1. The problem I’m having:
I am running a mix of different (sub)domains in caddy, both actually registered and internal (in this repro caddyforum.squel.xyz and file.squel.lan respectively). For the first I want actual TLS certificates (Let’s Encrypt), and for the latter I want to use a self-signed certificate.
Configuring the section file.squel.lan with tls internal will cause an error could not start listener for challenge server at :80: listen tcp :80: bind: permission denied when getting a cert for the other, registered domain. This only happens with tls internal configured. This is unexpected for 2 reasons:
- caddy should not be listening on port 80, as I have configured
http_portto be8000andhttps_portto be8443in the global config, as can be seen below. - adding
tls internalto a separate domain section is causing the other to fail getting a certificate.
The error itself, not having permission to listen on :80, is expected as caddy is running in a rootless podman container with as described below.
Removing the tls internal line, it succeeds in getting a certificate for the actual domain. In this case, caddy will try to, fail and warn about getting a cert for the .lan domain too, as Let’s Encrypt will not give one for that TLD. Again expected, but it is what I’m trying to avoid by using a self-signed certificate.
2. Error messages and/or full log output:
Feb 21 16:25:13 shibuya systemd[1105]: Starting caddy-server.service...
Feb 21 16:25:13 shibuya podman[1008086]: 2026-02-21 16:25:13.100836082 +0100 CET m=+0.032383314 container create 03bb353c69f26d4a563dc18352a121bf2b4cd3121c78e396d870fdf8fc020050 (image=docker.io/library/caddy@sha256:70e816c44fb79071fc4cd939ffda76e3b629642309efe31a4fb0ed45873be464, name=caddy_server, org.opencontainers.image.source=https://github.com/caddyserver/caddy-docker, org.opencontainers.image.url=https://caddyserver.com, org.opencontainers.image.description=a powerful, enterprise-ready, open source web server with automatic HTTPS written in Go, org.opencontainers.image.documentation=https://caddyserver.com/docs, org.opencontainers.image.licenses=Apache-2.0, PODMAN_SYSTEMD_UNIT=caddy-server.service, org.opencontainers.image.title=Caddy, org.opencontainers.image.vendor=Light Code Labs, org.opencontainers.image.version=v2.10.2)
Feb 21 16:25:13 shibuya podman[1008086]: 2026-02-21 16:25:13.142754796 +0100 CET m=+0.074302028 container init 03bb353c69f26d4a563dc18352a121bf2b4cd3121c78e396d870fdf8fc020050 (image=docker.io/library/caddy@sha256:70e816c44fb79071fc4cd939ffda76e3b629642309efe31a4fb0ed45873be464, name=caddy_server, org.opencontainers.image.documentation=https://caddyserver.com/docs, org.opencontainers.image.licenses=Apache-2.0, PODMAN_SYSTEMD_UNIT=caddy-server.service, org.opencontainers.image.vendor=Light Code Labs, org.opencontainers.image.source=https://github.com/caddyserver/caddy-docker, org.opencontainers.image.description=a powerful, enterprise-ready, open source web server with automatic HTTPS written in Go, org.opencontainers.image.title=Caddy, org.opencontainers.image.url=https://caddyserver.com, org.opencontainers.image.version=v2.10.2)
Feb 21 16:25:13 shibuya podman[1008086]: 2026-02-21 16:25:13.145436813 +0100 CET m=+0.076984045 container start 03bb353c69f26d4a563dc18352a121bf2b4cd3121c78e396d870fdf8fc020050 (image=docker.io/library/caddy@sha256:70e816c44fb79071fc4cd939ffda76e3b629642309efe31a4fb0ed45873be464, name=caddy_server, org.opencontainers.image.version=v2.10.2, org.opencontainers.image.licenses=Apache-2.0, PODMAN_SYSTEMD_UNIT=caddy-server.service, org.opencontainers.image.vendor=Light Code Labs, org.opencontainers.image.source=https://github.com/caddyserver/caddy-docker, org.opencontainers.image.url=https://caddyserver.com, org.opencontainers.image.documentation=https://caddyserver.com/docs, org.opencontainers.image.title=Caddy, org.opencontainers.image.description=a powerful, enterprise-ready, open source web server with automatic HTTPS written in Go)
Feb 21 16:25:13 shibuya systemd[1105]: Started caddy-server.service.
