Caddy 2.8.4 tls new errors

This is the output from caddy service err

{"level":"error","ts":1719232538.317233,"logger":"tls.renew","msg":"could not get certificate from issuer","identifier":"mask","issuer":"acme-v02.api.letsencrypt.org-directory","error":"[mask] solving challenges: waiting for solver certmagic.solverWrapper to be ready: timed out waiting for record to fully propagate; verify DNS provider configuration is correct - last error: <nil> (order=https://acme-staging-v02.api.letsencrypt.org/acme/order/mask) (ca=https://acme-staging-v02.api.letsencrypt.org/directory)"}
{"level":"info","ts":1719232538.3177397,"logger":"tls.issuance.acme","msg":"using ACME account","account_id":"https://acme.zerossl.com/v2/DV90/account/mask","account_contact":["mailto:mask"]}
{"level":"error","ts":1719232538.3462987,"logger":"tls.renew","msg":"could not get certificate from issuer","identifier":"mask","issuer":"acme-v02.api.letsencrypt.org-directory","error":"[mask] solving challenges: waiting for solver certmagic.solverWrapper to be ready: timed out waiting for record to fully propagate; verify DNS provider configuration is correct - last error: <nil> (order=https://acme-staging-v02.api.letsencrypt.org/acme/order/mask) (ca=https://acme-staging-v02.api.letsencrypt.org/directory)"}
{"level":"info","ts":1719232538.3462987,"logger":"tls.issuance.acme","msg":"using ACME account","account_id":"https://acme.zerossl.com/v2/DV90/account/mask","account_contact":["mailto:mask"]}
{"level":"info","ts":1719232539.3897545,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"mask","challenge_type":"dns-01","ca":"https://acme.zerossl.com/v2/DV90"}
{"level":"info","ts":1719232539.3977854,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"mask","challenge_type":"dns-01","ca":"https://acme.zerossl.com/v2/DV90"}
{"level":"info","ts":1719232636.4649286,"logger":"admin.api","msg":"received request","method":"POST","host":"localhost:2019","uri":"/load","remote_ip":"127.0.0.1","remote_port":"51739","headers":{"Accept-Encoding":["gzip"],"Content-Length":["21669"],"Content-Type":["application/json"],"Origin":["http://localhost:2019"],"User-Agent":["Go-http-client/1.1"]}}
{"level":"info","ts":1719232636.4662,"msg":"config is unchanged"}
{"level":"info","ts":1719232636.4662,"logger":"admin.api","msg":"load complete"}
{"level":"error","ts":1719232661.3381276,"logger":"tls.renew","msg":"could not get certificate from issuer","identifier":"mask","issuer":"acme.zerossl.com-v2-DV90","error":"[mask] solving challenges: waiting for solver certmagic.solverWrapper to be ready: timed out waiting for record to fully propagate; verify DNS provider configuration is correct - last error: <nil> (order=https://acme.zerossl.com/v2/DV90/order/mask) (ca=https://acme.zerossl.com/v2/DV90)"}
{"level":"error","ts":1719232661.338436,"logger":"tls.renew","msg":"will retry","error":"[mask] Renew: [mask] solving challenges: waiting for solver certmagic.solverWrapper to be ready: timed out waiting for record to fully propagate; verify DNS provider configuration is correct - last error: <nil> (order=https://acme.zerossl.com/v2/DV90/order/mask) (ca=https://acme.zerossl.com/v2/DV90)","attempt":3,"retrying_in":120,"elapsed":918.8908114,"max_duration":2592000}
{"level":"error","ts":1719232661.3597512,"logger":"tls.renew","msg":"could not get certificate from issuer","identifier":"mask","issuer":"acme.zerossl.com-v2-DV90","error":"[mask] solving challenges: waiting for solver certmagic.solverWrapper to be ready: timed out waiting for record to fully propagate; verify DNS provider configuration is correct - last error: <nil> (order=https://acme.zerossl.com/v2/DV90/order/mask) (ca=https://acme.zerossl.com/v2/DV90)"}
{"level":"error","ts":1719232661.3597512,"logger":"tls.renew","msg":"will retry","error":"[mask] Renew: [mask] solving challenges: waiting for solver certmagic.solverWrapper to be ready: timed out waiting for record to fully propagate; verify DNS provider configuration is correct - last error: <nil> (order=https://acme.zerossl.com/v2/DV90/order/mask) (ca=https://acme.zerossl.com/v2/DV90)","attempt":3,"retrying_in":120,"elapsed":918.918802,"max_duration":2592000}

This is my configuration in the end of each domain, I have not touched anything for 6 months+

	tls mail@mail.c0m {
		dns cloudflare key
		resolvers 1.1.1.1
	}

Should I just ignore it and will it eventually fix it self?

