1. Caddy version (caddy version
):
v2.4.6 h1:HGkGICFGvyrodcqOOclHKfvJC0qTU7vny/7FhYp9hNw=
2. How I run Caddy:
I run caddy using the caddy start and caddy stop commands
a. System environment:
Ubuntu Server 21.10
caddy environ:
caddy.HomeDir=/home/sdvaletone
caddy.AppDataDir=/home/sdvaletone/.local/share/caddy
caddy.AppConfigDir=/home/sdvaletone/.config/caddy
caddy.ConfigAutosavePath=/home/sdvaletone/.config/caddy/autosave.json
caddy.Version=v2.4.6 h1:HGkGICFGvyrodcqOOclHKfvJC0qTU7vny/7FhYp9hNw=
runtime.GOOS=linux
runtime.GOARCH=amd64
runtime.Compiler=gc
runtime.NumCPU=4
runtime.GOMAXPROCS=4
runtime.Version=go1.17.2
os.Getwd=/etc/caddy
SHELL=/bin/bash
PWD=/etc/caddy
LOGNAME=sdvaletone
XDG_SESSION_TYPE=tty
MOTD_SHOWN=pam
HOME=/home/sdvaletone
LANG=en_US.UTF-8
LS_COLORS=rs=0:di=01;34:ln=01;36:mh=00:pi=40;33:so=01;35:do=01;35:bd=40;33;01:cd=40;33;01:or=40;31;01:mi=00:su=37;41:sg=30;43:ca=30;41:tw=30;42:ow=34;42:st=37;44:ex=01;32:.tar=01;31:.tgz=01;31:.arc=01;31:.arj=01;31:.taz=01;31:.lha=01;31:.lz4=01;31:.lzh=01;31:.lzma=01;31:.tlz=01;31:.txz=01;31:.tzo=01;31:.t7z=01;31:.zip=01;31:.z=01;31:.dz=01;31:.gz=01;31:.lrz=01;31:.lz=01;31:.lzo=01;31:.xz=01;31:.zst=01;31:.tzst=01;31:.bz2=01;31:.bz=01;31:.tbz=01;31:.tbz2=01;31:.tz=01;31:.deb=01;31:.rpm=01;31:.jar=01;31:.war=01;31:.ear=01;31:.sar=01;31:.rar=01;31:.alz=01;31:.ace=01;31:.zoo=01;31:.cpio=01;31:.7z=01;31:.rz=01;31:.cab=01;31:.wim=01;31:.swm=01;31:.dwm=01;31:.esd=01;31:.jpg=01;35:.jpeg=01;35:.mjpg=01;35:.mjpeg=01;35:.gif=01;35:.bmp=01;35:.pbm=01;35:.pgm=01;35:.ppm=01;35:.tga=01;35:.xbm=01;35:.xpm=01;35:.tif=01;35:.tiff=01;35:.png=01;35:.svg=01;35:.svgz=01;35:.mng=01;35:.pcx=01;35:.mov=01;35:.mpg=01;35:.mpeg=01;35:.m2v=01;35:.mkv=01;35:.webm=01;35:.webp=01;35:.ogm=01;35:.mp4=01;35:.m4v=01;35:.mp4v=01;35:.vob=01;35:.qt=01;35:.nuv=01;35:.wmv=01;35:.asf=01;35:.rm=01;35:.rmvb=01;35:.flc=01;35:.avi=01;35:.fli=01;35:.flv=01;35:.gl=01;35:.dl=01;35:.xcf=01;35:.xwd=01;35:.yuv=01;35:.cgm=01;35:.emf=01;35:.ogv=01;35:.ogx=01;35:.aac=00;36:.au=00;36:.flac=00;36:.m4a=00;36:.mid=00;36:.midi=00;36:.mka=00;36:.mp3=00;36:.mpc=00;36:.ogg=00;36:.ra=00;36:.wav=00;36:.oga=00;36:.opus=00;36:.spx=00;36:.xspf=00;36:
SSH_CONNECTION=192.168.1.198 57620 192.168.1.44 22
LESSCLOSE=/usr/bin/lesspipe %s %s
XDG_SESSION_CLASS=user
TERM=xterm-256color
LESSOPEN=| /usr/bin/lesspipe %s
USER=sdvaletone
SHLVL=1
XDG_SESSION_ID=76
XDG_RUNTIME_DIR=/run/user/1000
SSH_CLIENT=192.168.1.198 57620 22
XDG_DATA_DIRS=/usr/local/share:/usr/share:/var/lib/snapd/desktop
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/snap/bin
DBUS_SESSION_BUS_ADDRESS=unix:path=/run/user/1000/bus
SSH_TTY=/dev/pts/0
OLDPWD=/home/sdvaletone
_=/usr/bin/caddy
b. Command:
sudo caddy start
d. My complete Caddyfile or JSON config:
{
storage file_system /mnt/HDD_Data/Caddy_configs/caddy
}
kavita.nervhq.space {
reverse_proxy :5000
}
3. The problem I’m having:
I am trying to serve a docker container of Kavita through a subdomain of nervhq.space which is currently serving jellyfin through a bare metal installation on my raspberry pi.
