run: adapting config using caddyfile: hostname appears in more than one automation policy, making certificate management ambiguous: office.bosheng.li

[vibbow]

I got following configuration works in older version of caddy, but after I upgrade to latest caddy, this config no longer works, with error:

run: adapting config using caddyfile: hostname appears in more than one automation policy, making certificate management ambiguous: office.bosheng.li

Caddy version: v2.4.1 h1:kAJ0JB5Xk5gPdTH/27S5cyoMGqD5lBAe9yZ8zTjVJa0=

http://office.bosheng.li:5000 {
  reverse_proxy http://home-nas-01.lan:5000
}


https://office.bosheng.li:5001 {
   tls internal

   reverse_proxy https://home-nas-01.lan:5001 {
   transport http {
      tls_insecure_skip_verify
    }
  }
}

[mholt]

Looks like a duplicate of #4176. We fixed a bug that allowed ambiguous TLS automation policies to be adapted and used, which was incorrect.

Your config is asking Caddy to manage a cert for the same name in two different ways (with internal CA, and default which uses public CAs), so it's ambiguous and in conflict. Either give all the sites with that hostname the same TLS certificate management configuration, or move it into the global options (local_certs).

[mholt]

Actually, your first site block specifies http only. This is what I get for reading issues after midnight on my phone. Maybe I'll try to repro this in the morning...