Why HTTPS can't work in Intranet

Help
1

1. The problem I’m having: My website can’t work in Intranet with https.

As the meaning of question, I try to build a website in my Intranet(class A:10.x.x.x). I set my public domain to 10.x.x.x and the website is working well in http through Intranet. But when I delete “http://” before the domain address in caddy config file, I fail to access the website in https. It just return ERR_SSL_PROTOCOL_ERROR in my chrome/firefox. Whether HTTP or HTTPS, they work in fully same network and environment.

2. Error messages and/or full log output:

agic.(*Config).ObtainCertAsync\n\tgithub.com/caddyserver/certmagic@v0.21.6/config.go:505\ngithub.com/caddyserver/certmagic.(*Config).manageOne.func1\n\tgithub.com/caddyserver/certmagic@v0.21.6/config.go:415\ngithub.com/caddyserver/certmagic.(*jobManager).worker\n\tgithub.com/caddyserver/certmagic@v0.21.6/async.go:73"}
Feb 24 22:40:03 kingnas caddy[336101]: {"level":"error","ts":1740408003.9948144,"msg":"validating authorization","identifier":"gybbs.dowblog.top","problem":{"type":"urn:ietf:params:acme:error:dns","title":"","detail":"no valid A records found for gybbs.dowblog.top; no valid AAAA records found for gybbs.dowblog.top","instance":"","subproblems":null},"order":"https://acme-staging-v02.api.letsencrypt.org/acme/order/186407574/22835669174","attempt":2,"max_attempts":3,"stacktrace":"github.com/mholt/acmez/v3.(*Client).ObtainCertificate\n\tgithub.com/mholt/acmez/v3@v3.0.0/client.go:152\ngithub.com/caddyserver/certmagic.(*ACMEIssuer).doIssue\n\tgithub.com/caddyserver/certmagic@v0.21.6/acmeissuer.go:477\ngithub.com/caddyserver/certmagic.(*ACMEIssuer).Issue\n\tgithub.com/caddyserver/certmagic@v0.21.6/acmeissuer.go:371\ngithub.com/caddyserver/caddy/v2/modules/caddytls.(*ACMEIssuer).Issue\n\tgithub.com/caddyserver/caddy/v2@v2.9.1/modules/caddytls/acmeissuer.go:249\ngithub.com/caddyserver/certmagic.(*Config).obtainCert.func2\n\tgithub.com/caddyserver/certmagic@v0.21.6/config.go:626\ngithub.com/caddyserver/certmagic.doWithRetry\n\tgithub.com/caddyserver/certmagic@v0.21.6/async.go:104\ngithub.com/caddyserver/certmagic.(*Config).obtainCert\n\tgithub.com/caddyserver/certmagic@v0.21.6/config.go:700\ngithub.com/caddyserver/certmagic.(*Config).ObtainCertAsync\n\tgithub.com/caddyserver/certmagic@v0.21.6/config.go:505\ngithub.com/caddyserver/certmagic.(*Config).manageOne.func1\n\tgithub.com/caddyserver/certmagic@v0.21.6/config.go:415\ngithub.com/caddyserver/certmagic.(*jobManager).worker\n\tgithub.com/caddyserver/certmagic@v0.21.6/async.go:73"}
Feb 24 22:40:03 kingnas caddy[336101]: {"level":"error","ts":1740408003.9950352,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"gybbs.dowblog.top","issuer":"acme-v02.api.letsencrypt.org-directory","error":"HTTP 400 urn:ietf:params:acme:error:dns - no valid A records found for gybbs.dowblog.top; no valid AAAA records found for gybbs.dowblog.top"}
Feb 24 22:40:03 kingnas caddy[336101]: {"level":"debug","ts":1740408003.9951246,"logger":"events","msg":"event","name":"cert_failed","id":"8965d885-c19c-4a25-91ff-0a9d0a7efc7c","origin":"tls","data":{"error":{},"identifier":"gybbs.dowblog.top","issuers":["acme-v02.api.letsencrypt.org-directory"],"renewal":false}}
Feb 24 22:40:03 kingnas caddy[336101]: {"level":"error","ts":1740408003.9952269,"logger":"tls.obtain","msg":"will retry","error":"[gybbs.dowblog.top] Obtain: [gybbs.dowblog.top] solving challenge: gybbs.dowblog.top: [gybbs.dowblog.top] authorization failed: HTTP 400 urn:ietf:params:acme:error:dns - no valid A records found for gybbs.dowblog.top; no valid AAAA records found for gybbs.dowblog.top (ca=https://acme-staging-v02.api.letsencrypt.org/directory)","attempt":2,"retrying_in":120,"elapsed":76.247669998,"max_duration":2592000}

3. Caddy version: v2.9.1 h1:OEYiZ7DbCzAWVb6TNEkjRcSCRGHVoZsJinoDR/n9oaY=

4. How I installed and ran Caddy: With lcmp script. (GitHub - teddysun/lcmp: Install LCMP (Linux + Caddy + MariaDB + PHP) for AlmaLinux/RockyLinux/CentOS/Debian/Ubuntu)

a. System environment: 5.15.0-133-generic #144-Ubuntu SMP Fri Feb 7 20:47:38 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux

b. Command:

sudo lcmp start

c. Service/unit/compose file:

service, systemd

d. My complete Caddy config:

gybbs.dowblog.top {
        root * /data/www/gybbs/public
        encode gzip
        php_fastcgi unix//run/php/php-fpm.sock
        header /assets/* {
                +Cache-Control "public, must-revalidate, proxy-revalidate"
                +Cache-Control "max-age=25000"
                Pragma "public"
                Strict-Transport-Security "max-age=31536000; preload"
                X-Content-Type-Options nosniff
                X-Frame-Options SAMEORIGIN
        }
        file_server
        log {
                output file /var/log/caddy/access.log {
                        roll_size 100mb
                        roll_keep 3
                        roll_keep_for 7d
                }
        }
}

5. Links to relevant resources:

2

What you’re wanting to do is acquire a certificate via DNS. Whoever is responsible for the DNS of your domain needs to be included in your Caddyfile. Your error is indicating it can’t find A or AAAA records for your domain.

If you tell us who your DNS provider is for that domain, then we can help you set up your Caddyfile to have Caddy automatically use LetsEncrypt to make and manage certificates.

2 Likes
3

alidns, thanks.

4

I already set A records, and it works on http.

5

My apologies, I forgot to reply to this.

You need the AliDNS plugin for Caddy, and then configure your Caddyfile with:

gybbs.dowblog.top {
	tls {
		dns alidns {
			access_key_id {env.ALIYUN_ACCESS_KEY_ID}
			access_key_secret {env.ALIYUN_ACCESS_KEY_SECRET}
		}
	}
        root * /data/www/gybbs/public
        encode gzip
        php_fastcgi unix//run/php/php-fpm.sock
        header /assets/* {
                +Cache-Control "public, must-revalidate, proxy-revalidate"
                +Cache-Control "max-age=25000"
                Pragma "public"
                Strict-Transport-Security "max-age=31536000; preload"
                X-Content-Type-Options nosniff
                X-Frame-Options SAMEORIGIN
        }
        file_server
        log {
                output file /var/log/caddy/access.log {
                        roll_size 100mb
                        roll_keep 3
                        roll_keep_for 7d
                }
        }
}
1 Like