Caddy, Foundry, Docker Connection Issues

Kigali · October 1, 2023, 9:22pm

Please let me know if I missed anything or if I need to supply more info or logs.

1. The problem I’m having:

I am trying to self host a Foundry VTT server on a remote device (an old NUC stuffed in a friend’s closet server rack). To achieve this I’m using Docker to manage both Caddy & Foundry. Ideally I will be able to point my domain, theivoryguard.com, at this server so my players don’t have to remember (or know) my IP address. I know Foundry is working & is reachable through localhost. Unfortunately I cannot pass traffic through Caddy & access it from the internet either by IP or domain name.

2. Error messages and/or full log output:

#Please see response post for full error logs

3. Caddy version:

v2.7.4 h1:J8nisjdOxnYHXlorUKXY75Gr6iBfudfoGhrJ8t7/flI=

4. How I installed and ran Caddy:

a. System environment:

Ubuntu 22.04.3 LTS

b. Command:

docker compose up -d

c. Service/unit/compose file:

version: "3"

secrets:
  config_json:
    file: /home/captain/Documents/foundry/secrets.json

volumes:
  caddy_data:
    external: true
  caddy_config:

services:
  caddy:
    image: caddy:latest
    restart: unless-stopped
    ports:
      - "80:80"
#      - "8080:8080"
      - "443:443"
      - "443:443/udp"
    volumes:
      - /home/captain/Documents/caddy/Caddyfile:/etc/caddy/Caddyfile
      - caddy_data:/data
      - caddy_config:/config

  foundry:
    image: felddy/foundryvtt:release
    restart: unless-stopped
    hostname: localhost
    volumes:
      - type: bind
        source: /home/captain/Documents/foundry
        target: /data
    environment:
      - CONTAINER_PRESERVE_CONFIG=true
    ports:
      - "30000:30000"
    secrets::
      - source: config_json
        target: config.json

d. My complete Caddy config:

https://theivoryguard.com {
        reverse_proxy localhost:30000
}

# Refer to the Caddy docs for more information:
# https://caddyserver.com/docs/caddyfile

5. Links to relevant resources:

Thank you!

Thank you for your help. I’m very new to web development, server management, etc. I’ve been doodling with linux since high school, but am only now trying my hand at web services.

francislavoie · October 2, 2023, 12:07am

When in Docker, localhost means “this same container”. So this won’t work.

Instead, you should use the name of the container you want to proxy to, and its internal port (not the port you bind to the host – you don’t need to bind a port for other containers if they only need to be accessible through Caddy).

reverse_proxy foundry:30000

Those are logs from Docker itself, not from your Caddy container. Please share your logs from your Caddy container (you can run docker compose logs caddy), see Keep Caddy Running — Caddy Documentation

Kigali · October 2, 2023, 1:46am

Here’s ½ the full output of docker compose logs caddy :

