Caddy could not get certificate from issuer

1. The problem I’m having:

Static website not working, could not get certificate from issuer.

2. Error messages and/or full log output:

2023/02/26 20:13:14.334 ERROR   http.acme_client        challenge failed        {"identifier": "legendsmp.minecraft.pe", "challenge_type": "http-01", "problem": {"type": "", "title": "", "detail": "", "instance": "", "subproblems": []}}
2023/02/26 20:13:14.334 ERROR   http.acme_client        validating authorization        {"identifier": "legendsmp.minecraft.pe", "problem": {"type": "", "title": "", "detail": "", "instance": "", "subproblems": []}, "order": "https://acme.zerossl.com/v2/DV90/order/ug2m5O7yTqBXNeJvQM4T4Q", "attempt": 1, "max_attempts": 3}
2023/02/26 20:13:14.334 ERROR   tls.obtain      could not get certificate from issuer   {"identifier": "legendsmp.minecraft.pe", "issuer": "acme.zerossl.com-v2-DV90", "error": "HTTP 0  - "}
2023/02/26 20:13:14.334 ERROR   tls.obtain      will retry      {"error": "[legendsmp.minecraft.pe] Obtain: [legendsmp.minecraft.pe] solving challenge: legendsmp.minecraft.pe: [legendsmp.minecraft.pe] authorization failed: HTTP 0  -  (ca=https://acme.zerossl.com/v2/DV90)", "attempt": 1, "retrying_in": 60, "elapsed": 5.36740649, "max_duration": 2592000}

3. Caddy version:

caddy version 2.6.4

4. How I installed and ran Caddy:

installation:

sudo apt install -y debian-keyring debian-archive-keyring apt-transport-https
curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/gpg.key' | sudo gpg --dearmor -o /usr/share/keyrings/caddy-stable-archive-keyring.gpg
curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/debian.deb.txt' | sudo tee /etc/apt/sources.list.d/caddy-stable.list
sudo apt update
sudo apt install caddy

a. System environment:

ubuntu(most recent), caddy version 2.6.4

b. Command:

caddy start

c. Service/unit/compose file:

Oracle Free Tier VM

d. My complete Caddy config:

legendsmp.minecraft.pe {
        root * web
        file_server
}
~  

Please forgive me for any inconsistencies, and if you’re able to answer help please put suggestions in simple terms as I’m only 14. Thanks in advance :smiley:

Is that all you have in your logs? Did it attempt issuance with Let’s Encrypt? It’s possible that ZeroSSL is having an outage.

I’m not able to reach your server on port 80 or 443:

$ curl -v http://legendsmp.minecraft.pe                                                                           
*   Trying 129.80.200.255:80...
* connect to 129.80.200.255 port 80 failed: No route to host
* Failed to connect to legendsmp.minecraft.pe port 80 after 57 ms: No route to host
* Closing connection 0
curl: (7) Failed to connect to legendsmp.minecraft.pe port 80 after 57 ms: No route to host

Make sure your firewall and/or port forwarding are correctly set up to allow traffic on those ports.

Hi, and thanks for the quick response. I’ve verified with my friend who’s lending me the VM, and he’s told me that both HTTP/HTTPS are forwarded. I’ve also used sudo ufw allow https and sudo ufw allow http

Update: after reinstalling caddy and trying again, I get the same error but also a new one

2023/02/27 00:38:51.529 ERROR tls.obtain could not get certificate from issuer{"identifier": "legendsmp.minecraft.pe", "issuer": "acme-v02.api.letsencrypt.org-directory", "error": "HTTP 429 urn:ietf:params:acme:error:rateLimited - Error creating new order :: too many failed authorizations recently: see https://letsencrypt.org/docs/failed-validation-limit/"}

Are your sure your domain’s DNS is correct? Is that the right IP address for your server? I’m still not able to reach it.

Unfortunately, Let’s Encrypt rate limited you. But that should be fine, ZeroSSL doesn’t have any rate limits currently so it should still succeed with ZeroSSL if you manage to figure out the networking problem.

Yeah, I’ve made sure that the DNS is pointing to the right IP. About the rate-limiting, I read somewhere that I’d be rate-limited for a week? Not sure where I read this though. As for the networking issue, I guess I’ll have to sort that out. Thanks for the help.

yeeeppp

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.