Hi David,
Got rate limited a couple of times - I have a Caddy of version 1 downloaded[LinuxAMD64 on HassOS VM (should this be v2?)], I have ports 80 and 443 opened to the server (plus all other ports for external access to the internal forwarded ports), I have my caddyfile with https added to the front of the external site and separated out each common section to a separate reference for each port (so not really common anymore, lol).
I’m getting the sites passing validation in the Caddy add-on log, but it is only working for HTTP and not setting up HTTPS sites, do you know what may be causing this?
Can’t throw this up at the Caddy server site, as they require the full domain name and nothing redacted and I’m not prepared for that.
The add-on log says:
{"level":"info","ts":1629306286.4848493,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"sub.sub.domain.com","challenge_type":"dns-01","ca":"https://acme.zerossl.com/v2/DV90"}
{"level":"info","ts":1629306290.9622422,"logger":"tls.issuance.acme.acme_client","msg":"validations succeeded; finalizing order","order":"https://acme.zerossl.com/v2/DV90/order/SyeibHNn6qerU8PAH3ETNw"}
{"level":"info","ts":1629306307.1248104,"logger":"tls.issuance.acme.acme_client","msg":"successfully downloaded available certificate chains","count":1,"first_url":"https://acme.zerossl.com/v2/DV90/cert/MWbHp4seMiWUG1nve5fDoA"}
{"level":"info","ts":1629306307.1260618,"logger":"tls.obtain","msg":"certificate obtained successfully","identifier":"sub.sub.domain.com"}
{"level":"info","ts":1629306307.12614,"logger":"tls.obtain","msg":"releasing lock","identifier":"sub.sub.domain.com"}
The Caddyfile is as follows for one example:
{
email [email protected]
}
(common) {
tls {
dns ddns {env.DDNS_TOKEN}
}
header {
Strict-Transport-Security "max-age=31536000; includeSubdomains"
X-XSS-Protection "1; mode=block"
X-Content-Type-Options "nosniff"
Referrer-Policy "same-origin"
-Server
Content-Security-Policy "frame-ancestors *.subdomain.domain.com:port"
Permissions-Policy "geolocation=(self), microphone=()"
}
}
sub.subdomain.domain.com:port {
import common
reverse_proxy localhost:ha_port {
}
}
Thank you,
Daniel