1. Caddy version (caddy version
):
v2.5.2 in a docker container
2. How I run Caddy:
docker compose up -d
a. System environment:
Docker on Debian Bullseye with all updates.
b. Command:
Paste command here.
c. Service/unit/compose file:
version: '3.5'
services:
caddy:
image: caddy:latest
restart: unless-stopped
container_name: caddy
hostname: ca.intern.meinedomain.xyz
ports:
- 80:80
- 443:443
volumes:
- /etc/caddy/Caddyfile:/etc/caddy/Caddyfile
- /etc/ssl/certs/00_intern.meinedomain.xyz_root-ca.pem:/etc/ssl/certs/root.crt:ro
- /etc/ssl/private/root_ca_nopw.key:/etc/ssl/private/root.key:ro
- "caddy-config:/config"
- "caddy-data:/data"
environment:
- LOG_FILE=/data/access.log
networks:
- baikal-network
volumes:
caddy-config:
caddy-data:
networks:
baikal-network:
external: true
name: baikal_baikal-network
d. My complete Caddyfile or JSON config:
{
# General Options
# debug
#PKI options
pki {
ca {
root_cn ca.intern.meinedomain.xyz
root {
format pem_file
cert /etc/ssl/certs/root.crt
key /etc/ssl/private/root.key
}
}
}
}
#ACME server
ca.intern.meinedomain.xyz {
acme_server
tls internal
}
###########################################################################################
###### Baikal ### Baikal ### Baikal ### Baikal ### Calendarserver ####### Baikal ##########
###########################################################################################
# Baikal Calendarserver
calendarserver.intern.meinedomain.xyz:443 {
# This setting may have compatibility issues with some browsers
# (e.g., attachment downloading on Firefox). Try disabling this
# if you encounter issues.
encode gzip
# Proxy everything to calendarserver
handle_path /.well-known/carddav {
rewrite * /dav.php{uri}
}
handle_path /.well-known/caldav {
rewrite * /dav.php{uri}
}
reverse_proxy baikal_nginx:80
#TLS certificate
# tls /etc/caddy/cert.pem /etc/caddy/cert.key.pem
tls {
ca https://ca.intern.meinedomain.xyz/acme/local/directory # point to ACME server
ca_root /etc/ssl/certs/root.crt # define root certificate
}
}
3. The problem I’m having:
This is a lab environment with one host and all services are running on it in their own environement (container/network/etc.).
I have one Caddy instance running in a docker container with 2 tasks.
1.) acme server
2.) reverse-proxy for the services
The root key and certificate are allready existing and mapped into the container so caddy can use it to generate an intermediate ca and all needed certificates.
On the first start caddy is generating the needed intermediate key and cert via acme and everything works like expected for 5 days. After 5 days renewing of the certs stopps - because the intermediate certificate expired and is not renewed.
4. Error messages and/or full log output:
working:
{"level":"info","ts":1658301410.085073,"logger":"tls.renew","msg":"certificate renewed successfully","identifier":"kochbuch.intern.meinedomain.xyz"}
{"level":"info","ts":1658301410.085133,"logger":"tls.renew","msg":"releasing lock","identifier":"kochbuch.intern.meinedomain.xyz"}
{"level":"info","ts":1658301410.0855236,"logger":"tls","msg":"reloading managed certificate","identifiers":["kochbuch.intern.meinedomain.xyz"]}
