Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
24.7 Production Series
»
Caddy Plugin - no certificate available for '10.10.19.2'
« previous
next »
Print
Pages: [
1
]
Author
Topic: Caddy Plugin - no certificate available for '10.10.19.2' (Read 282 times)
SkeelKat
Newbie
Posts: 30
Karma: 0
Caddy Plugin - no certificate available for '10.10.19.2'
«
on:
October 01, 2024, 11:39:17 am »
Hi Everyone,
I recently switched from Nginx Reverse Proxy to Caddy on OPNsense.
Works really smart and everything seems to be working, However I get this entry in my logs as error:
"debug","ts":"2024-10-01T09:28:57Z","logger":"http.stdlib","msg":"http: TLS handshake error from 105.232.xxx.xxx:9078: no certificate available for '10.10.19.2'"}
This is in my home lab, so I have the Fiber Router NAT everything to the Firewall and obviously OPNsense then handles the tcp/80 tcp/433 within OPNsense.
So the connection looks like this:
<Public IP 197.188.xxx.xxx/32> to <OPNsense IP 10.10.19.2> to <LAN Network 192.168.200.0/24>
From my understanding, since 10.10.19.2 is not internet routable it cannot get a certificate, but it should not worry about that, it should be looking at the Public IP, but does not seem to get resolved or I cannot find any way to static it. I cannot bind it in custom conf's since 197.188.xxx.xxx is not on the firewall anywhere?
Any ideas?
Logged
Monviech (Cedrik)
Global Moderator
Hero Member
Posts: 1619
Karma: 177
Re: Caddy Plugin - no certificate available for '10.10.19.2'
«
Reply #1 on:
October 01, 2024, 12:59:18 pm »
What is your real issue.
Are you not getting Let's Encrypt certificates? Or is everything working as expected and this is a transient logged error?
Logged
Hardware:
DEC740
SkeelKat
Newbie
Posts: 30
Karma: 0
Re: Caddy Plugin - no certificate available for '10.10.19.2'
«
Reply #2 on:
October 01, 2024, 03:40:11 pm »
Hi Monviech
I disabled Auto HTTPS on Caddy Plugin, since I have a very intricate certificate system setup in ACME Client plugin, that runs automations and pushes certificates to servers within the LAN etc. Thus, I simply set all the Domains to look at the certificates in the Trust store of OPNsense that is generated by the ACME client
There is no issue per se, I simply check the logs (error) and came across this issue where there is "no certificate" for the WAN IP 10.10.19.2, that technically exists in the NAT network between my router and my public IP.
I don't like error messages in logs and thought I would reach out to see if anything can be done to correct the issue. But if it works.... don't _____ with it.
Logged
Monviech (Cedrik)
Global Moderator
Hero Member
Posts: 1619
Karma: 177
Re: Caddy Plugin - no certificate available for '10.10.19.2'
«
Reply #3 on:
October 01, 2024, 04:51:14 pm »
Oh okay I see.
I can't really explain that error message but if everything works it shouldn't matter.
I also have errors in the Caddy logs, for example when connections close prematurely. Its normal to get some errors.
Logged
Hardware:
DEC740
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
24.7 Production Series
»
Caddy Plugin - no certificate available for '10.10.19.2'