Acme: Trying renewal with xxx hours remaining

Hi,

I know Caddy is supposed to manage automatically the renewal of the SSL certificate with letsencrypt.

For a few days I have now these messages in the logs showing up in my cmd window:

Should I expect caddy to stop working when my certificate expires? Does it mean there’s an issue when renewing my certificate? What should I do to help caddy?

Thanks

What version of Caddy are you using? What is the domain name? (Edit: to clarify I’m mobile so I can’t look up your domain from the authz url right now but otherwise I would as it should reveal the domain name, which will make it easier to debug)

I’m using 1.0.3
My domain is --edited–

Are ports 80 and 443 accepting traffic from every IP? The authz record shows a connect timeout. I can’t connect to it either.

Actually, NONE of them are opened…

I’m using caddy in front of a service using a random port for a Plex service.

Should I open both or just 80 or 443?

Both for best reliability.

This is documented here: https://caddyserver.com/docs/automatic-https#ports

Sorry I thought 80 and 443 were only needed if you host a web server. I’m a security freak so I try to open as less as ports possible.

I’ve added both ports and it works perfectly.

Thanks Matt.

1 Like

Another possibility is to use DNS validation for the certificate, in which case you don’t need to open any ports at all. You do, however, need to be using a supported DNS provider–Cloudflare is popular, but many other DNS hosts are supported as well. See the list in the docs (scroll down the the heading for DNS providers on the left).