Just tried again so should be latest version of migration script
Caddy logs
{"level":"warn","ts":1666636063.6912866,"logger":"admin","msg":"admin endpoint disabled"}
{"level":"info","ts":1666636063.6932266,"logger":"http","msg":"server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS","server_name":"proxy","https_port":443}
{"level":"info","ts":1666636063.6933522,"logger":"http","msg":"enabling automatic HTTP->HTTPS redirects","server_name":"proxy"}
{"level":"info","ts":1666636063.7004302,"logger":"tls.cache.maintenance","msg":"started background certificate maintenance","cache":"0xc0000acfc0"}
{"level":"warn","ts":1666636063.7150276,"logger":"pki.ca.local","msg":"installing root certificate (you might be prompted for password)","path":"storage:pki/authorities/local/root.crt"}
{"level":"info","ts":1666636063.7154758,"msg":"Warning: \"certutil\" is not available, install \"certutil\" with \"apt install libnss3-tools\" or \"yum install nss-tools\" and try again"}
{"level":"info","ts":1666636063.7155437,"msg":"define JAVA_HOME environment variable to use the Java trust"}
{"level":"info","ts":1666636063.753252,"msg":"certificate installed properly in linux trusts"}
{"level":"info","ts":1666636063.7536955,"logger":"http","msg":"enabling HTTP/3 listener","addr":":443"}
{"level":"info","ts":1666636063.7538772,"msg":"failed to sufficiently increase receive buffer size (was: 208 kiB, wanted: 2048 kiB, got: 416 kiB). See https://github.com/lucas-clemente/quic-go/wiki/UDP-Receive-Buffer-Size for details."}
{"level":"info","ts":1666636063.7540197,"logger":"http.log","msg":"server running","name":"proxy","protocols":["h1","h2","h3"]}
{"level":"info","ts":1666636063.754092,"logger":"http.log","msg":"server running","name":"remaining_auto_https_redirects","protocols":["h1","h2","h3"]}
{"level":"info","ts":1666636063.7541406,"logger":"http","msg":"enabling automatic TLS certificate management","domains":["vpn.mydomain.com"]}
Caddy proxying https://vpn.mydomain.com -> firezone:13000
{"level":"info","ts":1666636063.7547328,"logger":"tls.obtain","msg":"acquiring lock","identifier":"vpn.mydomain.com"}
{"level":"info","ts":1666636063.755072,"logger":"tls","msg":"cleaning storage unit","description":"FileStorage:/data/caddy"}
{"level":"info","ts":1666636063.7552214,"logger":"tls","msg":"finished cleaning storage units"}
{"level":"info","ts":1666636063.7624998,"logger":"tls.obtain","msg":"lock acquired","identifier":"vpn.mydomain.com"}
{"level":"info","ts":1666636063.7627184,"logger":"tls.obtain","msg":"obtaining certificate","identifier":"vpn.mydomain.com"}
{"level":"info","ts":1666636063.7638454,"logger":"tls.obtain","msg":"certificate obtained successfully","identifier":"vpn.mydomain.com"}
{"level":"info","ts":1666636063.76395,"logger":"tls.obtain","msg":"releasing lock","identifier":"vpn.mydomain.com"}
{"level":"warn","ts":1666636063.7643042,"logger":"tls","msg":"stapling OCSP","error":"no OCSP stapling for [vpn.mydomain.com]: no OCSP server specified in certificate","identifiers":["vpn.mydomain.com"]}
firezone log
18:29:32.611 [info] Migrations already up
18:29:34.609 [info] Running FzHttpWeb.Endpoint with cowboy 2.9.0 at 0.0.0.0:13000 (http)
18:29:34.614 [info] Access FzHttpWeb.Endpoint at http://localhost:13000