{"level":"warn","ts":1658301410.0866222,"logger":"tls","msg":"stapling OCSP","error":"no OCSP stapling for [kochbuch.intern.meinedomain.xyz]: no OCSP server specified in certificate","identifiers":["kochbuch.intern.meinedomain.xyz"]}
{"level":"info","ts":1658301410.086671,"logger":"tls.cache","msg":"replaced certificate in cache","subjects":["kochbuch.intern.meinedomain.xyz"],"new_expiration":1658344608}
{"level":"info","ts":1658303807.9442873,"logger":"tls.cache.maintenance","msg":"certificate expires soon; queuing for renewal","identifiers":["ca.intern.meinedomain.xyz"],"remaining":14399.055717542}
{"level":"info","ts":1658303807.9448261,"logger":"tls.cache.maintenance","msg":"attempting certificate renewal","identifiers":["ca.intern.meinedomain.xyz"],"remaining":14399.055178352}
{"level":"info","ts":1658303807.9453542,"logger":"tls.renew","msg":"acquiring lock","identifier":"ca.intern.meinedomain.xyz"}
{"level":"info","ts":1658303807.9616904,"logger":"tls.renew","msg":"lock acquired","identifier":"ca.intern.meinedomain.xyz"}
{"level":"info","ts":1658303807.9624262,"logger":"tls.renew","msg":"renewing certificate","identifier":"ca.intern.meinedomain.xyz","remaining":14399.037577131}
{"level":"info","ts":1658303807.9654067,"logger":"tls.renew","msg":"certificate renewed successfully","identifier":"ca.intern.meinedomain.xyz"}
{"level":"info","ts":1658303807.9654405,"logger":"tls.renew","msg":"releasing lock","identifier":"ca.intern.meinedomain.xyz"}
{"level":"info","ts":1658303807.965591,"logger":"tls","msg":"reloading managed certificate","identifiers":["ca.intern.meinedomain.xyz"]}
{"level":"warn","ts":1658303807.966644,"logger":"tls","msg":"stapling OCSP","error":"no OCSP stapling for [ca.intern.meinedomain.xyz]: no OCSP server specified in certificate","identifiers":["ca.intern.meinedomain.xyz"]}
{"level":"info","ts":1658303807.9666934,"logger":"tls.cache","msg":"replaced certificate in cache","subjects":["ca.intern.meinedomain.xyz"],"new_expiration":1658347007}
{"level":"info","ts":1658330208.04375,"logger":"tls.cache.maintenance","msg":"certificate expires soon; queuing for renewal","identifiers":["seafile.intern.meinedomain.xyz"],"remaining":14399.956254088}
{"level":"info","ts":1658330208.0438552,"logger":"tls.cache.maintenance","msg":"certificate expires soon; queuing for renewal","identifiers":["calendarserver.intern.meinedomain.xyz"],"remaining":14399.956146663}
{"level":"info","ts":1658330208.0438793,"logger":"tls.cache.maintenance","msg":"certificate expires soon; queuing for renewal","identifiers":["kochbuch.intern.meinedomain.xyz"],"remaining":14399.956121918}
{"level":"info","ts":1658330208.0439186,"logger":"tls.cache.maintenance","msg":"attempting certificate renewal","identifiers":["seafile.intern.meinedomain.xyz"],"remaining":14399.956094024}
{"level":"info","ts":1658330208.0445092,"logger":"tls.renew","msg":"acquiring lock","identifier":"seafile.intern.meinedomain.xyz"}
{"level":"info","ts":1658330208.0448155,"logger":"tls.cache.maintenance","msg":"attempting certificate renewal","identifiers":["calendarserver.intern.meinedomain.xyz"],"remaining":14399.955187609}
{"level":"info","ts":1658330208.0455167,"logger":"tls.renew","msg":"acquiring lock","identifier":"calendarserver.intern.meinedomain.xyz"}
