SOLVED: Cannot get caddy working at all, no conections go through

[aeternalis]

Attempting to just go to https://jellyfin.domain.com results in that SSL_ERROR_INTERNAL_ERROR_ALERT problem on a browser. I have to specify http and port 8096. Https doesn't work at all on any client. I know there are https options in jellyfin itself, but unless I read the tutorials wrong, it seems caddy and dns should have provided that functionality.

[TheDreadPirate]

When you go to the https URL, can you inspect the certificate the browser received and check that it is valid and that it includes your subdomain and not just domain.tld?

[aeternalis]

From what I gather, there is no certificate being supplied. I have always use HTTPS enabled in cloudflare. I also have edge certificates setup (at least to my knowledge, I have them setup properly).

[TheDreadPirate]

Do you have CF set to "Proxied" or is it "DNS Only". If it is DNS only, CF shouldn't be a factor at all. Caddy should be making the request automatically to Let's Encrypt for certificates and serving those.

[aeternalis]

My DNS is setup as in the screenshot below. The "MX" and "TXT" ones were ones that CF autopopulated.

The A record is for the domain itself (@ for CF) and points to my JF sever's public IP and the CNAME is for jellyfin.domain.com, with the target set to the domain itself.

https://imgur.com/a/hwVUmyX

[TheDreadPirate]

Does caddy output logs when you start it up? Can you share those? And your caddy file has not change since the opening post?

[aeternalis]

Caddyfile has not changed, and I can verify it is located in /etc/caddy. Below is all my journalctl output from when I just restarted the caddy service.

Code:

