search

danb35 / freenas-iocage-nextcloud

Script to create an iocage jail on FreeNAS for the latest Nextcloud 28 release, including Caddy, MariaDB or PostgreSQL, and Let's Encrypt
GNU General Public License v3.0
258 stars 71 forks source link

caddy won't serve a certificate #79

Closed markusdd closed 4 years ago

markusdd commented 4 years ago

Ok, this https thing drives me crazy.

2019/12/29 18:55:28 [INFO] Serving https://XXXXXXX(sanitized)
2019/12/29 18:55:32 http: TLS handshake error from 192.168.1.226:62037: no certificate available for ''
2019/12/29 18:55:58 http: TLS handshake error from 192.168.1.226:62053: no certificate available for ''

Was checking caddy logs why I'm getting SSL_ERROR_INTERNAL_ERROR_ALERT from Firefox, and this weird webserver won't serve me the self signed certificate.

Rationale: This is a test instance, but already with real names/adresses. I use a traefik proxy which takes care of letsencrypt etc, so I just want a self signed cert internally. With letsenecrypt the whole setup does not work (because it can't behind the proxy), but with self-signed cert everything starts up nicely.

Just can't access the page either using the name (traefik returns 'Bad Gateway' which means no proper response) or the IP. When I use the IP Firefox gives me this weird SSL ERROR.

Any idea? I don't know much about webservers, just that I hate them ;) (and that stuff like nextcloud NEVER works the first time because of s*** like this)

Anyway, thanks a lot for providing this script, works great except this one 'small' issue, which I guess is because of this caddy server.

Settings used:

JAIL_IP="192.168.1.112"
DEFAULT_GW_IP="192.168.1.1"
POOL_PATH="/mnt/tank/nextcloud"
TIME_ZONE="Europe/Berlin"
HOST_NAME="XXXX"
SELFSIGNED_CERT=1
CERT_EMAIL="XXXX"
PrivatePuffin commented 4 years ago

it looks like 192.168.1.226 is connecting using the Server IP and not using the server hostname... Hence the: no certificate available for ''

Simply put: There is no certificate for hostname Null

PrivatePuffin commented 4 years ago

I did some more research... It is a bug with Caddy and Self-signed certificates.

To use a self signed certificate, you need to set default-SNI.

I already made an issue with it, but @danb35 doesn't want to fix it: https://github.com/danb35/freenas-iocage-nextcloud/issues/89

danb35 commented 4 years ago

I was unwilling to mess with the upstream rc script, which this fix would have required, under Caddy v1. Under Caddy v2, this is an option that can be set in the Caddyfile. It's present and documented in the caddyv2 branch.