{"level":"info","ts":1658330208.0549724,"logger":"tls.cache.maintenance","msg":"attempting certificate renewal","identifiers":["kochbuch.intern.meinedomain.xyz"],"remaining":14399.945034959}
{"level":"info","ts":1658330208.055483,"logger":"tls.renew","msg":"acquiring lock","identifier":"kochbuch.intern.meinedomain.xyz"}
{"level":"info","ts":1658330208.0664124,"logger":"tls.renew","msg":"lock acquired","identifier":"seafile.intern.meinedomain.xyz"}
{"level":"info","ts":1658330208.067199,"logger":"tls.renew","msg":"renewing certificate","identifier":"seafile.intern.meinedomain.xyz","remaining":14399.932805727}
{"level":"info","ts":1658330208.0685902,"logger":"tls.issuance.acme","msg":"waiting on internal rate limiter","identifiers":["seafile.intern.meinedomain.xyz"],"ca":"https://ca.intern.meinedomain.xyz/acme/local/directory","account":""}
{"level":"info","ts":1658330208.0686283,"logger":"tls.issuance.acme","msg":"done waiting on internal rate limiter","identifiers":["seafile.intern.meinedomain.xyz"],"ca":"https://ca.intern.meinedomain.xyz/acme/local/directory","account":""}
{"level":"info","ts":1658330208.0895457,"logger":"tls.renew","msg":"lock acquired","identifier":"calendarserver.intern.meinedomain.xyz"}
{"level":"info","ts":1658330208.0903957,"logger":"tls.renew","msg":"renewing certificate","identifier":"calendarserver.intern.meinedomain.xyz","remaining":14399.909608918}
{"level":"info","ts":1658330208.0917702,"logger":"tls.issuance.acme","msg":"waiting on internal rate limiter","identifiers":["calendarserver.intern.meinedomain.xyz"],"ca":"https://ca.intern.meinedomain.xyz/acme/local/directory","account":""}
{"level":"info","ts":1658330208.0918412,"logger":"tls.issuance.acme","msg":"done waiting on internal rate limiter","identifiers":["calendarserver.intern.meinedomain.xyz"],"ca":"https://ca.intern.meinedomain.xyz/acme/local/directory","account":""}
{"level":"info","ts":1658330208.1004567,"logger":"tls.renew","msg":"lock acquired","identifier":"kochbuch.intern.meinedomain.xyz"}
{"level":"info","ts":1658330208.1013303,"logger":"tls.renew","msg":"renewing certificate","identifier":"kochbuch.intern.meinedomain.xyz","remaining":14399.898674639}
{"level":"info","ts":1658330208.1028984,"logger":"tls.issuance.acme","msg":"waiting on internal rate limiter","identifiers":["kochbuch.intern.meinedomain.xyz"],"ca":"https://ca.intern.meinedomain.xyz/acme/local/directory","account":""}
{"level":"info","ts":1658330208.1030445,"logger":"tls.issuance.acme","msg":"done waiting on internal rate limiter","identifiers":["kochbuch.intern.meinedomain.xyz"],"ca":"https://ca.intern.meinedomain.xyz/acme/local/directory","account":""}
{"level":"info","ts":1658330208.7105727,"msg":"{\"id\":\"jna1w77nKs1Z0YG8aoEDW0YViB82CKCD\",\"status\":\"pending\",\"expires\":\"2022-07-21T15:16:48Z\",\"identifiers\":[{\"type\":\"dns\",\"value\":\"seafile.intern.meinedomain.xyz\"}],\"notBefore\":\"2022-07-20T15:15:48Z\",\"notAfter\":\"2022-07-21T03:16:48Z\",\"authorizations\":[\"https://ca.intern.meinedomain.xyz/acme/local/authz/sgrq5oa0hdPEimmctoMH5bDOzd8BTZMY\"],\"finalize\":\"https://ca.intern.meinedomain.xyz/acme/local/order/jna1w77nKs1Z0YG8aoEDW0YViB82CKCD/finalize\"}"}
