Hi everybody.
I am getting an intermittent issue with caddy as reverse proxy that at least once a day when trying to access a site that caddy serves as reverse proxy that Chromium based Browsers (Edge, Chrome and Opera confirmed) gives HTTP2 error.
Firefox works 100% fine
Restarting Caddy makes no difference, bouncing OPNsense completely, and 2min later everything is working as expected.
Disabling HTTP2/3 results in the browser returning HTTP 425 - Too Early response
Anyone else having this issue? Was fine on 25.7 and started after last upgrade to 25.7.4
On 25.7 caddy was this version:
https://github.com/opnsense/ports/commit/ead2b8a1026e1767ea973064ddd985afab006cbe
On 25.7.4 it is this version:
https://github.com/opnsense/ports/commit/aa48a16b1aa1cc31234a25fba339f11b3753a30a
So between 2.10.0 and 2.10.2 something must have happened that causes your error.
I would suggest to try their community forum or their github for help:
https://caddy.community/
https://github.com/caddyserver/caddy
I am seeing this same error with Caddy on 25.7.11_2. This is the error from the debug log:
"debug","ts":"2026-01-29T16:51:05Z","logger":"http.log.error.default","msg":"TLS handshake not complete, remote IP cannot be verified","request":{"remote_ip":"192.168.1.1","remote_port":"39822","client_ip":"192.168.1.1","proto":"HTTP/1.1","method":"GET","host":"bonob.wilddev.net","uri":"/","headers":{"Accept":["*/*"],"User-Agent":["curl/8.17.0"]},"tls":{"resumed":false,"version":0,"cipher_suite":0,"proto":"","server_name":""}},"duration":0.00002967,"status":425,"err_id":"a2jmx8j74","err_trace":"caddyhttp.MatchClientIP.MatchWithError (ip_matchers.go:268)"}
I opened an issue with Caddy (https://github.com/caddyserver/caddy/issues/7451) to see if I can find out more. I did tests using curl and openssl and could not figure out why the 425 is coming back even when using tls 1.2.