Caddy ignoring provided certificates

averri · December 8, 2020, 11:53pm

1. Caddy version (`caddy version`):

Docker version caddy:2.2.1.

2. How I run Caddy: Docker compose

a. System environment:

Ubuntu 18.04

b. Command:

docker-compose up -d

c. Service/unit/compose file:

version: "3"

services:

  caddy:
    image: caddy:2.2.1
    ports:
      - 80:80
      - 443:443 
    volumes:
      - ./config/Caddyfile:/etc/caddy/Caddyfile
      - ./config/certs/fullchain.pem:/etc/caddy/fullchain.pem
      - ./config/certs/privkey.pem:/etc/caddy/privkey.pem

d. My complete Caddyfile or JSON config:

{$DOMAIN} {
  tls /etc/caddy/fullchain.pem /etc/caddy/privkey.pem
}

3. The problem I’m having:

Caddy is ignoring the provided tls certificates.

4. Error messages and/or full log output:

{"level":"error","ts":1607471467.259014,"logger":"tls.obtain","msg":"will retry","error":"[mydomain.com] Obtain: [mydomain.com] solving challenges: mydomain.com: no solvers available for remaining challenges (configured=[http-01 tls-alpn-01] offered=[http-01 dns-01 tls-alpn-01] remaining=[dns-01]) (order=https://acme-staging-v02.api.letsencrypt.org/acme/order/17007930/198838710) (ca=https://acme-staging-v02.api.letsencrypt.org/directory)","attempt":4,"retrying_in":300,"elapsed":495.320316194,"max_duration":2592000}

Why is Caddy ignoring my certificates and trying Let’s Encrypt!?

5. What I already tried:

6. Links to relevant resources:

InfRandomness · December 8, 2020, 11:56pm

I’ve had the same problem

matt · December 9, 2020, 12:20am

What is the PEM content of the certificate, and what is the value of $DOMAIN?

averri · December 9, 2020, 12:24am

The PEM is a wildcard certificate for *.mydomain.com and $DOMAIN has the value mydomain.com.

matt · December 9, 2020, 12:38am

Well, that’s probably why. You’re telling Caddy to serve mydomain.com but only gave it a certificate for *.mydomain.com, so it has to obtain one for mydomain.com.

If you configure foo.mydomain.com or *.mydomain.com instead, Caddy (shouldn’t, I think) get a certificate in that case.

InfRandomness · December 9, 2020, 1:32am

it would be great to have caddy notify us of that in the logs before to get a new domain

matt · December 9, 2020, 2:29am

Well… I mean, that’s exactly what it does. What are you thinking, Hit [Enter] to obtain certificate:? Caddy is a web server and cannot run interactively.

averri · December 9, 2020, 3:51pm

I think this was happening because the certificate was expired. Using a new valid certificate resolved the problem.

matt · December 9, 2020, 4:34pm

That’s why I asked for the PEM content of the certificate, to check things like this. Caddy will always try to avoid serving expired certificates. Glad you solved the problem. Next time please follow the instructions on our help template; it’s one our forum rules so we can help you.

system · January 7, 2021, 11:53pm

This topic was automatically closed after 30 days. New replies are no longer allowed.