ACME Error 400 while generating certificate

Hello there.

I’ve been using Caddy for months now (without trouble). But today I had to switch my domain name, and I got in trouble halfway with the Automatic HTTPS.

This is my Caddyfile: {    
    # empty

I ran the command caddy (without any parameters). After a few seconds, it returns this:

Activating privacy features... 2018/12/17 12:50:55 [] failed to get certificate: acme:         Error 400 - urn:ietf:params:acme:error:connection - Fetching    known/acme-challenge/9ywCsG5SinZc3CiJfxx9UnwBPF1iVSqR-W0XMZl6TFw: Error getting validation data

I made sure to forward port 80 and 443 from the outside to my internal ip address ( and point it to port 80 and 443 (again). I’ve also ran setcap to make sure caddy can bind to port 80 and 443, but I’m not sure I did it the right way… sudo setcap cap_net_bind_service=+ep /usr/local/bin/caddy.

I’m so desperate to the point that I ran ulimit -u 8192 /usr/local/bin/caddy (which is normally not needed).

What happened? Every help is appreciated. Thanks!

Recheck these:

  • That port 80 and 443 are open externally on the server and not used by another process
  • That your A and AAAA record for the domain are setup correctly
1 Like


Thank you for your reply!

Yes, port 80 and 443 is currently open and I’ve also pointed the domain to my IP address.

Hi @Jeff_Tan_Han_Wei,

Next thing to check is that Caddy is properly accessible via your external IP address.

Try adding tls self_signed to the site configuration for your domain name and bring up Caddy again. It should launch without trying to request any certificates.

When that’s done, run this in a shell:

curl -kIL

(replacing with your domain name as appropriate)

The response will give us an idea of what LetsEncrypt might be seeing when it tries to initiate an ACME challenge.

Hi, thanks for your reply.

I managed to successfully implement the self-signed certificate and ran curl -kIL It returned:
curl: (8) Weird server reply
Any ideas what’s this? Thanks!

Huh. Wasn’t expecting that.

Try curl -vkIL instead (adding the v flag, for verbose output). Might give us a better idea of what the “weird server reply” is.

The one thing we can infer from this is that it’s clearly not an open path from your external IP to Caddy; something along the way is misbehaving.

Hi again.

I ran curl -vkIL Return value:

* Rebuilt URL to:
*   Trying
* Connected to (123.456.789) port 2015 (#0)
> HEAD / HTTP/1.1
> Host:
> User-Agent: curl/7.61.1
> Accept: */*
* Closing connection 0
curl: (8) Weird server reply

Thanks for your time :slight_smile:

Looks like it wasn’t a “weird server reply” so much as “the server said nothing at all and then closed the connection”.

Just to confirm, try this (again substituting your own domain name for

curl -kIL -H ""

We want to see a good Caddy response from this; we’re testing how it responds to a request for your domain name, we’re just connecting directly to it locally instead of resolving it through the external IP.


Just to add to the frustuation, the command returned the same “weird server reply”. Thanks for your help anyways. I’ll try to resolve the problem myself. Maybe I missed something.


Did it do this immediately, or on the second response?

I realised after I posted that the more correct way of doing what I intended was this:

curl -kIL --resolve '' --resolve ''

(doing it as above might have had it work for HTTP, redirected to the new location, which would have gone via external for HTTPS)

But if it gave you a weird server reply off the bat, it could be that the host in question ( has a rogue firewall or some other issue meaning that Caddy isn’t listening on the expected ports.

1 Like

Hi, (and sorry for being inactive for such a long time)

Thanks for all your effort and time. Long story short, I got so frustruated (I worked on this problem for about 9 hours) I decided to do the unprofessional thing and reset my router. It worked and it let me pass. No idea why.

One big problem right now: whenever I decide to write root index.html (or just try root …), the browser gives me this error:

Now does anybody have an idea :confused:

Thanks once again @Whitestrake @magikstm

BTW @Whitestrake I see you around the forum very often. Almost every topic. Wow.


No worries, I like to help!

Double check the root doc:

The expected usage is that you designate the directory containing index.html rather than the file itself.

I also recommend you use an absolute path for it wherever possible, so that the ambiguity of relative paths doesn’t come back to bite you in unexpected ways.

If you don’t specify a root at all, Caddy will assume the web root to be the present working directory (i.e. the directory you were in when you launched Caddy).

1 Like

Thanks! It solved my problem. I didn’t know that I needed to designate the directory instead of just a html folder. TIL.

Thank you for being so helpful :slight_smile:

Have a good day.

1 Like

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.