Caddy | HTTP2 Error on Chromium Browsers

[SkeelKat]

Hi everybody.

I am getting an intermittent issue with caddy as reverse proxy that at least once a day when trying to access a site that caddy serves as reverse proxy that Chromium based Browsers (Edge, Chrome and Opera confirmed) gives HTTP2 error.

Firefox works 100% fine

Restarting Caddy makes no difference, bouncing OPNsense completely, and 2min later everything is working as expected.

Disabling HTTP2/3 results in the browser returning HTTP 425 - Too Early response

Anyone else having this issue? Was fine on 25.7 and started after last upgrade to 25.7.4

[Monviech (Cedrik)]

On 25.7 caddy was this version:

https://github.com/opnsense/ports/commit/ead2b8a1026e1767ea973064ddd985afab006cbe

On 25.7.4 it is this version:

https://github.com/opnsense/ports/commit/aa48a16b1aa1cc31234a25fba339f11b3753a30a

So between 2.10.0 and 2.10.2 something must have happened that causes your error.

I would suggest to try their community forum or their github for help:

https://caddy.community/
https://github.com/caddyserver/caddy

[wilddev]

I am seeing this same error with Caddy on 25.7.11_2. This is the error from the debug log:
"debug","ts":"2026-01-29T16:51:05Z","logger":"http.log.error.default","msg":"TLS handshake not complete, remote IP cannot be verified","request":{"remote_ip":"192.168.1.1","remote_port":"39822","client_ip":"192.168.1.1","proto":"HTTP/1.1","method":"GET","host":"bonob.wilddev.net","uri":"/","headers":{"Accept":["*/*"],"User-Agent":["curl/8.17.0"]},"tls":{"resumed":false,"version":0,"cipher_suite":0,"proto":"","server_name":""}},"duration":0.00002967,"status":425,"err_id":"a2jmx8j74","err_trace":"caddyhttp.MatchClientIP.MatchWithError (ip_matchers.go:268)"}

I opened an issue with Caddy to see if I can find out more. I did tests using curl and openssl and could not figure out why the 425 is coming back even when using tls 1.2.