{"level":"info","ts":1658330208.75726,"msg":"{\"id\":\"Az6X91EmziDtLwnSORXyfSISBnXjIqKF\",\"status\":\"pending\",\"expires\":\"2022-07-21T15:16:48Z\",\"identifiers\":[{\"type\":\"dns\",\"value\":\"calendarserver.intern.meinedomain.xyz\"}],\"notBefore\":\"2022-07-20T15:15:48Z\",\"notAfter\":\"2022-07-21T03:16:48Z\",\"authorizations\":[\"https://ca.intern.meinedomain.xyz/acme/local/authz/ogN7gDXtiiZkhK13kHH5ze2psZdz9bKx\"],\"finalize\":\"https://ca.intern.meinedomain.xyz/acme/local/order/Az6X91EmziDtLwnSORXyfSISBnXjIqKF/finalize\"}"}
{"level":"info","ts":1658330208.8025637,"msg":"{\"id\":\"2JT0ef9TF9npSD5S3xz5XLC58Puf9i2E\",\"status\":\"pending\",\"expires\":\"2022-07-21T15:16:48Z\",\"identifiers\":[{\"type\":\"dns\",\"value\":\"kochbuch.intern.meinedomain.xyz\"}],\"notBefore\":\"2022-07-20T15:15:48Z\",\"notAfter\":\"2022-07-21T03:16:48Z\",\"authorizations\":[\"https://ca.intern.meinedomain.xyz/acme/local/authz/Jespk0uSWk1gdjtxMt22LQ76H4srePLC\"],\"finalize\":\"https://ca.intern.meinedomain.xyz/acme/local/order/2JT0ef9TF9npSD5S3xz5XLC58Puf9i2E/finalize\"}"}
{"level":"info","ts":1658330208.8488204,"msg":"{\"identifier\":{\"type\":\"dns\",\"value\":\"seafile.intern.meinedomain.xyz\"},\"status\":\"pending\",\"challenges\":[{\"type\":\"dns-01\",\"status\":\"pending\",\"token\":\"Xl1Qm8nGW8arhzszNTKGStKsq7UYY34K\",\"url\":\"https://ca.intern.meinedomain.xyz/acme/local/challenge/sgrq5oa0hdPEimmctoMH5bDOzd8BTZMY/6tLhRJzq8JWKq9c3FWN1iKWITZhXV1Wv\"},{\"type\":\"http-01\",\"status\":\"pending\",\"token\":\"Xl1Qm8nGW8arhzszNTKGStKsq7UYY34K\",\"url\":\"https://ca.intern.meinedomain.xyz/acme/local/challenge/sgrq5oa0hdPEimmctoMH5bDOzd8BTZMY/5zOsOwNQiYQ35wW5TEtgxsx6SOen4z8h\"},{\"type\":\"tls-alpn-01\",\"status\":\"pending\",\"token\":\"Xl1Qm8nGW8arhzszNTKGStKsq7UYY34K\",\"url\":\"https://ca.intern.meinedomain.xyz/acme/local/challenge/sgrq5oa0hdPEimmctoMH5bDOzd8BTZMY/uoI507LIfB1R1KiAKh2f4NHMsRclJHdG\"}],\"wildcard\":false,\"expires\":\"2022-07-21T15:16:48Z\"}"}
{"level":"info","ts":1658330208.849938,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"seafile.intern.meinedomain.xyz","challenge_type":"http-01","ca":"https://ca.intern.meinedomain.xyz/acme/local/directory"}
{"level":"info","ts":1658330208.894568,"msg":"{\"identifier\":{\"type\":\"dns\",\"value\":\"calendarserver.intern.meinedomain.xyz\"},\"status\":\"pending\",\"challenges\":[{\"type\":\"dns-01\",\"status\":\"pending\",\"token\":\"2kDVNcBAsPBiwdC5mXk4hsdGZR8H988C\",\"url\":\"https://ca.intern.meinedomain.xyz/acme/local/challenge/ogN7gDXtiiZkhK13kHH5ze2psZdz9bKx/f9Zo42TlVBOv9fmQGN1BEIqM6bbXmmwW\"},{\"type\":\"http-01\",\"status\":\"pending\",\"token\":\"2kDVNcBAsPBiwdC5mXk4hsdGZR8H988C\",\"url\":\"https://ca.intern.meinedomain.xyz/acme/local/challenge/ogN7gDXtiiZkhK13kHH5ze2psZdz9bKx/1WxwTSjSG06o1qhiqJ0fHsIxnRuAuEAa\"},{\"type\":\"tls-alpn-01\",\"status\":\"pending\",\"token\":\"2kDVNcBAsPBiwdC5mXk4hsdGZR8H988C\",\"url\":\"https://ca.intern.meinedomain.xyz/acme/local/challenge/ogN7gDXtiiZkhK13kHH5ze2psZdz9bKx/GVV7ZrgjHlXmpw4n98i70i24MO26Nfyj\"}],\"wildcard\":false,\"expires\":\"2022-07-21T15:16:48Z\"}"}
