1. My Caddy version (caddy version
):
v2.0.0 h1:pQSaIJGFluFvu8KDGDODV8u4/QRED/OPyIR+MWYYse8=
2. How I run Caddy:
a. System environment:
Ubuntu 20.04 LTS
b. Command:
caddy reload
c. Service/unit/compose file:
N/A? Using the apt
package listed on the site to install, runs by default, haven’t found or edited anything.
d. My complete Caddyfile or JSON config:
haneefmubarak.com {
reverse_proxy localhost:2368
}
media.haneefmubarak.com {
root * /home/haneefmubarak/web/haneefmubarak.com/media
file_server browse
}
3. The problem I’m having:
I set up the media.haneefmubarak.com
site first. It took a minute or so but then worked fine, with the ACME cert successfully obtained and running (https://crt.sh/?q=haneefmubarak.com).
However, when I added the reverse-proxy for haneefmubarak.com
, it did not obtain a reverse proxy.
I will note that both are sitting behind CloudFlare, although disabling CF and passing the IP through directly didn’t seem to make any difference whatsoever (media
worked fine anyways behind CF, @
just doesn’t work either way).
4. Error messages and/or full log output:
The lack of certificate listed on https://crt.sh/?q=haneefmubarak.com and the page https://haneefmubarak.com/ throwing an SSL error.
EDIT: running openssl s_client -connect localhost:443 -servername haneefmubarak.com
yields the following:
CONNECTED(00000003)
140438162974016:error:14094438:SSL routines:ssl3_read_bytes:tlsv1 alert internal error:../ssl/record/rec_layer_s3.c:1543:SSL alert number 80
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 7 bytes and written 309 bytes
Verification: OK
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---
5. What I already tried:
I tried disabling CF, but that did not seem to help.
I also tried using
tls {
on_demand
}
within the @
configuration on the hope that that would force a certificate acquisition, but to no avail.
I also tried specifying http://
on the localhost
part after the reverse_proxy
keyword, but that also did not seem to make a difference.