What did I do wrong?

I want to apologize. I feel I am a bit annoying with what may seem like trivial issues. I really do appreciate the help and support.

I will try and get this all formatted a bit better than I have previously.

Issue that I am having currently: I can access 1 of my sub domains however the other sub domain still is getting SSL handshake failed issues.

LOGS

May 11 22:51:56 Caddy caddy[4041]: caddy.AppDataDir=/var/lib/caddy/.local/share/caddy
May 11 22:51:56 Caddy caddy[4041]: caddy.AppConfigDir=/var/lib/caddy/.config/caddy
May 11 22:51:56 Caddy caddy[4041]: caddy.ConfigAutosavePath=/var/lib/caddy/.config/caddy/autosave.json
May 11 22:51:56 Caddy caddy[4041]: caddy.Version=v2.7.6 h1:w0NymbG2m9PcvKWsrXO6EEkY9Ru4FJK8uQbYcev1p3A=
May 11 22:51:56 Caddy caddy[4041]: runtime.GOOS=linux
May 11 22:51:56 Caddy caddy[4041]: runtime.GOARCH=amd64
May 11 22:51:56 Caddy caddy[4041]: runtime.Compiler=gc
May 11 22:51:56 Caddy caddy[4041]: runtime.NumCPU=2
May 11 22:51:56 Caddy caddy[4041]: runtime.GOMAXPROCS=2
May 11 22:51:56 Caddy caddy[4041]: runtime.Version=go1.21.4
May 11 22:51:56 Caddy caddy[4041]: os.Getwd=/
May 11 22:51:56 Caddy caddy[4041]: LANG=C
May 11 22:51:56 Caddy caddy[4041]: PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
May 11 22:51:56 Caddy caddy[4041]: NOTIFY_SOCKET=/run/systemd/notify
May 11 22:51:56 Caddy caddy[4041]: HOME=/var/lib/caddy
May 11 22:51:56 Caddy caddy[4041]: LOGNAME=caddy
May 11 22:51:56 Caddy caddy[4041]: USER=caddy
May 11 22:51:56 Caddy caddy[4041]: INVOCATION_ID=b791f9efa88c466a8d84f55863df1bf3
May 11 22:51:56 Caddy caddy[4041]: JOURNAL_STREAM=8:23842892
May 11 22:51:56 Caddy caddy[4041]: SYSTEMD_EXEC_PID=4041
May 11 22:51:56 Caddy caddy[4041]: {"level":"info","ts":1715467916.1805704,"msg":"using provided configuration","config_file":"/etc/caddy/Caddyfile","config_adapter":""}
May 11 22:51:56 Caddy caddy[4041]: {"level":"warn","ts":1715467916.1816366,"msg":"Caddyfile input is not formatted; run 'caddy fmt --overwrite' to fix inconsistencies","adapter":"caddyfile","file":"/etc/caddy/Caddyfile","line":19}
May 11 22:51:56 Caddy caddy[4041]: {"level":"info","ts":1715467916.1839688,"logger":"admin","msg":"admin endpoint started","address":"localhost:2019","enforce_origin":false,"origins":["//localhost:2019","//[::1]:2019","//127.0.0.1:2019"]}
May 11 22:51:56 Caddy caddy[4041]: {"level":"info","ts":1715467916.1841671,"logger":"http.auto_https","msg":"server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS","server_name":"srv0","https_port":443}
May 11 22:51:56 Caddy caddy[4041]: {"level":"info","ts":1715467916.1841717,"logger":"tls.cache.maintenance","msg":"started background certificate maintenance","cache":"0xc00048a180"}
May 11 22:51:56 Caddy caddy[4041]: {"level":"info","ts":1715467916.1841831,"logger":"http.auto_https","msg":"enabling automatic HTTP->HTTPS redirects","server_name":"srv0"}
May 11 22:51:56 Caddy caddy[4041]: {"level":"info","ts":1715467916.1844885,"logger":"http","msg":"enabling HTTP/3 listener","addr":":443"}
May 11 22:51:56 Caddy caddy[4041]: {"level":"info","ts":1715467916.1845498,"msg":"failed to sufficiently increase receive buffer size (was: 208 kiB, wanted: 2048 kiB, got: 416 kiB). See https://github.com/quic-go/quic-go/wiki/UDP-Buffer-Sizes for details."}
May 11 22:51:56 Caddy caddy[4041]: {"level":"info","ts":1715467916.1846945,"logger":"http.log","msg":"server running","name":"srv0","protocols":["h1","h2","h3"]}
May 11 22:51:56 Caddy caddy[4041]: {"level":"info","ts":1715467916.1847298,"logger":"http.log","msg":"server running","name":"remaining_auto_https_redirects","protocols":["h1","h2","h3"]}
May 11 22:51:56 Caddy caddy[4041]: {"level":"info","ts":1715467916.184734,"logger":"http","msg":"enabling automatic TLS certificate management","domains":["media.ericstuff.net","requests.ericstuff.net"]}
May 11 22:51:56 Caddy caddy[4041]: {"level":"info","ts":1715467916.1853025,"msg":"autosaved config (load with --resume flag)","file":"/var/lib/caddy/.config/caddy/autosave.json"}
May 11 22:51:56 Caddy caddy[4041]: {"level":"info","ts":1715467916.1853428,"msg":"serving initial configuration"}
May 11 22:51:56 Caddy systemd[1]: Started caddy.service - Caddy.
May 11 22:51:56 Caddy caddy[4041]: {"level":"info","ts":1715467916.1855857,"logger":"tls.obtain","msg":"acquiring lock","identifier":"requests.ericstuff.net"}
May 11 22:51:56 Caddy caddy[4041]: {"level":"warn","ts":1715467916.1938267,"logger":"tls","msg":"storage cleaning happened too recently; skipping for now","storage":"FileStorage:/var/lib/caddy/.local/share/caddy","instance":"d24125d1-98c4-4889-84f8-8a02d67c789d","try_again":1715554316.1938252,"try_again_in":86399.99999962}
