[Bug]: Ghost CMS ready services issue with Caddy - doesn't work after deployment with ERR_SSL_PROTOCOL_ERROR

[RobertoGD]

Error Message and Logs

I'm having an issue with one click deploy version of Ghost CMS. There is only one version available as I can't see one with MariaDB [I remember it was available but looks like isn't. ]
So I went with the one available, set it to deployment, and added my custom domain and it doesn't work. When I'm trying to access the website I can only see: ERR_SSL_PROTOCOL_ERROR

As shown in my screenshot, you can see what's visible when you're able to access the website.

I have no errors when I'm deploying an app. No errors after deployment in Ghost or DB logs only warnings related to not filled email settings which are fine as those can be added later.

I had issues earlier, about a week ago as I updated from I think v318 to v380 and had an error with the missing "uuid" column in DB. I added it manually and it's all gone. Any chance this affects something?
But I made a lot of tests like deploying WordPress or other apps and those work fine.
I deployed Ghost without a domain but with a subdomain as per my Coolify instance.
The same results with SSL Error.

Steps to Reproduce

• Project
• Choose project
• Resources: New
• Choose: Ghost
• Select server: I have a separate servers for CMS websites [all the same as the main Coolify one on Ubuntu the same version]
• Configure it: change service name, update domain to my chosen domain or chosen name for subdomain
• Deploy

Example Repository URL

No response

Coolify Version

v4.0.0-beta.380

Are you using Coolify Cloud?

No (self-hosted)

Operating System and Version (self-hosted)

Ubuntu 24.04 LTS

Additional Information

I started a Discord conversation about it as I couldn't find anything wrong with:
https://discord.com/channels/459365938081431553/1327923302970167306

I also noticed someone recently had the same issue here:
#4501

I tried to check other bits later like verify:
SERVICE_FQDN_GHOST=
SERVICE_FQDN_GHOST_2368=

Because I noticed my first Ghost installation had:
SERVICE_FQDN_GHOST= - here I had a proper domain
abut:
SERVICE_FQDN_GHOST_2368= - this one had a subdomain automatically assigned by Coolify.

That was weird so I changed it:
SERVICE_FQDN_GHOST_2368= to match SERVICE_FQDN_GHOST=

But it didn't help. After deployment still the same issue.

Hope any Coolify dev can pick this one up as something is wrong with Caddy. I don't see people with Traefik talking about this issue.
I'm happy to provide any logs you need.

It isn't my first time with Ghost but mostly I've been selfhosting it on DigitalOcean but due to selfhosting all stuff on my Hetzner instances, I'm moving from that.

[djsisson]

@RobertoGD can you paste the container labels

[RobertoGD]

@djsisson sure:

"Labels": {
                "caddy_0": "https://my_domain.com",
                "caddy_0.encode": "zstd gzip",
                "caddy_0.handle_path": "/*",
                "caddy_0.handle_path.0_redir-ghost-z8s0koow0sw0g848css8gg0k.handler": "rewrite",
                "caddy_0.handle_path.0_redir-ghost-z8s0koow0sw0g848css8gg0k.rewrite.regexp": "^//(.*)",
                "caddy_0.handle_path.0_redir-ghost-z8s0koow0sw0g848css8gg0k.rewrite.replacement": "/$1",
                "caddy_0.handle_path.0_reverse_proxy": "{{upstreams 2368}}",
                "caddy_0.header": "-Server",
                "caddy_0.try_files": "{path} /index.html /index.php",
                "caddy_ingress_network": "z8s0koow0sw0g848css8gg0k",
                "com.docker.compose.config-hash": "18b87185055221c3fa5f4675aed11ed37d124bab426cffc474ebcd355d9dd1ed",
                "com.docker.compose.container-number": "1",
                "com.docker.compose.depends_on": "mysql:service_healthy:false",
                "com.docker.compose.image": "sha256:4e8c5725a309bd72470b0319b75f983d10e5ee3264bc3a21caf5c4e7e2e545c8",
                "com.docker.compose.oneoff": "False",
                "com.docker.compose.project": "z8s0koow0sw0g848css8gg0k",
                "com.docker.compose.project.config_files": "/data/coolify/services/z8s0koow0sw0g848css8gg0k/docker-compose.yml",
                "com.docker.compose.project.working_dir": "/data/coolify/services/z8s0koow0sw0g848css8gg0k",
                "com.docker.compose.service": "ghost",
                "com.docker.compose.version": "2.28.1",
                "coolify.managed": "true",
                "coolify.name": "ghost-z8s0koow0sw0g848css8gg0k",
                "coolify.pullRequestId": "0",
                "coolify.service.subId": "62",
                "coolify.service.subType": "application",
                "coolify.serviceId": "39",
                "coolify.type": "service",
                "coolify.version": "4.0.0-beta.380",
                "traefik.enable": "true",
                "traefik.http.middlewares.gzip.compress": "true",
                "traefik.http.middlewares.redir-ghost-z8s0koow0sw0g848css8gg0k.redirectregex.regex": "^//(.*)",
                "traefik.http.middlewares.redir-ghost-z8s0koow0sw0g848css8gg0k.redirectregex.replacement": "/$1",
                "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme": "https",
                "traefik.http.routers.http-0-z8s0koow0sw0g848css8gg0k-ghost.entryPoints": "http",
                "traefik.http.routers.http-0-z8s0koow0sw0g848css8gg0k-ghost.middlewares": "redirect-to-https",
                "traefik.http.routers.http-0-z8s0koow0sw0g848css8gg0k-ghost.rule": "Host(`my_domain.com`) && PathPrefix(`/`)",
                "traefik.http.routers.http-0-z8s0koow0sw0g848css8gg0k-ghost.service": "http-0-z8s0koow0sw0g848css8gg0k-ghost",
                "traefik.http.routers.https-0-z8s0koow0sw0g848css8gg0k-ghost.entryPoints": "https",
                "traefik.http.routers.https-0-z8s0koow0sw0g848css8gg0k-ghost.middlewares": "gzip,redir-ghost-z8s0koow0sw0g848css8gg0k",
                "traefik.http.routers.https-0-z8s0koow0sw0g848css8gg0k-ghost.rule": "Host(`my_domain.com`) && PathPrefix(`/`)",
                "traefik.http.routers.https-0-z8s0koow0sw0g848css8gg0k-ghost.service": "https-0-z8s0koow0sw0g848css8gg0k-ghost",
                "traefik.http.routers.https-0-z8s0koow0sw0g848css8gg0k-ghost.tls": "true",
                "traefik.http.routers.https-0-z8s0koow0sw0g848css8gg0k-ghost.tls.certresolver": "letsencrypt",
                "traefik.http.services.http-0-z8s0koow0sw0g848css8gg0k-ghost.loadbalancer.server.port": "2368",
                "traefik.http.services.https-0-z8s0koow0sw0g848css8gg0k-ghost.loadbalancer.server.port": "2368"
            }
        },

[djsisson]

@RobertoGD i see you mention you have multiple servers, how is your ghost domain being directed to your server
is it being proxied through your first server or directly using dns
also are you behind any kind of proxy dns, where http challenge would fail to generate your certificate?

[RobertoGD]

@djsisson my domain points to IP address of my second server. But this has never been an issue as Coolify takes care of everything with Caddy.
No issues with Wordpress or anything else. It happens only with Ghost somehow it can't resolve SSL.

I just wonder why it creates Traefik labels when I rely only on Caddy.

[djsisson]

@RobertoGD it makes both incase you want to switch, you can set it to not make traefik labels if you require

can you post your caddy logs, i am not an expert in caddy, so can't tell if there is an error in those caddy labels.

[RobertoGD]

@djsisson ok, thx for trying to help me.

One thing I did only is I cleared it from my real domains for now.

