1. The problem I’m having:
I am trying to setup domain using CAA resource record with account binding. I have read the accounturi from $XDG_DATA_HOME/caddy
and used that to set CAA resource record. After some time, the account uri seems to be changing and I keep getting errors like CAA record for sub.example.com prevents issuance
. I wanted to check in which cases is accounturi generated by caddy supposed to change.
2. Error messages and/or full log output:
{"level":"error","ts":1690791416.6911912,"logger":"http.acme_client","msg":"challenge failed","identifier":"sub.example.com","challenge_type":"http-01","problem":{"type":"urn:ietf:params:acme:error:caa","title":"","detail":"CAA record for sub.example.com prevents issuance","instance":"","subproblems":[]}}
{"level":"error","ts":1690791416.6912282,"logger":"http.acme_client","msg":"validating authorization","identifier":"sub.example.com","problem":{"type":"urn:ietf:params:acme:error:caa","title":"","detail":"CAA record for sub.example.com prevents issuance","instance":"","subproblems":[]},"order":"https://acme-v02.api.letsencrypt.org/acme/order/1233435836/198462076506","attempt":1,"max_attempts":3}
{"level":"error","ts":1690791416.691271,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"sub.example.com","issuer":"acme-v02.api.letsencrypt.org-directory","error":"HTTP 403 urn:ietf:params:acme:error:caa - CAA record for sub.example.com prevents issuance"}
{"level":"warn","ts":1690791416.691405,"logger":"http","msg":"missing email address for ZeroSSL; it is strongly recommended to set one for next time"}
{"level":"info","ts":1690791418.2679894,"logger":"http","msg":"generated EAB credentials","key_id":"2RQZgsZTlU4io6Q_WfRJ0w"}
{"level":"info","ts":1690791420.4499238,"logger":"http","msg":"waiting on internal rate limiter","identifiers":["sub.example.com"],"ca":"https://acme.zerossl.com/v2/DV90","account":""}
{"level":"info","ts":1690791420.454414,"logger":"http","msg":"done waiting on internal rate limiter","identifiers":["sub.example.com"],"ca":"https://acme.zerossl.com/v2/DV90","account":""}
{"level":"info","ts":1690791421.6350415,"logger":"http.acme_client","msg":"trying to solve challenge","identifier":"sub.example.com","challenge_type":"http-01","ca":"https://acme.zerossl.com/v2/DV90"}
{"level":"info","ts":1690791423.7211192,"logger":"http","msg":"served key authentication","identifier":"sub.example.com","challenge":"http-01","remote":"127.0.0.1:38214","distributed":false}
{"level":"info","ts":1690791428.1220367,"logger":"http.acme_client","msg":"authorization finalized","identifier":"sub.example.com","authz_status":"valid"}
{"level":"info","ts":1690791428.1220572,"logger":"http.acme_client","msg":"validations succeeded; finalizing order","order":"https://acme.zerossl.com/v2/DV90/order/1gD3lBFN5wmKx0aaOy68Kw"}
{"level":"info","ts":1690791670.4719834,"logger":"http.log.access","msg":"handled request","request":{"remote_ip":"127.0.0.1","remote_port":"38326","proto":"HTTP/1.1","method":"GET","host":"52.66.85.117","uri":"/","headers":{"User-Agent":["Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.0.0 Safari/537.36"],"Accept":["*/*"],"Accept-Encoding":["gzip"]}},"user_id":"","duration":0.000036046,"size":0,"status":308,"resp_headers":{"Server":["Caddy"],"Connection":["close"],"Location":["https://52.66.85.117/"],"Content-Type":[]}}
{"level":"info","ts":1690791671.0137236,"logger":"http.log.access","msg":"handled request","request":{"remote_ip":"127.0.0.1","remote_port":"38330","proto":"HTTP/1.1","method":"GET","host":"52.66.85.117","uri":"/client/get_targets","headers":{"Accept-Encoding":["gzip"],"User-Agent":["Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.0.0 Safari/537.36"],"Accept":["*/*"]}},"user_id":"","duration":0.00003625,"size":0,"status":308,"resp_headers":{"Server":["Caddy"],"Connection":["close"],"Location":["https://52.66.85.117/client/get_targets"],"Content-Type":[]}}