Feb 21 16:25:13 shibuya caddy-server[1008086]: 03bb353c69f26d4a563dc18352a121bf2b4cd3121c78e396d870fdf8fc020050
Feb 21 16:25:13 shibuya podman[1008086]: 2026-02-21 16:25:13.082288715 +0100 CET m=+0.013835947 image pull 3aed261b9d04b08cca89b6076e336af590dbedcd5178dfd6d490cf26da61debf docker.io/caddy@sha256:70e816c44fb79071fc4cd939ffda76e3b629642309efe31a4fb0ed45873be464
Feb 21 16:25:13 shibuya caddy_server[1008106]: {"level":"info","ts":1771687513.1771586,"msg":"maxprocs: Leaving GOMAXPROCS=12: CPU quota undefined"}
Feb 21 16:25:13 shibuya caddy_server[1008106]: {"level":"info","ts":1771687513.1773992,"msg":"GOMEMLIMIT is updated","package":"github.com/KimMachineGun/automemlimit/memlimit","GOMEMLIMIT":7410246451,"previous":9223372036854775807}
Feb 21 16:25:13 shibuya caddy_server[1008106]: {"level":"info","ts":1771687513.177424,"msg":"using config from file","file":"/etc/caddy/Caddyfile"}
Feb 21 16:25:13 shibuya caddy_server[1008106]: {"level":"info","ts":1771687513.1779585,"msg":"adapted config to JSON","adapter":"caddyfile"}
Feb 21 16:25:13 shibuya caddy_server[1008106]: {"level":"warn","ts":1771687513.1779637,"msg":"Caddyfile input is not formatted; run 'caddy fmt --overwrite' to fix inconsistencies","adapter":"caddyfile","file":"/etc/caddy/Caddyfile","line":16}
Feb 21 16:25:13 shibuya caddy_server[1008106]: {"level":"info","ts":1771687513.1787612,"logger":"admin","msg":"admin endpoint started","address":"localhost:2019","enforce_origin":false,"origins":["//localhost:2019","//[::1]:2019","//127.0.0.1:2019"]}
Feb 21 16:25:13 shibuya caddy_server[1008106]: {"level":"info","ts":1771687513.1789181,"logger":"tls.cache.maintenance","msg":"started background certificate maintenance","cache":"0xc00013d100"}
Feb 21 16:25:13 shibuya caddy_server[1008106]: {"level":"info","ts":1771687513.1790195,"logger":"http.auto_https","msg":"server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS","server_name":"srv0","https_port":8443}
Feb 21 16:25:13 shibuya caddy_server[1008106]: {"level":"info","ts":1771687513.1790276,"logger":"http.auto_https","msg":"enabling automatic HTTP->HTTPS redirects","server_name":"srv0"}
Feb 21 16:25:13 shibuya caddy_server[1008106]: {"level":"debug","ts":1771687513.1790407,"logger":"http.auto_https","msg":"adjusted config","tls":{"automation":{"policies":[{"subjects":["caddyforum.squel.xyz"]},{"subjects":["file.squel.lan"]},{}]}},"http":{"http_port":8000,"https_port":8443,"servers":{"remaining_auto_https_redirects":{"listen":[":8000"],"routes":[{},{}]},"srv0":{"listen":[":8443"],"routes":[{"handle":[{"handler":"subroute","routes":[{"handle":[{"body":"Hello world!","handler":"static_response","status_code":200}]}]}],"terminal":true},{"handle":[{"handler":"subroute","routes":[{"handle":[{"body":"Hello world!","handler":"static_response","status_code":200}]}]}],"terminal":true}],"tls_connection_policies":[{}],"automatic_https":{}}}}}
Feb 21 16:25:13 shibuya caddy_server[1008106]: {"level":"warn","ts":1771687513.1791096,"logger":"pki.ca.local","msg":"installing root certificate (you might be prompted for password)","path":"storage:pki/authorities/local/root.crt"}
Feb 21 16:25:13 shibuya caddy_server[1008106]: {"level":"info","ts":1771687513.1792932,"msg":"warning: \"certutil\" is not available, install \"certutil\" with \"apt install libnss3-tools\" or \"yum install nss-tools\" and try again"}
