1. My Caddy version (caddy -version
):
v2.0.0-beta12
2. How I run Caddy:
Installed as service according to tutorial with config file served as v2 json from /etc/caddy. Generated custom certificate using
sudo -u caddy openssl req -newkey rsa:2048 -nodes -keyout /var/lib/caddy/.local/share/caddy/key.pem -x509 -days 365 -out /var/lib/caddy/.local/share/caddy/certificate.pem
I tried providing public ip and “” as FQDN.
a. System environment:
Ubuntu 19.10 eoan (Budgie)
b. Command:
N/A (Service)
c. Service/unit/compose file:
[Unit]
Description=Caddy Web Server
Documentation=https://caddyserver.com/docs/
After=network.target
[Service]
User=caddy
Group=caddy
ExecStart=/usr/bin/caddy run --config /etc/caddy/caddy.json --resume --environ
ExecReload=/usr/bin/caddy reload --config /etc/caddy/caddy.json
TimeoutStopSec=5s
LimitNOFILE=1048576
LimitNPROC=512
PrivateTmp=true
ProtectSystem=full
AmbientCapabilities=CAP_NET_BIND_SERVICE
[Install]
WantedBy=multi-user.target
d. My complete Caddyfile:
{
"apps": {
"http": {
"servers": {
"mediabox": {
"listen": [":443"],
"routes": [
{
"handle": [{
"handler": "file_server",
"root": "/var/www"
}]
}
],
"tls_connection_policies": [
{
"match": {
"sni": [""]
},
"certificate_selection": {
"policy": "custom",
"tag": "selfsigned"
}
}
]
}
}
},
"tls": {
"certificates": {
"load_files": [
{
"certificate": "/var/lib/caddy/.local/share/caddy/certificate.pem",
"key": "/var/lib/caddy/.local/share/caddy/key.pem",
"format": "pem",
"tags": ["selfsigned"]
}
]
}
}
}
}
3. The problem I’m having:
I’d like to run a caddy server so that the connection to it is encrypted. It temporary for testing and I’d like to use a self-signed cert instead of ACME. It should be accesible via it’s local ip as well as the public ip with forwarded port 443. I don’t know how to configure caddy such that it will use the loaded cert for the SNI ‘’, according to error
http: TLS handshake error from xxx:57774: no certificate available for ''
4. Error messages and/or full log output:
http: TLS handshake error from xxxx:57774: no certificate available for ''
5. What I already tried:
Various permutations of the config file. The pasted one is the most “complete”.