bt90
commented
1 month ago Might be related with #6344
Closed kocoten1992 closed 4 weeks ago
bt90
commented
1 month ago Might be related with #6344
mholt
commented
4 weeks ago Thanks for opening an issue! We'll look into this.
It's not immediately clear to me what is going on, so I'll need your help to understand it better.
Ideally, we need to be able to reproduce the bug in the most minimal way possible using the latest version of Caddy. This allows us to write regression tests to verify the fix is working. If we can't reproduce it, then you'll have to test our changes for us until it's fixed -- and then we can't add test cases, either.
I've attached a template below that will help make this easier and faster! This will require some effort on your part -- please understand that we will be dedicating time to fix the bug you are reporting if you can just help us understand it and reproduce it easily.
This template will ask for some information you've already provided; that's OK, just fill it out the best you can. :+1: I've also included some helpful tips below the template. Feel free to let me know if you have any questions!
Thank you again for your report, we look forward to resolving it!
## 1. Environment
### 1a. Operating system and version
```
paste here
```
### 1b. Caddy version (run `caddy version` or paste commit SHA)
This should be the latest version of Caddy:
```
paste here
```
## 2. Description
### 2a. What happens (briefly explain what is wrong)
### 2b. Why it's a bug (if it's not obvious)
### 2c. Log output
```
paste terminal output or logs here
```
### 2d. Workaround(s)
### 2e. Relevant links
## 3. Tutorial (minimal steps to reproduce the bug)
Environment: Please fill out your OS and Caddy versions, even if you don't think they are relevant. (They are always relevant.) If you built Caddy from source, provide the commit SHA and specify your exact Go version.
Description: Describe at a high level what the bug is. What happens? Why is it a bug? Not all bugs are obvious, so convince readers that it's actually a bug.
Tutorial: What are the minimum required specific steps someone needs to take in order to experience the same bug? Your goal here is to make sure that anyone else can have the same experience with the bug as you do. You are writing a tutorial, so make sure to carry it out yourself before posting it. Please:
curl.Example of a tutorial:
Create a config file: ``` { ... } ``` Open terminal and run Caddy: ``` $ caddy ... ``` Make an HTTP request: ``` $ curl ... ``` Notice that the result is ___ but it should be ___.
kocoten1992
commented
4 weeks ago Thanks for the follow up!
Caddy on Debian inside a docker container
Debian 12.5
Docker version 20.10.24+dfsg1, build 297e128 (debian build)caddy version or paste commit SHA)This should be the latest version of Caddy: I try both caddy (debian build) and latest version download from github, same issue
~ apt-cache policy caddy
caddy:
Installed: (none)
Candidate: 2.6.2-5
Version table:
2.6.2-5 500
500 http://debian.xtdv.net/debian bookworm/main amd64 Packages(I also try latest release version from github caddy_2.8.4_linux_amd64.deb - same issue)
Chrome browser don't return much, it just a grey background with with some error complain about TLS/SSL being error
curl -vvv also don't tell much, it say this:
...
TLSv1.3 (IN), TLS alert, internal error (592)
OpenSSL/3.0.11: error:0A000438:SSL routines::tlsv1 alert internal error
...It should display a site instead of http client complain about tls/ssl.
No log, none.
No work around.
https://www.geocerts.com/support/ip-address-in-ssl-certificate
Let follow the very first post, but I think maybe if you solve https://github.com/caddyserver/caddy/issues/6344, high chance you also solve this too.
mholt
commented
4 weeks ago There's not enough information to reproduce the behavior, so closing.
francislavoie
commented
4 weeks ago What do you mean "no log output"? Where did you look? Caddy definitely emits logs. Make sure you enabled the debug global option.
Please use these instructions to install Caddy: https://caddyserver.com/docs/install#debian-ubuntu-raspbian
kocoten1992
commented
4 weeks ago What do you mean "no log output"?
I distinctly remember it didn't split out any log, the only log is the redirection from http -> https. If I access directly via https, no http log at all (it make sense since it bug at the very first tls exchange).
Where did you look? Caddy definitely emits logs. Make sure you enabled the debug global option.
I didn't enable debug global option - this could be the reason, was looking at my own config /var/log/caddy/<mysitelog>.
At that moment, my hand is tied - I can't replace nginx with caddy and risk bring down company site, I'll try debug global option when have the chance.
P/s: this report may look poor in quality, that because I was tracing back my google search what is the error when I encouter this bug, I didn't have the option to recreation of this bug. Maybe just forget about this.
Hi Caddy, today I've a peculiar task, and doing that task reveal a bug in in caddy tls module:
TLSv1.3 (IN), TLS alert, internal error (592)
OpenSSL/3.0.11: error:0A000438:SSL routines::tlsv1 alert internal error
https://github.com/openssl/openssl/issues/19518
I was in need of tls for an IP address (NOT a domain or subdomain), I research about the possibility and turn out, it is entirely possible to do so - just not with letsencrypt (I need to buy an external ssl https://www.geocerts.com/support/ip-address-in-ssl-certificate).
I'm not promote any service here, but for the sake of this bug - PositiveSSL on ssls dot com (you need a domain to active the plan first then contact support and ask reissue ssl plan it to become an ip address later).
I enter information correctly:
That's when I encounter a bug like above, but if I use the same config for nginx - it work out of the box..