Feb 21 16:25:13 shibuya caddy_server[1008106]: {"level":"info","ts":1771687513.1792986,"msg":"define JAVA_HOME environment variable to use the Java trust"}
Feb 21 16:25:13 shibuya caddy_server[1008106]: {"level":"info","ts":1771687513.201538,"msg":"certificate installed properly in linux trusts"}
Feb 21 16:25:13 shibuya caddy_server[1008106]: {"level":"debug","ts":1771687513.2016578,"logger":"http","msg":"starting server loop","address":"[::]:8443","tls":true,"http3":false}
Feb 21 16:25:13 shibuya caddy_server[1008106]: {"level":"info","ts":1771687513.201675,"logger":"http","msg":"enabling HTTP/3 listener","addr":":8443"}
Feb 21 16:25:13 shibuya caddy_server[1008106]: {"level":"info","ts":1771687513.2018394,"logger":"http.log","msg":"server running","name":"srv0","protocols":["h1","h2","h3"]}
Feb 21 16:25:13 shibuya caddy_server[1008106]: {"level":"debug","ts":1771687513.2021034,"logger":"http","msg":"starting server loop","address":"[::]:8000","tls":false,"http3":false}
Feb 21 16:25:13 shibuya caddy_server[1008106]: {"level":"warn","ts":1771687513.202119,"logger":"http","msg":"HTTP/2 skipped because it requires TLS","network":"tcp","addr":":8000"}
Feb 21 16:25:13 shibuya caddy_server[1008106]: {"level":"warn","ts":1771687513.2021234,"logger":"http","msg":"HTTP/3 skipped because it requires TLS","network":"tcp","addr":":8000"}
Feb 21 16:25:13 shibuya caddy_server[1008106]: {"level":"info","ts":1771687513.2021277,"logger":"http.log","msg":"server running","name":"remaining_auto_https_redirects","protocols":["h1","h2","h3"]}
Feb 21 16:25:13 shibuya caddy_server[1008106]: {"level":"info","ts":1771687513.202133,"logger":"http","msg":"enabling automatic TLS certificate management","domains":["caddyforum.squel.xyz","file.squel.lan"]}
Feb 21 16:25:13 shibuya caddy_server[1008106]: {"level":"warn","ts":1771687513.202619,"logger":"tls","msg":"stapling OCSP","identifiers":["file.squel.lan"]}
Feb 21 16:25:13 shibuya caddy_server[1008106]: {"level":"debug","ts":1771687513.2026303,"logger":"tls.cache","msg":"added certificate to cache","subjects":["file.squel.lan"],"expiration":1771724865,"managed":true,"issuer_key":"local","hash":"16f2929933b248ceea30c7faa2e4a86eedc59cf1e56fc3fa14846240e89c382c","cache_size":1,"cache_capacity":10000}
Feb 21 16:25:13 shibuya caddy_server[1008106]: {"level":"debug","ts":1771687513.202643,"logger":"events","msg":"event","name":"cached_managed_cert","id":"7cb4f474-5812-414d-b1f4-c759a508c84f","origin":"tls","data":{"sans":["file.squel.lan"]}}
Feb 21 16:25:13 shibuya caddy_server[1008106]: {"level":"debug","ts":1771687513.202668,"logger":"events","msg":"event","name":"started","id":"211e1269-ffdd-44a8-97d0-0bcd4136da47","origin":"","data":null}
Feb 21 16:25:13 shibuya caddy_server[1008106]: {"level":"info","ts":1771687513.2027893,"msg":"autosaved config (load with --resume flag)","file":"/config/caddy/autosave.json"}
Feb 21 16:25:13 shibuya caddy_server[1008106]: {"level":"info","ts":1771687513.202795,"msg":"serving initial configuration"}
Feb 21 16:25:13 shibuya caddy_server[1008106]: {"level":"info","ts":1771687513.2062104,"logger":"tls.obtain","msg":"acquiring lock","identifier":"caddyforum.squel.xyz"}
