Print Page - Caddy Plugin SOS

Title: Caddy Plugin SOS
Post by: geffro on February 09, 2025, 12:14:31 AM

Hey Everyone,

I keep getting an error when Caddy tries to generate a certificate for my domains. I also turned SSL off in Cloudflare and changed to HTTP only in Caddy which resulted in a time out error when trying to access the domain.

Here's my set up

I bought a domain from Cloudflare and set DNS records for it and the sub-domains pointing to my WAN address
made 2 rules on the WAN interface to allow any traffic with the destination of my Firewall on HTTP+HTTPS
made DMZ rules (where my Server is) allowing HTTP + HTTPS traffic with a destination of my Firewall
set up Caddy plugin with my domains according to the official guide (Caddyfile attached)
my subnets are segregated but the DMZ subnet has access to the internet
made DMZ rules allowing HTTP + HTTPS traffic with a destination of my Server (it says you don't need to do this in the guide but)

I tried the basic troubleshooting in the guide.
The rest of the FW is working fine in terms of INET access.

I'm sure I missed something dumb but I'm just spinning my tires here.

Thanks

Title: Re: Caddy Plugin SOS
Post by: Monviech (Cedrik) on February 09, 2025, 08:35:48 AM

The wildcard domain should be *.example.com, and not example.com.

When using a wildcard domain, check the DNS Challenge checkbox on it.

In general settings, configure Cloudflare as your DNS Provider.

Title: Re: Caddy Plugin SOS
Post by: geffro on February 09, 2025, 12:58:47 PM

Thanks!

I changed these settings and it seems like I'm getting a certificate fine now.

However I get an SSL handshake error when trying to access the site.

I can access it through the IP of my server locally
I checked that the DNS stuff propagated through dnschecker.org
Tried accessing it through an incognito browser
I don't see traffic being blocked by the FW (looked for blocked HTTPS traffic to/from the server's IP)
Tried changing Cloudflare DNS settings from Full(Strict) to Full, Flexible, and Off

If all looks right and this is outside the purview of Caddy/Opnsense I can go looking on the Cloudflare forums.

Title: Re: Caddy Plugin SOS
Post by: Monviech (Cedrik) on February 09, 2025, 01:56:02 PM

Can you enable the debug log and show some of your errors?

Where do your DNS Records point at? Cloudflare's CDN or OPNsense WAN?

Title: Re: Caddy Plugin SOS
Post by: geffro on February 09, 2025, 02:48:29 PM

so, I'm actually not getting errors in the Caddy logs anymore which is making me think I've got something wrong somewhere else.
I'm now just getting a 522 timeout error in Firefox or a 525 SLL error in Edge when trying to connect to the domain.

my DNS records in Cloudflare point the domains to my FW WAN.

OPNsense Forum

English Forums => Web Proxy Filtering and Caching => Topic started by: geffro on February 09, 2025, 12:14:31 AM