{"level":"info","ts":1690791671.2695642,"logger":"http.log.access","msg":"handled request","request":{"remote_ip":"127.0.0.1","remote_port":"38332","proto":"HTTP/1.1","method":"GET","host":"52.66.85.117","uri":"/upl.php","headers":{"Accept":["*/*"],"Accept-Encoding":["gzip"],"User-Agent":["Mozilla/5.0"]}},"user_id":"","duration":0.000033805,"size":0,"status":308,"resp_headers":{"Server":["Caddy"],"Connection":["close"],"Location":["https://52.66.85.117/upl.php"],"Content-Type":[]}}
{"level":"info","ts":1690791671.7932527,"logger":"http.log.access","msg":"handled request","request":{"remote_ip":"127.0.0.1","remote_port":"38336","proto":"HTTP/1.1","method":"GET","host":"52.66.85.117","uri":"/geoip/","headers":{"User-Agent":["Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.0.0 Safari/537.36"],"Accept":["*/*"],"Accept-Encoding":["gzip"]}},"user_id":"","duration":0.000036422,"size":0,"status":308,"resp_headers":{"Connection":["close"],"Location":["https://52.66.85.117/geoip/"],"Content-Type":[],"Server":["Caddy"]}}
{"level":"info","ts":1690791672.050587,"logger":"http.log.access","msg":"handled request","request":{"remote_ip":"127.0.0.1","remote_port":"38338","proto":"HTTP/1.1","method":"GET","host":"52.66.85.117","uri":"/","headers":{"User-Agent":["Mozilla/5.0 (iPhone; CPU iPhone OS 13_3_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/13.0.5 Mobile/15E148 Snapchat/10.77.0.54 (like Safari/604.1)"],"Accept":["*/*"],"X-Id":["2b25f1b5215bfeaf9f6d4df62e1a9b5b"],"Accept-Encoding":["gzip"]}},"user_id":"","duration":0.000034043,"size":0,"status":308,"resp_headers":{"Server":["Caddy"],"Connection":["close"],"Location":["https://52.66.85.117/"],"Content-Type":[]}}
{"level":"info","ts":1690791672.3156788,"logger":"http.log.access","msg":"handled request","request":{"remote_ip":"127.0.0.1","remote_port":"38340","proto":"HTTP/1.1","method":"GET","host":"52.66.85.117","uri":"/favicon.ico","headers":{"User-Agent":["Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.0.0 Safari/537.36"],"Accept":["*/*"],"Accept-Encoding":["gzip"]}},"user_id":"","duration":0.000034437,"size":0,"status":308,"resp_headers":{"Server":["Caddy"],"Connection":["close"],"Location":["https://52.66.85.117/favicon.ico"],"Content-Type":[]}}
{"level":"info","ts":1690791672.5807407,"logger":"http.log.access","msg":"handled request","request":{"remote_ip":"127.0.0.1","remote_port":"38342","proto":"HTTP/1.1","method":"GET","host":"52.66.85.117","uri":"/1.php","headers":{"User-Agent":["Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.0.0 Safari/537.36"],"Accept":["*/*"],"Accept-Encoding":["gzip"]}},"user_id":"","duration":0.000034585,"size":0,"status":308,"resp_headers":{"Content-Type":[],"Server":["Caddy"],"Connection":["close"],"Location":["https://52.66.85.117/1.php"]}}
{"level":"info","ts":1690791672.8502057,"logger":"http.log.access","msg":"handled request","request":{"remote_ip":"127.0.0.1","remote_port":"38344","proto":"HTTP/1.1","method":"GET","host":"52.66.85.117","uri":"/bundle.js","headers":{"User-Agent":["Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.0.0 Safari/537.36"],"Accept":["*/*"],"Accept-Encoding":["gzip"]}},"user_id":"","duration":0.000040197,"size":0,"status":308,"resp_headers":{"Server":["Caddy"],"Connection":["close"],"Location":["https://52.66.85.117/bundle.js"],"Content-Type":[]}}
{"level":"info","ts":1690791673.110419,"logger":"http.log.access","msg":"handled request","request":{"remote_ip":"127.0.0.1","remote_port":"38346","proto":"HTTP/1.1","method":"GET","host":"52.66.85.117","uri":"/files/","headers":{"Accept-Encoding":["gzip"],"User-Agent":["Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.0.0 Safari/537.36"],"Accept":["*/*"]}},"user_id":"","duration":0.000033649,"size":0,"status":308,"resp_headers":{"Location":["https://52.66.85.117/files/"],"Content-Type":[],"Server":["Caddy"],"Connection":["close"]}}
