I am trying to obtain a SSL cert for my domain name. Let’s replace it by the fictional domain name xyz.com. Original one is redacted.
The following setup works, both port 80 and 443:
https://xyz.com http://xyz.com {
root /var/www/html/
#tls REDACTED
tls self_signed
browse /data
}
However, when i try to uncomment the tls setting with my email and disable the self-signed cert, in order to enable ACME. Then this happens:
caddy_1 | 2019/09/19 18:13:29 [INFO] New CaddyFile:
caddy_1 | https://xyz.com http://xyz.com {
caddy_1 | root /var/www/html/
caddy_1 | tls REDACTED
caddy_1 | #tls self_signed
caddy_1 | browse /data
caddy_1 | }
caddy_1 | # Skipping services because swarm is not available
caddy_1 | # Skipping configs because swarm is not available
caddy_1 | http://cloud.xyz.com {
caddy_1 | proxy / 172.26.0.3:8000
caddy_1 | tls off
caddy_1 | }
caddy_1 | http://old.xyz.com {
caddy_1 | proxy / 172.26.0.2:8000
caddy_1 | tls off
caddy_1 | }
caddy_1 | Activating privacy features... 2019/09/19 18:13:29 [INFO][cache:0xc00029cbe0] Started certificate maintenance routine
caddy_1 | 2019/09/19 18:13:29 [INFO][cache:0xc00029cf00] Started certificate maintenance routine
caddy_1 | 2019/09/19 18:13:30 [INFO] [xyz.com] acme: Obtaining bundled SAN certificate
caddy_1 | 2019/09/19 18:13:31 [INFO] [xyz.com] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/REDACTED
caddy_1 | 2019/09/19 18:13:31 [INFO] [xyz.com] acme: use tls-alpn-01 solver
caddy_1 | 2019/09/19 18:13:31 [INFO] [xyz.com] acme: Trying to solve TLS-ALPN-01
caddy_1 | 2019/09/19 18:13:39 [INFO] Unable to deactivated authorizations: https://acme-v02.api.letsencrypt.org/acme/authz-v3/REDACTED
caddy_1 | 2019/09/19 18:13:39 [xyz.com] failed to obtain certificate: acme: Error -> One or more domains had a problem:
caddy_1 | [xyz.com] acme: error: 400 :: urn:ietf:params:acme:error:connection :: Error getting validation data, url:
With the Let’s encrypt report being:
{
"identifier": {
"type": "dns",
"value": "xyz.com"
},
"status": "invalid",
"expires": "2019-09-26T18:13:30Z",
"challenges": [
{
"type": "http-01",
"status": "invalid",
"url": "REDACTED",
"token": "y6ZI2qtGHTjcTPImxXKnYKzBWYj8ugrgTS7xjfluDNo"
},
{
"type": "dns-01",
"status": "invalid",
"url": "REDACTED",
"token": "y6ZI2qtGHTjcTPImxXKnYKzBWYj8ugrgTS7xjfluDNo"
},
{
"type": "tls-alpn-01",
"status": "invalid",
"error": {
"type": "urn:ietf:params:acme:error:connection",
"detail": "Error getting validation data",
"status": 400
},
"url": "REDACTED",
"token": "y6ZI2qtGHTjcTPImxXKnYKzBWYj8ugrgTS7xjfluDNo",
"validationRecord": [
{
"hostname": "REDACTED",
"port": "443",
"addressesResolved": [
"51.38.98.XX",
"2001:XXXX"
],
"addressUsed": "2001:4XXX"
}
]
}
]
}