2025-01-08T16:40:24.673558565Z {"level":"info","ts":1736354424.6734734,"logger":"http.log","msg":"server running","name":"srv0","protocols":["h1","h2","h3"]}
2025-01-08T16:40:24.673723274Z {"level":"info","ts":1736354424.673663,"logger":"http.log","msg":"server running","name":"srv1","protocols":["h1","h2","h3"]}
2025-01-08T16:40:24.673835725Z {"level":"info","ts":1736354424.673753,"logger":"http","msg":"enabling automatic TLS certificate management","domains":["example.com","www.example.com","sub1.example.com","service.example.com","api.example.com","sub2.example.com","sub3.example.com","sub4.example.com"]}
2025-01-08T16:40:24.678252658Z {"level":"info","ts":1736354424.6781673,"logger":"tls","msg":"cleaning storage unit","storage":"FileStorage:/data/caddy"}
2025-01-08T16:40:24.697253973Z {"level":"info","ts":1736354424.6971257,"logger":"tls","msg":"finished cleaning storage units"}
2025-01-08T16:40:25.270390136Z {"level":"info","ts":1736354425.2701943,"logger":"admin.api","msg":"received request","method":"POST","host":"localhost:2019","uri":"/load","remote_ip":"127.0.0.1","remote_port":"50132","headers":{"Accept-Encoding":["gzip"],"Content-Length":["4471"],"Content-Type":["application/json"],"Origin":["http://localhost:2019"],"User-Agent":["Go-http-client/1.1"]}}
2025-01-08T16:40:26.981625447Z {"level":"info","ts":1736354426.981383,"msg":"autosaved config (load with --resume flag)","file":"/config/caddy/autosave.json"}
2025-01-08T16:40:26.981669500Z {"level":"info","ts":1736354426.9815285,"logger":"admin.api","msg":"load complete"}
2025-01-08T16:40:26.982767379Z {"level":"info","ts":1736354426.9826026,"logger":"docker-proxy","msg":"Successfully configured","server":"localhost"}
2025-01-08T16:40:26.984651823Z {"level":"info","ts":1736354426.9844716,"logger":"admin","msg":"admin endpoint started","address":"localhost:2019","enforce_origin":false,"origins":["//localhost:2019","//[::1]:2019","//127.0.0.1:2019"]}
2025-01-08T16:40:26.985099152Z {"level":"info","ts":1736354426.984954,"logger":"http.auto_https","msg":"server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS","server_name":"srv0","https_port":443}
2025-01-08T16:40:26.985112947Z {"level":"info","ts":1736354426.9850082,"logger":"http.auto_https","msg":"enabling automatic HTTP->HTTPS redirects","server_name":"srv0"}
2025-01-08T16:40:26.985120502Z {"level":"warn","ts":1736354426.9850209,"logger":"http.auto_https","msg":"server is listening only on the HTTP port, so no automatic HTTPS will be applied to this server","server_name":"srv1","http_port":80}
2025-01-08T16:40:26.988512804Z {"level":"info","ts":1736354426.987831,"logger":"http","msg":"enabling HTTP/3 listener","addr":":443"}
2025-01-08T16:40:26.988576944Z {"level":"info","ts":1736354426.9878795,"logger":"http.log","msg":"server running","name":"srv0","protocols":["h1","h2","h3"]}
2025-01-08T16:40:26.988585871Z {"level":"info","ts":1736354426.9879344,"logger":"http.log","msg":"server running","name":"srv1","protocols":["h1","h2","h3"]}
2025-01-08T16:40:26.988592463Z {"level":"info","ts":1736354426.9879408,"logger":"http","msg":"enabling automatic TLS certificate management","domains":["example.com","www.example.com","sub1.example.com","service.example.com","api.example.com","sub2.example.com","sub3.example.com","sub4.example.com"]}
2025-01-08T16:40:26.988600268Z {"level":"info","ts":1736354426.9879735,"logger":"http","msg":"servers shutting down with eternal grace period"}
2025-01-08T16:40:26.988719742Z {"level":"info","ts":1736354426.9885988,"msg":"autosaved config (load with --resume flag)","file":"/config/caddy/autosave.json"}
2025-01-08T16:40:26.988733247Z {"level":"info","ts":1736354426.9886363,"logger":"admin.api","msg":"load complete"}
2025-01-09T04:35:26.966049019Z {"level":"error","ts":1736397326.9658628,"logger":"http","msg":"looking up info for HTTP challenge","host":"example.com","remote_addr":"91.90.126.90:53298","user_agent":"Mozilla/5.0","error":"no information found to solve challenge for identifier: example.com"}
2025-01-09T04:35:26.966098111Z {"level":"error","ts":1736397326.9659388,"logger":"http","msg":"looking up info for HTTP challenge","host":"example.com","remote_addr":"91.90.126.90:53298","user_agent":"Mozilla/5.0","error":"no information found to solve challenge for identifier: example.com"}

[RobertoGD]

Trying to solve it by checking everything that I can but it seems like I lack specific details.
Hope any dev will read it and try to help.

[blorente]

If anyone is still having this issue, removing gzip compression in the Ghost container worked for me:

Probably not the ideal solution, but it gets Caddy to stop complaining.

[RobertoGD]

@blorente Unfortunately this doesn't work and doesn't stop issues with Caddy.

There is a different underlying issue with Caddy. I went through different logs and there are problems with Caddy getting certificates for any Ghost installations.

This is something that needs to be checked by Coolfiy devs and I hope they will look at it as it seems this issue is common at this moment.
Maybe a new update when it will refresh will fix it but will check v381 when it will be available for update.