{"level":"error","ts":1690791735.718973,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"sub.example.com","issuer":"acme.zerossl.com-v2-DV90","error":"[sub.example.com] finalizing order https://acme.zerossl.com/v2/DV90/order/1gD3lBFN5wmKx0aaOy68Kw: order took too long (ca=https://acme.zerossl.com/v2/DV90)"}
{"level":"error","ts":1690791735.7190182,"logger":"tls.obtain","msg":"will retry","error":"[sub.example.com] Obtain: [sub.example.com] finalizing order https://acme.zerossl.com/v2/DV90/order/1gD3lBFN5wmKx0aaOy68Kw: order took too long (ca=https://acme.zerossl.com/v2/DV90)","attempt":1,"retrying_in":60,"elapsed":322.724900278,"max_duration":2592000}
{"level":"info","ts":1690791795.719261,"logger":"tls.obtain","msg":"obtaining certificate","identifier":"sub.example.com"}
{"level":"info","ts":1690791797.7317526,"logger":"http.acme_client","msg":"trying to solve challenge","identifier":"sub.example.com","challenge_type":"tls-alpn-01","ca":"https://acme-staging-v02.api.letsencrypt.org/directory"}
{"level":"info","ts":1690791798.311397,"logger":"tls","msg":"served key authentication certificate","server_name":"sub.example.com","challenge":"tls-alpn-01","remote":"127.0.0.1:50392","distributed":false}
{"level":"info","ts":1690791798.3402932,"logger":"tls","msg":"served key authentication certificate","server_name":"sub.example.com","challenge":"tls-alpn-01","remote":"127.0.0.1:50394","distributed":false}
{"level":"info","ts":1690791798.3549454,"logger":"tls","msg":"served key authentication certificate","server_name":"sub.example.com","challenge":"tls-alpn-01","remote":"127.0.0.1:50396","distributed":false}
{"level":"error","ts":1690791799.0513792,"logger":"http.acme_client","msg":"challenge failed","identifier":"sub.example.com","challenge_type":"tls-alpn-01","problem":{"type":"urn:ietf:params:acme:error:caa","title":"","detail":"CAA record for sub.example.com prevents issuance","instance":"","subproblems":[]}}
{"level":"error","ts":1690791799.0514135,"logger":"http.acme_client","msg":"validating authorization","identifier":"sub.example.com","problem":{"type":"urn:ietf:params:acme:error:caa","title":"","detail":"CAA record for sub.example.com prevents issuance","instance":"","subproblems":[]},"order":"https://acme-staging-v02.api.letsencrypt.org/acme/order/112978524/10040925284","attempt":1,"max_attempts":3}
{"level":"error","ts":1690791799.0514383,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"sub.example.com","issuer":"acme-v02.api.letsencrypt.org-directory","error":"HTTP 403 urn:ietf:params:acme:error:caa - CAA record for sub.example.com prevents issuance"}
{"level":"info","ts":1690791799.931333,"logger":"http.acme_client","msg":"trying to solve challenge","identifier":"sub.example.com","challenge_type":"http-01","ca":"https://acme.zerossl.com/v2/DV90"}
{"level":"info","ts":1690791801.0143092,"logger":"http","msg":"served key authentication","identifier":"sub.example.com","challenge":"http-01","remote":"127.0.0.1:38400","distributed":false}
{"level":"info","ts":1690791805.9578655,"logger":"http.acme_client","msg":"authorization finalized","identifier":"sub.example.com","authz_status":"valid"}
{"level":"info","ts":1690791805.9578867,"logger":"http.acme_client","msg":"validations succeeded; finalizing order","order":"https://acme.zerossl.com/v2/DV90/order/68WnIQZv6yE-8ooP0M0eBw"}
{"level":"error","ts":1690792115.1689718,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"sub.example.com","issuer":"acme.zerossl.com-v2-DV90","error":"[sub.example.com] finalizing order https://acme.zerossl.com/v2/DV90/order/68WnIQZv6yE-8ooP0M0eBw: order took too long (ca=https://acme.zerossl.com/v2/DV90)"}
