Here’s a full log, I cleared it, restarted caddy, but I also replaced my very old api token from cloudflare, it seem still to fail with letsencrypt but now zero picked it up, which it could not do before, even after countless restarts…
{"level":"info","ts":1719269595.657183,"msg":"using adjacent Caddyfile"}
{"level":"info","ts":1719269595.6655805,"msg":"adapted config to JSON","adapter":"caddyfile"}
{"level":"warn","ts":1719269595.6655805,"msg":"Caddyfile input is not formatted; run 'caddy fmt --overwrite' to fix inconsistencies","adapter":"caddyfile","file":"Caddyfile","line":9}
{"level":"info","ts":1719269595.6754448,"logger":"admin","msg":"admin endpoint started","address":"localhost:2019","enforce_origin":false,"origins":["//localhost:2019","//[::1]:2019","//127.0.0.1:2019"]}
{"level":"info","ts":1719269595.6760516,"logger":"tls.cache.maintenance","msg":"started background certificate maintenance","cache":"0xc0007fba00"}
{"level":"info","ts":1719269595.6760516,"logger":"http.auto_https","msg":"server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS","server_name":"srv0","https_port":443}
{"level":"info","ts":1719269595.6760516,"logger":"http.auto_https","msg":"automatic HTTP->HTTPS redirects are disabled","server_name":"srv0"}
{"level":"info","ts":1719269595.6811707,"logger":"http","msg":"enabling HTTP/3 listener","addr":":443"}
{"level":"info","ts":1719269595.681763,"logger":"http.log","msg":"server running","name":"srv0","protocols":["h1","h2","h3"]}
{"level":"info","ts":1719269595.681763,"logger":"http","msg":"enabling automatic TLS certificate management","domains":["mask","mask","mask","mask","mask"]}
{"level":"info","ts":1719269595.6889617,"logger":"tls","msg":"certificate is in configured renewal window based on expiration date","subjects":["mask"],"expiration":1721692800,"ari_cert_id":"","next_ari_update":null,"renew_check_interval":600,"window_start":-6795364578.8713455,"window_end":-6795364578.8713455,"remaining":2423204.3110381}
{"level":"info","ts":1719269595.6901324,"logger":"tls.renew","msg":"acquiring lock","identifier":"mask"}
{"level":"info","ts":1719269595.6901324,"logger":"tls","msg":"storage cleaning happened too recently; skipping for now","storage":"FileStorage:C:\\Windows\\system32\\config\\systemprofile\\AppData\\Roaming\\Caddy","instance":"b861ca77-5a1a-48b3-94ec-d661603a7b40","try_again":1719355995.6901324,"try_again_in":86400}
{"level":"info","ts":1719269595.690734,"logger":"tls","msg":"certificate is in configured renewal window based on expiration date","subjects":["mask"],"expiration":1721692800,"ari_cert_id":"","next_ari_update":null,"renew_check_interval":600,"window_start":-6795364578.8713455,"window_end":-6795364578.8713455,"remaining":2423204.3092661}
{"level":"info","ts":1719269595.690734,"logger":"tls","msg":"finished cleaning storage units"}
{"level":"info","ts":1719269595.691363,"logger":"tls.renew","msg":"acquiring lock","identifier":"mask"}
{"level":"info","ts":1719269595.692531,"logger":"tls.renew","msg":"lock acquired","identifier":"mask"}
{"level":"info","ts":1719269595.6931317,"logger":"tls.renew","msg":"renewing certificate","identifier":"mask","remaining":2423204.3068681}
{"level":"info","ts":1719269595.6937335,"logger":"tls.issuance.acme","msg":"waiting on internal rate limiter","identifiers":["mask"],"ca":"https://acme-v02.api.letsencrypt.org/directory","account":"mask"}
{"level":"info","ts":1719269595.6943312,"logger":"tls.issuance.acme","msg":"done waiting on internal rate limiter","identifiers":["mask"],"ca":"https://acme-v02.api.letsencrypt.org/directory","account":"mask"}
