Can't get certificates generated with Caddy to work with duckdns subdomains (local homelab)

[mascal-labo]

Hello all,

I'm new to Caddy and not so proficient with TLS, SSL and so on, but I spent several hours over the past days trying things and I can't get an https connection to my local apps.
Curl header reports a 501 code.

What I try to achieve:

• https connection to local apps from various LxC (no external access expected)
• DuckDNS providing a domain
• Setup is Proxmox VE 8.3.3 on a simple workstation
• I tried Nginx Proxy Manager (spent way too much time with it) and could not get it to work (I have an open thread about it with no reply so far)
• I read great things about Caddy so now trying it

What I tried:

• Caddy installed in its own LxC, using this helper script:
  https://community-scripts.github.io/ProxmoxVE/scripts?id=caddy
• As I am using DuckDNS, I installed the required module in /usr/bin to replace the existing one
  

  xcaddy build --with github.com/caddy-dns/duckdns

  So far so good...
• I edited the Caddyfile at /etc/caddy/Caddyfile:
  
  

• *.example.duckdns.org {
      tls {
          dns duckdns {
              api_token <mytoken>
          }
      }
  
      @sub1 host sub1.example.duckdns.org
      reverse_proxy <ip-1>:<port-1>
  
      @sub2 host sub2.example.duckdns.org
      reverse_proxy <ip-2>:<port-2>
  }

  
  
• then reboot the LxC

What seems to work:
SSL certificate seems to be collected correctly.

What's not working:
Trying to connect to an app gives an error. For instance with Firefox, I get "The page isn’t redirecting properly".

Maybe there is something wrong in the setup above already.
I am not proficient here, so I am happy to provide more info if needed.

Thanks in advance,

[EDIT]:
I am attaching here the journal, which might not reflect all:

