Caching/re-using certs from zerossl api

1. Output of caddy version:

docker:alpine:latest, image id: 006d393a4e6a, which corresponds to 2.6.2

2. How I run Caddy:

caddy in docker-compose

3. The problem I’m having:

I use ZeroSSL for TLS Certs via their API. I’m a paying customer. Twice this year zerossl api has had issues where the API doesn’t respond or timeout, see on Dec 17-18, and in August 2022, at least.

When their API is down/slow, I cannot get TLS certs via API (duh). Before the restart, the certs were valid until 2023-03-10. Why doesn’t caddy use those existing, valid certs first?

The docker volume is correctly configured, and the certs are in the proper places.

{“level”:“info”,“ts”:1671391701.8631637,“logger”:“tls.cache.maintenance”,“msg”:“started background certificate maintenance”,“cache”:“0xc00047b650”}
{“level”:“info”,“ts”:1671391701.8632362,“logger”:“tls”,“msg”:“cleaning storage unit”,“description”:“FileStorage:/data/caddy”}
{“level”:“info”,“ts”:1671391701.863269,“logger”:“tls”,“msg”:“finished cleaning storage units”}

Is there some config option I’m missing to disable “cleaning storage units” on start? Or better yet, to force caddy to use existing, valid certs in storage before making an API request?

Further thoughts are to set caddy to automatically fallback to let’s encrypt if zerossl cannot generate a cert via API.

I’ve read the docs over and over again and don’t see anything obvious. I’ve started reading the caddy source to see if there’s something else I’m missing.


So, there’s a difference between their “API”, and the “ACME API”. Caddy uses ACME. Just want to make sure we’re on the same page there.

Also, do not remove parts of the help topic template. It’s vital that you give all the information asked by the template so we can effectively help you. You didn’t share your config, so it’s impossible to know how you set up Caddy and whether you might have made a config mistake causing things not to work as expected.

1 Like

Thanks for the response. I host hundreds of sites on caddy, so I removed the irrelevant parts of the template. Turns out, the problem was with docker codebase itself. They ACK’d it and have a fix forthcoming.

Sorry for the waste of bandwidth here.


I’m curious to hear what it was, then. Is there a GitHub issue you can link to?

This topic was automatically closed after 30 days. New replies are no longer allowed.