Caddy Plugin - no certificate available for '10.10.19.2'

Started by SkeelKat, October 01, 2024, 11:39:17 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
October 01, 2024, 11:39:17 AM
Hi Everyone,

I recently switched from Nginx Reverse Proxy to Caddy on OPNsense.
Works really smart and everything seems to be working, However I get this entry in my logs as error:

"debug","ts":"2024-10-01T09:28:57Z","logger":"http.stdlib","msg":"http: TLS handshake error from 105.232.xxx.xxx:9078: no certificate available for '10.10.19.2'"}

This is in my home lab, so I have the Fiber Router NAT everything to the Firewall and obviously OPNsense then handles the tcp/80 tcp/433 within OPNsense.

So the connection looks like this:

<Public IP 197.188.xxx.xxx/32> to <OPNsense IP 10.10.19.2> to <LAN Network 192.168.200.0/24>

From my understanding, since 10.10.19.2 is not internet routable it cannot get a certificate, but it should not worry about that, it should be looking at the Public IP, but does not seem to get resolved or I cannot find any way to static it. I cannot bind it in custom conf's since 197.188.xxx.xxx is not on the firewall anywhere?

Any ideas?




October 01, 2024, 12:59:18 PM #1
What is your real issue.

Are you not getting Let's Encrypt certificates? Or is everything working as expected and this is a transient logged error?
Hardware:
DEC740
October 01, 2024, 03:40:11 PM #2
Hi Monviech

I disabled Auto HTTPS on Caddy Plugin, since I have a very intricate certificate system setup in ACME Client plugin, that runs automations and pushes certificates to servers within the LAN etc. Thus, I simply set all the Domains to look at the certificates in the Trust store of OPNsense that is generated by the ACME client

There is no issue per se, I simply check the logs (error) and came across this issue where there is "no certificate" for the WAN IP 10.10.19.2, that technically exists in the NAT network between my router and my public IP.

I don't like error messages in logs and thought I would reach out to see if anything can be done to correct the issue. But if it works.... don't _____ with it.
October 01, 2024, 04:51:14 PM #3
Oh okay I see.

I can't really explain that error message but if everything works it shouldn't matter.

I also have errors in the Caddy logs, for example when connections close prematurely. Its normal to get some errors.
Hardware:
DEC740
Print
Go Up Pages1
User actions