V2: Simple HTTP/3 experimental config

1. My Caddy version (caddy -version):

v2.0.0-beta4 h1:E/9KLpceaTby394+yuX2+S0h9P4dzM76RHbppnlstdI=

2. How I run Caddy:

caddy run --config /hab/svc/caddy/config/Caddyfile --adapter caddyfile

a. System environment:

Running in a docker cleanroom environment (Habitat studio)

b. Command:

caddy run --config /hab/svc/caddy/config/Caddyfile --adapter caddyfile

c. Service/unit/compose file:


d. My complete Caddyfile:

encode gzip zstd
root * /hab/svc/caddy/data

3. The problem I’m having:

Getting the following error on startup:

caddy.default(O): 2019/10/09 02:07:01 run: adapting config using caddyfile: /hab/svc/caddy/config/Caddyfile:6: unrecognized directive: udp/

4. Error messages and/or full log output:

See above

5. What I already tried:

Tried omitting the udp/ directive, but then it only listens on TCP.

6. Links to relevant resources:

The correct Caddyfile is the one without the udp/ line.

It’s not obvious (yet), but HTTP/3 requires TLS to operate, and I don’t think that server has TLS enabled, because there’s no way Caddy can serve TLS with the config you’ve given it. There’s no certificates, nor way for it to get certificates, for the address

So, you can use a proper hostname and obtain a real certificate:


Or you can set up on-demand TLS to get certificates at handshake-time:

tls {
    # NOTE: this is still a TODO, so not yet implemented
    # in the v2 Caddyfile and it might be different than this
    ask <your endpoint here>

But the easiest thing is to just make your own certificate and provide them:
tls cert.pem key.pem

You’ll get cert errors that way, but at least you’ll have TLS.

1 Like

Updated Caddyfile:

encode gzip zstd
root * /hab/svc/caddy/data
tls /hab/svc/caddy/files/cert.pem /hab/svc/caddy/files/cert.key

Certificates generated with:

openssl req -x509 -nodes -days 365 -newkey rsa:2048 \
  -subj "/C=JP/ST=Tokyo/L=Setagaya/O=Rakuten/OU=Operations/CN=localhost" \
  -keyout cert.key \
  -out cert.pem

After starting Caddy, I get the following output:

addy.default(O): 2019/10/09 02:55:37 Caddy 2 admin endpoint listening on localhost:2019
caddy.default(O): 2019/10/09 02:55:37 [INFO][cache:0xc00014b9f0] Started certificate maintenance routine
caddy.default(O): 2019/10/09 02:55:37 [WARNING] Stapling OCSP: no OCSP stapling for [localhost]: no OCSP server specified in certificate
caddy.default(O): 2019/10/09 02:55:37 [INFO] tls: Cleaned up storage unit(s)
caddy.default(O): 2019/10/09 02:55:37 Caddy 2 serving initial configuration


# netstat -peanut | grep caddy
tcp        0      0*               LISTEN      93905/caddy
tcp        0      0 :::443                  :::*                    LISTEN      93905/caddy

It is still not listening on UDP, as far as I can see.

hi, you can not use self-signed tls certificate to enable http/3 support. see A workaround to test HTTP/3 with Caddy 2 in localhost · Issue #2934 · caddyserver/caddy · GitHub for more detail.

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.