-
-
Notifications
You must be signed in to change notification settings - Fork 4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Certificate for catch-all site is used for requests to other sites #5933
Comments
Had an oversight and missed a debugging step. Will close for now, until more accurate information is available. |
Finished up the missing debugging and adjusted the content, information, explanation, and title of the issue. Hopefully, I expressed this edge-case clearly and in a helpful way. |
I also tried to add a simple tls directive to the site blocks that didn't have any before: tls email@example.com Unfortunately, this didn't resolve the issue. |
Thanks, will look into this soon! (A little busy with new baby, heh) |
Sounds great! Both of the statements. So, congratulations. |
You might need to play with |
Same issue here, i have my Caddyfile configured like this
Unfortunately, This happens on |
I tried out Maybe it's also because the
Not the main domain, as it is usually the case.
|
As a workaround we switched all hosted sites to using Cloudflares Origin Certificates and the one site that isn't using them doesn't have strict checking of certificates enabled, which also works. Edit: As long as we know the domains that need to be accepted by the site before the first request, we could also use the REST API to add them on the fly. This is the case for us, as customers register them in the application and we send to Cloudflare for SaaS via the API. |
Thanks for the update. Sorry I've been very behind. Turns out an early baby can set you back a few months :) Someone else is welcome to tackle this for a faster resolution. What I'd suggest doing is getting the JSON config, examining it to see if there's an obvious reason why this might be happening. If not, then sprinkle some |
The issue is that the certificate loaded via the tls directive from files in the second site block for website2, containing a catch-all, is used for all request to caddy. Only the certificate is used.
The content is still used from the requested domain/site/block. Meaning, each request returns the wanted content from the requested application, just the certificate is from completely different site block.
For example,
https://subdomain.website1.com
returns certificate 2, when certificate 1 is expected.Expected behaviour would be:
https://subdomain.website1.com
-> certificate 1https://www.website1.com
-> certificate 2https://www.website2.com
-> certificate 2https://www.example.com
-> certificate 2https://test.website2.com
-> certificate 2However, certificate 2 is returned every time.
Caddy is only hit with
https
requests.http
requests orhttp
tohttps
redirects don't play a role.The following docs lead me to believe, I configured this correctly and like it was intended:
Things that were tried:
:443
withhttps://
Main Caddyfile:
website1 Caddyfile (uses automatic https, no tls directive is configured):
subdomain.website1.com { ... }
website2 Caddyfile:
Caddy version: v2.7.5
Modules:
The text was updated successfully, but these errors were encountered: