Issues with HTTPS for a site proxied by Caddy

I’m currently trying to host a .NET 6 Minimal API project on Debian 10, use Caddy as my reverse proxy, and proxy it all through Cloudflare. Unfortunately, I’m having a lot of issues and I already went through every tutorial I could find. Here’s what I tried:

1. Using caddy-dns/cloudflare

images.genfic.net {
       tls [email protected] {
               dns cloudflare [API KEY]
               resolvers 1.1.1.1
       }
        reverse_proxy https://127.0.0.1:5001 {
                header_up Host {upstream_hostport}
                header_up X-Forwarded-Host {host}
        }
        encode zstd gzip
}

results in the following error:

2022/03/11 16:11:03.709 ERROR http.log.error x509: cannot validate certificate for 127.0.0.1 because it doesn't contain any IP SANs

2. Then, I tried using Cloudflare’s origin certificates. I generated one pair of cert and key, uploaded them to my VPS, and gave their location to Caddy

images.genfic.net {
        tls ../cert/genfic.net.pem ../cert/genfic.net.key {
               resolvers 1.1.1.1
        }
        reverse_proxy https://127.0.01:5001 {
                header_up Host {upstream_hostport}
                header_up X-Forwarded-Host {host}
        }
        encode zstd gzip
}

which resulted in the following error

2022/03/13 01:58:29.500 ERROR   http.log.error  x509: certificate signed by unknown authority

and from this point on, even going back to the previous Caddyfile config also results in this error

You just did.

Please have a read here: Can't post yet? Read this
And please do not hijack other threads :slight_smile:

3 Likes

Cloudflare Self Signed Certificate is still not accepted everyone !

Try a Free Let’s encrypt Cert for Orgin ?

Sorry for the late response, but in the end I decided to just go with Nginx and had no problem setting up CF’s origin cert to work with it.

Not going to mark my comment as a solution since it’s not a solution to the particular issue.

2 Likes

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.