{"level":"error","ts":1690792115.169024,"logger":"tls.obtain","msg":"will retry","error":"[sub.example.com] Obtain: [sub.example.com] finalizing order https://acme.zerossl.com/v2/DV90/order/68WnIQZv6yE-8ooP0M0eBw: order took too long (ca=https://acme.zerossl.com/v2/DV90)","attempt":2,"retrying_in":120,"elapsed":702.174905989,"max_duration":2592000}
{"level":"info","ts":1690792235.1692646,"logger":"tls.obtain","msg":"obtaining certificate","identifier":"sub.example.com"}
{"level":"info","ts":1690792236.967735,"logger":"http.acme_client","msg":"trying to solve challenge","identifier":"sub.example.com","challenge_type":"http-01","ca":"https://acme-staging-v02.api.letsencrypt.org/directory"}
{"level":"info","ts":1690792237.5192435,"logger":"http","msg":"served key authentication","identifier":"sub.example.com","challenge":"http-01","remote":"127.0.0.1:38416","distributed":false}
{"level":"info","ts":1690792237.533857,"logger":"http","msg":"served key authentication","identifier":"sub.example.com","challenge":"http-01","remote":"127.0.0.1:38418","distributed":false}
{"level":"info","ts":1690792237.5537162,"logger":"http","msg":"served key authentication","identifier":"sub.example.com","challenge":"http-01","remote":"127.0.0.1:38420","distributed":false}
{"level":"error","ts":1690792238.2672875,"logger":"http.acme_client","msg":"challenge failed","identifier":"sub.example.com","challenge_type":"http-01","problem":{"type":"urn:ietf:params:acme:error:caa","title":"","detail":"CAA record for sub.example.com prevents issuance","instance":"","subproblems":[]}}
{"level":"error","ts":1690792238.2673216,"logger":"http.acme_client","msg":"validating authorization","identifier":"sub.example.com","problem":{"type":"urn:ietf:params:acme:error:caa","title":"","detail":"CAA record for sub.example.com prevents issuance","instance":"","subproblems":[]},"order":"https://acme-staging-v02.api.letsencrypt.org/acme/order/112979374/10041007844","attempt":1,"max_attempts":3}
{"level":"error","ts":1690792238.2673447,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"sub.example.com","issuer":"acme-v02.api.letsencrypt.org-directory","error":"HTTP 403 urn:ietf:params:acme:error:caa - CAA record for sub.example.com prevents issuance"}
{"level":"info","ts":1690792240.890427,"logger":"http.acme_client","msg":"trying to solve challenge","identifier":"sub.example.com","challenge_type":"http-01","ca":"https://acme.zerossl.com/v2/DV90"}
{"level":"info","ts":1690792241.8051052,"logger":"http","msg":"served key authentication","identifier":"sub.example.com","challenge":"http-01","remote":"127.0.0.1:38426","distributed":false}
{"level":"info","ts":1690792247.3241744,"logger":"http.acme_client","msg":"authorization finalized","identifier":"sub.example.com","authz_status":"valid"}
{"level":"info","ts":1690792247.3241947,"logger":"http.acme_client","msg":"validations succeeded; finalizing order","order":"https://acme.zerossl.com/v2/DV90/order/WkZlv73DD1YFlb_oxCoP2Q"}
{"level":"error","ts":1690792562.9766295,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"sub.example.com","issuer":"acme.zerossl.com-v2-DV90","error":"[sub.example.com] finalizing order https://acme.zerossl.com/v2/DV90/order/WkZlv73DD1YFlb_oxCoP2Q: order took too long (ca=https://acme.zerossl.com/v2/DV90)"}
{"level":"error","ts":1690792562.976676,"logger":"tls.obtain","msg":"will retry","error":"[sub.example.com] Obtain: [sub.example.com] finalizing order https://acme.zerossl.com/v2/DV90/order/WkZlv73DD1YFlb_oxCoP2Q: order took too long (ca=https://acme.zerossl.com/v2/DV90)","attempt":3,"retrying_in":120,"elapsed":1149.982557974,"max_duration":2592000}