Currently i also have a ubuntu server that i have configured to share the same cert path with the instance that is running on the Raspberry pi.
When trying to get Caddy to serve the kavita docker container to the kavita.nervhq.space domain i am met with a certificate error as shown below.
I have been able to access the docker container at 192.168.1.44:5000 so i know that the docker configurations are good but I cannot get the ubuntu server to serve the container to the domain.
4. Error messages and/or full log output:
sdvaletone@lclcommand:/etc/caddy$ sudo caddy start
2021/11/25 00:46:56.316 INFO using adjacent Caddyfile
2021/11/25 00:46:56.320 INFO admin admin endpoint started {"address": "tcp/localhost:2019", "enforce_origin": false, "origins": ["localhost:2019", "[::1]:2019", "127.0.0.1:2019"]}
2021/11/25 00:46:56.320 INFO http server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS {"server_name": "srv0", "https_port": 443}
2021/11/25 00:46:56.320 INFO http enabling automatic HTTP->HTTPS redirects {"server_name": "srv0"}
2021/11/25 00:46:56.320 INFO tls.cache.maintenance started background certificate maintenance {"cache": "0xc0003e6c40"}
2021/11/25 00:46:56.322 INFO http enabling automatic TLS certificate management {"domains": ["kavita.nervhq.space"]}
2021/11/25 00:46:56.322 INFO tls cleaning storage unit {"description": "FileStorage:/mnt/HDD_Data/Caddy_configs/caddy"}
2021/11/25 00:46:56.322 INFO tls finished cleaning storage units
2021/11/25 00:46:56.322 INFO autosaved config (load with --resume flag) {"file": "/root/.config/caddy/autosave.json"}
2021/11/25 00:46:56.322 INFO serving initial configuration
Successfully started Caddy (pid=72750) - Caddy is running in the background
2021/11/25 00:46:56.324 INFO tls.obtain acquiring lock {"identifier": "kavita.nervhq.space"}
2021/11/25 00:46:56.327 INFO tls.obtain lock acquired {"identifier": "kavita.nervhq.space"}
sdvaletone@lclcommand:/etc/caddy$ 2021/11/25 00:46:56.329 INFO tls.issuance.acme waiting on internal rate limiter {"identifiers": ["kavita.nervhq.space"], "ca": "https://acme-v02.api.letsencrypt.org/directory", "account": ""}
2021/11/25 00:46:56.329 INFO tls.issuance.acme done waiting on internal rate limiter {"identifiers": ["kavita.nervhq.space"], "ca": "https://acme-v02.api.letsencrypt.org/directory", "account": ""}
2021/11/25 00:46:57.003 INFO tls.issuance.acme.acme_client trying to solve challenge {"identifier": "kavita.nervhq.space", "challenge_type": "tls-alpn-01", "ca": "https://acme-v02.api.letsencrypt.org/directory"}
2021/11/25 00:47:02.609 ERROR tls.issuance.acme.acme_client challenge failed {"identifier": "kavita.nervhq.space", "challenge_type": "tls-alpn-01", "problem": {"type": "urn:ietf:params:acme:error:tls", "title": "", "detail": "remote error: tls: internal error", "instance": "", "subproblems": []}}
2021/11/25 00:47:02.609 ERROR tls.issuance.acme.acme_client validating authorization {"identifier": "kavita.nervhq.space", "problem": {"type": "urn:ietf:params:acme:error:tls", "title": "", "detail": "remote error: tls: internal error", "instance": "", "subproblems": []}, "order": "https://acme-v02.api.letsencrypt.org/acme/order/289192440/42270754800", "attempt": 1, "max_attempts": 3}
2021/11/25 00:47:03.885 INFO tls.issuance.acme.acme_client trying to solve challenge {"identifier": "kavita.nervhq.space", "challenge_type": "http-01", "ca": "https://acme-v02.api.letsencrypt.org/directory"}