docker-caddy-1  | {"level":"info","ts":1696193362.0829184,"msg":"using provided configuration","config_file":"/etc/caddy/Caddyfile","config_adapter":"caddyfile"}
docker-caddy-1  | {"level":"info","ts":1696193362.084812,"logger":"admin","msg":"admin endpoint started","address":"localhost:2019","enforce_origin":false,"origins":["//[::1]:2019","//127.0.0.1:2019","//localhost:2019"]}
docker-caddy-1  | {"level":"info","ts":1696193362.0850217,"logger":"http.auto_https","msg":"server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS","server_name":"srv0","https_port":443}
docker-caddy-1  | {"level":"info","ts":1696193362.085091,"logger":"http.auto_https","msg":"enabling automatic HTTP->HTTPS redirects","server_name":"srv0"}
docker-caddy-1  | {"level":"info","ts":1696193362.0851164,"logger":"tls.cache.maintenance","msg":"started background certificate maintenance","cache":"0xc000166100"}
docker-caddy-1  | {"level":"info","ts":1696193362.085514,"logger":"tls","msg":"cleaning storage unit","description":"FileStorage:/data/caddy"}
docker-caddy-1  | {"level":"info","ts":1696193362.0855486,"logger":"http","msg":"enabling HTTP/3 listener","addr":":443"}
docker-caddy-1  | {"level":"info","ts":1696193362.0857756,"msg":"failed to sufficiently increase receive buffer size (was: 208 kiB, wanted: 2048 kiB, got: 416 kiB). See https://github.com/quic-go/quic-go/wiki/UDP-Buffer-Sizes for details."}docker-caddy-1  | {"level":"info","ts":1696193362.0859983,"logger":"http.log","msg":"server running","name":"srv0","protocols":["h1","h2","h3"]}
docker-caddy-1  | {"level":"info","ts":1696193362.0860984,"logger":"http.log","msg":"server running","name":"remaining_auto_https_redirects","protocols":["h1","h2","h3"]}
docker-caddy-1  | {"level":"info","ts":1696193362.0861113,"logger":"http","msg":"enabling automatic TLS certificate management","domains":["theivoryguard.com"]}docker-caddy-1  | {"level":"info","ts":1696193362.0863714,"logger":"tls","msg":"finished cleaning storage units"}
docker-caddy-1  | {"level":"info","ts":1696193362.0864885,"msg":"autosaved config (load with --resume flag)","file":"/config/caddy/autosave.json"}
docker-caddy-1  | {"level":"info","ts":1696193362.0865645,"msg":"serving initial configuration"}
docker-caddy-1  | {"level":"info","ts":1696193362.0868804,"logger":"tls.obtain","msg":"acquiring lock","identifier":"theivoryguard.com"}
docker-caddy-1  | {"level":"info","ts":1696193362.0885677,"logger":"tls.obtain","msg":"lock acquired","identifier":"theivoryguard.com"}
docker-caddy-1  | {"level":"info","ts":1696193362.0887957,"logger":"tls.obtain","msg":"obtaining certificate","identifier":"theivoryguard.com"}
docker-caddy-1  | {"level":"info","ts":1696193362.0895944,"logger":"http","msg":"waiting on internal rate limiter","identifiers":["theivoryguard.com"],"ca":"https://acme-v02.api.letsencrypt.org/directory","account":""}
docker-caddy-1  | {"level":"info","ts":1696193362.08961,"logger":"http","msg":"done waiting on internal rate limiter","identifiers":["theivoryguard.com"],"ca":"https://acme-v02.api.letsencrypt.org/directory","account":""}
docker-caddy-1  | {"level":"info","ts":1696193363.0061462,"logger":"http.acme_client","msg":"trying to solve challenge","identifier":"theivoryguard.com","challenge_type":"tls-alpn-01","ca":"https://acme-v02.api.letsencrypt.org/directory"}
docker-caddy-1  | {"level":"error","ts":1696193373.4562535,"logger":"http.acme_client","msg":"challenge failed","identifier":"theivoryguard.com","challenge_type":"tls-alpn-01","problem":{"type":"urn:ietf:params:acme:error:connection","title":"","detail":"98.97.20.132: Timeout during connect (likely firewall problem)","instance":"","subproblems":[]}}
docker-caddy-1  | {"level":"error","ts":1696193373.4563258,"logger":"http.acme_client","msg":"validating authorization","identifier":"theivoryguard.com","problem":{"type":"urn:ietf:params:acme:error:connection","title":"","detail":"98.97.20.132: Timeout during connect (likely firewall problem)","instance":"","subproblems":[]},"order":"https://acme-v02.api.letsencrypt.org/acme/order/1332022206/212180388406","attempt":1,"max_attempts":3}
docker-caddy-1  | {"level":"info","ts":1696193374.7755876,"logger":"http.acme_client","msg":"trying to solve challenge","identifier":"theivoryguard.com","challenge_type":"http-01","ca":"https://acme-v02.api.letsencrypt.org/directory"}
docker-caddy-1  | {"level":"error","ts":1696193385.4082336,"logger":"http.acme_client","msg":"challenge failed","identifier":"theivoryguard.com","challenge_type":"http-01","problem":{"type":"urn:ietf:params:acme:error:connection","title":"","detail":"98.97.20.132: Fetching http://theivoryguard.com/.well-known/acme-challenge/WFQB5_Y8y2z3oiMDP5ZdFfqblazyEFRWn2tw8KAy8JM: Timeout during connect (likely firewall problem)","instance":"","subproblems":[]}}
docker-caddy-1  | {"level":"error","ts":1696193385.408319,"logger":"http.acme_client","msg":"validating authorization","identifier":"theivoryguard.com","problem":{"type":"urn:ietf:params:acme:error:connection","title":"","detail":"98.97.20.132: Fetching http://theivoryguard.com/.well-known/acme-challenge/WFQB5_Y8y2z3oiMDP5ZdFfqblazyEFRWn2tw8KAy8JM: Timeout during connect (likely firewall problem)","instance":"","subproblems":[]},"order":"https://acme-v02.api.letsencrypt.org/acme/order/1332022206/212180411516","attempt":2,"max_attempts":3}
docker-caddy-1  | {"level":"error","ts":1696193385.4083955,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"theivoryguard.com","issuer":"acme-v02.api.letsencrypt.org-directory","error":"HTTP 400 urn:ietf:params:acme:error:connection - 98.97.20.132: Fetching http://theivoryguard.com/.well-known/acme-challenge/WFQB5_Y8y2z3oiMDP5ZdFfqblazyEFRWn2tw8KAy8JM: Timeout during connect (likely firewall problem)"}
docker-caddy-1  | {"level":"info","ts":1696193385.410121,"logger":"http","msg":"waiting on internal rate limiter","identifiers":["theivoryguard.com"],"ca":"https://acme.zerossl.com/v2/DV90","account":"caddy@zerossl.com"}
docker-caddy-1  | {"level":"info","ts":1696193385.4101703,"logger":"http","msg":"done waiting on internal rate limiter","identifiers":["theivoryguard.com"],"ca":"https://acme.zerossl.com/v2/DV90","account":"caddy@zerossl.com"}
docker-caddy-1  | {"level":"info","ts":1696193387.0221632,"logger":"http.acme_client","msg":"trying to solve challenge","identifier":"theivoryguard.com","challenge_type":"http-01","ca":"https://acme.zerossl.com/v2/DV90"}
docker-caddy-1  | {"level":"error","ts":1696193399.7714245,"logger":"http.acme_client","msg":"challenge failed","identifier":"theivoryguard.com","challenge_type":"http-01","problem":{"type":"","title":"","detail":"","instance":"","subproblems":[]}}
docker-caddy-1  | {"level":"error","ts":1696193399.771491,"logger":"http.acme_client","msg":"validating authorization","identifier":"theivoryguard.com","problem":{"type":"","title":"","detail":"","instance":"","subproblems":[]},"order":"https://acme.zerossl.com/v2/DV90/order/0Uko_g_JfdQZyWl56_5Vrg","attempt":1,"max_attempts":3}
docker-caddy-1  | {"level":"error","ts":1696193399.7715578,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"theivoryguard.com","issuer":"acme.zerossl.com-v2-DV90","error":"HTTP 0  - "}
docker-caddy-1  | {"level":"error","ts":1696193399.7716706,"logger":"tls.obtain","msg":"will retry","error":"[theivoryguard.com] Obtain: [theivoryguard.com] solving challenge: theivoryguard.com: [theivoryguard.com] authorization failed: HTTP 0  -  (ca=https://acme.zerossl.com/v2/DV90)","attempt":1,"retrying_in":60,"elapsed":37.683047226,"max_duration":2592000}
docker-caddy-1  | {"level":"info","ts":1696193459.7724712,"logger":"tls.obtain","msg":"obtaining certificate","identifier":"theivoryguard.com"}
docker-caddy-1  | {"level":"info","ts":1696193460.535814,"logger":"http.acme_client","msg":"trying to solve challenge","identifier":"theivoryguard.com","challenge_type":"http-01","ca":"https://acme-staging-v02.api.letsencrypt.org/directory"}
docker-caddy-1  | {"level":"error","ts":1696193471.0054889,"logger":"http.acme_client","msg":"challenge failed","identifier":"theivoryguard.com","challenge_type":"http-01","problem":{"type":"urn:ietf:params:acme:error:connection","title":"","detail":"98.97.20.132: Fetching http://theivoryguard.com/.well-known/acme-challenge/8qU8QUvoaqG3wQ3o2Jus7CdfAD8bu48dH8h4EzsxDf0: Timeout during connect (likely firewall problem)","instance":"","subproblems":[]}}
docker-caddy-1  | {"level":"error","ts":1696193471.005556,"logger":"http.acme_client","msg":"validating authorization","identifier":"theivoryguard.com","problem":{"type":"urn:ietf:params:acme:error:connection","title":"","detail":"98.97.20.132: Fetching http://theivoryguard.com/.well-known/acme-challenge/8qU8QUvoaqG3wQ3o2Jus7CdfAD8bu48dH8h4EzsxDf0: Timeout during connect (likely firewall problem)","instance":"","subproblems":[]},"order":"https://acme-staging-v02.api.letsencrypt.org/acme/order/119963204/11307672394","attempt":1,"max_attempts":3}
docker-caddy-1  | {"level":"info","ts":1696193472.3531575,"logger":"http.acme_client","msg":"trying to solve challenge","identifier":"theivoryguard.com","challenge_type":"tls-alpn-01","ca":"https://acme-staging-v02.api.letsencrypt.org/directory"}
