TLS Handshake Fails with internal error on Localhost

tarik · July 10, 2025, 8:18am

1. The problem I’m having:

I’m running Caddy v2 as a static file server

What I’ve tried:

Reinstalled Caddy’s root certificate
Verified certificate dates are valid
Confirmed server is listening on :443

Full debug logs show HTTP/3 is enabled but connections fail. Any suggestions?

2. Error messages and/or full log output:

TLSv1.2 (IN), TLS alert, internal error (592)
error:14004438:SSL routines:CONNECT_CR_SRVR_HELLO:tlsv1 alert internal error

caddy file-server --root ./dist --listen :443               
2025/07/10 08:01:42.076	WARN	admin	admin endpoint disabled
2025/07/10 08:01:42.077	INFO	http.auto_https	server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS	{"server_name": "static", "https_port": 443}
2025/07/10 08:01:42.077	INFO	http.auto_https	enabling automatic HTTP->HTTPS redirects	{"server_name": "static"}
2025/07/10 08:01:42.077	INFO	tls.cache.maintenance	started background certificate maintenance	{"cache": "0xc0001b7000"}
2025/07/10 08:01:42.077	INFO	http	enabling HTTP/3 listener	{"addr": ":443"}
2025/07/10 08:01:42.078	INFO	http.log	server running	{"name": "static", "protocols": ["h1", "h2", "h3"]}
2025/07/10 08:01:42.080	WARN	http	HTTP/2 skipped because it requires TLS	{"network": "tcp", "addr": ":80"}
2025/07/10 08:01:42.080	WARN	http	HTTP/3 skipped because it requires TLS	{"network": "tcp", "addr": ":80"}
2025/07/10 08:01:42.080	INFO	http.log	server running	{"name": "remaining_auto_https_redirects", "protocols": ["h1", "h2", "h3"]}
2025/07/10 08:01:42.080	INFO	Caddy serving static files on :443
2025/07/10 08:01:42.099	INFO	tls	storage cleaning happened too recently; skipping for now	{"storage": "FileStorage:/Users/wpplumber/Library/Application Support/Caddy", "instance": "93df3002-60ff-4bab-9f6c-73ead327a123", "try_again": "2025/07/11 08:01:42.099", "try_again_in": 86399.999998657}
2025/07/10 08:01:42.100	INFO	tls	finished cleaning storage units

3. Caddy version:

Caddy v2.10.0

4. How I installed and ran Caddy:

Using brew.

a. System environment:

macOS Catalina

b. Command:

caddy file-server --root ./dist --listen :443

d. My complete Caddy config:

localhost {
    root * ./dist
    file_server
    encode gzip
    tls internal
}

5. Links to relevant resources:

tarik · July 10, 2025, 9:39am

In case I use a domain https then works! but I want to use localhost to access the app via network!

tarik · July 10, 2025, 10:18am

After reading @matt post I got it working using the cmd below:

caddy file-server --root ./dist --domain 192.168.1.8 --listen :9000