1. Output of caddy version:
docker:alpine:latest, image id: 006d393a4e6a, which corresponds to 2.6.2
2. How I run Caddy:
caddy in docker-compose
3. The problem I’m having:
I use ZeroSSL for TLS Certs via their API. I’m a paying customer. Twice this year zerossl api has had issues where the API doesn’t respond or timeout, see https://status.zerossl.com/ on Dec 17-18, and in August 2022, at least.
When their API is down/slow, I cannot get TLS certs via API (duh). Before the restart, the certs were valid until 2023-03-10. Why doesn’t caddy use those existing, valid certs first?
The docker volume is correctly configured, and the certs are in the proper places.
{“level”:“info”,“ts”:1671391701.8631637,“logger”:“tls.cache.maintenance”,“msg”:“started background certificate maintenance”,“cache”:“0xc00047b650”}
{“level”:“info”,“ts”:1671391701.8632362,“logger”:“tls”,“msg”:“cleaning storage unit”,“description”:“FileStorage:/data/caddy”}
{“level”:“info”,“ts”:1671391701.863269,“logger”:“tls”,“msg”:“finished cleaning storage units”}
Is there some config option I’m missing to disable “cleaning storage units” on start? Or better yet, to force caddy to use existing, valid certs in storage before making an API request?
Further thoughts are to set caddy to automatically fallback to let’s encrypt if zerossl cannot generate a cert via API.
I’ve read the docs over and over again and don’t see anything obvious. I’ve started reading the caddy source to see if there’s something else I’m missing.
Thanks!