Caddy Plugin SOS

Started by geffro, February 09, 2025, 12:14:31 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
February 09, 2025, 12:14:31 AM
Hey Everyone,

I keep getting an error when Caddy tries to generate a certificate for my domains. I also turned SSL off in Cloudflare and changed to HTTP only in Caddy which resulted in a time out error when trying to access the domain.

Here's my set up

  • I bought a domain from Cloudflare and set DNS records for it and the sub-domains pointing to my WAN address
  • made 2 rules on the WAN interface to allow any traffic with the destination of my Firewall on HTTP+HTTPS
  • made DMZ rules (where my Server is) allowing HTTP + HTTPS traffic with a destination of my Firewall
  • set up Caddy plugin with my domains according to the official guide (Caddyfile attached)
  • my subnets are segregated but the DMZ subnet has access to the internet
  • made DMZ rules allowing HTTP + HTTPS traffic with a destination of my Server (it says you don't need to do this in the guide but)

I tried the basic troubleshooting in the guide.
The rest of the FW is working fine in terms of INET access.

I'm sure I missed something dumb but I'm just spinning my tires here.

Thanks

February 09, 2025, 08:35:48 AM #1
The wildcard domain should be *.example.com, and not example.com.

When using a wildcard domain, check the DNS Challenge checkbox on it.

In general settings, configure Cloudflare as your DNS Provider.
Hardware:
DEC740
February 09, 2025, 12:58:47 PM #2
Thanks!

I changed these settings and it seems like I'm getting a certificate fine now.

However I get an SSL handshake error when trying to access the site.

  • I can access it through the IP of my server locally
  • I checked that the DNS stuff propagated through dnschecker.org
  • Tried accessing it through an incognito browser
  • I don't see traffic being blocked by the FW (looked for blocked HTTPS traffic to/from the server's IP)
  • Tried changing Cloudflare DNS settings from Full(Strict) to Full, Flexible, and Off

If all looks right and this is outside the purview of Caddy/Opnsense I can go looking on the Cloudflare forums.
February 09, 2025, 01:56:02 PM #3 Last Edit: February 09, 2025, 01:59:29 PM by Monviech (Cedrik)
Can you enable the debug log and show some of your errors?

Where do your DNS Records point at? Cloudflare's CDN or OPNsense WAN?
Hardware:
DEC740
February 09, 2025, 02:48:29 PM #4
so, I'm actually not getting errors in the Caddy logs anymore which is making me think I've got something wrong somewhere else.
I'm now just getting a 522 timeout error in Firefox or a 525 SLL error in Edge when trying to connect to the domain.

my DNS records in Cloudflare point the domains to my FW WAN.
Print
Go Up Pages1
User actions