2021/11/25 00:47:05.012 ERROR tls.issuance.acme.acme_client challenge failed {"identifier": "kavita.nervhq.space", "challenge_type": "http-01", "problem": {"type": "urn:ietf:params:acme:error:tls", "title": "", "detail": "Fetching https://kavita.nervhq.space/.well-known/acme-challenge/RmsTpSCI0ApuxuWpqNjBlxAL9HxefIJtBi_sK52_fyo: remote error: tls: internal error", "instance": "", "subproblems": []}}
2021/11/25 00:47:05.012 ERROR tls.issuance.acme.acme_client validating authorization {"identifier": "kavita.nervhq.space", "problem": {"type": "urn:ietf:params:acme:error:tls", "title": "", "detail": "Fetching https://kavita.nerv
hq.space/.well-known/acme-challenge/RmsTpSCI0ApuxuWpqNjBlxAL9HxefIJtBi_sK52_fyo: remote error: tls: internal error", "instance": "", "subproblems": []}, "order": "https://acme-v02.api.letsencrypt.org/acme/order/289192440/42270784000", "attempt": 2, "max_attempts": 3}
2021/11/25 00:47:06.391 ERROR tls.obtain could not get certificate from issuer {"identifier": "kavita.nervhq.space", "issuer": "acme-v02.api.letsencrypt.org-directory", "error": "[kavita.nervhq.space] solving challenges: kavita.nervhq.space: no solvers available for remaining challenges (configured=[tls-alpn-01 http-01] offered=[http-01 dns-01 tls-alpn-01] remaining=[dns-01]) (order=https://acme-v02.api.letsencrypt.org/acme/order/289192440/42270795550) (ca=https://acme-v02.api.letsencrypt.org/directory)"}
2021/11/25 00:47:06.393 WARN tls.issuance.zerossl missing email address for ZeroSSL; it is strongly recommended to set one for next time
2021/11/25 00:47:06.797 INFO tls.issuance.zerossl generated EAB credentials {"key_id": "c_3rDsSkrNWdHG4CfQIb2g"}
2021/11/25 00:47:07.800 INFO tls.issuance.acme waiting on internal rate limiter {"identifiers": ["kavita.nervhq.space"], "ca": "https://acme.zerossl.com/v2/DV90", "account": ""}
2021/11/25 00:47:07.800 INFO tls.issuance.acme done waiting on internal rate limiter {"identifiers": ["kavita.nervhq.space"], "ca": "https://acme.zerossl.com/v2/DV90", "account": ""}
2021/11/25 00:47:09.004 INFO tls.issuance.acme.acme_client trying to solve challenge {"identifier": "kavita.nervhq.space", "challenge_type": "http-01", "ca": "https://acme.zerossl.com/v2/DV90"}"""
### 5. What I already tried:
I have tried forcing the caddyfile to serve http but am still met with:
Secure Connection Failed
An error occurred during a connection to kavita.nervhq.space. Peer reports it experienced an internal error.
Error code: SSL_ERROR_INTERNAL_ERROR_ALERT
The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
Please contact the website owners to inform them of this problem.
Using nslookup i can see that the domain and subdomain are pointing to my correct public IP address
Port forwarding has been checked on the ubuntu device and all is green there.
Using letsdebug.net i am met with:
[ANotWorking](https://letsdebug.net/kavita.nervhq.space/790562#ANotWorking-Error)
ERROR
kavita.nervhq.space has an A (IPv4) record (23.252.215.195) but a request to this address over port 80 did not succeed. Your web server must have at least one working IPv4 or IPv6 address.
Get "https://kavita.nervhq.space/.well-known/acme-challenge/letsdebug-test": remote error: tls: internal error
Trace:
@0ms: Making a request to http://kavita.nervhq.space/.well-known/acme-challenge/letsdebug-test (using initial IP 23.252.215.195)
@0ms: Dialing 23.252.215.195
@125ms: Server response: HTTP 308 Permanent Redirect
@125ms: Received redirect to https://kavita.nervhq.space/.well-known/acme-challenge/letsdebug-test
@125ms: Dialing 23.252.215.195
@246ms: Experienced error: remote error: tls: internal error
6. Links to relevant resources:
N/A for now