On-demand TLS error on caddy
dolciss opened this issue · comments
Since this morning I have been unable to connect to my sandbox PDS and when I checked Caddy's logs there were errors.
Error: loading initial config: loading new config: loading http app module: provision http: getting tls app: loading tls app module: provision tls: provisioning automation policy 0: on-demand TLS cannot be enabled without an 'ask' endpoint to prevent abuse; please refer to documentation for details
So I added to the Caddy file referring to the following post and it started working again
https://bsky.app/profile/ubanis.com/post/3k453hmbgfm2y (bsky.social Post)
{
email my-email-address
on_demand_tls {
ask http://localhost:3000
}
}
I'm sorry I don't know the details, but is it necessary to reflect this in install.sh?
I had the same problem, and I suffered because the URL could not be checked, but I fixed it like this.
This is the entire contents of the file.
vi /pds/caddy/etc/caddy/Caddyfile
{
email {your-email-address}
on_demand_tls {
ask http://localhost:3000
}
}
*.{your-domain}, {your-domain} {
tls {
on_demand
}
reverse_proxy http://localhost:3000
}
It was reflected in commit 6e51174, so I will close it
thanks for the update @Jacob2161 !