V2. HTTP to HTTPS redirects fail for on_demand SSL certs

1. My Caddy version (caddy -version):

v2.0.0-beta10

2. How I run Caddy:

Please provide all of the relevant information and DO NOT REDACT anything except passwords/keys. Thank you!

a. System environment:

Created from Digital Ocean Marketplace app, which uses Ubuntu

b. Command:

caddy start
curl -X POST "http://localhost:2019/load" \
        -H "Content-Type: application/json" \
        -d @caddy.json

c. My complete caddy.json file:

{
  "apps": {
    "http": {
      "servers": {
        "srv0": {
          "listen": [":443"],
          "routes": [
            {
              "handle": [
                {
                  "handler": "reverse_proxy",
                  "upstreams": [
                    {
                      "dial": "{IPADDRESS}:1111"
                    }
                  ]
                }
              ],
              "match": [
                {
                  "host": ["api.domain.com"]
                }
              ]
            },
            {
              "handle": [
                {
                  "handler": "reverse_proxy",
                  "upstreams": [
                    {
                      "dial": "{IPADDRESS}:5555"
                    }
                  ]
                }
              ]
            }
          ],
          "automatic_https": {
            "disable_redirects": false
          },
          "tls_connection_policies": [{}],
          "logs": {}
        }
      }
    },
    "tls": {
      "automation": {
        "policies": [
          {
            "management": {
              "module": "acme",
              "ca": "https://acme-v02.api.letsencrypt.org/directory",
              "on_demand": true
            }
          }
        ],
        "on_demand": {
          "rate_limit": {
            "interval": "10m",
            "burst": 2
          }
        }
      }
    }
  }
}

3. The problem I’m having:

HTTP to HTTPS redirect does not work for domains which generate their SSL certificates on_demand. HTTP to HTTPS redirect only works for api.domain.com.

4. Error messages and/or full log output:

A curl command to http://domainpointedatserver.com returns nothing. A curl command to https://domainpointedatserver.com returns the correct site.

5. What I already tried:

Everything I could think of including manually setting disable_redirects to false, and listening on port 80.

Thanks for the report, and for trying Caddy 2 while it’s still in beta. Will be looking into this!

1 Like

@podpage I think I’ve fixed this in https://github.com/caddyserver/caddy/commit/994b9033e96da270dca48ab01377431028c06b52. Are you able to build from source on the v2 branch and let me know how it works for you?

Hi Matt,
I am running into the same issue. I pulled down your latest commit (beta 11) and it doesn’t seem to fix it. I am getting a nil pointer error in the logs when I try to access via http but not https.

 /home/user/Projects/caddy/modules/caddyhttp/server.go:192 +0x740

Here is my Caddyfile:

blog.example.io {
	root * /var/www/example.io
	encode gzip
	file_server
}

The latest commit will be in beta 13; beta 11 doesn’t have the fix. You’ll have to build from source on the v2 branch to get it right now.

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.