docker-caddy-1  | {"level":"error","ts":1696193482.6635368,"logger":"http.acme_client","msg":"challenge failed","identifier":"theivoryguard.com","challenge_type":"tls-alpn-01","problem":{"type":"urn:ietf:params:acme:error:connection","title":"","detail":"98.97.20.132: Timeout during connect (likely firewall problem)","instance":"","subproblems":[]}}
docker-caddy-1  | {"level":"error","ts":1696193482.663609,"logger":"http.acme_client","msg":"validating authorization","identifier":"theivoryguard.com","problem":{"type":"urn:ietf:params:acme:error:connection","title":"","detail":"98.97.20.132: Timeout during connect (likely firewall problem)","instance":"","subproblems":[]},"order":"https://acme-staging-v02.api.letsencrypt.org/acme/order/119963204/11307674594","attempt":2,"max_attempts":3}
docker-caddy-1  | {"level":"error","ts":1696193482.6636977,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"theivoryguard.com","issuer":"acme-v02.api.letsencrypt.org-directory","error":"HTTP 400 urn:ietf:params:acme:error:connection - 98.97.20.132: Timeout during connect (likely firewall problem)"}
docker-caddy-1  | {"level":"info","ts":1696193484.8330717,"logger":"http.acme_client","msg":"trying to solve challenge","identifier":"theivoryguard.com","challenge_type":"http-01","ca":"https://acme.zerossl.com/v2/DV90"}
docker-caddy-1  | {"level":"error","ts":1696193497.285387,"logger":"http.acme_client","msg":"challenge failed","identifier":"theivoryguard.com","challenge_type":"http-01","problem":{"type":"","title":"","detail":"","instance":"","subproblems":[]}}
docker-caddy-1  | {"level":"error","ts":1696193497.2854514,"logger":"http.acme_client","msg":"validating authorization","identifier":"theivoryguard.com","problem":{"type":"","title":"","detail":"","instance":"","subproblems":[]},"order":"https://acme.zerossl.com/v2/DV90/order/i3QLlMgGM0i2_Nq9ruXd9g","attempt":1,"max_attempts":3}
docker-caddy-1  | {"level":"error","ts":1696193497.2855053,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"theivoryguard.com","issuer":"acme.zerossl.com-v2-DV90","error":"HTTP 0  - "}
docker-caddy-1  | {"level":"error","ts":1696193497.2856352,"logger":"tls.obtain","msg":"will retry","error":"[theivoryguard.com] Obtain: [theivoryguard.com] solving challenge: theivoryguard.com: [theivoryguard.com] authorization failed: HTTP 0  -  (ca=https://acme.zerossl.com/v2/DV90)","attempt":2,"retrying_in":120,"elapsed":135.197011941,"max_duration":2592000}
docker-caddy-1  | {"level":"info","ts":1696193617.290019,"logger":"tls.obtain","msg":"obtaining certificate","identifier":"theivoryguard.com"}
docker-caddy-1  | {"level":"info","ts":1696193617.7586367,"logger":"http.acme_client","msg":"trying to solve challenge","identifier":"theivoryguard.com","challenge_type":"http-01","ca":"https://acme-staging-v02.api.letsencrypt.org/directory"}
docker-caddy-1  | {"level":"error","ts":1696193628.3292153,"logger":"http.acme_client","msg":"challenge failed","identifier":"theivoryguard.com","challenge_type":"http-01","problem":{"type":"urn:ietf:params:acme:error:connection","title":"","detail":"98.97.20.132: Fetching http://theivoryguard.com/.well-known/acme-challenge/2Tc0Y7Ha-iRJB-iOVfcNSlrTISN8rfbQ_3tTJPnfTv0: Timeout during connect (likely firewall problem)","instance":"","subproblems":[]}}
docker-caddy-1  | {"level":"error","ts":1696193628.329286,"logger":"http.acme_client","msg":"validating authorization","identifier":"theivoryguard.com","problem":{"type":"urn:ietf:params:acme:error:connection","title":"","detail":"98.97.20.132: Fetching http://theivoryguard.com/.well-known/acme-challenge/2Tc0Y7Ha-iRJB-iOVfcNSlrTISN8rfbQ_3tTJPnfTv0: Timeout during connect (likely firewall problem)","instance":"","subproblems":[]},"order":"https://acme-staging-v02.api.letsencrypt.org/acme/order/119963204/11307702184","attempt":1,"max_attempts":3}
docker-caddy-1  | {"level":"info","ts":1696193629.6809645,"logger":"http.acme_client","msg":"trying to solve challenge","identifier":"theivoryguard.com","challenge_type":"tls-alpn-01","ca":"https://acme-staging-v02.api.letsencrypt.org/directory"}
docker-caddy-1  | {"level":"error","ts":1696193640.2797217,"logger":"http.acme_client","msg":"challenge failed","identifier":"theivoryguard.com","challenge_type":"tls-alpn-01","problem":{"type":"urn:ietf:params:acme:error:connection","title":"","detail":"98.97.20.132: Timeout during connect (likely firewall problem)","instance":"","subproblems":[]}}
docker-caddy-1  | {"level":"error","ts":1696193640.2797866,"logger":"http.acme_client","msg":"validating authorization","identifier":"theivoryguard.com","problem":{"type":"urn:ietf:params:acme:error:connection","title":"","detail":"98.97.20.132: Timeout during connect (likely firewall problem)","instance":"","subproblems":[]},"order":"https://acme-staging-v02.api.letsencrypt.org/acme/order/119963204/11307704464","attempt":2,"max_attempts":3}
docker-caddy-1  | {"level":"error","ts":1696193640.2798655,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"theivoryguard.com","issuer":"acme-v02.api.letsencrypt.org-directory","error":"HTTP 400 urn:ietf:params:acme:error:connection - 98.97.20.132: Timeout during connect (likely firewall problem)"}
docker-caddy-1  | {"level":"info","ts":1696193641.5469596,"logger":"http.acme_client","msg":"trying to solve challenge","identifier":"theivoryguard.com","challenge_type":"http-01","ca":"https://acme.zerossl.com/v2/DV90"}
docker-caddy-1  | {"level":"error","ts":1696193653.1362963,"logger":"http.acme_client","msg":"challenge failed","identifier":"theivoryguard.com","challenge_type":"http-01","problem":{"type":"","title":"","detail":"","instance":"","subproblems":[]}}
docker-caddy-1  | {"level":"error","ts":1696193653.1363697,"logger":"http.acme_client","msg":"validating authorization","identifier":"theivoryguard.com","problem":{"type":"","title":"","detail":"","instance":"","subproblems":[]},"order":"https://acme.zerossl.com/v2/DV90/order/IcA6pSt60psfcT4b09DvTQ","attempt":1,"max_attempts":3}
docker-caddy-1  | {"level":"error","ts":1696193653.1364548,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"theivoryguard.com","issuer":"acme.zerossl.com-v2-DV90","error":"HTTP 0  - "}
docker-caddy-1  | {"level":"error","ts":1696193653.1365852,"logger":"tls.obtain","msg":"will retry","error":"[theivoryguard.com] Obtain: [theivoryguard.com] solving challenge: theivoryguard.com: [theivoryguard.com] authorization failed: HTTP 0  -  (ca=https://acme.zerossl.com/v2/DV90)","attempt":3,"retrying_in":120,"elapsed":291.047961969,"max_duration":2592000}
docker-caddy-1  | {"level":"info","ts":1696193773.1381462,"logger":"tls.obtain","msg":"obtaining certificate","identifier":"theivoryguard.com"}
docker-caddy-1  | {"level":"info","ts":1696193773.541569,"logger":"http.acme_client","msg":"trying to solve challenge","identifier":"theivoryguard.com","challenge_type":"http-01","ca":"https://acme-staging-v02.api.letsencrypt.org/directory"}
docker-caddy-1  | {"level":"error","ts":1696193783.8236918,"logger":"http.acme_client","msg":"challenge failed","identifier":"theivoryguard.com","challenge_type":"http-01","problem":{"type":"urn:ietf:params:acme:error:connection","title":"","detail":"98.97.20.132: Fetching http://theivoryguard.com/.well-known/acme-challenge/mds-a-v5tUSyS1Fjxh53HWB8DuU-bCvbBydwivqWaxs: Timeout during connect (likely firewall problem)","instance":"","subproblems":[]}}
docker-caddy-1  | {"level":"error","ts":1696193783.8237247,"logger":"http.acme_client","msg":"validating authorization","identifier":"theivoryguard.com","problem":{"type":"urn:ietf:params:acme:error:connection","title":"","detail":"98.97.20.132: Fetching http://theivoryguard.com/.well-known/acme-challenge/mds-a-v5tUSyS1Fjxh53HWB8DuU-bCvbBydwivqWaxs: Timeout during connect (likely firewall problem)","instance":"","subproblems":[]},"order":"https://acme-staging-v02.api.letsencrypt.org/acme/order/119963204/11307727994","attempt":1,"max_attempts":3}
docker-caddy-1  | {"level":"info","ts":1696193785.1494546,"logger":"http.acme_client","msg":"trying to solve challenge","identifier":"theivoryguard.com","challenge_type":"tls-alpn-01","ca":"https://acme-staging-v02.api.letsencrypt.org/directory"}
docker-caddy-1  | {"level":"error","ts":1696193795.4021025,"logger":"http.acme_client","msg":"challenge failed","identifier":"theivoryguard.com","challenge_type":"tls-alpn-01","problem":{"type":"urn:ietf:params:acme:error:connection","title":"","detail":"98.97.20.132: Timeout during connect (likely firewall problem)","instance":"","subproblems":[]}}
docker-caddy-1  | {"level":"error","ts":1696193795.402171,"logger":"http.acme_client","msg":"validating authorization","identifier":"theivoryguard.com","problem":{"type":"urn:ietf:params:acme:error:connection","title":"","detail":"98.97.20.132: Timeout during connect (likely firewall problem)","instance":"","subproblems":[]},"order":"https://acme-staging-v02.api.letsencrypt.org/acme/order/119963204/11307729904","attempt":2,"max_attempts":3}
