I have solved this before but forgot how. Maybe typing something will help me remember the next time.
I use Caddy in a docker container to reverse proxy around my docker box and other computers in my network. Something like this:
# test subdomain
test.mydomain.net {
reverse_proxy http://10.10.10.15:8010
tls internal
}
It always gives SEC_ERROR_UNKNOWN_ISSUER error and I can just accept this, which works for a while. Ideally you want it to just work, especially if you are setting up a site your 83 year old mum might access.
I had forgotten that if you want it to work, you need to add the subdomain to your DNS as an A record – and then remove TLS internal. Job done.
This does mean that anyone can hit that domain – which is fine in some cases and not fine in others. So I updated the internal only domains to this:
fileserver.mydomain.net {
@denied not client_ip 10.10.10.0/16 172.26.0.0/12
handle @denied {
abort
}
reverse_proxy http://10.10.10.15:8081
}
The 172.26 address comes from docker and I think it fails without it from memory.