{"level":"info","ts":1690792682.9769237,"logger":"tls.obtain","msg":"obtaining certificate","identifier":"sub.example.com"}
{"level":"info","ts":1690792684.407744,"logger":"http.acme_client","msg":"trying to solve challenge","identifier":"sub.example.com","challenge_type":"http-01","ca":"https://acme-staging-v02.api.letsencrypt.org/directory"}
{"level":"info","ts":1690792684.970935,"logger":"http","msg":"served key authentication","identifier":"sub.example.com","challenge":"http-01","remote":"127.0.0.1:38444","distributed":false}
{"level":"info","ts":1690792684.9888809,"logger":"http","msg":"served key authentication","identifier":"sub.example.com","challenge":"http-01","remote":"127.0.0.1:38446","distributed":false}
{"level":"info","ts":1690792685.0018725,"logger":"http","msg":"served key authentication","identifier":"sub.example.com","challenge":"http-01","remote":"127.0.0.1:38448","distributed":false}
{"level":"info","ts":1690792685.7020445,"logger":"http.acme_client","msg":"authorization finalized","identifier":"sub.example.com","authz_status":"valid"}
{"level":"info","ts":1690792685.7020648,"logger":"http.acme_client","msg":"validations succeeded; finalizing order","order":"https://acme-staging-v02.api.letsencrypt.org/acme/order/112979374/10041095014"}
{"level":"info","ts":1690792689.5317523,"logger":"http.acme_client","msg":"successfully downloaded available certificate chains","count":1,"first_url":"https://acme-staging-v02.api.letsencrypt.org/acme/cert/fa45d0bc95f28d718af67ec3b9a01cd6515f"}
{"level":"info","ts":1690792690.7727437,"logger":"http","msg":"waiting on internal rate limiter","identifiers":["sub.example.com"],"ca":"https://acme-v02.api.letsencrypt.org/directory","account":"caddy@zerossl.com"}
{"level":"info","ts":1690792690.777384,"logger":"http","msg":"done waiting on internal rate limiter","identifiers":["sub.example.com"],"ca":"https://acme-v02.api.letsencrypt.org/directory","account":"caddy@zerossl.com"}
{"level":"info","ts":1690792691.527727,"logger":"http.acme_client","msg":"trying to solve challenge","identifier":"sub.example.com","challenge_type":"http-01","ca":"https://acme-v02.api.letsencrypt.org/directory"}
{"level":"info","ts":1690792692.1214964,"logger":"http","msg":"served key authentication","identifier":"sub.example.com","challenge":"http-01","remote":"127.0.0.1:38454","distributed":false}
{"level":"info","ts":1690792692.1580791,"logger":"http","msg":"served key authentication","identifier":"sub.example.com","challenge":"http-01","remote":"127.0.0.1:38456","distributed":false}
{"level":"info","ts":1690792692.1908007,"logger":"http","msg":"served key authentication","identifier":"sub.example.com","challenge":"http-01","remote":"127.0.0.1:38458","distributed":false}
{"level":"error","ts":1690792692.8402247,"logger":"http.acme_client","msg":"challenge failed","identifier":"sub.example.com","challenge_type":"http-01","problem":{"type":"urn:ietf:params:acme:error:caa","title":"","detail":"CAA record for sub.example.com prevents issuance","instance":"","subproblems":[]}}
{"level":"error","ts":1690792692.8402596,"logger":"http.acme_client","msg":"validating authorization","identifier":"sub.example.com","problem":{"type":"urn:ietf:params:acme:error:caa","title":"","detail":"CAA record for sub.example.com prevents issuance","instance":"","subproblems":[]},"order":"https://acme-v02.api.letsencrypt.org/acme/order/1233465626/198465191346","attempt":1,"max_attempts":3}
{"level":"error","ts":1690792692.8402863,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"sub.example.com","issuer":"acme-v02.api.letsencrypt.org-directory","error":"HTTP 403 urn:ietf:params:acme:error:caa - CAA record for sub.example.com prevents issuance"}
{"level":"info","ts":1690792694.9790678,"logger":"http.acme_client","msg":"trying to solve challenge","identifier":"sub.example.com","challenge_type":"http-01","ca":"https://acme.zerossl.com/v2/DV90"}
