Caddy + Docker always tries to provide certificate when started

I’m using docker-compose to start my project in production. I added a volume for Caddy to store the certificates and I can see them inside the directory but Caddy, at every docker-compose up command keeps trying to provide certificates.

    image: abiosoft/caddy
    container_name: caddy
    restart: unless-stopped
      - backend
      - PORT=8000
      - 80:80
      - 443:443
      - ./Caddyfile:/etc/Caddyfile
      - ./.caddy:/root/.caddy

This is the contents of my Caddyfile: {
	root /static
} {
    proxy / backend:8000 {

    header / {
        # Don't show Caddy/Gunicorn as server header.

        # Enable HTTP Strict Transport Security (HSTS) to force clients to always connect via HTTPS (do not use if only testing)
        # Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"

        # Only send Referer header to same origin.
        # Django CSRF protection is incompatible with referrer policy set to none.
        Referrer-Policy "same-origin"

        # Enable cross-site filter (XSS) and tell browser to block detected attacks.
        X-XSS-Protection "1; mode=block"

        # Prevent some browsers from MIME-sniffing a response away from the declared Content-Type
        X-Content-Type-Options "nosniff"

        # Enable a strict content security policy.
        # Edit this if you need external sources on your site.
        # See:
        # Content-Security-Policy "connect-src 'self'; default-src 'none'; form-action 'self'; frame-ancestors 'none';;"

        # Don't allow resources to load within a frame/iframe.
        # This is handled with frame-ancestors 'none' in the content security policy. But not yet supported by older browsers.
        X-Frame-Options "DENY"

    # The email address to use to generate a certificate with Letsencrypt.

The first time I brought everything up it provisioned the certificates immediately and it worked. I just don’t know why it’s constantly trying to get certificates even though the same volume is attached. Any ideaS?

Can you see the certificates being saved on the host in ./.caddy?

Yes. That’s the first thing I checked. I can see both of them inside there.

abiosoft/caddy should have root access as well, so it shouldn’t be a permissions issue.

Could you touch .caddy/foo and run the container again, post the startup output, and then check in the container if the foo file is present? docker-compose exec caddy ls -al /root/.caddy

Seems to be an issue with the docker images yes: always tries to provide certificate when started · Issue #162 · abiosoft/caddy-docker · GitHub

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.