May 11 22:51:56 Caddy caddy[4041]: {"level":"info","ts":1715467916.1938443,"logger":"tls.obtain","msg":"lock acquired","identifier":"requests.ericstuff.net"}
May 11 22:51:56 Caddy caddy[4041]: {"level":"info","ts":1715467916.1938896,"logger":"tls","msg":"finished cleaning storage units"}
May 11 22:51:56 Caddy caddy[4041]: {"level":"info","ts":1715467916.1939256,"logger":"tls.obtain","msg":"obtaining certificate","identifier":"requests.ericstuff.net"}
May 11 22:51:56 Caddy caddy[4041]: {"level":"info","ts":1715467916.1947155,"logger":"tls.issuance.acme","msg":"waiting on internal rate limiter","identifiers":["requests.ericstuff.net"],"ca":"https://acme-v02.api.letsencrypt.org/directory","account":"admin@ericstuff.net"}
May 11 22:51:56 Caddy caddy[4041]: {"level":"info","ts":1715467916.1947277,"logger":"tls.issuance.acme","msg":"done waiting on internal rate limiter","identifiers":["requests.ericstuff.net"],"ca":"https://acme-v02.api.letsencrypt.org/directory","account":"admin@ericstuff.net"}
May 11 22:51:56 Caddy caddy[4041]: {"level":"info","ts":1715467916.6945508,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"requests.ericstuff.net","challenge_type":"dns-01","ca":"https://a
cme-v02.api.letsencrypt.org/directory"}
May 11 22:51:56 Caddy caddy[4041]: {"level":"error","ts":1715467916.8684866,"logger":"tls.issuance.acme.acme_client","msg":"cleaning up solver","identifier":"requests.ericstuff.net","challenge_type":"dns-01","error":"no memory of
 presenting a DNS record for \"_acme-challenge.requests.ericstuff.net\" (usually OK if presenting also failed)"}
May 11 22:51:56 Caddy caddy[4041]: {"level":"error","ts":1715467916.9256835,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"requests.ericstuff.net","issuer":"acme-v02.api.letsencrypt.org-director
y","error":"[requests.ericstuff.net] solving challenges: presenting for challenge: adding temporary record for zone \"ericstuff.net.\": got error status: HTTP 400: [{Code:6003 Message:Invalid request headers ErrorChain:[{Code:611
1 Message:Invalid format for Authorization header}]}] (order=https://acme-v02.api.letsencrypt.org/acme/order/1719194327/268596286567) (ca=https://acme-v02.api.letsencrypt.org/directory)"}
May 11 22:51:56 Caddy caddy[4041]: {"level":"info","ts":1715467916.925916,"logger":"tls.issuance.zerossl","msg":"waiting on internal rate limiter","identifiers":["requests.ericstuff.net"],"ca":"https://acme.zerossl.com/v2/DV90","
account":"admin@ericstuff.net"}
May 11 22:51:56 Caddy caddy[4041]: {"level":"info","ts":1715467916.9259417,"logger":"tls.issuance.zerossl","msg":"done waiting on internal rate limiter","identifiers":["requests.ericstuff.net"],"ca":"https://acme.zerossl.com/v2/D
V90","account":"admin@ericstuff.net"}
May 11 22:51:57 Caddy caddy[4041]: {"level":"info","ts":1715467917.339591,"logger":"tls.issuance.zerossl.acme_client","msg":"trying to solve challenge","identifier":"requests.ericstuff.net","challenge_type":"dns-01","ca":"https:/
/acme.zerossl.com/v2/DV90"}
May 11 22:51:57 Caddy caddy[4041]: {"level":"error","ts":1715467917.4833283,"logger":"tls.issuance.zerossl.acme_client","msg":"cleaning up solver","identifier":"requests.ericstuff.net","challenge_type":"dns-01","error":"no memory
 of presenting a DNS record for \"_acme-challenge.requests.ericstuff.net\" (usually OK if presenting also failed)"}
May 11 22:51:57 Caddy caddy[4041]: {"level":"error","ts":1715467917.5481431,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"requests.ericstuff.net","issuer":"acme.zerossl.com-v2-DV90","error":"[r
equests.ericstuff.net] solving challenges: presenting for challenge: adding temporary record for zone \"ericstuff.net.\": got error status: HTTP 400: [{Code:6003 Message:Invalid request headers ErrorChain:[{Code:6111 Message:Inva
lid format for Authorization header}]}] (order=https://acme.zerossl.com/v2/DV90/order/QI3gBRvqAs950tDM8ointg) (ca=https://acme.zerossl.com/v2/DV90)"}
May 11 22:51:57 Caddy caddy[4041]: {"level":"error","ts":1715467917.5481787,"logger":"tls.obtain","msg":"will retry","error":"[requests.ericstuff.net] Obtain: [requests.ericstuff.net] solving challenges: presenting for challenge:
 adding temporary record for zone \"ericstuff.net.\": got error status: HTTP 400: [{Code:6003 Message:Invalid request headers ErrorChain:[{Code:6111 Message:Invalid format for Authorization header}]}] (order=https://acme.zerossl.
com/v2/DV90/order/QI3gBRvqAs950tDM8ointg) (ca=https://acme.zerossl.com/v2/DV90)","attempt":1,"retrying_in":60,"elapsed":1.354325797,"max_duration":2592000}