{"level":"info","ts":1690792696.6424406,"logger":"http","msg":"served key authentication","identifier":"sub.example.com","challenge":"http-01","remote":"127.0.0.1:38464","distributed":false}
{"level":"info","ts":1690792701.2895598,"logger":"http.acme_client","msg":"authorization finalized","identifier":"sub.example.com","authz_status":"valid"}
{"level":"info","ts":1690792701.2895803,"logger":"http.acme_client","msg":"validations succeeded; finalizing order","order":"https://acme.zerossl.com/v2/DV90/order/IHwI8sC3RJJI20_M3Bq32Q"}
{"level":"info","ts":1690792885.7397735,"logger":"http.log.access","msg":"handled request","request":{"remote_ip":"127.0.0.1","remote_port":"38470","proto":"HTTP/1.0","method":"OPTIONS","host":"52.66.85.117","uri":"/","headers":{}},"user_id":"","duration":0.000050724,"size":0,"status":308,"resp_headers":{"Server":["Caddy"],"Connection":["close"],"Location":["https://52.66.85.117/"],"Content-Type":[]}}
{"level":"error","ts":1690793007.4323752,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"sub.example.com","issuer":"acme.zerossl.com-v2-DV90","error":"[sub.example.com] finalizing order https://acme.zerossl.com/v2/DV90/order/IHwI8sC3RJJI20_M3Bq32Q: order took too long (ca=https://acme.zerossl.com/v2/DV90)"}
{"level":"error","ts":1690793007.4324226,"logger":"tls.obtain","msg":"will retry","error":"[sub.example.com] Obtain: [sub.example.com] finalizing order https://acme.zerossl.com/v2/DV90/order/IHwI8sC3RJJI20_M3Bq32Q: order took too long (ca=https://acme.zerossl.com/v2/DV90)","attempt":4,"retrying_in":300,"elapsed":1594.438304537,"max_duration":2592000}
{"level":"info","ts":1690793051.425263,"logger":"http.log.access","msg":"handled request","request":{"remote_ip":"127.0.0.1","remote_port":"38474","proto":"HTTP/1.0","method":"GET","host":"","uri":"/","headers":{"User-Agent":["Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36"],"Accept":["*/*"]}},"user_id":"","duration":0.000041698,"size":0,"status":308,"resp_headers":{"Location":["https:///"],"Content-Type":[],"Server":["Caddy"],"Connection":["close"]}}
{"level":"info","ts":1690793253.2624044,"logger":"http.log.access","msg":"handled request","request":{"remote_ip":"127.0.0.1","remote_port":"38476","proto":"HTTP/1.1","method":"HEAD","host":"52.66.85.117:80","uri":"/Core/Skin/Login.aspx","headers":{"Pragma":["no-cache"],"Proxy-Connection":["keep-alive"],"User-Agent":["Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36"],"Accept":["text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9"],"Accept-Encoding":["gzip, deflate"],"Accept-Language":["zh-CN,zh;q=0.9"],"Cache-Control":["no-cache"]}},"user_id":"","duration":0.000038679,"size":0,"status":308,"resp_headers":{"Server":["Caddy"],"Connection":["close"],"Location":["https://52.66.85.117/Core/Skin/Login.aspx"],"Content-Type":[]}}
{"level":"info","ts":1690793307.4326653,"logger":"tls.obtain","msg":"obtaining certificate","identifier":"sub.example.com"}
{"level":"info","ts":1690793308.9317284,"logger":"http.acme_client","msg":"authorization finalized","identifier":"sub.example.com","authz_status":"valid"}
{"level":"info","ts":1690793308.9356062,"logger":"http.acme_client","msg":"validations succeeded; finalizing order","order":"https://acme-staging-v02.api.letsencrypt.org/acme/order/112979374/10041260654"}
{"level":"info","ts":1690793312.803822,"logger":"http.acme_client","msg":"successfully downloaded available certificate chains","count":1,"first_url":"https://acme-staging-v02.api.letsencrypt.org/acme/cert/fa532705b6366c569463adf4727db006f7d1"}
{"level":"info","ts":1690793312.8087292,"logger":"http","msg":"waiting on internal rate limiter","identifiers":["sub.example.com"],"ca":"https://acme-v02.api.letsencrypt.org/directory","account":"caddy@zerossl.com"}
