Issue with Exposing PDF Folder Externally via Caddy and DuckDNS on Raspberry Pi

[Koalaman 1]

Hi everyone,

I’m having some trouble with my setup and could use some help. Here’s a summary of what I’ve done and the issue I’m facing:

**Setup:**
- **ISP Connection:** Normal internet connection.
- **Server:** Raspberry Pi 4.
- **Services Hosted:** Media (movies and TV shows), PDFs in a newspaper folder.
- **VPN:** Using WireGuard to connect to AirVPN on boot.
- **Web Server:** Caddy installed to expose the newspaper folder externally.

**Configuration:**
- **DuckDNS:** Set up with a token and configured in Caddy using the DuckDNS module built with xcaddy and Go.
- **Router Port Forwarding:** Ports 80 (HTTP) and 443 (HTTPS) forwarded to the Raspberry Pi’s static IP (192.168.86.23).

**Issue:**
When I check Caddy's logs, it seems like it’s unable to obtain or register an HTTPS certificate. I’m not sure if I’ve missed a step or if there’s a misconfiguration somewhere.

**Questions:**
1. Is it possible to expose a directory using Caddy while connected to a VPN?
2. Could the VPN connection be interfering with Caddy’s ability to register an HTTPS certificate?
3. Are there any specific configurations or steps I might have overlooked?

I would appreciate any guidance or suggestions to resolve this issue.

Thanks in advance for your help!

[OpenSourcerer 1409]

Please post the Caddyfile and the log output. This kind of description is getting us nowhere.
I mean, yeah, DuckDNS is compiled in and you probably added it via the acme-dns directive. But are you trying to issue a cert for your own domain, a duckdns.com domain or an airdns.org domain? Why did you forward the ports required for HTTP-01 or TLS-ALPN-01 in your router – aren't we trying to host something behind a VPN server?
And what exactly does the error message say? Don't paraphrase it, post it as is. Logs just spit out the answer for you, but if you paraphrase it, things get lost in translation. I mean, "unable to obtain an HTTPS cert" is a symptom, not a cause.
 

9 hours ago, Koalaman said:

- **Router Port Forwarding:** Ports 80 (HTTP) and 443 (HTTPS) forwarded to the Raspberry Pi’s static IP (192.168.86.23).

Superfluous – remember that you are routing and expecting traffic on the VPN interface, ergo to/from the AirVPN server. You will need to forward those ports in AirVPN, either random remote to local 80 and 443, or use domain.tld:12345 notation for the domain definitions (12345 being the remote port, obviously).
 

9 hours ago, Koalaman said:

2. Could the VPN connection be interfering with Caddy’s ability to register an HTTPS certificate?

Only if you use HTTP-01 (with the .well-known directory) or TLS-ALPN-01, which both require reachability on ports 80/443, as I understand Let's Encrypt's docs. As you use DNS-01, it shouldn't be the problem.