1. What version of Caddy are you using (caddy -version)?
Caddy 0.9.5
2. What are you trying to do?
I'm trying to host off a non-standard port (8001) with https
Port 80 and 443 are already in use and I can't shut them down, not even temporarily
https://srv1.botstack.host:8001
3. What is your entire Caddyfile?
localhost:8001
tls [email protected]
4. How did you run Caddy (give the full command and describe the execution environment)?
caddy
5. Please paste any relevant HTTP request(s) here.
https://srv1.botstack.host:8001
6. What did you expect to see?
I expected to see the files on the server
7. What did you see instead (give full error messages and/or log)?
This site can't provide a secure connection error
8. How can someone who is starting from scratch reproduce the bug as minimally as possible?
Start caddy with https on a port other than 80 or 443
anupritaisno1
All 7 comments
I think the problem is not with the port number but with localhost.
You cannot get a certificate for that hostname. However, you can use the insecure-localhost CLI switch for Chrome with a self-signed certificate
twdkeule
on 11 Aug 2017
I actually did try
srv1.botstack.host:8001
tls [email protected]
But that ends with
srv1.botstack.host] failed to get certificate: [srv1.botstack.host] error presenting token: Could not start HTTPS server for challenge -> listen tcp :443: bind: address already in use
I can't shut down what's running on 443 since it's a business server
anupritaisno1
on 11 Aug 2017
I think you could try running the command with -port 8001 to force that port. I'm not sure. Also, your email address starting with www. doesn't seem right.
Version 0.9.5 is pretty old, you should probably update! :smile:
francislavoie
on 11 Aug 2017
If you want to use Caddy's automatic HTTPS, you need to give it ports 80 and 443, because that's how the ACME protocol is defined: https://caddyserver.com/docs/automatic-https
If you can't use ports 80 and 443, you'll have to use the DNS challenge. That's the only way. Or proxy the HTTP and TLS challenges through your server that's running on ports 80 and 443. Or provide your own certificates. But the DNS challenge is usually the preferred way to do it as it doesn't require connecting to your machine.
Your Caddyfile listens on localhost:8001 so it won't be accessible through any hostname other than localhost... you have to give the address you want the site to be served on. It's really quite simple. :)
Also, please update your version of Caddy. ;)
mholt
on 11 Aug 2017
@mholt can't we make this configurable? Docker, IPtables, external Firewalls can map ports from the outside very well to other internal ports without having to deal with nasty system capabilities or to run Caddy with root permissions.
This is a real pain in the butt for no obvious reason. A simple warning message "you have to map the ports on yourself or ACME won't work" should be enough IMHO.
I understand you probably do not use Docker or such environments yourself, hence the lack of an official docker image. But if you would, you would see the issue. Even the most popular user-contributed Caddy docker image runs as root user… https://github.com/abiosoft/caddy-docker/blob/master/Dockerfile
rmoriz
on 25 Aug 2017
Found an explanation in https://github.com/mholt/caddy/commit/e3f2d96a5ef3b3696c1424ff0a2f645551eae913
rmoriz
on 25 Aug 2017
Related issues
PhilmacFLy
·
3Comments
wayneashleyberry
·
3Comments
mikolysz
·
3Comments
klaasel
·
3Comments
jgsqware
·
3Comments