{"level":"info","ts":1719269595.6943312,"logger":"tls.issuance.acme","msg":"using ACME account","account_id":"https://acme-v02.api.letsencrypt.org/acme/acct/mask","account_contact":["mailto:mask"]}
{"level":"info","ts":1719269595.6943312,"logger":"tls.renew","msg":"lock acquired","identifier":"mask"}
{"level":"info","ts":1719269595.6949348,"logger":"tls.renew","msg":"renewing certificate","identifier":"mask","remaining":2423204.3050653}
{"level":"info","ts":1719269595.6955302,"logger":"tls.issuance.acme","msg":"waiting on internal rate limiter","identifiers":["mask"],"ca":"https://acme-v02.api.letsencrypt.org/directory","account":"mask"}
{"level":"info","ts":1719269595.6955302,"logger":"tls.issuance.acme","msg":"done waiting on internal rate limiter","identifiers":["mask"],"ca":"https://acme-v02.api.letsencrypt.org/directory","account":"mask"}
{"level":"info","ts":1719269595.6955302,"logger":"tls.issuance.acme","msg":"using ACME account","account_id":"https://acme-v02.api.letsencrypt.org/acme/acct/mask","account_contact":["mailto:mask"]}
{"level":"info","ts":1719269595.698759,"msg":"autosaved config (load with --resume flag)","file":"C:\\Windows\\system32\\config\\systemprofile\\AppData\\Roaming\\Caddy\\autosave.json"}
{"level":"info","ts":1719269595.698759,"msg":"serving initial configuration"}
{"level":"info","ts":1719269596.6249251,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"mask","challenge_type":"dns-01","ca":"https://acme-v02.api.letsencrypt.org/directory"}
{"level":"info","ts":1719269596.7601051,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"mask","challenge_type":"dns-01","ca":"https://acme-v02.api.letsencrypt.org/directory"}
{"level":"error","ts":1719269719.025315,"logger":"tls.renew","msg":"could not get certificate from issuer","identifier":"mask","issuer":"acme-v02.api.letsencrypt.org-directory","error":"[mask] solving challenges: waiting for solver certmagic.solverWrapper to be ready: timed out waiting for record to fully propagate; verify DNS provider configuration is correct - last error: <nil> (order=https://acme-v02.api.letsencrypt.org/acme/order/mask/mask) (ca=https://acme-v02.api.letsencrypt.org/directory)"}
{"level":"info","ts":1719269719.0253801,"logger":"tls.issuance.acme","msg":"waiting on internal rate limiter","identifiers":["mask"],"ca":"https://acme.zerossl.com/v2/DV90","account":"mask"}
{"level":"info","ts":1719269719.0253801,"logger":"tls.issuance.acme","msg":"done waiting on internal rate limiter","identifiers":["mask"],"ca":"https://acme.zerossl.com/v2/DV90","account":"mask"}
{"level":"info","ts":1719269719.0253801,"logger":"tls.issuance.acme","msg":"using ACME account","account_id":"https://acme.zerossl.com/v2/DV90/account/mask","account_contact":["mailto:mask"]}
{"level":"error","ts":1719269719.0563989,"logger":"tls.renew","msg":"could not get certificate from issuer","identifier":"mask","issuer":"acme-v02.api.letsencrypt.org-directory","error":"[mask] solving challenges: waiting for solver certmagic.solverWrapper to be ready: timed out waiting for record to fully propagate; verify DNS provider configuration is correct - last error: <nil> (order=https://acme-v02.api.letsencrypt.org/acme/order/mask/mask) (ca=https://acme-v02.api.letsencrypt.org/directory)"}
{"level":"info","ts":1719269719.0569642,"logger":"tls.issuance.acme","msg":"waiting on internal rate limiter","identifiers":["mask"],"ca":"https://acme.zerossl.com/v2/DV90","account":"mask"}
{"level":"info","ts":1719269719.0569642,"logger":"tls.issuance.acme","msg":"done waiting on internal rate limiter","identifiers":["mask"],"ca":"https://acme.zerossl.com/v2/DV90","account":"mask"}