Feb 21 16:25:13 shibuya caddy_server[1008106]: {"level":"info","ts":1771687513.208104,"logger":"tls","msg":"storage cleaning happened too recently; skipping for now","storage":"FileStorage:/data/caddy","instance":"268b9099-caad-4578-a769-6685b56e9be7","try_again":1771773913.2081032,"try_again_in":86399.99999977}
Feb 21 16:25:13 shibuya caddy_server[1008106]: {"level":"info","ts":1771687513.2081378,"logger":"tls","msg":"finished cleaning storage units"}
Feb 21 16:25:13 shibuya caddy_server[1008106]: {"level":"info","ts":1771687513.2098832,"logger":"tls.obtain","msg":"lock acquired","identifier":"caddyforum.squel.xyz"}
Feb 21 16:25:13 shibuya caddy_server[1008106]: {"level":"info","ts":1771687513.2099266,"logger":"tls.obtain","msg":"obtaining certificate","identifier":"caddyforum.squel.xyz"}
Feb 21 16:25:13 shibuya caddy_server[1008106]: {"level":"debug","ts":1771687513.2099366,"logger":"events","msg":"event","name":"cert_obtaining","id":"5a1b0c97-1b86-4f83-8ea7-6e74023c9f27","origin":"tls","data":{"identifier":"caddyforum.squel.xyz"}}
Feb 21 16:25:13 shibuya caddy_server[1008106]: {"level":"debug","ts":1771687513.209999,"logger":"tls","msg":"created CSR","identifiers":["caddyforum.squel.xyz"],"san_dns_names":["caddyforum.squel.xyz"],"san_emails":[],"common_name":"","extra_extensions":0}
Feb 21 16:25:13 shibuya caddy_server[1008106]: {"level":"debug","ts":1771687513.2101824,"logger":"tls.obtain","msg":"trying issuer 1/1","issuer":"acme-v02.api.letsencrypt.org-directory"}
Feb 21 16:25:13 shibuya caddy_server[1008106]: {"level":"debug","ts":1771687513.2103257,"logger":"tls","msg":"using existing ACME account because key found in storage associated with email","email":"default","ca":"https://acme-v02.api.letsencrypt.org/directory"}
Feb 21 16:25:13 shibuya caddy_server[1008106]: {"level":"debug","ts":1771687513.2104158,"logger":"tls","msg":"using existing ACME account because key found in storage associated with email","email":"","ca":"https://acme-v02.api.letsencrypt.org/directory"}
Feb 21 16:25:13 shibuya caddy_server[1008106]: {"level":"info","ts":1771687513.210428,"logger":"tls","msg":"waiting on internal rate limiter","identifiers":["caddyforum.squel.xyz"],"ca":"https://acme-v02.api.letsencrypt.org/directory","account":""}
Feb 21 16:25:13 shibuya caddy_server[1008106]: {"level":"info","ts":1771687513.2104306,"logger":"tls","msg":"done waiting on internal rate limiter","identifiers":["caddyforum.squel.xyz"],"ca":"https://acme-v02.api.letsencrypt.org/directory","account":""}
Feb 21 16:25:13 shibuya caddy_server[1008106]: {"level":"info","ts":1771687513.210436,"logger":"tls","msg":"using ACME account","account_id":"https://acme-v02.api.letsencrypt.org/acme/acct/2273470206","account_contact":[]}
Feb 21 16:25:13 shibuya caddy_server[1008106]: {"level":"debug","ts":1771687513.6085944,"msg":"http request","method":"GET","url":"https://acme-v02.api.letsencrypt.org/directory","headers":{"User-Agent":["Caddy/2.10.2 CertMagic acmez (linux; amd64)"]},"response_headers":{"Cache-Control":["public, max-age=0, no-cache"],"Content-Length":["1033"],"Content-Type":["application/json"],"Date":["Sat, 21 Feb 2026 15:25:13 GMT"],"Server":["nginx"],"Strict-Transport-Security":["max-age=604800"],"X-Frame-Options":["DENY"]},"status_code":200}