docker-caddy-1  | {"level":"error","ts":1696193795.4022522,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"theivoryguard.com","issuer":"acme-v02.api.letsencrypt.org-directory","error":"HTTP 400 urn:ietf:params:acme:error:connection - 98.97.20.132: Timeout during connect (likely firewall problem)"}
docker-caddy-1  | {"level":"info","ts":1696193796.6618125,"logger":"http.acme_client","msg":"trying to solve challenge","identifier":"theivoryguard.com","challenge_type":"http-01","ca":"https://acme.zerossl.com/v2/DV90"}
docker-caddy-1  | {"level":"error","ts":1696193808.7589693,"logger":"http.acme_client","msg":"challenge failed","identifier":"theivoryguard.com","challenge_type":"http-01","problem":{"type":"","title":"","detail":"","instance":"","subproblems":[]}}
docker-caddy-1  | {"level":"error","ts":1696193808.7590337,"logger":"http.acme_client","msg":"validating authorization","identifier":"theivoryguard.com","problem":{"type":"","title":"","detail":"","instance":"","subproblems":[]},"order":"https://acme.zerossl.com/v2/DV90/order/V-AzJ-nfDsUQU4wFKXxBag","attempt":1,"max_attempts":3}
docker-caddy-1  | {"level":"error","ts":1696193808.7591052,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"theivoryguard.com","issuer":"acme.zerossl.com-v2-DV90","error":"HTTP 0  - "}
docker-caddy-1  | {"level":"error","ts":1696193808.7592027,"logger":"tls.obtain","msg":"will retry","error":"[theivoryguard.com] Obtain: [theivoryguard.com] solving challenge: theivoryguard.com: [theivoryguard.com] authorization failed: HTTP 0  -  (ca=https://acme.zerossl.com/v2/DV90)","attempt":4,"retrying_in":300,"elapsed":446.670579628,"max_duration":2592000}
docker-caddy-1  | {"level":"info","ts":1696194108.7598152,"logger":"tls.obtain","msg":"obtaining certificate","identifier":"theivoryguard.com"}
docker-caddy-1  | {"level":"info","ts":1696194109.424385,"logger":"http.acme_client","msg":"trying to solve challenge","identifier":"theivoryguard.com","challenge_type":"http-01","ca":"https://acme-staging-v02.api.letsencrypt.org/directory"}
docker-caddy-1  | {"level":"error","ts":1696194119.8998992,"logger":"http.acme_client","msg":"challenge failed","identifier":"theivoryguard.com","challenge_type":"http-01","problem":{"type":"urn:ietf:params:acme:error:connection","title":"","detail":"98.97.20.132: Fetching http://theivoryguard.com/.well-known/acme-challenge/2b7toPTlJI_dXfkVytSbkKmc4YlvzeQq1Be3PNRWSnA: Timeout during connect (likely firewall problem)","instance":"","subproblems":[]}}
docker-caddy-1  | {"level":"error","ts":1696194119.9000564,"logger":"http.acme_client","msg":"validating authorization","identifier":"theivoryguard.com","problem":{"type":"urn:ietf:params:acme:error:connection","title":"","detail":"98.97.20.132: Fetching http://theivoryguard.com/.well-known/acme-challenge/2b7toPTlJI_dXfkVytSbkKmc4YlvzeQq1Be3PNRWSnA: Timeout during connect (likely firewall problem)","instance":"","subproblems":[]},"order":"https://acme-staging-v02.api.letsencrypt.org/acme/order/119963204/11307785124","attempt":1,"max_attempts":3}
docker-caddy-1  | {"level":"info","ts":1696194121.1855938,"logger":"http.acme_client","msg":"trying to solve challenge","identifier":"theivoryguard.com","challenge_type":"tls-alpn-01","ca":"https://acme-staging-v02.api.letsencrypt.org/directory"}
docker-caddy-1  | {"level":"error","ts":1696194131.835961,"logger":"http.acme_client","msg":"challenge failed","identifier":"theivoryguard.com","challenge_type":"tls-alpn-01","problem":{"type":"urn:ietf:params:acme:error:connection","title":"","detail":"98.97.20.132: Timeout during connect (likely firewall problem)","instance":"","subproblems":[]}}
docker-caddy-1  | {"level":"error","ts":1696194131.8360944,"logger":"http.acme_client","msg":"validating authorization","identifier":"theivoryguard.com","problem":{"type":"urn:ietf:params:acme:error:connection","title":"","detail":"98.97.20.132: Timeout during connect (likely firewall problem)","instance":"","subproblems":[]},"order":"https://acme-staging-v02.api.letsencrypt.org/acme/order/119963204/11307786884","attempt":2,"max_attempts":3}
docker-caddy-1  | {"level":"error","ts":1696194131.8363094,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"theivoryguard.com","issuer":"acme-v02.api.letsencrypt.org-directory","error":"HTTP 400 urn:ietf:params:acme:error:connection - 98.97.20.132: Timeout during connect (likely firewall problem)"}
docker-caddy-1  | {"level":"info","ts":1696194134.738125,"logger":"http.acme_client","msg":"trying to solve challenge","identifier":"theivoryguard.com","challenge_type":"http-01","ca":"https://acme.zerossl.com/v2/DV90"}
docker-caddy-1  | {"level":"error","ts":1696194146.8353531,"logger":"http.acme_client","msg":"challenge failed","identifier":"theivoryguard.com","challenge_type":"http-01","problem":{"type":"","title":"","detail":"","instance":"","subproblems":[]}}
docker-caddy-1  | {"level":"error","ts":1696194146.835417,"logger":"http.acme_client","msg":"validating authorization","identifier":"theivoryguard.com","problem":{"type":"","title":"","detail":"","instance":"","subproblems":[]},"order":"https://acme.zerossl.com/v2/DV90/order/1myiOfiysRscszZ_M-jVQg","attempt":1,"max_attempts":3}
docker-caddy-1  | {"level":"error","ts":1696194146.8354876,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"theivoryguard.com","issuer":"acme.zerossl.com-v2-DV90","error":"HTTP 0  - "}
docker-caddy-1  | {"level":"error","ts":1696194146.835572,"logger":"tls.obtain","msg":"will retry","error":"[theivoryguard.com] Obtain: [theivoryguard.com] solving challenge: theivoryguard.com: [theivoryguard.com] authorization failed: HTTP 0  -  (ca=https://acme.zerossl.com/v2/DV90)","attempt":5,"retrying_in":600,"elapsed":784.746949387,"max_duration":2592000}
docker-caddy-1  | {"level":"info","ts":1696194746.836484,"logger":"tls.obtain","msg":"obtaining certificate","identifier":"theivoryguard.com"}
docker-caddy-1  | {"level":"info","ts":1696194748.42259,"logger":"http.acme_client","msg":"trying to solve challenge","identifier":"theivoryguard.com","challenge_type":"http-01","ca":"https://acme-staging-v02.api.letsencrypt.org/directory"}docker-caddy-1  | {"level":"error","ts":1696194758.9126391,"logger":"http.acme_client","msg":"challenge failed","identifier":"theivoryguard.com","challenge_type":"http-01","problem":{"type":"urn:ietf:params:acme:error:connection","title":"","detail":"98.97.20.132: Fetching http://theivoryguard.com/.well-known/acme-challenge/q1CfclPMvKNAG-eTkN6TBwQb3rHtJ__5Xtj62IpxrPo: Timeout during connect (likely firewall problem)","instance":"","subproblems":[]}}
docker-caddy-1  | {"level":"error","ts":1696194758.912722,"logger":"http.acme_client","msg":"validating authorization","identifier":"theivoryguard.com","problem":{"type":"urn:ietf:params:acme:error:connection","title":"","detail":"98.97.20.132: Fetching http://theivoryguard.com/.well-known/acme-challenge/q1CfclPMvKNAG-eTkN6TBwQb3rHtJ__5Xtj62IpxrPo: Timeout during connect (likely firewall problem)","instance":"","subproblems":[]},"order":"https://acme-staging-v02.api.letsencrypt.org/acme/order/119963204/11307916624","attempt":1,"max_attempts":3}
docker-caddy-1  | {"level":"info","ts":1696194760.2083757,"logger":"http.acme_client","msg":"trying to solve challenge","identifier":"theivoryguard.com","challenge_type":"tls-alpn-01","ca":"https://acme-staging-v02.api.letsencrypt.org/directory"}
docker-caddy-1  | {"level":"error","ts":1696194770.5182633,"logger":"http.acme_client","msg":"challenge failed","identifier":"theivoryguard.com","challenge_type":"tls-alpn-01","problem":{"type":"urn:ietf:params:acme:error:connection","title":"","detail":"98.97.20.132: Timeout during connect (likely firewall problem)","instance":"","subproblems":[]}}
docker-caddy-1  | {"level":"error","ts":1696194770.5183272,"logger":"http.acme_client","msg":"validating authorization","identifier":"theivoryguard.com","problem":{"type":"urn:ietf:params:acme:error:connection","title":"","detail":"98.97.20.132: Timeout during connect (likely firewall problem)","instance":"","subproblems":[]},"order":"https://acme-staging-v02.api.letsencrypt.org/acme/order/119963204/11307918664","attempt":2,"max_attempts":3}
docker-caddy-1  | {"level":"error","ts":1696194770.5184457,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"theivoryguard.com","issuer":"acme-v02.api.letsencrypt.org-directory","error":"HTTP 400 urn:ietf:params:acme:error:connection - 98.97.20.132: Timeout during connect (likely firewall problem)"}
docker-caddy-1  | {"level":"info","ts":1696194772.0869513,"logger":"http.acme_client","msg":"trying to solve challenge","identifier":"theivoryguard.com","challenge_type":"http-01","ca":"https://acme.zerossl.com/v2/DV90"}
docker-caddy-1  | {"level":"error","ts":1696194783.8047793,"logger":"http.acme_client","msg":"challenge failed","identifier":"theivoryguard.com","challenge_type":"http-01","problem":{"type":"","title":"","detail":"","instance":"","subproblems":[]}}
docker-caddy-1  | {"level":"error","ts":1696194783.8048515,"logger":"http.acme_client","msg":"validating authorization","identifier":"theivoryguard.com","problem":{"type":"","title":"","detail":"","instance":"","subproblems":[]},"order":"https://acme.zerossl.com/v2/DV90/order/FJHn_krqGyYeNViwu1Ma-Q","attempt":1,"max_attempts":3}

Kigali · October 2, 2023, 1:46am

Here’s 2/2:

docker-caddy-1  | {"level":"error","ts":1696194783.8049111,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"theivoryguard.com","issuer":"acme.zerossl.com-v2-DV90","error":"HTTP 0  - "}
docker-caddy-1  | {"level":"error","ts":1696194783.8050177,"logger":"tls.obtain","msg":"will retry","error":"[theivoryguard.com] Obtain: [theivoryguard.com] solving challenge: theivoryguard.com: [theivoryguard.com] authorization failed: HTTP 0  -  (ca=https://acme.zerossl.com/v2/DV90)","attempt":6,"retrying_in":1200,"elapsed":1421.716394034,"max_duration":2592000}
docker-caddy-1  | {"level":"info","ts":1696195983.8058486,"logger":"tls.obtain","msg":"obtaining certificate","identifier":"theivoryguard.com"}
docker-caddy-1  | {"level":"info","ts":1696195984.6092033,"logger":"http.acme_client","msg":"trying to solve challenge","identifier":"theivoryguard.com","challenge_type":"http-01","ca":"https://acme-staging-v02.api.letsencrypt.org/directory"}
docker-caddy-1  | {"level":"error","ts":1696195995.1085658,"logger":"http.acme_client","msg":"challenge failed","identifier":"theivoryguard.com","challenge_type":"http-01","problem":{"type":"urn:ietf:params:acme:error:connection","title":"","detail":"98.97.20.132: Fetching http://theivoryguard.com/.well-known/acme-challenge/0EQ9LGSqtn6shv-v-LZ7FOBbSWfT8TlgNpBRGD1HF-4: Timeout during connect (likely firewall problem)","instance":"","subproblems":[]}}
docker-caddy-1  | {"level":"error","ts":1696195995.1086292,"logger":"http.acme_client","msg":"validating authorization","identifier":"theivoryguard.com","problem":{"type":"urn:ietf:params:acme:error:connection","title":"","detail":"98.97.20.132: Fetching http://theivoryguard.com/.well-known/acme-challenge/0EQ9LGSqtn6shv-v-LZ7FOBbSWfT8TlgNpBRGD1HF-4: Timeout during connect (likely firewall problem)","instance":"","subproblems":[]},"order":"https://acme-staging-v02.api.letsencrypt.org/acme/order/119963204/11308133054","attempt":1,"max_attempts":3}
docker-caddy-1  | {"level":"info","ts":1696195996.415512,"logger":"http.acme_client","msg":"trying to solve challenge","identifier":"theivoryguard.com","challenge_type":"tls-alpn-01","ca":"https://acme-staging-v02.api.letsencrypt.org/directory"}
docker-caddy-1  | {"level":"error","ts":1696196006.841836,"logger":"http.acme_client","msg":"challenge failed","identifier":"theivoryguard.com","challenge_type":"tls-alpn-01","problem":{"type":"urn:ietf:params:acme:error:connection","title":"","detail":"98.97.20.132: Timeout during connect (likely firewall problem)","instance":"","subproblems":[]}}
docker-caddy-1  | {"level":"error","ts":1696196006.8419173,"logger":"http.acme_client","msg":"validating authorization","identifier":"theivoryguard.com","problem":{"type":"urn:ietf:params:acme:error:connection","title":"","detail":"98.97.20.132: Timeout during connect (likely firewall problem)","instance":"","subproblems":[]},"order":"https://acme-staging-v02.api.letsencrypt.org/acme/order/119963204/11308136084","attempt":2,"max_attempts":3}
docker-caddy-1  | {"level":"error","ts":1696196006.8420148,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"theivoryguard.com","issuer":"acme-v02.api.letsencrypt.org-directory","error":"HTTP 400 urn:ietf:params:acme:error:connection - 98.97.20.132: Timeout during connect (likely firewall problem)"}
docker-caddy-1  | {"level":"info","ts":1696196008.5878954,"logger":"http.acme_client","msg":"trying to solve challenge","identifier":"theivoryguard.com","challenge_type":"http-01","ca":"https://acme.zerossl.com/v2/DV90"}
docker-caddy-1  | {"level":"error","ts":1696196021.2021813,"logger":"http.acme_client","msg":"challenge failed","identifier":"theivoryguard.com","challenge_type":"http-01","problem":{"type":"","title":"","detail":"","instance":"","subproblems":[]}}
docker-caddy-1  | {"level":"error","ts":1696196021.2022433,"logger":"http.acme_client","msg":"validating authorization","identifier":"theivoryguard.com","problem":{"type":"","title":"","detail":"","instance":"","subproblems":[]},"order":"https://acme.zerossl.com/v2/DV90/order/XIy8OLGejIrAFAUWvB8cNA","attempt":1,"max_attempts":3}
docker-caddy-1  | {"level":"error","ts":1696196021.202322,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"theivoryguard.com","issuer":"acme.zerossl.com-v2-DV90","error":"HTTP 0  - "}
docker-caddy-1  | {"level":"error","ts":1696196021.2024214,"logger":"tls.obtain","msg":"will retry","error":"[theivoryguard.com] Obtain: [theivoryguard.com] solving challenge: theivoryguard.com: [theivoryguard.com] authorization failed: HTTP 0  -  (ca=https://acme.zerossl.com/v2/DV90)","attempt":7,"retrying_in":1200,"elapsed":2659.11379769,"max_duration":2592000}
docker-caddy-1  | {"level":"info","ts":1696197221.2033875,"logger":"tls.obtain","msg":"obtaining certificate","identifier":"theivoryguard.com"}
docker-caddy-1  | {"level":"info","ts":1696197222.9517672,"logger":"http.acme_client","msg":"trying to solve challenge","identifier":"theivoryguard.com","challenge_type":"http-01","ca":"https://acme-staging-v02.api.letsencrypt.org/directory"}
docker-caddy-1  | {"level":"error","ts":1696197233.4594839,"logger":"http.acme_client","msg":"challenge failed","identifier":"theivoryguard.com","challenge_type":"http-01","problem":{"type":"urn:ietf:params:acme:error:connection","title":"","detail":"98.97.20.132: Fetching http://theivoryguard.com/.well-known/acme-challenge/PDx6HpaufdpFhvads35LaXPTB4Owxwany3CeCdS_nzI: Timeout during connect (likely firewall problem)","instance":"","subproblems":[]}}
docker-caddy-1  | {"level":"error","ts":1696197233.4595468,"logger":"http.acme_client","msg":"validating authorization","identifier":"theivoryguard.com","problem":{"type":"urn:ietf:params:acme:error:connection","title":"","detail":"98.97.20.132: Fetching http://theivoryguard.com/.well-known/acme-challenge/PDx6HpaufdpFhvads35LaXPTB4Owxwany3CeCdS_nzI: Timeout during connect (likely firewall problem)","instance":"","subproblems":[]},"order":"https://acme-staging-v02.api.letsencrypt.org/acme/order/119963204/11308368804","attempt":1,"max_attempts":3}
docker-caddy-1  | {"level":"info","ts":1696197234.738755,"logger":"http.acme_client","msg":"trying to solve challenge","identifier":"theivoryguard.com","challenge_type":"tls-alpn-01","ca":"https://acme-staging-v02.api.letsencrypt.org/directory"}
docker-caddy-1  | {"level":"error","ts":1696197245.3742352,"logger":"http.acme_client","msg":"challenge failed","identifier":"theivoryguard.com","challenge_type":"tls-alpn-01","problem":{"type":"urn:ietf:params:acme:error:connection","title":"","detail":"98.97.20.132: Timeout during connect (likely firewall problem)","instance":"","subproblems":[]}}
docker-caddy-1  | {"level":"error","ts":1696197245.3743088,"logger":"http.acme_client","msg":"validating authorization","identifier":"theivoryguard.com","problem":{"type":"urn:ietf:params:acme:error:connection","title":"","detail":"98.97.20.132: Timeout during connect (likely firewall problem)","instance":"","subproblems":[]},"order":"https://acme-staging-v02.api.letsencrypt.org/acme/order/119963204/11308371144","attempt":2,"max_attempts":3}
docker-caddy-1  | {"level":"error","ts":1696197245.3743792,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"theivoryguard.com","issuer":"acme-v02.api.letsencrypt.org-directory","error":"HTTP 400 urn:ietf:params:acme:error:connection - 98.97.20.132: Timeout during connect (likely firewall problem)"}
docker-caddy-1  | {"level":"info","ts":1696197247.0473266,"logger":"http.acme_client","msg":"trying to solve challenge","identifier":"theivoryguard.com","challenge_type":"http-01","ca":"https://acme.zerossl.com/v2/DV90"}
docker-caddy-1  | {"level":"error","ts":1696197259.2464607,"logger":"http.acme_client","msg":"challenge failed","identifier":"theivoryguard.com","challenge_type":"http-01","problem":{"type":"","title":"","detail":"","instance":"","subproblems":[]}}
docker-caddy-1  | {"level":"error","ts":1696197259.246528,"logger":"http.acme_client","msg":"validating authorization","identifier":"theivoryguard.com","problem":{"type":"","title":"","detail":"","instance":"","subproblems":[]},"order":"https://acme.zerossl.com/v2/DV90/order/5SckHBKsnQDHFhtgQF4VgA","attempt":1,"max_attempts":3}
docker-caddy-1  | {"level":"error","ts":1696197259.2465887,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"theivoryguard.com","issuer":"acme.zerossl.com-v2-DV90","error":"HTTP 0  - "}
docker-caddy-1  | {"level":"error","ts":1696197259.2467115,"logger":"tls.obtain","msg":"will retry","error":"[theivoryguard.com] Obtain: [theivoryguard.com] solving challenge: theivoryguard.com: [theivoryguard.com] authorization failed: HTTP 0  -  (ca=https://acme.zerossl.com/v2/DV90)","attempt":8,"retrying_in":1800,"elapsed":3897.158087951,"max_duration":2592000}
docker-caddy-1  | {"level":"info","ts":1696199059.2511787,"logger":"tls.obtain","msg":"obtaining certificate","identifier":"theivoryguard.com"}
docker-caddy-1  | {"level":"info","ts":1696199059.9879634,"logger":"http.acme_client","msg":"trying to solve challenge","identifier":"theivoryguard.com","challenge_type":"http-01","ca":"https://acme-staging-v02.api.letsencrypt.org/directory"}
docker-caddy-1  | {"level":"error","ts":1696199070.5738702,"logger":"http.acme_client","msg":"challenge failed","identifier":"theivoryguard.com","challenge_type":"http-01","problem":{"type":"urn:ietf:params:acme:error:connection","title":"","detail":"98.97.20.132: Fetching http://theivoryguard.com/.well-known/acme-challenge/qFPzzVaailAvgs5SwkNRu0IL7CA_A_79vn1np0KgrgU: Timeout during connect (likely firewall problem)","instance":"","subproblems":[]}}
docker-caddy-1  | {"level":"error","ts":1696199070.5739431,"logger":"http.acme_client","msg":"validating authorization","identifier":"theivoryguard.com","problem":{"type":"urn:ietf:params:acme:error:connection","title":"","detail":"98.97.20.132: Fetching http://theivoryguard.com/.well-known/acme-challenge/qFPzzVaailAvgs5SwkNRu0IL7CA_A_79vn1np0KgrgU: Timeout during connect (likely firewall problem)","instance":"","subproblems":[]},"order":"https://acme-staging-v02.api.letsencrypt.org/acme/order/119963204/11308746484","attempt":1,"max_attempts":3}
docker-caddy-1  | {"level":"info","ts":1696199071.8432674,"logger":"http.acme_client","msg":"trying to solve challenge","identifier":"theivoryguard.com","challenge_type":"tls-alpn-01","ca":"https://acme-staging-v02.api.letsencrypt.org/directory"}