{"level":"info","ts":1690793312.808744,"logger":"http","msg":"done waiting on internal rate limiter","identifiers":["sub.example.com"],"ca":"https://acme-v02.api.letsencrypt.org/directory","account":"caddy@zerossl.com"}
{"level":"info","ts":1690793314.4117396,"logger":"http.acme_client","msg":"trying to solve challenge","identifier":"sub.example.com","challenge_type":"http-01","ca":"https://acme-v02.api.letsencrypt.org/directory"}
{"level":"info","ts":1690793315.0073695,"logger":"http","msg":"served key authentication","identifier":"sub.example.com","challenge":"http-01","remote":"127.0.0.1:38490","distributed":false}
{"level":"info","ts":1690793315.0365624,"logger":"http","msg":"served key authentication","identifier":"sub.example.com","challenge":"http-01","remote":"127.0.0.1:38492","distributed":false}
{"level":"info","ts":1690793315.0503862,"logger":"http","msg":"served key authentication","identifier":"sub.example.com","challenge":"http-01","remote":"127.0.0.1:38494","distributed":false}
{"level":"info","ts":1690793315.7241583,"logger":"http.acme_client","msg":"authorization finalized","identifier":"sub.example.com","authz_status":"valid"}
{"level":"info","ts":1690793315.7241778,"logger":"http.acme_client","msg":"validations succeeded; finalizing order","order":"https://acme-v02.api.letsencrypt.org/acme/order/1233465626/198466664666"}
{"level":"info","ts":1690793317.6436982,"logger":"http.acme_client","msg":"successfully downloaded available certificate chains","count":2,"first_url":"https://acme-v02.api.letsencrypt.org/acme/cert/04cd67aad42500307086cd192b40d094a2ee"}
{"level":"info","ts":1690793317.643975,"logger":"tls.obtain","msg":"certificate obtained successfully","identifier":"sub.example.com"}
{"level":"info","ts":1690793317.6440003,"logger":"tls.obtain","msg":"releasing lock","identifier":"sub.example.com"}{"level":"info","ts":1690794504.4263127,"logger":"http.log.access","msg":"handled request","request":{"remote_ip":"127.0.0.1","remote_port":"38528","proto":"HTTP/1.1","method":"GET","host":"52.66.85.117","uri":"/.env","headers":{"Accept-Encoding":["gzip, deflate"],"Accept":["*/*"],"Connection":["keep-alive"],"User-Agent":["Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36"]}},"user_id":"","duration":0.000042806,"size":0,"status":308,"resp_headers":{"Content-Type":[],"Server":["Caddy"],"Connection":["close"],"Location":["https://52.66.85.117/.env"]}}
{"level":"info","ts":1690794507.717765,"logger":"http.log.access","msg":"handled request","request":{"remote_ip":"127.0.0.1","remote_port":"38530","proto":"HTTP/1.1","method":"POST","host":"52.66.85.117","uri":"/","headers":{"User-Agent":["Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36"],"Accept-Encoding":["gzip, deflate"],"Accept":["*/*"],"Connection":["keep-alive"],"Content-Length":["15"],"Content-Type":["application/x-www-form-urlencoded"]}},"user_id":"","duration":0.000035429,"size":0,"status":308,"resp_headers":{"Server":["Caddy"],"Connection":["close"],"Location":["https://52.66.85.117/"],"Content-Type":[]}}
3. Caddy version:
2.6.4
4. How I installed and ran Caddy:
wget -O caddy "https://caddyserver.com/api/download?os=linux&arch=arm64"
a. System environment:
AWS nitro enclave, arm64
b. Command:
using supervisor
PASTE OVER THIS, BETWEEN THE ``` LINES.
Please use the preview pane to ensure it looks nice.
d. My complete Caddy config:
(cors) {
@options {
method OPTIONS
}
header Access-Control-Allow-Origin "*"
header Access-Control-Allow-Methods "GET, POST, OPTIONS, HEAD, DELETE"
header Access-Control-Allow-Headers "Authorization, Origin, X-Requested-With, Content-Type, Accept"
respond @options 200
}
sub.example.com {
import common
import cors
root * /app/dist
try_files {path} {path}/ /index.html
file_server
}