Www subdomain insecure

bzelip · April 24, 2023, 11:07am

1. The problem I’m having:

Getting a Secure Connection Failed SSL_ERROR_INTERNAL_ERROR_ALERT error on the www. subdomain of my site. I can reach the naked domain as expected, but cannot reach the www. subdomain as browser thinks it is insecure.

I’ve got an Ubuntu 20.04 server running on Digital Ocean. I followed this tutorial to get Caddy running.

Digital Ocean domain settings:

A record with example.com as hostname that directs to my DO server IP address
CNAME with www.example.com as hostname that is an alias of A record hostname

2. Error messages and/or full log output:

Browser error message when trying to visit www.example.com:

SSL_ERROR_INTERNAL_ERROR_ALERT

3. Caddy version:

v2.6.4 h1:2hwYqiRwk1tf3VruhMpLcYTg+11fCdr8S3jhNAdnPy8=

4. How I installed and ran Caddy:

Built Caddy from xcaddy, with the digitalocean dns plugin.

I followed the instructions on a Digital Ocean tutorial. While it is recommended to use the official Caddy install docs, the DO guide seems similar enough to the Caddy docs, but also provides further details that the Caddy docs seemed to assume.

a. System environment:

Ubuntu 20.04

b. Command:

sudo systemctl restart caddy # restart caddy
sudo systemctl enable caddy # enable caddy so it runs on boot

c. Service/unit/compose file:

[Unit]
Description=Caddy
Documentation=https://caddyserver.com/docs/
After=network.target network-online.target
Requires=network-online.target

[Service]
Type=notify
User=caddy
Group=caddy
Environment=DO_AUTH_TOKEN=[redacted]
ExecStart=/usr/bin/caddy run --environ --config /etc/caddy/Caddyfile
ExecReload=/usr/bin/caddy reload --config /etc/caddy/Caddyfile --force
TimeoutStopSec=5s
LimitNOFILE=1048576
LimitNPROC=512
PrivateTmp=true
ProtectSystem=full
AmbientCapabilities=CAP_NET_BIND_SERVICE

[Install]
WantedBy=multi-user.target

d. My complete Caddy config:

zelip.org {
    root * /var/www
    encode gzip
    file_server

    tls {
        dns digitalocean {env.DO_AUTH_TOKEN}
    }
}

5. Links to relevant resources:

The instructions I used to build/use Caddy, How To Host a Website with Caddy on Ubuntu 22.04 | DigitalOcean

matt · April 24, 2023, 6:44pm

It seems that your config doesn’t tell Caddy to serve the www subdomain:

zelip.org {

Try this:

zelip.org, www.zelip.org {

bzelip · April 24, 2023, 6:57pm

Super easy! Thanks Matt!

bzelip · April 25, 2023, 12:50am

Just realized the docs already have this issue covered, sorry!

system · May 25, 2023, 12:51am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.