Caddy does not start properly

Luk · September 5, 2021, 9:55am

1. Caddy version (`caddy version`):

v2.4.5 h1:P1mRs6V2cMcagSPn+NWpD+OEYUYLIf6ecOa48cFGeUg=

2. How I run Caddy:

I reverse proxy to my nodeJS backend which uses express

a. System environment:

ubuntu-20.04-x86_64

b. Command:

caddy run

c. Service/unit/compose file:

N/A

d. My complete Caddyfile or JSON config:

lukhub.com {
        reverse_proxy http://127.0.0.1:5000
}

masectechniek.nl {
        reverse_proxy http://127.0.0.1:12345
}

www.masectechniek.nl {
        redir https://masectechniek.nl{uri}
}

http://ws.lukhub.com {
        reverse_proxy http://127.0.0.1:3000
}

http://galaxyws.lukhub.com {
        reverse_proxy http://127.0.0.1:6969
}

3. The problem I’m having:

Caddy is erroring on startup

4. Error messages and/or full log output:

(dont know how to add debug to global options)

2021/09/05 09:51:38.777 INFO    using adjacent Caddyfile
2021/09/05 09:51:38.779 WARN    input is not formatted with 'caddy fmt' {"adapter": "caddyfile", "file": "Caddyfile", "line": 2}
2021/09/05 09:51:38.785 INFO    admin   admin endpoint started  {"address": "tcp/localhost:2019", "enforce_origin": false, "origins": ["localhost:2019", "[::1]:2019", "127.0.0.1:2019"]}
2021/09/05 09:51:38.787 INFO    http    server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS {"server_name": "srv0", "https_port": 443}
2021/09/05 09:51:38.787 INFO    http    enabling automatic HTTP->HTTPS redirects        {"server_name": "srv0"}
2021/09/05 09:51:38.787 INFO    http    server is listening only on the HTTP port, so no automatic HTTPS will be applied to this server {"server_name": "srv1", "http_port": 80}
2021/09/05 09:51:38.787 INFO    tls.cache.maintenance   started background certificate maintenance      {"cache": "0xc0002bc690"}
2021/09/05 09:51:38.787 INFO    http    enabling automatic TLS certificate management   {"domains": ["masectechniek.nl", "lukhub.com", "www.masectechniek.nl"]}
2021/09/05 09:51:38.788 INFO    tls     cleaning storage unit   {"description": "FileStorage:/root/.local/share/caddy"}
2021/09/05 09:51:38.798 INFO    tls     finished cleaning storage units
2021/09/05 09:51:38.799 INFO    autosaved config (load with --resume flag)      {"file": "/root/.config/caddy/autosave.json"}
2021/09/05 09:51:38.799 INFO    serving initial configuration
2021/09/05 09:51:38.799 INFO    tls.renew       acquiring lock  {"identifier": "masectechniek.nl"}
2021/09/05 09:51:38.799 INFO    tls.renew       acquiring lock  {"identifier": "www.masectechniek.nl"}
2021/09/05 09:51:38.801 INFO    tls.renew       lock acquired   {"identifier": "www.masectechniek.nl"}
2021/09/05 09:51:38.802 INFO    tls.renew       lock acquired   {"identifier": "masectechniek.nl"}
2021/09/05 09:51:38.802 INFO    tls.renew       renewing certificate    {"identifier": "www.masectechniek.nl", "remaining": 2591412.197069592}
2021/09/05 09:51:38.803 INFO    tls.renew       renewing certificate    {"identifier": "masectechniek.nl", "remaining": 2589012.196689274}
2021/09/05 09:51:38.803 INFO    tls.issuance.acme       waiting on internal rate limiter        {"identifiers": ["www.masectechniek.nl"], "ca": "https://acme-v02.api.letsencrypt.org/directory", "account": ""}
2021/09/05 09:51:38.804 INFO    tls.issuance.acme       done waiting on internal rate limiter   {"identifiers": ["www.masectechniek.nl"], "ca": "https://acme-v02.api.letsencrypt.org/directory", "account": ""}
2021/09/05 09:51:38.804 INFO    tls.issuance.acme       waiting on internal rate limiter        {"identifiers": ["masectechniek.nl"], "ca": "https://acme-v02.api.letsencrypt.org/directory", "account": ""}
2021/09/05 09:51:38.804 INFO    tls.issuance.acme       done waiting on internal rate limiter   {"identifiers": ["masectechniek.nl"], "ca": "https://acme-v02.api.letsencrypt.org/directory", "account": ""}
2021/09/05 09:51:39.848 ERROR   tls.renew       could not get certificate from issuer   {"identifier": "masectechniek.nl", "issuer": "acme-v02.api.letsencrypt.org-directory", "error": "HTTP 429 urn:ietf:params:acme:error:rateLimited - Error creating new order :: too many failed authorizations recently: see https://letsencrypt.org/docs/rate-limits/"}
2021/09/05 09:51:39.849 WARN    tls.issuance.zerossl    missing email address for ZeroSSL; it is strongly recommended to set one for next time
2021/09/05 09:51:40.515 INFO    tls.issuance.acme.acme_client   trying to solve challenge       {"identifier": "www.masectechniek.nl", "challenge_type": "http-01", "ca": "https://acme-v02.api.letsencrypt.org/directory"}
2021/09/05 09:51:40.585 INFO    tls.issuance.zerossl    generated EAB credentials       {"key_id": "2SBMd440QcjBycwQE3RxRQ"}
2021/09/05 09:51:41.855 INFO    tls.issuance.acme       waiting on internal rate limiter        {"identifiers": ["masectechniek.nl"], "ca": "https://acme.zerossl.com/v2/DV90", "account": ""}
2021/09/05 09:51:41.855 INFO    tls.issuance.acme       done waiting on internal rate limiter   {"identifiers": ["masectechniek.nl"], "ca": "https://acme.zerossl.com/v2/DV90", "account": ""}
2021/09/05 09:51:42.830 INFO    tls.issuance.acme.acme_client   trying to solve challenge       {"identifier": "masectechniek.nl", "challenge_type": "http-01", "ca": "https://acme.zerossl.com/v2/DV90"}
2021/09/05 09:51:43.784 ERROR   tls.issuance.acme.acme_client   challenge failed        {"identifier": "www.masectechniek.nl", "challenge_type": "http-01", "status_code": 400, "problem_type": "urn:ietf:params:acme:error:connection", "error": "Fetching http://www.masectechniek.nl/.well-known/acme-challenge/bXdMqSGGGSKTO_rJeAkVuNh1okrUWIt0JEaUdwnjnQM: Error getting validation data"}
2021/09/05 09:51:43.784 ERROR   tls.issuance.acme.acme_client   validating authorization        {"identifier": "www.masectechniek.nl", "error": "authorization failed: HTTP 400 urn:ietf:params:acme:error:connection - Fetching http://www.masectechniek.nl/.well-known/acme-challenge/bXdMqSGGGSKTO_rJeAkVuNh1okrUWIt0JEaUdwnjnQM: Error getting validation data", "order": "https://acme-v02.api.letsencrypt.org/acme/order/122561336/22170182860", "attempt": 1, "max_attempts": 3}
2021/09/05 09:51:45.053 ERROR   tls.renew       could not get certificate from issuer   {"identifier": "www.masectechniek.nl", "issuer": "acme-v02.api.letsencrypt.org-directory", "error": "HTTP 429 urn:ietf:params:acme:error:rateLimited - Error creating new order :: too many failed authorizations recently: see https://letsencrypt.org/docs/rate-limits/"}
2021/09/05 09:51:45.053 WARN    tls.issuance.zerossl    missing email address for ZeroSSL; it is strongly recommended to set one for next time
2021/09/05 09:51:45.478 INFO    tls.issuance.zerossl    generated EAB credentials       {"key_id": "rOde4UoQr6xefgIcP5U1Rw"}
2021/09/05 09:51:46.433 INFO    tls.issuance.acme       waiting on internal rate limiter        {"identifiers": ["www.masectechniek.nl"], "ca": "https://acme.zerossl.com/v2/DV90", "account": ""}
2021/09/05 09:51:46.434 INFO    tls.issuance.acme       done waiting on internal rate limiter   {"identifiers": ["www.masectechniek.nl"], "ca": "https://acme.zerossl.com/v2/DV90", "account": ""}
2021/09/05 09:51:47.253 INFO    tls.issuance.acme.acme_client   trying to solve challenge       {"identifier": "www.masectechniek.nl", "challenge_type": "http-01", "ca": "https://acme.zerossl.com/v2/DV90"}