Nov 24 02:39:27 jellyfin-server sudo[36852]:   [MY USERNAME] : TTY=pts/0 ; PWD=/etc/caddy ; USER=root ; COMMAND=/usr/bin/systemctl restart caddy
Nov 24 02:39:27 jellyfin-server sudo[36852]: pam_unix(sudo:session): session opened for user root(uid=0) by [MY USERNAME](uid=1000)
Nov 24 02:39:27 jellyfin-server caddy[36820]: {"level":"info","ts":1732415967.811478,"msg":"shutting down apps, then terminating","signal":"SIGTERM"}
Nov 24 02:39:27 jellyfin-server caddy[36820]: {"level":"warn","ts":1732415967.8115654,"msg":"exiting; byeee!! 👋","signal":"SIGTERM"}
Nov 24 02:39:27 jellyfin-server caddy[36820]: {"level":"info","ts":1732415967.8115864,"logger":"http","msg":"servers shutting down with eternal grace period"}
Nov 24 02:39:27 jellyfin-server systemd[1]: Stopping caddy.service - Caddy...
Nov 24 02:39:27 jellyfin-server caddy[36820]: {"level":"info","ts":1732415967.8117993,"logger":"admin","msg":"stopped previous server","address":"localhost:2019"}
Nov 24 02:39:27 jellyfin-server caddy[36820]: {"level":"info","ts":1732415967.8118062,"msg":"shutdown complete","signal":"SIGTERM","exit_code":0}
Nov 24 02:39:27 jellyfin-server systemd[1]: caddy.service: Deactivated successfully.
Nov 24 02:39:27 jellyfin-server systemd[1]: Stopped caddy.service - Caddy.
Nov 24 02:39:27 jellyfin-server systemd[1]: Starting caddy.service - Caddy...
Nov 24 02:39:27 jellyfin-server caddy[36859]: caddy.HomeDir=/var/lib/caddy
Nov 24 02:39:27 jellyfin-server caddy[36859]: caddy.AppDataDir=/var/lib/caddy/.local/share/caddy
Nov 24 02:39:27 jellyfin-server caddy[36859]: caddy.AppConfigDir=/var/lib/caddy/.config/caddy
Nov 24 02:39:27 jellyfin-server caddy[36859]: caddy.ConfigAutosavePath=/var/lib/caddy/.config/caddy/autosave.json
Nov 24 02:39:27 jellyfin-server caddy[36859]: caddy.Version=v2.8.4 h1:q3pe0wpBj1OcHFZ3n/1nl4V4bxBrYoSoab7rL9BMYNk=
Nov 24 02:39:27 jellyfin-server caddy[36859]: runtime.GOOS=linux
Nov 24 02:39:27 jellyfin-server caddy[36859]: runtime.GOARCH=amd64
Nov 24 02:39:27 jellyfin-server caddy[36859]: runtime.Compiler=gc
Nov 24 02:39:27 jellyfin-server caddy[36859]: runtime.NumCPU=6
Nov 24 02:39:27 jellyfin-server caddy[36859]: runtime.GOMAXPROCS=6
Nov 24 02:39:27 jellyfin-server caddy[36859]: runtime.Version=go1.22.3
Nov 24 02:39:27 jellyfin-server caddy[36859]: os.Getwd=/
Nov 24 02:39:27 jellyfin-server caddy[36859]: LANG=en_US.UTF-8
Nov 24 02:39:27 jellyfin-server caddy[36859]: PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/snap/bin
Nov 24 02:39:27 jellyfin-server caddy[36859]: NOTIFY_SOCKET=/run/systemd/notify
Nov 24 02:39:27 jellyfin-server caddy[36859]: USER=caddy
Nov 24 02:39:27 jellyfin-server caddy[36859]: LOGNAME=caddy
Nov 24 02:39:27 jellyfin-server caddy[36859]: HOME=/var/lib/caddy
Nov 24 02:39:27 jellyfin-server caddy[36859]: INVOCATION_ID=18e98f7b527c464b98e1a7d89a16ffb0
Nov 24 02:39:27 jellyfin-server caddy[36859]: JOURNAL_STREAM=8:109749
Nov 24 02:39:27 jellyfin-server caddy[36859]: SYSTEMD_EXEC_PID=36859
Nov 24 02:39:27 jellyfin-server caddy[36859]: MEMORY_PRESSURE_WATCH=/sys/fs/cgroup/system.slice/caddy.service/memory.pressure
Nov 24 02:39:27 jellyfin-server caddy[36859]: MEMORY_PRESSURE_WRITE=c29tZSAyMDAwMDAgMjAwMDAwMAA=
Nov 24 02:39:27 jellyfin-server caddy[36859]: GOTRACEBACK=none
Nov 24 02:39:27 jellyfin-server caddy[36859]: {"level":"info","ts":1732415967.8637192,"msg":"using config from file","file":"/etc/caddy/Caddyfile"}
Nov 24 02:39:27 jellyfin-server caddy[36859]: {"level":"info","ts":1732415967.8646574,"msg":"adapted config to JSON","adapter":"caddyfile"}
Nov 24 02:39:27 jellyfin-server caddy[36859]: {"level":"warn","ts":1732415967.8646646,"msg":"Caddyfile input is not formatted; run 'caddy fmt --overwrite' to fix inconsistencies","adapter":"caddyfile","file":"/etc/caddy/Caddyfile","line":12}
Nov 24 02:39:27 jellyfin-server caddy[36859]: {"level":"info","ts":1732415967.865141,"logger":"admin","msg":"admin endpoint started","address":"localhost:2019","enforce_origin":false,"origins":["//[::1]:2019","//127.0.0.1:2019","//localhost:2019"]}
Nov 24 02:39:27 jellyfin-server caddy[36859]: {"level":"info","ts":1732415967.8651974,"logger":"http.auto_https","msg":"server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS","server_name":"srv0","https_port":443}
Nov 24 02:39:27 jellyfin-server caddy[36859]: {"level":"info","ts":1732415967.8652055,"logger":"http.auto_https","msg":"enabling automatic HTTP->HTTPS redirects","server_name":"srv0"}
Nov 24 02:39:27 jellyfin-server caddy[36859]: {"level":"info","ts":1732415967.865268,"logger":"tls.cache.maintenance","msg":"started background certificate maintenance","cache":"0xc00012e980"}
Nov 24 02:39:27 jellyfin-server caddy[36859]: {"level":"info","ts":1732415967.865432,"logger":"http","msg":"enabling HTTP/3 listener","addr":":443"}
Nov 24 02:39:27 jellyfin-server caddy[36859]: {"level":"info","ts":1732415967.8655074,"msg":"failed to sufficiently increase receive buffer size (was: 208 kiB, wanted: 7168 kiB, got: 416 kiB). See https://github.com/quic-go/quic-go/wiki/UDP-Buffer-Sizes for details."}
Nov 24 02:39:27 jellyfin-server caddy[36859]: {"level":"info","ts":1732415967.8656044,"logger":"http.log","msg":"server running","name":"srv0","protocols":["h1","h2","h3"]}
Nov 24 02:39:27 jellyfin-server caddy[36859]: {"level":"info","ts":1732415967.8656301,"logger":"http.log","msg":"server running","name":"remaining_auto_https_redirects","protocols":["h1","h2","h3"]}
Nov 24 02:39:27 jellyfin-server caddy[36859]: {"level":"info","ts":1732415967.8656337,"logger":"http","msg":"enabling automatic TLS certificate management","domains":["[MY DOMAIN].com"]}
Nov 24 02:39:27 jellyfin-server caddy[36859]: {"level":"info","ts":1732415967.8660855,"msg":"autosaved config (load with --resume flag)","file":"/var/lib/caddy/.config/caddy/autosave.json"}
Nov 24 02:39:27 jellyfin-server caddy[36859]: {"level":"info","ts":1732415967.8661141,"msg":"serving initial configuration"}
Nov 24 02:39:27 jellyfin-server systemd[1]: Started caddy.service - Caddy.
Nov 24 02:39:27 jellyfin-server sudo[36852]: pam_unix(sudo:session): session closed for user root
Nov 24 02:39:27 jellyfin-server caddy[36859]: {"level":"info","ts":1732415967.8700335,"logger":"tls","msg":"storage cleaning happened too recently; skipping for now","storage":"FileStorage:/var/lib/caddy/.local/share/caddy","instance":"4ff621f7-dad3-4f8a-9385-ea7f938c1ee5","try_again":1732502367.870031,"try_again_in":86399.99999901}
Nov 24 02:39:27 jellyfin-server caddy[36859]: {"level":"info","ts":1732415967.8701715,"logger":"tls","msg":"finished cleaning storage units"}