{"level":"info","ts":1658330208.8955808,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"calendarserver.intern.meinedomain.xyz","challenge_type":"http-01","ca":"https://ca.intern.meinedomain.xyz/acme/local/directory"}
{"level":"info","ts":1658330208.9399152,"msg":"{\"identifier\":{\"type\":\"dns\",\"value\":\"kochbuch.intern.meinedomain.xyz\"},\"status\":\"pending\",\"challenges\":[{\"type\":\"dns-01\",\"status\":\"pending\",\"token\":\"omvWc76GoknjZ39cNNgQiUBDGdndDeBP\",\"url\":\"https://ca.intern.meinedomain.xyz/acme/local/challenge/Jespk0uSWk1gdjtxMt22LQ76H4srePLC/ChB72lbEW1quvL8jYKbTAHiFACWruhyl\"},{\"type\":\"http-01\",\"status\":\"pending\",\"token\":\"omvWc76GoknjZ39cNNgQiUBDGdndDeBP\",\"url\":\"https://ca.intern.meinedomain.xyz/acme/local/challenge/Jespk0uSWk1gdjtxMt22LQ76H4srePLC/TCAL7sqhMcq8sW82AXKBnKLhJ4vcnR6Q\"},{\"type\":\"tls-alpn-01\",\"status\":\"pending\",\"token\":\"omvWc76GoknjZ39cNNgQiUBDGdndDeBP\",\"url\":\"https://ca.intern.meinedomain.xyz/acme/local/challenge/Jespk0uSWk1gdjtxMt22LQ76H4srePLC/XhXZVhYIxObSlSEglwwmsE83lvYsO9pI\"}],\"wildcard\":false,\"expires\":\"2022-07-21T15:16:48Z\"}"}
{"level":"info","ts":1658330208.9406652,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"kochbuch.intern.meinedomain.xyz","challenge_type":"http-01","ca":"https://ca.intern.meinedomain.xyz/acme/local/directory"}
{"level":"info","ts":1658330209.0506094,"logger":"tls.issuance.acme","msg":"served key authentication","identifier":"seafile.intern.meinedomain.xyz","challenge":"http-01","remote":"172.19.0.1:47794","distributed":false}
{"level":"info","ts":1658330209.0755281,"msg":"{\"type\":\"http-01\",\"status\":\"valid\",\"token\":\"Xl1Qm8nGW8arhzszNTKGStKsq7UYY34K\",\"validated\":\"2022-07-20T15:16:49Z\",\"url\":\"https://ca.intern.meinedomain.xyz/acme/local/challenge/sgrq5oa0hdPEimmctoMH5bDOzd8BTZMY/5zOsOwNQiYQ35wW5TEtgxsx6SOen4z8h\"}"}
{"level":"info","ts":1658330209.0895958,"logger":"tls.issuance.acme","msg":"served key authentication","identifier":"kochbuch.intern.meinedomain.xyz","challenge":"http-01","remote":"172.19.0.1:47796","distributed":false}
{"level":"info","ts":1658330209.109323,"msg":"{\"type\":\"http-01\",\"status\":\"valid\",\"token\":\"omvWc76GoknjZ39cNNgQiUBDGdndDeBP\",\"validated\":\"2022-07-20T15:16:49Z\",\"url\":\"https://ca.intern.meinedomain.xyz/acme/local/challenge/Jespk0uSWk1gdjtxMt22LQ76H4srePLC/TCAL7sqhMcq8sW82AXKBnKLhJ4vcnR6Q\"}"}
{"level":"info","ts":1658330209.1128495,"logger":"tls.issuance.acme","msg":"served key authentication","identifier":"calendarserver.intern.meinedomain.xyz","challenge":"http-01","remote":"172.19.0.1:47798","distributed":false}
{"level":"info","ts":1658330209.1321495,"msg":"{\"type\":\"http-01\",\"status\":\"valid\",\"token\":\"2kDVNcBAsPBiwdC5mXk4hsdGZR8H988C\",\"validated\":\"2022-07-20T15:16:49Z\",\"url\":\"https://ca.intern.meinedomain.xyz/acme/local/challenge/ogN7gDXtiiZkhK13kHH5ze2psZdz9bKx/1WxwTSjSG06o1qhiqJ0fHsIxnRuAuEAa\"}"}
{"level":"info","ts":1658330209.412276,"msg":"{\"identifier\":{\"type\":\"dns\",\"value\":\"seafile.intern.meinedomain.xyz\"},\"status\":\"valid\",\"challenges\":[{\"type\":\"dns-01\",\"status\":\"pending\",\"token\":\"Xl1Qm8nGW8arhzszNTKGStKsq7UYY34K\",\"url\":\"https://ca.intern.meinedomain.xyz/acme/local/challenge/sgrq5oa0hdPEimmctoMH5bDOzd8BTZMY/6tLhRJzq8JWKq9c3FWN1iKWITZhXV1Wv\"},{\"type\":\"http-01\",\"status\":\"valid\",\"token\":\"Xl1Qm8nGW8arhzszNTKGStKsq7UYY34K\",\"validated\":\"2022-07-20T15:16:49Z\",\"url\":\"https://ca.intern.meinedomain.xyz/acme/local/challenge/sgrq5oa0hdPEimmctoMH5bDOzd8BTZMY/5zOsOwNQiYQ35wW5TEtgxsx6SOen4z8h\"},{\"type\":\"tls-alpn-01\",\"status\":\"pending\",\"token\":\"Xl1Qm8nGW8arhzszNTKGStKsq7UYY34K\",\"url\":\"https://ca.intern.meinedomain.xyz/acme/local/challenge/sgrq5oa0hdPEimmctoMH5bDOzd8BTZMY/uoI507LIfB1R1KiAKh2f4NHMsRclJHdG\"}],\"wildcard\":false,\"expires\":\"2022-07-21T15:16:48Z\"}"}
{"level":"info","ts":1658330209.4137304,"logger":"tls.issuance.acme.acme_client","msg":"validations succeeded; finalizing order","order":"https://ca.intern.meinedomain.xyz/acme/local/order/jna1w77nKs1Z0YG8aoEDW0YViB82CKCD"}
{"level":"info","ts":1658330209.5275977,"msg":"{\"identifier\":{\"type\":\"dns\",\"value\":\"kochbuch.intern.meinedomain.xyz\"},\"status\":\"valid\",\"challenges\":[{\"type\":\"dns-01\",\"status\":\"pending\",\"token\":\"omvWc76GoknjZ39cNNgQiUBDGdndDeBP\",\"url\":\"https://ca.intern.meinedomain.xyz/acme/local/challenge/Jespk0uSWk1gdjtxMt22LQ76H4srePLC/ChB72lbEW1quvL8jYKbTAHiFACWruhyl\"},{\"type\":\"http-01\",\"status\":\"valid\",\"token\":\"omvWc76GoknjZ39cNNgQiUBDGdndDeBP\",\"validated\":\"2022-07-20T15:16:49Z\",\"url\":\"https://ca.intern.meinedomain.xyz/acme/local/challenge/Jespk0uSWk1gdjtxMt22LQ76H4srePLC/TCAL7sqhMcq8sW82AXKBnKLhJ4vcnR6Q\"},{\"type\":\"tls-alpn-01\",\"status\":\"pending\",\"token\":\"omvWc76GoknjZ39cNNgQiUBDGdndDeBP\",\"url\":\"https://ca.intern.meinedomain.xyz/acme/local/challenge/Jespk0uSWk1gdjtxMt22LQ76H4srePLC/XhXZVhYIxObSlSEglwwmsE83lvYsO9pI\"}],\"wildcard\":false,\"expires\":\"2022-07-21T15:16:48Z\"}"}
{"level":"info","ts":1658330209.5289657,"logger":"tls.issuance.acme.acme_client","msg":"validations succeeded; finalizing order","order":"https://ca.intern.meinedomain.xyz/acme/local/order/2JT0ef9TF9npSD5S3xz5XLC58Puf9i2E"}
{"level":"info","ts":1658330209.573187,"msg":"{\"identifier\":{\"type\":\"dns\",\"value\":\"calendarserver.intern.meinedomain.xyz\"},\"status\":\"valid\",\"challenges\":[{\"type\":\"dns-01\",\"status\":\"pending\",\"token\":\"2kDVNcBAsPBiwdC5mXk4hsdGZR8H988C\",\"url\":\"https://ca.intern.meinedomain.xyz/acme/local/challenge/ogN7gDXtiiZkhK13kHH5ze2psZdz9bKx/f9Zo42TlVBOv9fmQGN1BEIqM6bbXmmwW\"},{\"type\":\"http-01\",\"status\":\"valid\",\"token\":\"2kDVNcBAsPBiwdC5mXk4hsdGZR8H988C\",\"validated\":\"2022-07-20T15:16:49Z\",\"url\":\"https://ca.intern.meinedomain.xyz/acme/local/challenge/ogN7gDXtiiZkhK13kHH5ze2psZdz9bKx/1WxwTSjSG06o1qhiqJ0fHsIxnRuAuEAa\"},{\"type\":\"tls-alpn-01\",\"status\":\"pending\",\"token\":\"2kDVNcBAsPBiwdC5mXk4hsdGZR8H988C\",\"url\":\"https://ca.intern.meinedomain.xyz/acme/local/challenge/ogN7gDXtiiZkhK13kHH5ze2psZdz9bKx/GVV7ZrgjHlXmpw4n98i70i24MO26Nfyj\"}],\"wildcard\":false,\"expires\":\"2022-07-21T15:16:48Z\"}"}
not working:
{"level":"info","ts":1658361408.0425854,"logger":"tls.cache.maintenance","msg":"certificate expires soon; queuing for renewal","identifiers":["ca.intern.meinedomain.xyz"],"remaining":14399.957419457}