Feb 21 16:25:13 shibuya caddy_server[1008106]: {"level":"debug","ts":1771687513.6087132,"msg":"creating order","account":"https://acme-v02.api.letsencrypt.org/acme/acct/2273470206","identifiers":["caddyforum.squel.xyz"]}
Feb 21 16:25:13 shibuya caddy_server[1008106]: {"level":"debug","ts":1771687513.738962,"msg":"http request","method":"HEAD","url":"https://acme-v02.api.letsencrypt.org/acme/new-nonce","headers":{"User-Agent":["Caddy/2.10.2 CertMagic acmez (linux; amd64)"]},"response_headers":{"Cache-Control":["public, max-age=0, no-cache"],"Date":["Sat, 21 Feb 2026 15:25:13 GMT"],"Link":["<https://acme-v02.api.letsencrypt.org/directory>;rel=\"index\""],"Replay-Nonce":["vk3d2cFHPU8Izb3A27yZX4q2hpZbx1EtpEKqUbEpbK4NE5zlnPA"],"Server":["nginx"],"Strict-Transport-Security":["max-age=604800"],"X-Frame-Options":["DENY"]},"status_code":200}
Feb 21 16:25:14 shibuya caddy_server[1008106]: {"level":"debug","ts":1771687514.2843146,"msg":"http request","method":"POST","url":"https://acme-v02.api.letsencrypt.org/acme/new-order","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.10.2 CertMagic acmez (linux; amd64)"]},"response_headers":{"Boulder-Requester":["2273470206"],"Cache-Control":["public, max-age=0, no-cache"],"Content-Length":["354"],"Content-Type":["application/json"],"Date":["Sat, 21 Feb 2026 15:25:14 GMT"],"Link":["<https://acme-v02.api.letsencrypt.org/directory>;rel=\"index\""],"Location":["https://acme-v02.api.letsencrypt.org/acme/order/2273470206/482834709176"],"Replay-Nonce":["8BF2r2lNWlAY_XeJbDziuOp1hnEdxtDQgPObyD8Y99v1YKStcn8"],"Server":["nginx"],"Strict-Transport-Security":["max-age=604800"],"X-Frame-Options":["DENY"]},"status_code":201}
Feb 21 16:25:14 shibuya caddy_server[1008106]: {"level":"debug","ts":1771687514.4176645,"msg":"http request","method":"POST","url":"https://acme-v02.api.letsencrypt.org/acme/authz/2273470206/662252977826","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.10.2 CertMagic acmez (linux; amd64)"]},"response_headers":{"Boulder-Requester":["2273470206"],"Cache-Control":["public, max-age=0, no-cache"],"Content-Length":["828"],"Content-Type":["application/json"],"Date":["Sat, 21 Feb 2026 15:25:14 GMT"],"Link":["<https://acme-v02.api.letsencrypt.org/directory>;rel=\"index\""],"Replay-Nonce":["8BF2r2lNyEzCyek2pTeGYUf3c2XQDjYNPRI3BmuIcdDNg_8-ikw"],"Server":["nginx"],"Strict-Transport-Security":["max-age=604800"],"X-Frame-Options":["DENY"]},"status_code":200}
Feb 21 16:25:14 shibuya caddy_server[1008106]: {"level":"info","ts":1771687514.4177947,"msg":"trying to solve challenge","identifier":"caddyforum.squel.xyz","challenge_type":"http-01","ca":"https://acme-v02.api.letsencrypt.org/directory"}
Feb 21 16:25:14 shibuya caddy_server[1008106]: {"level":"debug","ts":1771687514.7499876,"msg":"http request","method":"POST","url":"https://acme-v02.api.letsencrypt.org/acme/authz/2273470206/662252977826","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.10.2 CertMagic acmez (linux; amd64)"]},"response_headers":{"Boulder-Requester":["2273470206"],"Cache-Control":["public, max-age=0, no-cache"],"Content-Length":["832"],"Content-Type":["application/json"],"Date":["Sat, 21 Feb 2026 15:25:14 GMT"],"Link":["<https://acme-v02.api.letsencrypt.org/directory>;rel=\"index\""],"Replay-Nonce":["vk3d2cFHgb-rn8npolvVQ3za7eZ7PxummEq8knzczZMlG2ph1IQ"],"Server":["nginx"],"Strict-Transport-Security":["max-age=604800"],"X-Frame-Options":["DENY"]},"status_code":200}
Feb 21 16:25:14 shibuya caddy_server[1008106]: {"level":"error","ts":1771687514.750064,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"caddyforum.squel.xyz","issuer":"acme-v02.api.letsencrypt.org-directory","error":"[caddyforum.squel.xyz] solving challenges: presenting for challenge: presenting with embedded solver: could not start listener for challenge server at :80: listen tcp :80: bind: permission denied (order=https://acme-v02.api.letsencrypt.org/acme/order/2273470206/482834709176) (ca=https://acme-v02.api.letsencrypt.org/directory)"}
Feb 21 16:25:14 shibuya caddy_server[1008106]: {"level":"debug","ts":1771687514.750078,"logger":"events","msg":"event","name":"cert_failed","id":"49f40990-b7a1-453b-9ad5-e5b85a93049e","origin":"tls","data":{"error":{},"identifier":"caddyforum.squel.xyz","issuers":["acme-v02.api.letsencrypt.org-directory"],"renewal":false}}
Feb 21 16:25:14 shibuya caddy_server[1008106]: {"level":"error","ts":1771687514.7500987,"logger":"tls.obtain","msg":"will retry","error":"[caddyforum.squel.xyz] Obtain: [caddyforum.squel.xyz] solving challenges: presenting for challenge: presenting with embedded solver: could not start listener for challenge server at :80: listen tcp :80: bind: permission denied (order=https://acme-v02.api.letsencrypt.org/acme/order/2273470206/482834709176) (ca=https://acme-v02.api.letsencrypt.org/directory)","attempt":1,"retrying_in":60,"elapsed":1.540209555,"max_duration":2592000}
Feb 21 16:25:19 shibuya systemd[1105]: Stopping caddy-server.service...
Feb 21 16:25:20 shibuya caddy_server[1008106]: {"level":"info","ts":1771687520.025766,"msg":"shutting down apps, then terminating","signal":"SIGTERM"}
Feb 21 16:25:20 shibuya caddy_server[1008106]: {"level":"warn","ts":1771687520.0259218,"msg":"exiting; byeee!! 👋","signal":"SIGTERM"}
Feb 21 16:25:20 shibuya caddy_server[1008106]: {"level":"debug","ts":1771687520.0259717,"logger":"events","msg":"event","name":"stopping","id":"28da4d74-c99d-4401-b369-5dc77875b36b","origin":"","data":null}
Feb 21 16:25:20 shibuya caddy_server[1008106]: {"level":"info","ts":1771687520.0259807,"logger":"http","msg":"servers shutting down with eternal grace period"}
Feb 21 16:25:20 shibuya caddy_server[1008106]: {"level":"info","ts":1771687520.026086,"logger":"tls.obtain","msg":"releasing lock","identifier":"caddyforum.squel.xyz"}
Feb 21 16:25:20 shibuya caddy_server[1008106]: {"level":"error","ts":1771687520.0261242,"logger":"tls.obtain","msg":"unable to unlock","identifier":"caddyforum.squel.xyz","lock_key":"issue_cert_caddyforum.squel.xyz","error":"remove /data/caddy/locks/issue_cert_caddyforum.squel.xyz.lock: no such file or directory"}
Feb 21 16:25:20 shibuya caddy_server[1008106]: {"level":"error","ts":1771687520.026136,"logger":"tls","msg":"job failed","error":"caddyforum.squel.xyz: obtaining certificate: context canceled"}
Feb 21 16:25:20 shibuya caddy_server[1008106]: {"level":"info","ts":1771687520.0261745,"logger":"admin","msg":"stopped previous server","address":"localhost:2019"}
Feb 21 16:25:20 shibuya caddy_server[1008106]: {"level":"info","ts":1771687520.0261872,"msg":"shutdown complete","signal":"SIGTERM","exit_code":0}
Feb 21 16:25:20 shibuya podman[1009073]: 2026-02-21 16:25:20.036129988 +0100 CET m=+0.038419754 container died 03bb353c69f26d4a563dc18352a121bf2b4cd3121c78e396d870fdf8fc020050 (image=docker.io/library/caddy@sha256:70e816c44fb79071fc4cd939ffda76e3b629642309efe31a4fb0ed45873be464, name=caddy_server, org.opencontainers.image.description=a powerful, enterprise-ready, open source web server with automatic HTTPS written in Go, org.opencontainers.image.title=Caddy, org.opencontainers.image.url=https://caddyserver.com, org.opencontainers.image.documentation=https://caddyserver.com/docs, org.opencontainers.image.licenses=Apache-2.0, org.opencontainers.image.version=v2.10.2, PODMAN_SYSTEMD_UNIT=caddy-server.service, org.opencontainers.image.source=https://github.com/caddyserver/caddy-docker, org.opencontainers.image.vendor=Light Code Labs)
Feb 21 16:25:20 shibuya podman[1009073]: 2026-02-21 16:25:20.075648521 +0100 CET m=+0.077938297 container remove 03bb353c69f26d4a563dc18352a121bf2b4cd3121c78e396d870fdf8fc020050 (image=docker.io/library/caddy@sha256:70e816c44fb79071fc4cd939ffda76e3b629642309efe31a4fb0ed45873be464, name=caddy_server, org.opencontainers.image.source=https://github.com/caddyserver/caddy-docker, org.opencontainers.image.vendor=Light Code Labs, org.opencontainers.image.version=v2.10.2, org.opencontainers.image.documentation=https://caddyserver.com/docs, org.opencontainers.image.description=a powerful, enterprise-ready, open source web server with automatic HTTPS written in Go, org.opencontainers.image.title=Caddy, org.opencontainers.image.url=https://caddyserver.com, PODMAN_SYSTEMD_UNIT=caddy-server.service, org.opencontainers.image.licenses=Apache-2.0)
Feb 21 16:25:20 shibuya caddy-server[1009073]: caddy_server
Feb 21 16:25:20 shibuya systemd[1105]: Stopped caddy-server.service.
3. Caddy version:
v2.10.2 h1:g/gTYjGMD0dec+UgMw8SnfmJ3I9+M2TdvoRL/Ovu6U8=
4. How I installed and ran Caddy:
Rootless podman via systemd quadlets, with Network=host. Ports 80 and 443 are forwarded to 8000 and 8443 through firewalld.
a. System environment:
Fedora Server 43 x86_64, podman version 5.7.1
b. Command:
Default CMD. systemctl --user restart caddy-server.service to (re)start caddy.
c. Service/unit/compose file:
~/.config/containers/systemd/caddy/caddy-server.container:
[Container]
ContainerName=caddy_server
Network=host
Image=docker.io/caddy:2.10.2@sha256:70e816c44fb79071fc4cd939ffda76e3b629642309efe31a4fb0ed45873be464
Volume=./config:/config:Z
Volume=./Caddyfile:/etc/caddy/Caddyfile:Z,ro
Volume=./logs:/var/log/caddy:z
Volume=./data:/data:z
[Install]
WantedBy=default.target
[Unit]
After=podman-user-wait-network-online.service
[Service]
Restart=always
d. My complete Caddy config:
~/.config/containers/systemd/caddy/Caddyfile:
# The Caddyfile is an easy way to configure your Caddy web server.
#
# Unless the file starts with a global options block, the first
# uncommented line is always the address of your site.
#
# To use your own domain name (with automatic HTTPS), first make
# sure your domain's A/AAAA DNS records are properly pointed to
# this machine's public IP, then replace ":80" below with your
# domain name.
{
debug
http_port 8000
https_port 8443
}
file.squel.lan {
tls internal
respond "Hello world!" 200
}
caddyforum.squel.xyz {
respond "Hello world!" 200
}
# Refer to the Caddy docs for more information:
# https://caddyserver.com/docs/caddyfile