Feb 14 18:45:23 caddy systemd[1]: Starting caddy.service - Caddy...
Feb 14 18:45:23 caddy caddy[134]: caddy.HomeDir=/var/lib/caddy
Feb 14 18:45:23 caddy caddy[134]: caddy.AppDataDir=/var/lib/caddy/.local/share/caddy
Feb 14 18:45:23 caddy caddy[134]: caddy.AppConfigDir=/var/lib/caddy/.config/caddy
Feb 14 18:45:23 caddy caddy[134]: caddy.ConfigAutosavePath=/var/lib/caddy/.config/caddy/autosave.json
Feb 14 18:45:23 caddy caddy[134]: caddy.Version=v2.9.1 h1:OEYiZ7DbCzAWVb6TNEkjRcSCRGHVoZsJinoDR/n9oaY=
Feb 14 18:45:23 caddy caddy[134]: runtime.GOOS=linux
Feb 14 18:45:23 caddy caddy[134]: runtime.GOARCH=amd64
Feb 14 18:45:23 caddy caddy[134]: runtime.Compiler=gc
Feb 14 18:45:23 caddy caddy[134]: runtime.NumCPU=1
Feb 14 18:45:23 caddy caddy[134]: runtime.GOMAXPROCS=1
Feb 14 18:45:23 caddy caddy[134]: runtime.Version=go1.24.0
Feb 14 18:45:23 caddy caddy[134]: os.Getwd=/
Feb 14 18:45:23 caddy caddy[134]: LANG=en_US.UTF-8
Feb 14 18:45:23 caddy caddy[134]: PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
Feb 14 18:45:23 caddy caddy[134]: NOTIFY_SOCKET=/run/systemd/notify
Feb 14 18:45:23 caddy caddy[134]: HOME=/var/lib/caddy
Feb 14 18:45:23 caddy caddy[134]: LOGNAME=caddy
Feb 14 18:45:23 caddy caddy[134]: USER=caddy
Feb 14 18:45:23 caddy caddy[134]: INVOCATION_ID=26275f51530f4cc082d1109b14e26f2a
Feb 14 18:45:23 caddy caddy[134]: JOURNAL_STREAM=8:7779721
Feb 14 18:45:23 caddy caddy[134]: SYSTEMD_EXEC_PID=134
Feb 14 18:45:23 caddy caddy[134]: {"level":"info","ts":1739555123.9556563,"msg":"using config from file","file":"/etc/caddy/Caddyfile"}
Feb 14 18:45:23 caddy caddy[134]: {"level":"info","ts":1739555123.9577358,"msg":"adapted config to JSON","adapter":"caddyfile"}
Feb 14 18:45:23 caddy caddy[134]: {"level":"info","ts":1739555123.9610927,"logger":"admin","msg":"admin endpoint started","address":"localhost:2019","enforce_origin":false,"origins":["//localhost:2019","//[::1]:2019","//127.0.0.1:2019"]}
Feb 14 18:45:23 caddy caddy[134]: {"level":"info","ts":1739555123.968314,"logger":"tls.cache.maintenance","msg":"started background certificate maintenance","cache":"0xc0000dd480"}
Feb 14 18:45:23 caddy caddy[134]: {"level":"info","ts":1739555123.9686184,"logger":"http.auto_https","msg":"server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS","server_name":"srv0","https_port":443}
Feb 14 18:45:23 caddy caddy[134]: {"level":"info","ts":1739555123.9686797,"logger":"http.auto_https","msg":"enabling automatic HTTP->HTTPS redirects","server_name":"srv0"}
Feb 14 18:45:23 caddy caddy[134]: {"level":"info","ts":1739555123.9762595,"logger":"http","msg":"enabling HTTP/3 listener","addr":":443"}
Feb 14 18:45:23 caddy caddy[134]: {"level":"info","ts":1739555123.9767566,"msg":"failed to sufficiently increase receive buffer size (was: 208 kiB, wanted: 7168 kiB, got: 416 kiB). See https://github.com/quic-go/quic-go/wiki/UDP-Buffer-Sizes for details."}
Feb 14 18:45:23 caddy caddy[134]: {"level":"info","ts":1739555123.9785953,"logger":"http.log","msg":"server running","name":"srv0","protocols":["h1","h2","h3"]}
Feb 14 18:45:23 caddy caddy[134]: {"level":"warn","ts":1739555123.9787033,"logger":"http","msg":"HTTP/2 skipped because it requires TLS","network":"tcp","addr":":80"}
Feb 14 18:45:23 caddy caddy[134]: {"level":"warn","ts":1739555123.9787514,"logger":"http","msg":"HTTP/3 skipped because it requires TLS","network":"tcp","addr":":80"}
Feb 14 18:45:23 caddy caddy[134]: {"level":"info","ts":1739555123.9787874,"logger":"http.log","msg":"server running","name":"remaining_auto_https_redirects","protocols":["h1","h2","h3"]}
Feb 14 18:45:23 caddy caddy[134]: {"level":"info","ts":1739555123.9788256,"logger":"http","msg":"enabling automatic TLS certificate management","domains":["*.mydomain.duckdns.org"]}
Feb 14 18:45:23 caddy caddy[134]: {"level":"info","ts":1739555123.9851344,"msg":"autosaved config (load with --resume flag)","file":"/var/lib/caddy/.config/caddy/autosave.json"}
Feb 14 18:45:23 caddy systemd[1]: Started caddy.service - Caddy.
Feb 14 18:45:23 caddy caddy[134]: {"level":"info","ts":1739555123.9856918,"msg":"serving initial configuration"}
Feb 14 18:45:23 caddy caddy[134]: {"level":"info","ts":1739555123.9953866,"logger":"tls","msg":"storage cleaning happened too recently; skipping for now","storage":"FileStorage:/var/lib/caddy/.local/share/caddy","instance":"562a35a4-0d82-4adc-91b5-7e5744bc2376","try_again":1739641523.9953856,"try_again_in":86399.999999762}
Feb 14 18:45:23 caddy caddy[134]: {"level":"info","ts":1739555123.9954374,"logger":"tls","msg":"finished cleaning storage units"}