{"level":"info","ts":1658361408.042717,"logger":"tls.cache.maintenance","msg":"attempting certificate renewal","identifiers":["ca.intern.meinedomain.xyz"],"remaining":14399.957286186}
{"level":"info","ts":1658361408.043284,"logger":"tls.renew","msg":"acquiring lock","identifier":"ca.intern.meinedomain.xyz"}
{"level":"info","ts":1658361408.067695,"logger":"tls.renew","msg":"lock acquired","identifier":"ca.intern.meinedomain.xyz"}
{"level":"info","ts":1658361408.0685546,"logger":"tls.renew","msg":"renewing certificate","identifier":"ca.intern.meinedomain.xyz","remaining":14399.931450816}
{"level":"info","ts":1658361408.0724697,"logger":"tls.renew","msg":"certificate renewed successfully","identifier":"ca.intern.meinedomain.xyz"}
{"level":"info","ts":1658361408.072546,"logger":"tls.renew","msg":"releasing lock","identifier":"ca.intern.meinedomain.xyz"}
{"level":"info","ts":1658361408.072766,"logger":"tls","msg":"reloading managed certificate","identifiers":["ca.intern.meinedomain.xyz"]}
{"level":"warn","ts":1658361408.0731246,"logger":"tls","msg":"stapling OCSP","error":"no OCSP stapling for [ca.intern.meinedomain.xyz]: no OCSP server specified in certificate","identifiers":["ca.intern.meinedomain.xyz"]}
{"level":"info","ts":1658361408.0731466,"logger":"tls.cache","msg":"replaced certificate in cache","subjects":["ca.intern.meinedomain.xyz"],"new_expiration":1658404608}
{"level":"info","ts":1658387807.9444728,"logger":"tls.cache.maintenance","msg":"certificate expires soon; queuing for renewal","identifiers":["seafile.intern.meinedomain.xyz"],"remaining":14400.055531346}
{"level":"info","ts":1658387807.944581,"logger":"tls.cache.maintenance","msg":"certificate expires soon; queuing for renewal","identifiers":["calendarserver.intern.meinedomain.xyz"],"remaining":14400.055420761}
{"level":"info","ts":1658387807.9446054,"logger":"tls.cache.maintenance","msg":"certificate expires soon; queuing for renewal","identifiers":["kochbuch.intern.meinedomain.xyz"],"remaining":14400.055395627}
{"level":"info","ts":1658387807.9450932,"logger":"tls.cache.maintenance","msg":"attempting certificate renewal","identifiers":["seafile.intern.meinedomain.xyz"],"remaining":14400.054919135}
{"level":"info","ts":1658387807.9453645,"logger":"tls.cache.maintenance","msg":"attempting certificate renewal","identifiers":["calendarserver.intern.meinedomain.xyz"],"remaining":14400.054638841}
{"level":"info","ts":1658387807.9457,"logger":"tls.renew","msg":"acquiring lock","identifier":"seafile.intern.meinedomain.xyz"}
{"level":"info","ts":1658387807.945888,"logger":"tls.renew","msg":"acquiring lock","identifier":"calendarserver.intern.meinedomain.xyz"}
{"level":"info","ts":1658387807.9609087,"logger":"tls.renew","msg":"lock acquired","identifier":"calendarserver.intern.meinedomain.xyz"}
{"level":"info","ts":1658387807.961789,"logger":"tls.renew","msg":"renewing certificate","identifier":"calendarserver.intern.meinedomain.xyz","remaining":14400.038216494}
{"level":"info","ts":1658387807.9628115,"logger":"tls.cache.maintenance","msg":"attempting certificate renewal","identifiers":["kochbuch.intern.meinedomain.xyz"],"remaining":14400.037192817}
{"level":"info","ts":1658387807.9633515,"logger":"tls.renew","msg":"acquiring lock","identifier":"kochbuch.intern.meinedomain.xyz"}
