Caddy failed to start during talking to acm

Thank you the Caddy team building such a great tool, there is a issue when I try to serve a wildcard domain.

Version:

 caddy version
v2.1.1 h1:X9k1+ehZPYYrSqBvf/ocUgdLSRIuiNiMo7CvyGUQKeA=

OS:

root@ip-172-26-2-207:~/www# uname -a
Linux ip-172-26-2-207 5.4.0-1018-aws #18-Ubuntu SMP Wed Jun 24 01:15:00 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux

Caddyfile:

giki.app, *.giki.app {
  encode gzip
  log {
    output file ./access.log
    format single_field common_log
  }

  @unknown {
    not path /api/*
    not file
  }
  rewrite @unknown /

  reverse_proxy /api/reminders/schedule 127.0.0.1:9060

  root * /root/www/giki.app
  file_server
}
root@ip-172-26-2-207:~/www# caddy start
2020/09/09 06:07:49.776	INFO	using adjacent Caddyfile
run: loading initial config: loading new config: starting caddy administration endpoint: listen tcp 127.0.0.1:2019: bind: address already in use
start: caddy process exited with error: exit status 1
root@ip-172-26-2-207:~/www# caddy stop
2020/09/09 06:07:53.203	INFO	admin.api	received request	{"method": "POST", "host": "localhost:2019", "uri": "/stop", "remote_addr": "127.0.0.1:36864", "headers": {"Accept-Encoding":["gzip"],"Content-Length":["0"],"Origin":["localhost:2019"],"User-Agent":["Go-http-client/1.1"]}}
2020/09/09 06:07:53.203	INFO	admin.api	unloading
2020/09/09 06:07:53 [INFO][cache:0xc0003d3320] Stopped certificate maintenance routine
2020/09/09 06:07:53.204	INFO	admin.api	unloading completed
2020/09/09 06:07:53 [INFO][talk.jwj.life] Obtain: Releasing lock
2020/09/09 06:07:53 [ERROR][talk.jwj.life] Obtain: Unable to unlock 'cert_acme_talk.jwj.life_acme-v02.api.letsencrypt.org-directory': remove /root/.local/share/caddy/locks/cert_acme_talk.jwj.life_acme-v02.api.letsencrypt.org-directory.lock: no such file or directory
2020/09/09 06:07:53 [ERROR] talk.jwj.life: obtaining certificate: context canceled
2020/09/09 06:07:53 [INFO][*.giki.app] Obtain: Releasing lock
2020/09/09 06:07:53 [ERROR][*.giki.app] Obtain: Unable to unlock 'cert_acme_*.giki.app_acme-v02.api.letsencrypt.org-directory': remove /root/.local/share/caddy/locks/cert_acme_wildcard_.giki.app_acme-v02.api.letsencrypt.org-directory.lock: no such file or directory
2020/09/09 06:07:53 [ERROR] *.giki.app: obtaining certificate: context canceled
2020/09/09 06:07:53.205	INFO	admin	stopped previous server
2020/09/09 06:07:53.205	INFO	admin.api	stopping now, bye!! 👋
root@ip-172-26-2-207:~/www# caddy start
2020/09/09 06:07:55.385	INFO	using adjacent Caddyfile
2020/09/09 06:07:55.399	INFO	admin	admin endpoint started	{"address": "tcp/localhost:2019", "enforce_origin": false, "origins": ["localhost:2019", "[::1]:2019", "127.0.0.1:2019"]}
2020/09/09 06:07:55.399	INFO	http	server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS	{"server_name": "srv0", "https_port": 443}
2020/09/09 06:07:55.400	INFO	http	enabling automatic HTTP->HTTPS redirects	{"server_name": "srv0"}
2020/09/09 06:07:55.405	INFO	tls	cleaned up storage units
2020/09/09 06:07:55.405	INFO	http	enabling automatic TLS certificate management	{"domains": ["*.giki.app", "dev.giki.app", "fleself.com", "giki.app"]}
2020/09/09 06:07:55.419	INFO	autosaved config	{"file": "/root/.config/caddy/autosave.json"}
2020/09/09 06:07:55.419	INFO	serving initial configuration
2020/09/09 06:07:55 [INFO][*.giki.app] Obtain certificate; acquiring lock...
2020/09/09 06:07:55 [INFO][*.giki.app] Obtain: Lock acquired; proceeding...
2020/09/09 06:07:55 [INFO][cache:0xc0008eac60] Started certificate maintenance routine
Successfully started Caddy (pid=16295) - Caddy is running in the background
root@ip-172-26-2-207:~/www# 2020/09/09 06:07:56 [INFO][*.giki.app] Waiting on rate limiter...
2020/09/09 06:07:56 [INFO][*.giki.app] Done waiting
2020/09/09 06:07:56 [INFO] [*.giki.app] acme: Obtaining bundled SAN certificate given a CSR
2020/09/09 06:07:57 [INFO] [*.giki.app] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/7091657811
2020/09/09 06:07:57 [INFO] [*.giki.app] acme: Could not find solver for: dns-01
2020/09/09 06:07:57 [INFO] Deactivating auth: https://acme-v02.api.letsencrypt.org/acme/authz-v3/7091657811
2020/09/09 06:07:58 [ERROR] error: one or more domains had a problem:
[*.giki.app] [*.giki.app] acme: could not determine solvers
 (challenge=http-01 remaining=[tls-alpn-01])
2020/09/09 06:08:00 [INFO] [*.giki.app] acme: Obtaining bundled SAN certificate given a CSR
2020/09/09 06:08:01 [INFO] [*.giki.app] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/7091658823
2020/09/09 06:08:01 [INFO] [*.giki.app] acme: Could not find solver for: dns-01
2020/09/09 06:08:01 [INFO] Deactivating auth: https://acme-v02.api.letsencrypt.org/acme/authz-v3/7091658823
2020/09/09 06:08:02 [ERROR] error: one or more domains had a problem:
[*.giki.app] [*.giki.app] acme: could not determine solvers
 (challenge=tls-alpn-01 remaining=[])
2020/09/09 06:08:04 [ERROR] attempt 1: [*.giki.app] Obtain: [*.giki.app] error: one or more domains had a problem:
[*.giki.app] [*.giki.app] acme: could not determine solvers
 - retrying in 1m0s (8.623976935s/720h0m0s elapsed)...

For wildcards, you need to either enable the ACME DNS challenge (by installing a plugin for your DNS provider), or use On-Demand TLS: