Good afternoon! I am having a little bit of a trouble with obtaining certificates for subdomains and configuring so that subdomains can work from separate servers. My main domain is meme.market owned by GoDaddy. For the time being, I used Caddy to let it provide a simple static webpage with https and it works great! You can visit the website and that sweet lock will be on the top. It’s hosted on this server 167.172.207.34, let’s call it X. The Caddyfile is very simple and this whole thing is running inside a docker container. Source here https://github.com/thecsw/meme.market-coming-soon
I have a second service that I would like to provide under the subdomain and have it secure too. If I want to create a subdomain apidev.meme.market and proxy that to one of the internals, let’s say proxy / api:5000, where api is one of the services that provides port 5000 and is visible, the new Caddy (docker containers as well, api is a container in the same network as Caddy) fails to run the server. The errors can range from maybe firewall rules (I disabled firewall rules for the sake of testing) or Fetching http://167.172.114.123/.well-known/acme-challenge/AGqgbBMoxHXEMhJm9RxLzrDbAF1sUA9RSp_IxT3pegc: Invalid host in redirect target "167.172.114.123". Only domain names are supported, not IP addresses, url:
I’m quite bewildered with this. Maybe just pointing subdomain to an IP address and then running it from that server is not enough to obtain needed certificates, if the main domain is running elsewhere. I’ve tried running different combinations and separately executing Caddy. Unfortunately, it all just fails to assign. All I needed to do is proxy container’s port to as subdomain. I tried doing dns challenges with goddady as described here https://caddyserver.com/v1/docs/automatic-https#dns-challenge, however it just spits out Error during parsing: Unknown DNS provider by name 'godaddy'. I’m using just abiosoft/caddy for my caddy container
apidev.meme.market currently points to an nginx server, rather than to your Caddy server (as with your main domain).
That nginx server is producing the redirect to an IP address, which Let's Encrypt will refuse to follow:
$ curl -i apidev.meme.market/.well-known/acme-challenge/xx
HTTP/1.1 302 Found
Server: nginx/1.12.2
Date: Fri, 31 Jan 2020 20:23:55 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: close
Location: http://167.172.114.123/.well-known/acme-challenge/xx
I am going to guess that the correct setup would be for apidev.meme.market to be a DNS A record pointing to 167.172.207.34, rather than the weird HTTP redirect you have now.
Great find! When I was working couple of days ago, it was pointing to 167., then I tried to use GoDaddy’s subdomain feature, which included the 184. middleman!
DNS is clean pointing to the second server now, https://dnschecker.org/#A/apidev.meme.market now