{"level":"info","ts":1658387807.964639,"logger":"tls.issuance.acme","msg":"waiting on internal rate limiter","identifiers":["calendarserver.intern.meinedomain.xyz"],"ca":"https://ca.intern.meinedomain.xyz/acme/local/directory","account":""}
{"level":"info","ts":1658387807.9646966,"logger":"tls.issuance.acme","msg":"done waiting on internal rate limiter","identifiers":["calendarserver.intern.meinedomain.xyz"],"ca":"https://ca.intern.meinedomain.xyz/acme/local/directory","account":""}
{"level":"warn","ts":1658387807.9673185,"logger":"tls.issuance.acme.acme_client","msg":"HTTP request failed; retrying","url":"https://ca.intern.meinedomain.xyz/acme/local/new-nonce","error":"performing request: Head \"https://ca.intern.meinedomain.xyz/acme/local/new-nonce\": x509: certificate signed by unknown authority"}
{"level":"info","ts":1658387807.9718478,"logger":"tls.renew","msg":"lock acquired","identifier":"seafile.intern.meinedomain.xyz"}
{"level":"info","ts":1658387807.9725118,"logger":"tls.renew","msg":"renewing certificate","identifier":"seafile.intern.meinedomain.xyz","remaining":14400.027491526}
{"level":"info","ts":1658387807.9736643,"logger":"tls.issuance.acme","msg":"waiting on internal rate limiter","identifiers":["seafile.intern.meinedomain.xyz"],"ca":"https://ca.intern.meinedomain.xyz/acme/local/directory","account":""}
{"level":"info","ts":1658387807.9737191,"logger":"tls.issuance.acme","msg":"done waiting on internal rate limiter","identifiers":["seafile.intern.meinedomain.xyz"],"ca":"https://ca.intern.meinedomain.xyz/acme/local/directory","account":""}
{"level":"warn","ts":1658387807.9763732,"logger":"tls.issuance.acme.acme_client","msg":"HTTP request failed; retrying","url":"https://ca.intern.meinedomain.xyz/acme/local/new-nonce","error":"performing request: Head \"https://ca.intern.meinedomain.xyz/acme/local/new-nonce\": x509: certificate signed by unknown authority"}
{"level":"info","ts":1658387807.9946344,"logger":"tls.renew","msg":"lock acquired","identifier":"kochbuch.intern.meinedomain.xyz"}
{"level":"info","ts":1658387807.9957125,"logger":"tls.renew","msg":"renewing certificate","identifier":"kochbuch.intern.meinedomain.xyz","remaining":14400.00429297}
{"level":"info","ts":1658387807.997501,"logger":"tls.issuance.acme","msg":"waiting on internal rate limiter","identifiers":["kochbuch.intern.meinedomain.xyz"],"ca":"https://ca.intern.meinedomain.xyz/acme/local/directory","account":""}
{"level":"info","ts":1658387807.9975646,"logger":"tls.issuance.acme","msg":"done waiting on internal rate limiter","identifiers":["kochbuch.intern.meinedomain.xyz"],"ca":"https://ca.intern.meinedomain.xyz/acme/local/directory","account":""}
{"level":"warn","ts":1658387808.0041416,"logger":"tls.issuance.acme.acme_client","msg":"HTTP request failed; retrying","url":"https://ca.intern.meinedomain.xyz/acme/local/new-nonce","error":"performing request: Head \"https://ca.intern.meinedomain.xyz/acme/local/new-nonce\": x509: certificate signed by unknown authority"}
5. What I already tried:
Restarting the container does not help.
Deleting all volumes (including data & config) restarts the counter (5 days) but this is not a satisfying solution.