ACME time-out when starting Caddy

Help
1

For some reason all my websites where down tonight, I check my logs and didn’t find anything. So I decided to restart Caddy, which keeps on giving me this error:

2016/08/07 10:18:37 error creating client: get directory at 'https://acme-v01.api.letsencrypt.org/directory': failed to get "https://acme-v01.api.letsencrypt.org/directory": Get https://acme-v01.api.letsencrypt.org/directory: net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)

Any ideas? How can I restart my server using the old stored certificates to reduce downtime?

If I curl the same page I get:

An error occurred while processing your request.

Reference #97.57f01202.1470558905.132195c1

2

Is Caddy running in a container. Ideally there should not be need to fetch those again if the certs already exists. Or has anything changed ?

3

Caddy isn’t running in a container.
Nothing had changed. I just didn’t look to Caddy for the last few months because everything was running smooth.
Then my webserver was frozen and I tried to restart it resulting into this error…

4

I don’t know what I did, but Caddy is running again…
Upgraded Caddy, changed permissions, … and my sites are up and running again!

1 Like
5

What version of Caddy were you running? Why and how did you restart it? What was the problem before you restarted it? What’s your Caddyfile look like? What was in the logs before you restarted? Do you think maybe the ACME endpoint was down for a few minutes? If curl had the problem too then maybe there was an issue with your network.

6

I was running Caddy 0.8.3, and all requests to my webserver had time-out.
Caddy logs were normal, htaccess logs didn’t show anything newer than when my uptime monitoring tool said I was down.
I tried the ACME endpoint over a span of a couple of hours.
I also noticed that I had nearly no space left on my hard drive, so I removed some stuff and tried again. Didn’t change anything
Then I upgraded to 0.9 and it started to work again.

7

Hmm, wonder if you ran out of swap space too? Hard to tell what could have caused it at this point, but it’s not something I’ve seen yet, or even heard of.

8

I’m again having this problem:

Activating privacy features...2016/09/10 17:45:13 get directory at 'https://acme-v01.api.letsencrypt.org/directory': failed to get "https://acme-v01.api.letsencrypt.org/directory": Get https://acme-v01.api.letsencrypt.org/directory: net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)

I already updated Caddy to the latest version and rebooted my server.
Any hints on this @matt?

9

Curl works on the same machine:

~> curl https://acme-v01.api.letsencrypt.org/directory
{
  "new-authz": "https://acme-v01.api.letsencrypt.org/acme/new-authz",
  "new-cert": "https://acme-v01.api.letsencrypt.org/acme/new-cert",
  "new-reg": "https://acme-v01.api.letsencrypt.org/acme/new-reg",
  "revoke-cert": "https://acme-v01.api.letsencrypt.org/acme/revoke-cert"
}
10

That appears to simply be a network error. I’m not really sure what to do about it except try the connection again?

11

It was indeed some fishy networking problem on my server. Don’t know how yet, but I had problems with connecting to IPv6 hosts. Even things like downloading Go with wget over IPv6 was stuck on connecting to the server.

I then looked into the TLS logic of Caddy and increased the timeout time for the ACME client drastically, which solved the problem for me. Caddy is running again!

Would it be useful if people could configure the time-out values with a command line flag?

1 Like
12

That’s actually coming soon. https://github.com/mholt/caddy/pull/1041/files (although I may refactor the flags around a bit before release)

13

Thanks, that would solve my problem!

14

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.