What my caddy config file looks like:

media.ericstuff.net {
        # Set up encoding
        encode gzip

        # Add security headers
        header {
                Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
                X-Content-Type-Options "nosniff"
                X-Frame-Options "DENY"
                X-XSS-Protection "1; mode=block"
                Referrer-Policy "no-referrer-when-downgrade"
        }

        # Reverse proxy to the Jellyfin server
        reverse_proxy 192.168.10.30:8096
}

requests.ericstuff.net {
    # Set up encoding
    encode gzip

    tls {
        dns cloudflare {gNsqQJYbDN44gEb10doPZBaZ1zRid6GjA3FIGhaq}
    }

    # Reverse proxy to the Jellyfin server
    reverse_proxy 192.168.10.31:5055
}

What I have tried and done:

I have logged into Cloudflare, deleted all subdomains and that fun stuff and redid those. There is no cloudflare tunnel active. I have followed a few guides on generating and using Cloudflare zone api, specifically with Caddy and Caddyfile.

I hope that’s not your API key. You must keep that secret. You need to revoke it ASAP and make a new API key.

Don’t put braces around it, the { } braces are for when you use a placeholder (e.g. environment variable).

That API key is a blank one that was used as a placeholder to show what my “config” looks like unedited. I am glad that I did as I wasn’t ever aware of that bracket thing and I fear if I replaced it with common letters like {apikeyhere}, nobody would mention the brackets.

I just want to take the time and effort to say thank you. I really appreciate the help. It seems that after removing the brackets that it now works. I did not realize this was such an issue. Thank you again. All seems well!

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.