That looks like only part of your logs and is missing the useful part. Please fill out the help template, instead of deleting it, so we can help you.

1 Like

Here’s a full log, I cleared it, restarted caddy, but I also replaced my very old api token from cloudflare, it seem still to fail with letsencrypt but now zero picked it up, which it could not do before, even after countless restarts…

{"level":"info","ts":1719269595.657183,"msg":"using adjacent Caddyfile"}
{"level":"info","ts":1719269595.6655805,"msg":"adapted config to JSON","adapter":"caddyfile"}
{"level":"warn","ts":1719269595.6655805,"msg":"Caddyfile input is not formatted; run 'caddy fmt --overwrite' to fix inconsistencies","adapter":"caddyfile","file":"Caddyfile","line":9}
{"level":"info","ts":1719269595.6754448,"logger":"admin","msg":"admin endpoint started","address":"localhost:2019","enforce_origin":false,"origins":["//localhost:2019","//[::1]:2019","//127.0.0.1:2019"]}
{"level":"info","ts":1719269595.6760516,"logger":"tls.cache.maintenance","msg":"started background certificate maintenance","cache":"0xc0007fba00"}
{"level":"info","ts":1719269595.6760516,"logger":"http.auto_https","msg":"server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS","server_name":"srv0","https_port":443}
{"level":"info","ts":1719269595.6760516,"logger":"http.auto_https","msg":"automatic HTTP->HTTPS redirects are disabled","server_name":"srv0"}
{"level":"info","ts":1719269595.6811707,"logger":"http","msg":"enabling HTTP/3 listener","addr":":443"}
{"level":"info","ts":1719269595.681763,"logger":"http.log","msg":"server running","name":"srv0","protocols":["h1","h2","h3"]}
{"level":"info","ts":1719269595.681763,"logger":"http","msg":"enabling automatic TLS certificate management","domains":["mask","mask","mask","mask","mask"]}
{"level":"info","ts":1719269595.6889617,"logger":"tls","msg":"certificate is in configured renewal window based on expiration date","subjects":["mask"],"expiration":1721692800,"ari_cert_id":"","next_ari_update":null,"renew_check_interval":600,"window_start":-6795364578.8713455,"window_end":-6795364578.8713455,"remaining":2423204.3110381}
{"level":"info","ts":1719269595.6901324,"logger":"tls.renew","msg":"acquiring lock","identifier":"mask"}
{"level":"info","ts":1719269595.6901324,"logger":"tls","msg":"storage cleaning happened too recently; skipping for now","storage":"FileStorage:C:\\Windows\\system32\\config\\systemprofile\\AppData\\Roaming\\Caddy","instance":"b861ca77-5a1a-48b3-94ec-d661603a7b40","try_again":1719355995.6901324,"try_again_in":86400}
{"level":"info","ts":1719269595.690734,"logger":"tls","msg":"certificate is in configured renewal window based on expiration date","subjects":["mask"],"expiration":1721692800,"ari_cert_id":"","next_ari_update":null,"renew_check_interval":600,"window_start":-6795364578.8713455,"window_end":-6795364578.8713455,"remaining":2423204.3092661}
{"level":"info","ts":1719269595.690734,"logger":"tls","msg":"finished cleaning storage units"}
{"level":"info","ts":1719269595.691363,"logger":"tls.renew","msg":"acquiring lock","identifier":"mask"}
{"level":"info","ts":1719269595.692531,"logger":"tls.renew","msg":"lock acquired","identifier":"mask"}
{"level":"info","ts":1719269595.6931317,"logger":"tls.renew","msg":"renewing certificate","identifier":"mask","remaining":2423204.3068681}
{"level":"info","ts":1719269595.6937335,"logger":"tls.issuance.acme","msg":"waiting on internal rate limiter","identifiers":["mask"],"ca":"https://acme-v02.api.letsencrypt.org/directory","account":"mask"}
{"level":"info","ts":1719269595.6943312,"logger":"tls.issuance.acme","msg":"done waiting on internal rate limiter","identifiers":["mask"],"ca":"https://acme-v02.api.letsencrypt.org/directory","account":"mask"}
