1. The problem I’m having:
I have a ProxMox 7.3-4 cluster with a number of Ubuntu 22.04 LTS VM's that were originally set up with LetsEncrypt Certbot certificates. I added a Caddy 2.6.4 router as reverse proxy server to allow many of these VM's to be reliably hosted from a single IP address. This has worked fine for some time with Caddy managing the HTTPS connections, however,2. Error messages and/or full log output:
I have been receiving expiry warning emails from LetsEncypt as followsYour certificate (or certificates) for the names listed below will expire in 7 days (on 2023-05-12). Please make sure to renew your certificate before then, or visitors to your web site will encounter errors.
We recommend renewing certificates automatically when they have a third of their total lifetime left. For Let’s Encrypt’s current 90-day certificates, that means renewing 30 days before expiration. See Integration Guide - Let's Encrypt for details.
cloud.comxpertise.ca
This is just an example as there are ongoing complaints by email telling me that my certs are within a week of expiry.
How do I resolve this???
3. Caddy version:
I am using Caddy v2.6.4 h1:2hwYqiRwk1tf3VruhMpLcYTg+11fCdr8S3jhNAdnPy8=4. How I installed and ran Caddy:
a. System environment:
Caddy is installed on a VM on the same ProxMox cluster as the 20 or so Ubuntu VM’s and it is at the internal IP that my fibre router delivers to and in turn reverse proxies all servers sharing the same local subnet and references in the caddyfile.
b. Command:
c. Service/unit/compose file:
d. My complete Caddy config:
cloud.comxpertise.ca {
redir /.well-known/carddav /remote.php/dav 301
redir /.well-known/caldav /remote.php/dav 301
reverse_proxy 192.168.0.109:80
}
#COMXPERTISE ERP DEMO SITE
erp.comxpertise.ca {
reverse_proxy 192.168.0.136:80
}
#COMXPERTISE WEBSITE SERVER 1
comxpertise.ca {
reverse_proxy 192.168.0.114:80
}
#COMXPERTISE WEBSITE SERVER 2
www.comxpertise.ca {
reverse_proxy 192.168.0.118:80
}
#KASLOVIA.NET Test Site
kaslovia.net {
reverse_proxy 192.168.0.128:80
}
#BOLT BATTERY Test Site
bolt.comxpertise.ca {
reverse_proxy 192.168.0.122:80
}
#help Whitehead test cloud NC-25.0.4
whitehead.kaslovia.ca {
redir /.well-known/carddav /remote.php/dav 301
redir /.well-known/caldav /remote.php/dav 301
reverse_proxy 192.168.0.135:80
}
Cloud.kaslovia.ca
cloud.kaslovia.ca {
redir /.well-known/carddav /remote.php/dav 301
redir /.well-known/caldav /remote.php/dav 301
reverse_proxy 192.168.0.133:80
}
5. Links to relevant resources:
All the sites in the Caddy file are operational now, but these expiry dates that LetsEncrypt is complaining about are rapidly approaching.