Invalid host in redirect target, adding subdomains

My domain is:

Good afternoon! I am having a little bit of a trouble with obtaining certificates for subdomains and configuring so that subdomains can work from separate servers. My main domain is owned by GoDaddy. For the time being, I used Caddy to let it provide a simple static webpage with https and it works great! You can visit the website and that sweet lock will be on the top. It’s hosted on this server, let’s call it X. The Caddyfile is very simple and this whole thing is running inside a docker container. Source here

I have a second service that I would like to provide under the subdomain and have it secure too. If I want to create a subdomain and proxy that to one of the internals, let’s say proxy / api:5000, where api is one of the services that provides port 5000 and is visible, the new Caddy (docker containers as well, api is a container in the same network as Caddy) fails to run the server. The errors can range from maybe firewall rules (I disabled firewall rules for the sake of testing) or Fetching Invalid host in redirect target "". Only domain names are supported, not IP addresses, url:

I’m quite bewildered with this. Maybe just pointing subdomain to an IP address and then running it from that server is not enough to obtain needed certificates, if the main domain is running elsewhere. I’ve tried running different combinations and separately executing Caddy. Unfortunately, it all just fails to assign. All I needed to do is proxy container’s port to as subdomain. I tried doing dns challenges with goddady as described here, however it just spits out
Error during parsing: Unknown DNS provider by name 'godaddy'. I’m using just abiosoft/caddy for my caddy container

Thank you!

1 Like currently points to an nginx server, rather than to your Caddy server (as with your main domain).

That nginx server is producing the redirect to an IP address, which Let’s Encrypt will refuse to follow:

$ curl -i
HTTP/1.1 302 Found
Server: nginx/1.12.2
Date: Fri, 31 Jan 2020 20:23:55 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: close

I am going to guess that the correct setup would be for to be a DNS A record pointing to, rather than the weird HTTP redirect you have now.

If going down the DNS route, I suspect that you have to build a custom Docker image with the GoDaddy TLS plugin, because says:

This feature does not come with Caddy by default. To get it, select the plugin when you download Caddy.


Hi @thecsw

checking your configuration that can’t work -

Your DNS:

Host T IP-Address is auth. ∑ Queries ∑ Timeout A Scottsdale/Arizona/United States (US) -, LLC Hostname: yes 1 0
AAAA yes Name Error yes 1 0

That’s a GoDaddy-server, not the server where you run your Caddy.

And that’s

Domainname Http-Status redirect Sec. G 302 3.386 D -2 1.524 V
ConnectFailure - Unable to connect to the remote server -14 10.050 T
Timeout - The operation has timed out 302 3.483 D
Visible Content: -2 1.520 V
ConnectFailure - Unable to connect to the remote server
Visible Content:

not allowed. Checking your domain Letsencrypt follows redirects to port 80 or port 443 or to other domain names. But not redirects to an ip address.

If your Caddy runs on, then you need an A-record

your subdomain ->

So first step: Change your dns setup, then try it again.

1 Like

@JuergenAuer @_az

Great find! When I was working couple of days ago, it was pointing to 167., then I tried to use GoDaddy’s subdomain feature, which included the 184. middleman!
DNS is clean pointing to the second server now, now

If you try to open, it works great! And the API proxy is also performing superb!

After some further tinkering, I realized the issues I was having due to non-transparent proxy and browser cache!

Thank you folks! If we meet, I owe you a bottle of champagne!



This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.