Thank you for the quick reply!
I tried giving it another go, and I keep having Origin cert for all three subdomains instead of just the two, I had gpt try to help as well, but I just kept getting more errors. Do you know what I’m missing? for the books subdomain i get a “This connection is not private” when I view the certificate it says Cloudflare origin cert I have it as just DNS (grey cloud) on cf dashboard.
caddy.json
{
"apps": {
"http": {
"servers": {
"srv0": {
"listen": [":80", ":443"],
"routes": [
{
"match": [
{
"host": ["books.xincept.xyz"]
}
],
"handle": [
{
"handler": "reverse_proxy",
"upstreams": [
{
"dial": "172.18.0.1:50224"
}
]
}
],
"terminal": true
},
{
"match": [
{
"host": ["air.xincept.xyz"]
}
],
"handle": [
{
"handler": "reverse_proxy",
"upstreams": [
{
"dial": "172.18.0.1:50212"
}
]
}
],
"terminal": true
},
{
"match": [
{
"host": ["workspace.xincept.xyz"]
}
],
"handle": [
{
"handler": "reverse_proxy",
"upstreams": [
{
"dial": "172.18.0.1:3010"
}
]
}
],
"terminal": true
}
],
"tls_connection_policies": [
{
"match": {
"sni": ["air.xincept.xyz", "workspace.xincept.xyz"]
},
"certificate_selection": {
"any_tag": ["cert0"]
}
},
{}
]
}
}
},
"tls": {
"certificates": {
"load_files": [
{
"certificate": "/certs/xincept.xyz.pem",
"key": "/certs/xincept.xyz.key",
"tags": ["cert0"]
}
]
},
"automation": {
"policies": [
{
"subjects": ["books.xincept.xyz"],
"issuers": [
{
"module": "acme",
"ca": "https://acme-v02.api.letsencrypt.org/directory"
}
]
}
]
}
}
}
}
logs
{"level":"info","ts":1728966159.8609538,"msg":"using config from file","file":"/etc/caddy/caddy.json"}
{"level":"info","ts":1728966159.861926,"logger":"admin","msg":"admin endpoint started","address":"localhost:2019","enforce_origin":false,"origins":["//127.0.0.1:2019","//localhost:2019","//[::1]:2019"]}
{"level":"info","ts":1728966159.8621464,"logger":"tls.cache.maintenance","msg":"started background certificate maintenance","cache":"0xc000588c00"}
{"level":"warn","ts":1728966159.8624153,"logger":"tls","msg":"stapling OCSP","error":"no OCSP stapling for [cloudflare origin certificate *.xincept.xyz xincept.xyz]: no URL to issuing certificate"}
{"level":"info","ts":1728966159.8626695,"logger":"http.auto_https","msg":"skipping automatic certificate management because one or more matching certificates are already loaded","domain":"books.xincept.xyz","server_name":"srv0"}
{"level":"info","ts":1728966159.8626788,"logger":"http.auto_https","msg":"skipping automatic certificate management because one or more matching certificates are already loaded","domain":"air.xincept.xyz","server_name":"srv0"}
{"level":"info","ts":1728966159.8626833,"logger":"http.auto_https","msg":"skipping automatic certificate management because one or more matching certificates are already loaded","domain":"workspace.xincept.xyz","server_name":"srv0"}
{"level":"info","ts":1728966159.8626862,"logger":"http.auto_https","msg":"enabling automatic HTTP->HTTPS redirects","server_name":"srv0"}
{"level":"info","ts":1728966159.8631506,"logger":"http","msg":"enabling HTTP/3 listener","addr":":443"}
{"level":"info","ts":1728966159.8633864,"logger":"http.log","msg":"server running","name":"srv0","protocols":["h1","h2","h3"]}
{"level":"info","ts":1728966159.8635445,"msg":"autosaved config (load with --resume flag)","file":"/config/caddy/autosave.json"}
{"level":"info","ts":1728966159.863599,"msg":"serving initial configuration"}
{"level":"info","ts":1728966159.8652592,"logger":"tls","msg":"storage cleaning happened too recently; skipping for now","storage":"FileStorage:/data/caddy","instance":"909323ff-c7fe-438d-bdba-427a3e9cea1b","try_again":1729052559.8652582,"try_again_in":86399.999999684}
{"level":"info","ts":1728966159.8653224,"logger":"tls","msg":"finished cleaning storage units"}