search

pieterlouw / caddy-net

Proxy server type for Caddy server (https://github.com/mholt/caddy)
Apache License 2.0
66 stars 11 forks source link

tls off; continues to try and obtain certificate #17

Open nodesocket opened 5 years ago

nodesocket commented 5 years ago

Latest Caddy version v1.0.0 (h1:KI6RPGih2GFzWRPG8s9clKK28Ns4ZlVMKR/v7mxq6+c=).

Caddyfile is:

proxy :3306 :3306 {
    tls off
    host global.dompbraywuid.us-west-2.rds.amazonaws.com
}

Starting with /usr/local/bin/caddy -log stdout -type=net -conf=/etc/caddy/Caddyfile

Activating privacy features...2019/05/02 22:03:34 [INFO][cache:0xc0000307d0] Started certificate maintenance routine
2019/05/02 22:03:34 [INFO] [global.dompbraywuid.us-west-2.rds.amazonaws.com] acme: Obtaining bundled SAN certificate
2019/05/02 22:03:35 [global.dompbraywuid.us-west-2.rds.amazonaws.com] failed to obtain certificate: acme: error: 400 :: POST :: https://acme-v02.api.letsencrypt.org/acme/new-order :: urn:ietf:params:acme:error:rejectedIdentifier :: Error creating new order :: Policy forbids issuing for name, url:

Huh? I am explicitly turning tls off.

nielsavonds commented 5 years ago

I had the same issue and created a pull request for it: https://github.com/pieterlouw/caddy-net/pull/16

Note that regardless of this bug, the TLS directive should be after the host directive, since it may need the host to generate the certificate. However, this will still not work until the pull request is merged.