None of these are marked as an error. I noticed that it did produce errors before I made the original post, but that was because I double typed a { character in Caddyfile. After fixing that, no other error messages have come up, just info.

I notice in ln 38 that it says "Caddyfile input is not formatted...". I'm not sure what it's complaining about. The only uncommented sections in the Caddyfile are what is in my original post, and it seems kosher.

Other than that, I'm clueless here.

EDIT: Apologies for marking this post as solution, I'm not sure how to undo it.

[TheDreadPirate]

I cannot unmark your post as a solution. I've accidentally done this myself and can't undo it. :-(

Just to verify, your caddy files is located in /etc/caddy/Caddyfile, correct?

Try deleting the certificates in /var/lib/caddy. I don't use caddy, so I can't get more specific than that. Stop caddy, delete whatever cert it has requested, and restart caddy.

FYI, your caddy file should be your subdomain.domain.tld and not just domain.tld. Otherwise the certificate will be invalid when accessing Jellyfin since the cert only has domain.tld. Your other option is to use a wildcard cert if you plan to have other services running and only want to manage one cert.

https://caddyserver.com/docs/automatic-h...rtificates

[aeternalis]

> FYI, your caddy file should be your subdomain.domain.tld and not just domain.tld.

This was it! I can't believe I didn't try that after changing my DNS settings.

I deeply thank you for your help. I'll throw you a few $ through your github sponsor page as thanks (unless there's a better way, I'll do it in a couple days if you have another way.) - I see you giving support all over the place so you deserve the recognition.

Again, thank you!