This site can’t provide a secure connection

balanga · 2026-03-18T09:36:15+0000

I'm using caddy for the first time and getting the above response when trying to connect by IP address.

I guess I need to set up some certificate to get past this problem, but can I specify that I don't want certificates initially?

SirDice · 2026-03-18T09:46:16+0000

You can't have HTTPS without a server certificate. Regular, self-signed or letsencrypt doesn't matter. But you have to have one that applies. And your browser needs to be able to verify it. Though you could ignore that verification check (not recommended).

balanga · 2026-03-18T10:51:02+0000

How do I get a server certificate?

I've only ever used Apache in the past and always got 'It works!' as soon as I started it up.

SirDice · 2026-03-18T10:58:44+0000

balanga said:
How do I get a server certificate?

Easiest, and cheapest, is probably to use one of the many tools and get a Letsencrypt certificate. I'm using it on my VPS and home connection for various websites I run on them. Set up once, and let it automagically refresh the certificates (they're only valid for 3 months) then never be bothered again (unless the refresh failed for some reason).

balanga said:
I've only ever used Apache in the past and always got 'It works!' as soon as I started it up.

That's Apache's default HTTP website.

drhowarddrfine · 2026-03-18T13:06:30+0000

Certbot

Get your site on https://

certbot.eff.org

balanga · 2026-03-18T14:54:18+0000

According to Chatgpt - I had to use that since I don't know where else to look.

Option B: With HTTPS (recommended if you have domain)

Code:

your-domain.com {
    root * /usr/local/www/nextcloud
    file_server

    php_fastcgi 127.0.0.1:9000 {
        env front_controller_active true
    }

    encode gzip
}

Caddy will automatically handle certificates.

What would I need to change for this to work on my system which is in a jail?

Would an entry for my domain in /etc/hosts be sufficient? I tried pinging it but it wouldn't resolve.

SirDice · 2026-03-18T14:58:02+0000

balanga said:
Would an entry for my domain in /etc/hosts be sufficient?

Yes, I often use that trick to test sites that haven't been made public yet.

Code:

192.168.10.10 mysite.example.com

Espionage724 · 2026-03-18T15:30:41+0000

balanga said:
According to Chatgpt - I had to use that since I don't know where else to look.

I figured Certbot out manually when it first came out I think 2016; I found the Standalone option easiest (no plugins or anything else handling; webserver shuts down, Certbot deploys its own webserver and puts cert files in a folder, then restart main webserver pointing to the cert files)

I have notes here with Certbot on FreeBSD; Certbot doesn't interact with anything, but I use a script to restart nginx (similar to Certbot pre/post hooks in the conf, but I prefer not having Certbot do that by itself)

SirDice · 2026-03-18T15:42:57+0000

Also have certbot running, typically use the webroot option. But I have HAProxy terminate the SSL/TLS, added a redirect for that /.well-known/acme-challenge/ path to a locally running nginx. Added a deploy script to copy the received certificates to a directory for HAProxy and trigger a reload. Has been working for several years now. Rarely have a problem with it.

atax1a · 2026-03-18T16:07:08+0000

we use the rust acmed to manage TLS certs, but the project got archived. sigh.

SirDice · 2026-03-18T16:35:15+0000

The 'downside' of certbot is that it does have quite a few python dependencies. There should be a shell script in the ports tree too, but I keep forgetting the name of it.

Edit: Oh, duh. security/acme.sh

Letsencrypt uses the ACME protocol.

This site can’t provide a secure connection

balanga

SirDice

Administrator

balanga

SirDice

Administrator

drhowarddrfine

Certbot

balanga

SirDice

Administrator

Espionage724

SirDice

Administrator

atax1a

SirDice

Administrator