Caddy ignoring provided certificates

1. Caddy version (caddy version):

Docker version caddy:2.2.1.

2. How I run Caddy: Docker compose

a. System environment:

Ubuntu 18.04

b. Command:

docker-compose up -d

c. Service/unit/compose file:

version: "3"


    image: caddy:2.2.1
      - 80:80
      - 443:443 
      - ./config/Caddyfile:/etc/caddy/Caddyfile
      - ./config/certs/fullchain.pem:/etc/caddy/fullchain.pem
      - ./config/certs/privkey.pem:/etc/caddy/privkey.pem

d. My complete Caddyfile or JSON config:

  tls /etc/caddy/fullchain.pem /etc/caddy/privkey.pem

3. The problem I’m having:

Caddy is ignoring the provided tls certificates.

4. Error messages and/or full log output:

{"level":"error","ts":1607471467.259014,"logger":"tls.obtain","msg":"will retry","error":"[] Obtain: [] solving challenges: no solvers available for remaining challenges (configured=[http-01 tls-alpn-01] offered=[http-01 dns-01 tls-alpn-01] remaining=[dns-01]) (order= (ca=","attempt":4,"retrying_in":300,"elapsed":495.320316194,"max_duration":2592000}

Why is Caddy ignoring my certificates and trying Let’s Encrypt!?

5. What I already tried:

6. Links to relevant resources:

I’ve had the same problem

What is the PEM content of the certificate, and what is the value of $DOMAIN?

The PEM is a wildcard certificate for * and $DOMAIN has the value

Well, that’s probably why. You’re telling Caddy to serve but only gave it a certificate for *, so it has to obtain one for

If you configure or * instead, Caddy (shouldn’t, I think) get a certificate in that case.

it would be great to have caddy notify us of that in the logs before to get a new domain

Well… I mean, that’s exactly what it does. What are you thinking, Hit [Enter] to obtain certificate:? Caddy is a web server and cannot run interactively.

I think this was happening because the certificate was expired. Using a new valid certificate resolved the problem.

1 Like

That’s why I asked for the PEM content of the certificate, to check things like this. Caddy will always try to avoid serving expired certificates. Glad you solved the problem. Next time please follow the instructions on our help template; it’s one our forum rules so we can help you.

This topic was automatically closed after 30 days. New replies are no longer allowed.