docker-caddy-1  | {"level":"error","ts":1696199082.0798974,"logger":"http.acme_client","msg":"challenge failed","identifier":"theivoryguard.com","challenge_type":"tls-alpn-01","problem":{"type":"urn:ietf:params:acme:error:connection","title":"","detail":"98.97.20.132: Timeout during connect (likely firewall problem)","instance":"","subproblems":[]}}
docker-caddy-1  | {"level":"error","ts":1696199082.079962,"logger":"http.acme_client","msg":"validating authorization","identifier":"theivoryguard.com","problem":{"type":"urn:ietf:params:acme:error:connection","title":"","detail":"98.97.20.132: Timeout during connect (likely firewall problem)","instance":"","subproblems":[]},"order":"https://acme-staging-v02.api.letsencrypt.org/acme/order/119963204/11308748504","attempt":2,"max_attempts":3}
docker-caddy-1  | {"level":"error","ts":1696199082.0801191,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"theivoryguard.com","issuer":"acme-v02.api.letsencrypt.org-directory","error":"HTTP 400 urn:ietf:params:acme:error:connection - 98.97.20.132: Timeout during connect (likely firewall problem)"}
docker-caddy-1  | {"level":"info","ts":1696199084.2174554,"logger":"http.acme_client","msg":"trying to solve challenge","identifier":"theivoryguard.com","challenge_type":"http-01","ca":"https://acme.zerossl.com/v2/DV90"}
docker-caddy-1  | {"level":"error","ts":1696199096.020342,"logger":"http.acme_client","msg":"challenge failed","identifier":"theivoryguard.com","challenge_type":"http-01","problem":{"type":"","title":"","detail":"","instance":"","subproblems":[]}}
docker-caddy-1  | {"level":"error","ts":1696199096.0204117,"logger":"http.acme_client","msg":"validating authorization","identifier":"theivoryguard.com","problem":{"type":"","title":"","detail":"","instance":"","subproblems":[]},"order":"https://acme.zerossl.com/v2/DV90/order/o02bFYR8tNZ_xbP_hG0BDQ","attempt":1,"max_attempts":3}
docker-caddy-1  | {"level":"error","ts":1696199096.020488,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"theivoryguard.com","issuer":"acme.zerossl.com-v2-DV90","error":"HTTP 0  - "}
docker-caddy-1  | {"level":"error","ts":1696199096.0205834,"logger":"tls.obtain","msg":"will retry","error":"[theivoryguard.com] Obtain: [theivoryguard.com] solving challenge: theivoryguard.com: [theivoryguard.com] authorization failed: HTTP 0  -  (ca=https://acme.zerossl.com/v2/DV90)","attempt":9,"retrying_in":1800,"elapsed":5733.931948463,"max_duration":2592000}
docker-caddy-1  | {"level":"info","ts":1696200896.0212057,"logger":"tls.obtain","msg":"obtaining certificate","identifier":"theivoryguard.com"}
docker-caddy-1  | {"level":"info","ts":1696200896.7268455,"logger":"http.acme_client","msg":"trying to solve challenge","identifier":"theivoryguard.com","challenge_type":"http-01","ca":"https://acme-staging-v02.api.letsencrypt.org/directory"}
docker-caddy-1  | {"level":"error","ts":1696200906.9738116,"logger":"http.acme_client","msg":"challenge failed","identifier":"theivoryguard.com","challenge_type":"http-01","problem":{"type":"urn:ietf:params:acme:error:connection","title":"","detail":"98.97.20.132: Fetching http://theivoryguard.com/.well-known/acme-challenge/4-yZ3S2p-mvKFwpu9rdA86LeJUva16oA1vmP-f8qJKs: Timeout during connect (likely firewall problem)","instance":"","subproblems":[]}}
docker-caddy-1  | {"level":"error","ts":1696200906.9738922,"logger":"http.acme_client","msg":"validating authorization","identifier":"theivoryguard.com","problem":{"type":"urn:ietf:params:acme:error:connection","title":"","detail":"98.97.20.132: Fetching http://theivoryguard.com/.well-known/acme-challenge/4-yZ3S2p-mvKFwpu9rdA86LeJUva16oA1vmP-f8qJKs: Timeout during connect (likely firewall problem)","instance":"","subproblems":[]},"order":"https://acme-staging-v02.api.letsencrypt.org/acme/order/119963204/11309108494","attempt":1,"max_attempts":3}
docker-caddy-1  | {"level":"info","ts":1696200908.253721,"logger":"http.acme_client","msg":"trying to solve challenge","identifier":"theivoryguard.com","challenge_type":"tls-alpn-01","ca":"https://acme-staging-v02.api.letsencrypt.org/directory"}
docker-caddy-1  | {"level":"error","ts":1696200918.5641525,"logger":"http.acme_client","msg":"challenge failed","identifier":"theivoryguard.com","challenge_type":"tls-alpn-01","problem":{"type":"urn:ietf:params:acme:error:connection","title":"","detail":"98.97.20.132: Timeout during connect (likely firewall problem)","instance":"","subproblems":[]}}
docker-caddy-1  | {"level":"error","ts":1696200918.5642192,"logger":"http.acme_client","msg":"validating authorization","identifier":"theivoryguard.com","problem":{"type":"urn:ietf:params:acme:error:connection","title":"","detail":"98.97.20.132: Timeout during connect (likely firewall problem)","instance":"","subproblems":[]},"order":"https://acme-staging-v02.api.letsencrypt.org/acme/order/119963204/11309110664","attempt":2,"max_attempts":3}
docker-caddy-1  | {"level":"error","ts":1696200918.5643399,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"theivoryguard.com","issuer":"acme-v02.api.letsencrypt.org-directory","error":"HTTP 400 urn:ietf:params:acme:error:connection - 98.97.20.132: Timeout during connect (likely firewall problem)"}
docker-caddy-1  | {"level":"info","ts":1696200920.1529758,"logger":"http.acme_client","msg":"trying to solve challenge","identifier":"theivoryguard.com","challenge_type":"http-01","ca":"https://acme.zerossl.com/v2/DV90"}
docker-caddy-1  | {"level":"error","ts":1696200932.5661259,"logger":"http.acme_client","msg":"challenge failed","identifier":"theivoryguard.com","challenge_type":"http-01","problem":{"type":"","title":"","detail":"","instance":"","subproblems":[]}}
docker-caddy-1  | {"level":"error","ts":1696200932.5661972,"logger":"http.acme_client","msg":"validating authorization","identifier":"theivoryguard.com","problem":{"type":"","title":"","detail":"","instance":"","subproblems":[]},"order":"https://acme.zerossl.com/v2/DV90/order/Xqozbv_TQtHk2PSsGRUcXA","attempt":1,"max_attempts":3}
docker-caddy-1  | {"level":"error","ts":1696200932.5662687,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"theivoryguard.com","issuer":"acme.zerossl.com-v2-DV90","error":"HTTP 0  - "}
docker-caddy-1  | {"level":"error","ts":1696200932.5663996,"logger":"tls.obtain","msg":"will retry","error":"[theivoryguard.com] Obtain: [theivoryguard.com] solving challenge: theivoryguard.com: [theivoryguard.com] authorization failed: HTTP 0  -  (ca=https://acme.zerossl.com/v2/DV90)","attempt":10,"retrying_in":3600,"elapsed":7570.477775657,"max_duration":2592000}
docker-caddy-1  | {"level":"info","ts":1696204532.567124,"logger":"tls.obtain","msg":"obtaining certificate","identifier":"theivoryguard.com"}
docker-caddy-1  | {"level":"info","ts":1696204533.27775,"logger":"http.acme_client","msg":"trying to solve challenge","identifier":"theivoryguard.com","challenge_type":"http-01","ca":"https://acme-staging-v02.api.letsencrypt.org/directory"}docker-caddy-1  | {"level":"error","ts":1696204543.657811,"logger":"http.acme_client","msg":"challenge failed","identifier":"theivoryguard.com","challenge_type":"http-01","problem":{"type":"urn:ietf:params:acme:error:connection","title":"","detail":"98.97.20.132: Fetching http://theivoryguard.com/.well-known/acme-challenge/5PRd4MVrrWFyzBm6ma8oYFWDEPnjTcQdhFrkFLSShq4: Timeout during connect (likely firewall problem)","instance":"","subproblems":[]}}
docker-caddy-1  | {"level":"error","ts":1696204543.657894,"logger":"http.acme_client","msg":"validating authorization","identifier":"theivoryguard.com","problem":{"type":"urn:ietf:params:acme:error:connection","title":"","detail":"98.97.20.132: Fetching http://theivoryguard.com/.well-known/acme-challenge/5PRd4MVrrWFyzBm6ma8oYFWDEPnjTcQdhFrkFLSShq4: Timeout during connect (likely firewall problem)","instance":"","subproblems":[]},"order":"https://acme-staging-v02.api.letsencrypt.org/acme/order/119963204/11309763964","attempt":1,"max_attempts":3}
docker-caddy-1  | {"level":"info","ts":1696204544.9651911,"logger":"http.acme_client","msg":"trying to solve challenge","identifier":"theivoryguard.com","challenge_type":"tls-alpn-01","ca":"https://acme-staging-v02.api.letsencrypt.org/directory"}
docker-caddy-1  | {"level":"error","ts":1696204555.4184663,"logger":"http.acme_client","msg":"challenge failed","identifier":"theivoryguard.com","challenge_type":"tls-alpn-01","problem":{"type":"urn:ietf:params:acme:error:connection","title":"","detail":"98.97.20.132: Timeout during connect (likely firewall problem)","instance":"","subproblems":[]}}
docker-caddy-1  | {"level":"error","ts":1696204555.418553,"logger":"http.acme_client","msg":"validating authorization","identifier":"theivoryguard.com","problem":{"type":"urn:ietf:params:acme:error:connection","title":"","detail":"98.97.20.132: Timeout during connect (likely firewall problem)","instance":"","subproblems":[]},"order":"https://acme-staging-v02.api.letsencrypt.org/acme/order/119963204/11309766074","attempt":2,"max_attempts":3}
docker-caddy-1  | {"level":"error","ts":1696204555.418751,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"theivoryguard.com","issuer":"acme-v02.api.letsencrypt.org-directory","error":"HTTP 400 urn:ietf:params:acme:error:connection - 98.97.20.132: Timeout during connect (likely firewall problem)"}
docker-caddy-1  | {"level":"info","ts":1696204557.1310182,"logger":"http.acme_client","msg":"trying to solve challenge","identifier":"theivoryguard.com","challenge_type":"http-01","ca":"https://acme.zerossl.com/v2/DV90"}
docker-caddy-1  | {"level":"error","ts":1696204569.1576774,"logger":"http.acme_client","msg":"challenge failed","identifier":"theivoryguard.com","challenge_type":"http-01","problem":{"type":"","title":"","detail":"","instance":"","subproblems":[]}}
docker-caddy-1  | {"level":"error","ts":1696204569.1577392,"logger":"http.acme_client","msg":"validating authorization","identifier":"theivoryguard.com","problem":{"type":"","title":"","detail":"","instance":"","subproblems":[]},"order":"https://acme.zerossl.com/v2/DV90/order/OK46_QxKDaYiShgzT8x-TA","attempt":1,"max_attempts":3}
docker-caddy-1  | {"level":"error","ts":1696204569.1578221,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"theivoryguard.com","issuer":"acme.zerossl.com-v2-DV90","error":"HTTP 0  - "}
docker-caddy-1  | {"level":"error","ts":1696204569.157933,"logger":"tls.obtain","msg":"will retry","error":"[theivoryguard.com] Obtain: [theivoryguard.com] solving challenge: theivoryguard.com: [theivoryguard.com] authorization failed: HTTP 0  -  (ca=https://acme.zerossl.com/v2/DV90)","attempt":11,"retrying_in":10800,"elapsed":11207.069309333,"max_duration":2592000}

francislavoie · October 2, 2023, 1:54am

Are you sure you have port 80 and 443 open in your firewall, and forwarded to your server? Does your ISP block use of those ports?

Kigali · October 2, 2023, 2:07am

I’m sure the ports 80 & 443 are forwarded correctly, but I’m not sure if Starlink blocks use of them.

francislavoie · October 2, 2023, 2:24am

Ah, yeah it won’t be possible to serve a website the traditional way with Starlink because they use CGNAT. You don’t get your own unique IP address.

You’ll need to use something like cloudflare tunnels or something similar.

Kigali · October 2, 2023, 2:26am

Guess the next step will be to move the NUC from 1 friend’s closet to another’s! I’ll report back after the switch is made.

francislavoie · October 2, 2023, 2:42am

You don’t necessarily need to do that. Like I said, you can use a tunneling solution to open a pipe between your server and somewhere else, for example Cloudflare’s Tunnel | Zero Trust App Connector or with wireguard/tailscale with your own VPS.

Kigali · October 2, 2023, 3:00am

It took me 2 weeks to get to this point. This is a hobby project that was supposed to take a day or 2. I can set up port forwarding & ssh faster than trying to learn all the ins & outs required to add another pillar to this stack.

Kigali · October 14, 2023, 6:18pm

So I moved the server to another closet that isn’t on a Starlink network. When I run the caddy container now it validates the certificate, but I still cannot access my Foundry server. I tried scanning the server with nmap & saw ports 22, 80, & 8080 are open, but 443 is closed. I know the port forwarding is set correctly & the domain is pointed at the new/correct IP address. Foundry was accessible when it’s port was forwarded directly, but not when I try to use Caddy. None of the config files have been altered.

Caddy Logs:

docker-caddy-1  | 2023-10-14T18:14:15.588691236Z {"level":"info","ts":1697307255.588554,"msg":"using provided configuration","config_file":"/etc/caddy/Caddyfile","config_adapter":"caddyfile"}
docker-caddy-1  | 2023-10-14T18:14:15.590627064Z {"level":"info","ts":1697307255.5905156,"logger":"admin","msg":"admin endpoint started","address":"localhost:2019","enforce_origin":false,"origins":["//localhost:2019","//[::1]:2019","//127.0.0.1:2019"]}
docker-caddy-1  | 2023-10-14T18:14:15.590755366Z {"level":"info","ts":1697307255.5906768,"logger":"http.auto_https","msg":"server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS","server_name":"srv0","https_port":443}
docker-caddy-1  | 2023-10-14T18:14:15.590776565Z {"level":"info","ts":1697307255.5906992,"logger":"http.auto_https","msg":"enabling automatic HTTP->HTTPS redirects","server_name":"srv0"}
docker-caddy-1  | 2023-10-14T18:14:15.590935490Z {"level":"info","ts":1697307255.5908606,"logger":"tls.cache.maintenance","msg":"started background certificate maintenance","cache":"0xc000495b80"}
docker-caddy-1  | 2023-10-14T18:14:15.591152858Z {"level":"info","ts":1697307255.5910718,"logger":"tls","msg":"cleaning storage unit","description":"FileStorage:/data/caddy"}
docker-caddy-1  | 2023-10-14T18:14:15.591219782Z {"level":"info","ts":1697307255.5911317,"logger":"http","msg":"enabling HTTP/3 listener","addr":":443"}
docker-caddy-1  | 2023-10-14T18:14:15.591304614Z {"level":"info","ts":1697307255.5912342,"msg":"failed to sufficiently increase receive buffer size (was: 208 kiB, wanted: 2048 kiB, got: 416 kiB). See https://github.com/quic-go/quic-go/wiki/UDP-Buffer-Sizes for details."}
docker-caddy-1  | 2023-10-14T18:14:15.591549161Z {"level":"info","ts":1697307255.591481,"logger":"http.log","msg":"server running","name":"srv0","protocols":["h1","h2","h3"]}
docker-caddy-1  | 2023-10-14T18:14:15.591680681Z {"level":"info","ts":1697307255.5916266,"logger":"http.log","msg":"server running","name":"remaining_auto_https_redirects","protocols":["h1","h2","h3"]}
docker-caddy-1  | 2023-10-14T18:14:15.591720369Z {"level":"info","ts":1697307255.5916722,"logger":"http","msg":"enabling automatic TLS certificate management","domains":["foundry.theivoryguard.com","theivoryguard.com"]}
docker-caddy-1  | 2023-10-14T18:14:15.594679030Z {"level":"info","ts":1697307255.594576,"msg":"[INFO] Certificate certificates/local/192.168.0.167/192.168.0.167.crt expired 349h49m37.594564814s ago; cleaning up"}
docker-caddy-1  | 2023-10-14T18:14:15.594709158Z {"level":"info","ts":1697307255.594595,"msg":"[INFO] Deleting certificates/local/192.168.0.167/192.168.0.167.crt because resource expired"}
docker-caddy-1  | 2023-10-14T18:14:15.594747254Z {"level":"info","ts":1697307255.5946813,"msg":"[INFO] Deleting certificates/local/192.168.0.167/192.168.0.167.key because resource expired"}
docker-caddy-1  | 2023-10-14T18:14:15.594815192Z {"level":"info","ts":1697307255.594742,"msg":"[INFO] Deleting certificates/local/192.168.0.167/192.168.0.167.json because resource expired"}
docker-caddy-1  | 2023-10-14T18:14:15.594868551Z {"level":"info","ts":1697307255.5948286,"msg":"[INFO] Deleting certificates/local/192.168.0.167 because key is empty"}
docker-caddy-1  | 2023-10-14T18:14:15.594941195Z {"level":"info","ts":1697307255.5948865,"logger":"tls","msg":"finished cleaning storage units"}
docker-caddy-1  | 2023-10-14T18:14:15.799904623Z {"level":"info","ts":1697307255.7997699,"msg":"autosaved config (load with --resume flag)","file":"/config/caddy/autosave.json"}
docker-caddy-1  | 2023-10-14T18:14:15.799951018Z {"level":"info","ts":1697307255.7998075,"msg":"serving initial configuration"}

nmap logs:

PORT     STATE  SERVICE VERSION
22/tcp   open   ssh     OpenSSH 8.9p1 Ubuntu 3ubuntu0.4 (Ubuntu Linux; protocol 2.0)
| ssh-hostkey: 
|   256 a8:f5:5d:12:0d:0b:d0:99:21:97:e6:e2:2d:88:xx:xx (ECDSA)
|_  256 42:7a:83:49:9b:2f:ac:a3:3f:50:63:ce:e2:94:xx:xx (ED25519)
80/tcp   open   http    Caddy httpd
|_http-title: Site doesn't have a title.
|_http-server-header: Caddy
| http-methods: 
|_  Supported Methods: GET HEAD POST OPTIONS
443/tcp  closed https
8080/tcp open   http    micro_httpd
| http-methods: 
|_  Supported Methods: GET POST
|_http-favicon: Unknown favicon MD5: 0427716A42F7D389D9B0E17ACED9B580
|_http-title: Login - Residential Gateway

francislavoie · October 14, 2023, 6:34pm

What do you see when you run docker ps? It should show the port is bound to the host.

Are you sure you don’t have some firewall rules enabled? Check if ufw is blocking access to port 443.

Are you sure your ISP doesn’t use CGNAT, and that you have a non-shared IP address? Did you set up DNS to point to that IP?

Kigali · October 14, 2023, 7:01pm

Docker ps

docker ps output:

CONTAINER ID   IMAGE                       COMMAND                  CREATED          STATUS                    PORTS                                                                                                                       NAMES
3ccc0de7ec61   felddy/foundryvtt:release   "./entrypoint.sh res…"   27 minutes ago   Up 27 minutes (healthy)   0.0.0.0:30000->30000/tcp, :::30000->30000/tcp                                                                               docker-foundry-1
3f96da1f3818   caddy:latest                "caddy run --config …"   27 minutes ago   Up 27 minutes             0.0.0.0:80->80/tcp, :::80->80/tcp, 0.0.0.0:443->443/tcp, :::443->443/tcp, 0.0.0.0:443->443/udp, :::443->443/udp, 2019/tcp   docker-caddy-1

UFW

UFW was not set to allow access to 443 or 80, but they are now configured to do so. It has not fixed the problem.

sudo ufw status numbered
Status: active

     To                         Action      From
     --                         ------      ----
[ 1] 22/tcp                     ALLOW IN    Anywhere
[ 2] 443                        ALLOW IN    Anywhere
[ 3] 80                         ALLOW IN    Anywhere
[ 4] 22/tcp (v6)                ALLOW IN    Anywhere (v6)
[ 5] 443 (v6)                   ALLOW IN    Anywhere (v6)
[ 6] 80 (v6)                    ALLOW IN    Anywhere (v6)

CGNAT

The IP was set to static when I setup port forwarding. Although I can’t find info online for the particular ISP of this network, when I run a traceroute it only displays 1 hop which I’m told indicates it is not a CGNAT. DNS is pointed at the new/correct IP address.

francislavoie · October 14, 2023, 7:05pm

Well,

What do you see when you make requests with curl -v https://<your-domain> and such? Try from inside and outside your network (e.g. cell network if possible).

Ultimately this sounds like networking issue outside of Caddy, and I’m not sure I can do much else to help debug that.

Kigali · October 14, 2023, 7:17pm

I appreciate all your help so far. Honestly I’m no upset cause at least everything caddy related is double checked to be set correctly. Now I can move on to checking other programs for errors.

curl

Same results from inside & outside the network.
curl -v https://theivoryguard.com output:

*   Trying 216.55.251.127:443...
* connect to 216.55.251.127 port 443 failed: Connection refused
* Failed to connect to theivoryguard.com port 443 after 14 ms: Connection refused
* Closing connection 0
curl: (7) Failed to connect to theivoryguard.com port 443 after 14 ms: Connection refused

francislavoie · October 14, 2023, 7:32pm

If you edit your Caddyfile to have a localhost site, try from the same machine (outside Docker) to do curl -vk https://localhost. Does that work? If so then you know it’s not a problem with Docker or with Caddy itself, and it must be something outside of that.

Kigali · October 14, 2023, 7:46pm

localhost

New Caddyfile:

localhost {
        reverse_proxy foundry:30000
}

# Refer to the Caddy docs for more information:
# https://caddyserver.com/docs/caddyfile

curl -vk https://localhost output:

*   Trying 127.0.0.1:443...
* Connected to localhost (127.0.0.1) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* TLSv1.0 (OUT), TLS header, Certificate Status (22):
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS header, Certificate Status (22):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS header, Finished (20):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.2 (OUT), TLS header, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_128_GCM_SHA256
* ALPN, server accepted to use h2
* Server certificate:
*  subject: [NONE]
*  start date: Oct 14 19:39:28 2023 GMT
*  expire date: Oct 15 07:39:28 2023 GMT
*  issuer: CN=Caddy Local Authority - ECC Intermediate
*  SSL certificate verify result: unable to get local issuer certificate (20), continuing anyway.
* Using HTTP2, server supports multiplexing
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
* Using Stream ID: 1 (easy handle 0x556e14f71e90)
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
> GET / HTTP/2
> Host: localhost
> user-agent: curl/7.81.0
> accept: */*
>
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* Connection state changed (MAX_CONCURRENT_STREAMS == 250)!
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
< HTTP/2 302
< alt-svc: h3=":443"; ma=2592000
< content-type: text/plain; charset=utf-8
< date: Sat, 14 Oct 2023 19:45:10 GMT
< location: /license
< server: Caddy
< vary: Accept
< x-powered-by: Express
< content-length: 30
<
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* Connection #0 to host localhost left intact
Found. Redirecting to /license

francislavoie · October 14, 2023, 7:59pm

Right, so that confirms that Docker & Caddy are working just fine

system · November 13, 2023, 7:59pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.