Caddy - Certificate saved but file does not exist

AlphaMoonbase · May 2, 2020, 5:11pm

1. My Caddy version (`caddy version`):

caddy - gen (GitHub - wemake-services/caddy-gen: Automated Caddy reverse proxy for docker containers)

2. How I run Caddy:

Im running Caddy as a reverse Proxy for a directus setup.

a. System environment:

Debian 9 with Docker

b. Command:

version: "3"

networks:
  directus:

services:
  caddy-gen:
    container_name: caddy-gen
    image: "wemakeservices/caddy-gen:latest"
    restart: always
    volumes:
      - /var/run/docker.sock:/tmp/docker.sock:ro  # needs socket to read events
      - ./certs/acme:/etc/caddy/acme  # to save acme
      - ./certs/ocsp:/etc/caddy/ocsp  # to save certificates
    ports:
      - "80:80"
      - "443:443"
    depends_on:
      - directus
    networks:
      - directus

  mysql:
    image: mysql:5.7
    environment: 
      MYSQL_DATABASE: "directus"
      MYSQL_USER: "sqluser"
      MYSQL_PASSWORD: "sqlpw"
      MYSQL_ROOT_PASSWORD: "sqlrootpw"
    ports:
      - "3306:3306"
    networks:
      - directus

  directus:
    image: directus/directus:v8-apache
    ports:
      - "5000:80"
    environment:
      DIRECTUS_APP_ENV: "production"
      DIRECTUS_AUTH_PUBLICKEY: "random1"
      DIRECTUS_AUTH_SECRETKEY: "random2"
      DIRECTUS_DATABASE_HOST: "mysql"
      DIRECTUS_DATABASE_PORT: "3306"
      DIRECTUS_DATABASE_NAME: "directus"
      DIRECTUS_DATABASE_USERNAME: "sqluser"
      DIRECTUS_DATABASE_PASSWORD: "sqlpw"

    labels:
      - "virtual.host=sub.mydomain.com www.sub.mydomain.com"  # your domains separated with a space
      - "virtual.port=80"  # exposed port of this container
      - "virtual.tls-email=admin@mydomain.com"  # ssl is now on
    

    volumes:
      - ./data/config:/var/directus/config
      - ./data/uploads:/var/directus/public/uploads    
    networks:
      - directus

3. The problem I’m having:

After some time yesterday to get Caddy running as a reverse proxy via a caddyfile I found the caddy - gen docker image and got it working basicly on the go. At least for regular http. When I try to activate ssl by setting the tls.email, caddy is no longer rechable.
Interresting might be that yesterday I got flagged by letsencrypt and I found some errors stating that I used to many renewals. This does not seem to be the problem in this case.
The log suggests that I get a certificate, but there seems to be something wrong during saving of that file.

4. Error messages and/or full log output:

caddy.1    | Activating privacy features...                                                      2020/05/02 15:49:26 [INFO][www.sub.mydomain.com] acme: Obtaining bundled SAN certificate
caddy.1    | 2020/05/02 15:49:27 [INFO][] Certificate written to disk: /etc/caddy/acme/acme-v02.api.letsencrypt.org/sites/.crt
caddy.1    | 2020/05/02 15:49:27 open /etc/caddy/acme/acme-v02.api.letsencrypt.org/sites/www.sub.mydomain.com/www.sub.mydomain.com.crt: no such file or directory
forego     | starting caddy.1 on port 5200
forego     | sending SIGTERM to caddy.1
forego     | sending SIGTERM to dockergen.1
dockergen.1 | 2020/05/02 15:49:27 Received signal: terminated

5. What I already tried:

Sadly not to much. I’m pretty new to Backend and am happy that I got that far. From my understanding there is a discrepancy between the saved file that got recieved and the wanted file by caddi.
I’m trying to find the actual files but also I#m kinda scared of rennewing the certificate to foten and lock myself out of any SSL for the next week.

Really appriciate any answers pointing me in the right direction

matt · May 4, 2020, 12:51am

I don’t know what that caddy version is, but it appears to be very old.

Does the problem still happen with Caddy 2?

francislavoie · May 4, 2020, 1:00am

Looks like it uses Caddy 0.10.12

github.com

wemake-services/caddy-gen/blob/master/Dockerfile#L7

    
      
          FROM caddy:2.4.3-alpine
          
          
ARG DOCKER_GEN_VERSION="0.7.4"
          ARG FOREGO_VERSION="0.16.1"
          
          

          
ENV CADDYPATH="/etc/caddy"
          ENV DOCKER_HOST="unix:///tmp/docker.sock"
          
          
# Install all dependenices:
          RUN apk update && apk upgrade \
            && apk add --no-cache bash openssh-client git \
            && apk add --no-cache --virtual .build-dependencies curl wget tar \
            # Install Forego
            && wget --quiet "https://github.com/jwilder/forego/releases/download/v${FOREGO_VERSION}/forego" \
            && mv ./forego /usr/bin/forego \
            && chmod u+x /usr/bin/forego \

We don’t really support anything that old anymore, and that’s not an official Caddy project.

For your usecase of just reverse proxying to one container, it would probably be best if you used the latest version of Caddy. We now have an official Docker image: Docker Hub

AlphaMoonbase · May 11, 2020, 12:26pm

Thanks for the headsup. Will see how I can implement the newer version instead of that docker image. (Which is really nice for the easy of integration into the docker compose.)

And i solves the issue: It seemed like I stopped the retrival of a certificate, thus creating a .lock file which made caddy think it is already retrieving a certificate. Starting bash in the container and deleting that lock file solved the issue no probs.

matt · May 11, 2020, 1:39pm

Cool. That’s been fixed in v2.

system · June 10, 2020, 1:39pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.