{"level":"info","ts":1719269719.0569642,"logger":"tls.issuance.acme","msg":"using ACME account","account_id":"https://acme.zerossl.com/v2/DV90/account/mask","account_contact":["mailto:mask"]}
{"level":"info","ts":1719269720.1723661,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"mask","challenge_type":"dns-01","ca":"https://acme.zerossl.com/v2/DV90"}
{"level":"info","ts":1719269720.182907,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"mask","challenge_type":"dns-01","ca":"https://acme.zerossl.com/v2/DV90"}
{"level":"error","ts":1719269721.595867,"logger":"http.handlers.reverse_proxy","msg":"aborting with incomplete response","upstream":"192.168.1.22:5004","duration":0.7536757,"request":{"remote_ip":"mask","remote_port":"22066","client_ip":"mask","proto":"HTTP/2.0","method":"GET","host":"mask","uri":"/auto/v1","headers":{"Cf-Visitor":["{\"scheme\":\"https\"}"],"Cdn-Loop":["cloudflare"],"Authorization":["REDACTED"],"X-Forwarded-Proto":["https"],"User-Agent":["VLC/3.0.18 LibVLC/3.0.18"],"Cf-Connecting-Ip":["mask"],"Cf-Ray":["89904defdc1892ee-CPH"],"Cf-Ipcountry":["DK"],"X-Forwarded-For":["mask, mask"],"Range":["bytes=0-"],"Accept":["*/*"],"Accept-Language":["en_US"],"Accept-Encoding":["gzip, br"],"X-Forwarded-Host":["mask"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"h2","server_name":"mask"}},"error":"reading: context canceled"}
{"level":"info","ts":1719269783.1402104,"logger":"tls.issuance.acme.acme_client","msg":"authorization finalized","identifier":"mask","authz_status":"valid"}
{"level":"info","ts":1719269783.1402104,"logger":"tls.issuance.acme.acme_client","msg":"validations succeeded; finalizing order","order":"https://acme.zerossl.com/v2/DV90/order/mask"}
{"level":"info","ts":1719269783.1576557,"logger":"tls.issuance.acme.acme_client","msg":"authorization finalized","identifier":"mask","authz_status":"valid"}
{"level":"info","ts":1719269783.1576557,"logger":"tls.issuance.acme.acme_client","msg":"validations succeeded; finalizing order","order":"https://acme.zerossl.com/v2/DV90/order/mask"}
{"level":"info","ts":1719269799.0748444,"logger":"tls.issuance.acme.acme_client","msg":"successfully downloaded available certificate chains","count":1,"first_url":"https://acme.zerossl.com/v2/DV90/cert/mask"}
{"level":"info","ts":1719269799.0761077,"logger":"tls.renew","msg":"certificate renewed successfully","identifier":"mask","issuer":"acme.zerossl.com-v2-DV90"}
{"level":"info","ts":1719269799.0762746,"logger":"tls.renew","msg":"releasing lock","identifier":"mask"}
{"level":"info","ts":1719269799.0762746,"logger":"tls","msg":"reloading managed certificate","identifiers":["mask"]}
{"level":"info","ts":1719269799.0910006,"logger":"tls.issuance.acme.acme_client","msg":"successfully downloaded available certificate chains","count":1,"first_url":"https://acme.zerossl.com/v2/DV90/cert/mask"}
{"level":"info","ts":1719269799.0918162,"logger":"tls.renew","msg":"certificate renewed successfully","identifier":"mask","issuer":"acme.zerossl.com-v2-DV90"}
{"level":"info","ts":1719269799.0919561,"logger":"tls.renew","msg":"releasing lock","identifier":"mask"}
{"level":"info","ts":1719269799.0919561,"logger":"tls","msg":"reloading managed certificate","identifiers":["mask"]}
{"level":"info","ts":1719269799.1867769,"logger":"tls.cache","msg":"replaced certificate in cache","subjects":["mask"],"new_expiration":1727049600}
{"level":"info","ts":1719269799.3201804,"logger":"tls.cache","msg":"replaced certificate in cache","subjects":["mask"],"new_expiration":1727049600}