub was hidden, I just didn’t see it… I have slept a bit since.

Anyway nothing was coming in on the error logs. I tried to diagnose with nmap and that’s when it hit me. 443 was closed and the firewall had another port that looked too similar to raise any alarms until now.

Everything is working just fine now. Again, thank you.

4

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.