Abdulla
(A)
April 29, 2018, 8:10pm
1
I been trying to get SSL on my domain via Caddy. I am currently runnding Caddy 0.10.14 (non-commerical). I use DynuDNS to manage my public IP and made sure that port 80/443 are pointed to the machine that is running Caddy. But, I have been getting the following errors
Apr 30 00:06:20 Caddy systemd[1]: Started Caddy HTTP/2 web server.
Apr 30 00:06:21 Caddy caddy[6498]: Activating privacy features… 2018/04/30 00:06:21 [INFO][xxx] acme: Obtaining bundled SAN certificate
Apr 30 00:06:22 Caddy caddy[6498]: 2018/04/30 00:06:22 [INFO][xxxxx] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz/MWKV0vlNeGm5ksDmN1c_Q1kGT2
Apr 30 00:06:22 Caddy caddy[6498]: 2018/04/30 00:06:22 [INFO][xxxxx] acme: Could not find solver for: dns-01
Apr 30 00:06:22 Caddy caddy[6498]: 2018/04/30 00:06:22 [INFO][xxxx] acme: Trying to solve HTTP-01
Apr 30 00:06:43 Caddy caddy[6498]: 2018/04/30 00:06:43 [xxxxx] failed to get certificate: acme: Error 400 - urn:ietf:params:acme:error:connection - Fetching http://xxxx/.well-known/acme-challenge/LB2ur-UXS4me9bRAG63Ml4vm6zylQU5M_MzDejYiYDg: Timeout during connect (likely firewall problem)
I would appreciate any help with this
This part means the ACME server never succeeded in making a connection to your server.
Some possible causes that we see commonly include:
The domain isn’t pointing at the correct IP address
Is the dynamic DNS working properly?
Did you recently change public IP address, and has the DNS change propagated yet?
The target IP address isn’t accepting connections
Is the edge router forwarding the ports correctly?
Is the target host’s firewall configured to accept the connections?
1 Like
Abdulla
(A)
April 30, 2018, 11:30am
3
Thank you for your response!
I ensured that the domain is pointing to the correct IP as I nslooked up the domain and it pointed to the same IP that I got when I ran ipinfo.io .
I have difficulty confirming if the port is open on the exact machine but when I point the router to another machine running 443/80 it works.
443 Running on another machine
Host Machine Firewall Settings
One thing you could try is to use a Caddyfile like:
example.com {
tls self_signed
status / 200
}
To start Caddy up without needing certificates, then run curl -kIL http://example.com/
from anywhere with an internet connection.
A good result would be an output like this:
HTTP/1.1 301 Moved Permanently
Connection: close
Content-Type: text/html; charset=utf-8
Location: https://example.com/
Server: Caddy
Date: Tue, 01 May 2018 01:10:39 GMT
HTTP/2 200
content-type: text/html; charset=UTF-8
server: Caddy
date: Tue, 01 May 2018 01:10:40 GMT
system
(system)
Closed
July 30, 2018, 1:11am
5
This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.