Tls self_signed ERR_SSL_PROTOCOL_ERROR


(Jorg) #1

Hi,

I use caddy for local development only. I currently have a requirement that cannot work without https enabled.

I gather I can use tls self_signed to generate an in-memory certificate.

The Caddyfile itself is simple:

:2002 {
  root ./
  browse
  tls self_signed
}

:2002/resources {
  root /path/to/sdk/resources/
  tls self_signed
}

The result is:

Activating privacy features… done.
https://:2002
https://:2002/resources
WARNING: File descriptor limit 4864 is too low for production servers. At least 8192 is recommended. Fix with “ulimit -n 8192”.

Displaying https://localhost:2002 in chrome results in:

This site can’t provide a secure connection

localhost sent an invalid response.
ERR_SSL_PROTOCOL_ERROR

I’m hardly an expert in this area. Can anyone tell me what the missing piece is here?


(Matthew Fay) #2

Hi @jorgt, what’s your caddy -version ?

As of the latest release (0.11.5), trying to use tls self_signed without a hostname should return an error self-signed: certificate has no names. Caddy no longer serves a certificate at all if no certificate matches the hostname indicated via SNI.

You should be able to use localhost:2002 with tls self_signed for now, if you’re browsing to https://localhost:2002 in your browser.

There’s a PR in the works to have self-signed certificates automaticaly fetch all interfaces for SANs when the hostname is omitted. That should allow for :2002 to be used with the hostname omitted and still be accessible via localhost or any local IP address.

https://github.com/mholt/caddy/issues/2502
https://github.com/mholt/caddy/pull/2531


(Jorg) #3

Hi Matthew,

Caddy version outputs Caddy 0.10.11. I’ll upgrade and see if that helps.

Yup, it now quits with self-signed: certificate has no names. Specifying the hostname has worked, I can now use the API’s I need to use.

Thanks.