Kened33r
(Pan)
February 19, 2021, 8:23pm
1
1. Caddy version (caddy version
):
:latest
2. How I run Caddy:
docker rootless
a. System environment:
Ubuntu 20.04 LTS
b. Command:
docker-compose up
c. Service/unit/compose file:
docker
d. My complete Caddyfile or JSON config:
in Global section on the top:
http_port 8080
https_port 4430
in docker-compose:
ports:
- “8080:80”
- “4430:443”
3. The problem I’m having:
Cannot get certificates
4. Error messages and/or full log output:
{“level”:“error”,“ts”:1613765594.8973374,“logger”:“tls.obtain”,“msg”:“will retry”,“error”:"[domain.com ] Obtain: [domain.com ] solving challenges: domain.com : no solvers available for remaining challenges (configured=[http-01 tls-alpn-01] offered=[http-01 dns-01 tls-alpn-01] remaining=[dns-01]) (order=https://acme-staging-v02.api.letsencrypt.org/acme/order/18181971/243776816) (ca=https://acme-staging-v02.api.letsencrypt.org/directory)",“attempt”:1,“retrying_in”:60,“elapsed”:6.114742529,“max_duration”:2592000}
5. What I already tried:
I think, it may be iptables thing. Perhaps you know what iptables rule to set?
6. Links to relevant resources:
You have the Docker ports backwards, you would need to bind 80 and 443 on the host but 8080 and 4430 in the container.
ACME requires ports 80 and 443. Those global options just change what Caddy “thinks” HTTP and HTTPS mean instead of the default of 80 and 443, but ACME will still want to connect to those ports.
Kened33r
(Pan)
February 20, 2021, 11:11am
3
Francis, do you know what config in Caddyfile to change exactly?
Docker rootless means the container cannot use privileged ports, that’s why used 8080 and 4430 earlier, but as you said, it does not work for ACME.
I use this in docker-compose too:
cap_add:
- NET_BIND_SERVICE
The only thing that’s wrong is your Docker port mapping. Your Caddyfile is fine. You just need to flip the two numbers around the :
Kened33r:
- "8080:80"
- "4430:443"
Change those to:
- "80:8080"
- "443:4430"
Kened33r
(Pan)
February 20, 2021, 4:04pm
5
When I type 80:8080 caddy has problem with 0.0.0.0:43.
When I do my way, ACME is the problem.
I’m not sure what problem you’re having, because that’s known to work (listen to a high port inside of the Caddy container, and map them to the low ports on your host).
Alternatively you can use the configure Caddy to use the DNS challenge instead which doesn’t require any particular ports to be open, but requires you to build Caddy with the appropriate plugin to solve the DNS challenge:
Caddy 2 uses a new and improved DNS provider interface for solving the ACME DNS challenge.
All you have to do is plug the service provider(s) you need into your build, then add the DNS challenge to your configuration!
Getting a DNS provider plugin
How you choose to get a custom Caddy build is up to you; we’ll describe two common methods here.
Method 1:
Go to the Caddy download page .
Find your DNS provider in the list of modules (dns.providers.*) and select it.
Download your custom Caddy …
There’s instructions for building Caddy with plugins here Docker
system
(system)
Closed
March 21, 2021, 8:24pm
7
This topic was automatically closed after 30 days. New replies are no longer allowed.