5. What I already tried:

I’ve restarted my vps, I’ve double checked the ips in my domain provider, I’ve browsed the forum looking for simular problems but found nothing

6. Links to relevant resources:

N/A

francislavoie · September 5, 2021, 10:28am

Well, technically Caddy is starting properly, it’s just failing to renew certificates for two of your domains.

This means Let’s Encrypt wasn’t able to reach your server.

Are you sure that ports 80 and 443 are open, not blocked by some firewall, either on your machine itself or in your VPS provider?

Luk · September 5, 2021, 10:31am

I dont know, where am i able to check? (it used to work perfectly until i installed an ark server)

francislavoie · September 5, 2021, 10:41am

That’s not a question I can answer. It entirely depends on what you did. Retrace your steps and make sure it didn’t have any effect on blocking ports 80 and 443.

Luk · September 5, 2021, 10:42am

thats the problem, i have no clue how to check whats blocking ports 80 and 443
i did this but its not returning anything

is there a way to change the ports that caddy need?

francislavoie · September 5, 2021, 10:56am

No. Ports 80 and 443 (the HTTP and HTTPS ports) are a hard requirement by ACME issuers to solve the HTTP and/or TLS-ALPN challenges.

Luk · September 5, 2021, 11:22am

80 and 433 are not used atm

francislavoie · September 5, 2021, 2:39pm

Is Caddy actually running? The ports won’t be in use if Caddy isn’t running.

How did you install Caddy? How are you actually running Caddy?

What are the steps you used to install your ark server?

Maybe you should start again from a fresh machine if you don’t know what you did to break it.

Ultimately, this isn’t an issue with Caddy.

Luk · September 7, 2021, 7:21pm

Turns out i had ufw running which was blocking let’s ecrypt from doing the thing

system · October 5, 2021, 9:55am

This topic was automatically closed after 30 days. New replies are no longer allowed.