{"level":"info","ts":1719269595.6943312,"logger":"tls.issuance.acme","msg":"using ACME account","account_id":"https://acme-v02.api.letsencrypt.org/acme/acct/mask","account_contact":["mailto:mask"]}
{"level":"info","ts":1719269595.6943312,"logger":"tls.renew","msg":"lock acquired","identifier":"mask"}
{"level":"info","ts":1719269595.6949348,"logger":"tls.renew","msg":"renewing certificate","identifier":"mask","remaining":2423204.3050653}
{"level":"info","ts":1719269595.6955302,"logger":"tls.issuance.acme","msg":"waiting on internal rate limiter","identifiers":["mask"],"ca":"https://acme-v02.api.letsencrypt.org/directory","account":"mask"}
{"level":"info","ts":1719269595.6955302,"logger":"tls.issuance.acme","msg":"done waiting on internal rate limiter","identifiers":["mask"],"ca":"https://acme-v02.api.letsencrypt.org/directory","account":"mask"}
{"level":"info","ts":1719269595.6955302,"logger":"tls.issuance.acme","msg":"using ACME account","account_id":"https://acme-v02.api.letsencrypt.org/acme/acct/mask","account_contact":["mailto:mask"]}
{"level":"info","ts":1719269595.698759,"msg":"autosaved config (load with --resume flag)","file":"C:\\Windows\\system32\\config\\systemprofile\\AppData\\Roaming\\Caddy\\autosave.json"}
{"level":"info","ts":1719269595.698759,"msg":"serving initial configuration"}
{"level":"info","ts":1719269596.6249251,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"mask","challenge_type":"dns-01","ca":"https://acme-v02.api.letsencrypt.org/directory"}
{"level":"info","ts":1719269596.7601051,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"mask","challenge_type":"dns-01","ca":"https://acme-v02.api.letsencrypt.org/directory"}
{"level":"error","ts":1719269719.025315,"logger":"tls.renew","msg":"could not get certificate from issuer","identifier":"mask","issuer":"acme-v02.api.letsencrypt.org-directory","error":"[mask] solving challenges: waiting for solver certmagic.solverWrapper to be ready: timed out waiting for record to fully propagate; verify DNS provider configuration is correct - last error: <nil> (order=https://acme-v02.api.letsencrypt.org/acme/order/mask/mask) (ca=https://acme-v02.api.letsencrypt.org/directory)"}
{"level":"info","ts":1719269719.0253801,"logger":"tls.issuance.acme","msg":"waiting on internal rate limiter","identifiers":["mask"],"ca":"https://acme.zerossl.com/v2/DV90","account":"mask"}
{"level":"info","ts":1719269719.0253801,"logger":"tls.issuance.acme","msg":"done waiting on internal rate limiter","identifiers":["mask"],"ca":"https://acme.zerossl.com/v2/DV90","account":"mask"}
{"level":"info","ts":1719269719.0253801,"logger":"tls.issuance.acme","msg":"using ACME account","account_id":"https://acme.zerossl.com/v2/DV90/account/mask","account_contact":["mailto:mask"]}
{"level":"error","ts":1719269719.0563989,"logger":"tls.renew","msg":"could not get certificate from issuer","identifier":"mask","issuer":"acme-v02.api.letsencrypt.org-directory","error":"[mask] solving challenges: waiting for solver certmagic.solverWrapper to be ready: timed out waiting for record to fully propagate; verify DNS provider configuration is correct - last error: <nil> (order=https://acme-v02.api.letsencrypt.org/acme/order/mask/mask) (ca=https://acme-v02.api.letsencrypt.org/directory)"}
{"level":"info","ts":1719269719.0569642,"logger":"tls.issuance.acme","msg":"waiting on internal rate limiter","identifiers":["mask"],"ca":"https://acme.zerossl.com/v2/DV90","account":"mask"}
{"level":"info","ts":1719269719.0569642,"logger":"tls.issuance.acme","msg":"done waiting on internal rate limiter","identifiers":["mask"],"ca":"https://acme.zerossl.com/v2/DV90","account":"mask"}
{"level":"info","ts":1719269719.0569642,"logger":"tls.issuance.acme","msg":"using ACME account","account_id":"https://acme.zerossl.com/v2/DV90/account/mask","account_contact":["mailto:mask"]}
{"level":"info","ts":1719269720.1723661,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"mask","challenge_type":"dns-01","ca":"https://acme.zerossl.com/v2/DV90"}
{"level":"info","ts":1719269720.182907,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"mask","challenge_type":"dns-01","ca":"https://acme.zerossl.com/v2/DV90"}
{"level":"error","ts":1719269721.595867,"logger":"http.handlers.reverse_proxy","msg":"aborting with incomplete response","upstream":"192.168.1.22:5004","duration":0.7536757,"request":{"remote_ip":"mask","remote_port":"22066","client_ip":"mask","proto":"HTTP/2.0","method":"GET","host":"mask","uri":"/auto/v1","headers":{"Cf-Visitor":["{\"scheme\":\"https\"}"],"Cdn-Loop":["cloudflare"],"Authorization":["REDACTED"],"X-Forwarded-Proto":["https"],"User-Agent":["VLC/3.0.18 LibVLC/3.0.18"],"Cf-Connecting-Ip":["mask"],"Cf-Ray":["89904defdc1892ee-CPH"],"Cf-Ipcountry":["DK"],"X-Forwarded-For":["mask, mask"],"Range":["bytes=0-"],"Accept":["*/*"],"Accept-Language":["en_US"],"Accept-Encoding":["gzip, br"],"X-Forwarded-Host":["mask"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"h2","server_name":"mask"}},"error":"reading: context canceled"}
{"level":"info","ts":1719269783.1402104,"logger":"tls.issuance.acme.acme_client","msg":"authorization finalized","identifier":"mask","authz_status":"valid"}
{"level":"info","ts":1719269783.1402104,"logger":"tls.issuance.acme.acme_client","msg":"validations succeeded; finalizing order","order":"https://acme.zerossl.com/v2/DV90/order/mask"}
{"level":"info","ts":1719269783.1576557,"logger":"tls.issuance.acme.acme_client","msg":"authorization finalized","identifier":"mask","authz_status":"valid"}
{"level":"info","ts":1719269783.1576557,"logger":"tls.issuance.acme.acme_client","msg":"validations succeeded; finalizing order","order":"https://acme.zerossl.com/v2/DV90/order/mask"}
{"level":"info","ts":1719269799.0748444,"logger":"tls.issuance.acme.acme_client","msg":"successfully downloaded available certificate chains","count":1,"first_url":"https://acme.zerossl.com/v2/DV90/cert/mask"}
{"level":"info","ts":1719269799.0761077,"logger":"tls.renew","msg":"certificate renewed successfully","identifier":"mask","issuer":"acme.zerossl.com-v2-DV90"}
{"level":"info","ts":1719269799.0762746,"logger":"tls.renew","msg":"releasing lock","identifier":"mask"}
{"level":"info","ts":1719269799.0762746,"logger":"tls","msg":"reloading managed certificate","identifiers":["mask"]}
{"level":"info","ts":1719269799.0910006,"logger":"tls.issuance.acme.acme_client","msg":"successfully downloaded available certificate chains","count":1,"first_url":"https://acme.zerossl.com/v2/DV90/cert/mask"}
{"level":"info","ts":1719269799.0918162,"logger":"tls.renew","msg":"certificate renewed successfully","identifier":"mask","issuer":"acme.zerossl.com-v2-DV90"}
{"level":"info","ts":1719269799.0919561,"logger":"tls.renew","msg":"releasing lock","identifier":"mask"}
{"level":"info","ts":1719269799.0919561,"logger":"tls","msg":"reloading managed certificate","identifiers":["mask"]}
{"level":"info","ts":1719269799.1867769,"logger":"tls.cache","msg":"replaced certificate in cache","subjects":["mask"],"new_expiration":1727049600}
{"level":"info","ts":1719269799.3201804,"logger":"tls.cache","msg":"replaced certificate in cache","subjects":["mask"],"new_expiration":1727049600}

Please fill out the help topic template as per the forum rules, or we won’t be able to help.

1 Like

That looks like more of a spurious timeout error. It didn’t see the record propagate when trying to solve the DNS challenge.

If you run a tool like dig during the challenge, can you see the challenge record from Caddy’s machine?

1 Like