Caddy not able to obtain TLS certificate for DuckDNS domain

Tord_Johannessen_Knu · April 10, 2024, 7:26pm

1. The problem I’m having:

Caddy not able to obtain TSL Sertificate for Duck DNS domain
Can resolve and access the ipv4 and domain name from local and external device without Caddy running. Disabled firewall. Opened up ports, 443, 2019, 80, 8096 and pointed at ipv4.

2. Error messages and/or full log output:

Last login: Wed Apr 10 20:08:09 on ttys000
TJKs-Mac-mini:~ tjkserver$ sudo caddy run --config /Users/tjkserver/Documents/Caddyfile/Caddyfile
Password:
2024/04/10 18:58:18.673	INFO	using provided configuration	{"config_file": "/Users/tjkserver/Documents/Caddyfile/Caddyfile", "config_adapter": ""}
2024/04/10 18:58:18.675	WARN	Caddyfile input is not formatted; run 'caddy fmt --overwrite' to fix inconsistencies	{"adapter": "caddyfile", "file": "/Users/tjkserver/Documents/Caddyfile/Caddyfile", "line": 2}
2024/04/10 18:58:18.678	INFO	admin	admin endpoint started	{"address": "localhost:2019", "enforce_origin": false, "origins": ["//localhost:2019", "//[::1]:2019", "//127.0.0.1:2019"]}
2024/04/10 18:58:18.678	INFO	tls.cache.maintenance	started background certificate maintenance	{"cache": "0xc00009fe80"}
2024/04/10 18:58:18.678	INFO	http.auto_https	server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS	{"server_name": "srv0", "https_port": 443}
2024/04/10 18:58:18.678	INFO	http.auto_https	enabling automatic HTTP->HTTPS redirects	{"server_name": "srv0"}
2024/04/10 18:58:18.678	DEBUG	http.auto_https	adjusted config	{"tls": {"automation":{"policies":[{}]}}, "http": {"servers":{"remaining_auto_https_redirects":{"listen":[":80"],"routes":[{},{}]},"srv0":{"listen":[":443"],"routes":[{"handle":[{"handler":"subroute","routes":[{"handle":[{"handler":"reverse_proxy","upstreams":[{"dial":"127.0.0.1:8096"}]}]}]}],"terminal":true}],"tls_connection_policies":[{}],"automatic_https":{}}}}}
2024/04/10 18:58:18.679	INFO	http	enabling HTTP/3 listener	{"addr": ":443"}
2024/04/10 18:58:18.680	DEBUG	http	starting server loop	{"address": "[::]:443", "tls": true, "http3": true}
2024/04/10 18:58:18.680	INFO	http.log	server running	{"name": "srv0", "protocols": ["h1", "h2", "h3"]}
2024/04/10 18:58:18.680	DEBUG	http	starting server loop	{"address": "[::]:80", "tls": false, "http3": false}
2024/04/10 18:58:18.680	INFO	http.log	server running	{"name": "remaining_auto_https_redirects", "protocols": ["h1", "h2", "h3"]}
2024/04/10 18:58:18.680	INFO	http	enabling automatic TLS certificate management	{"domains": ["tjk-server.duckdns.org"]}
2024/04/10 18:58:18.681	INFO	autosaved config (load with --resume flag)	{"file": "/Users/tjkserver/Library/Application Support/Caddy/autosave.json"}
2024/04/10 18:58:18.681	INFO	serving initial configuration
2024/04/10 18:58:18.702	INFO	tls.obtain	acquiring lock	{"identifier": "tjk-server.duckdns.org"}
2024/04/10 18:58:18.725	WARN	tls	storage cleaning happened too recently; skipping for now	{"storage": "FileStorage:/Users/tjkserver/Library/Application Support/Caddy", "instance": "1a01afa9-9591-4600-912c-ef86dc3fcc7d", "try_again": "2024/04/11 18:58:18.725", "try_again_in": 86399.999999014}
2024/04/10 18:58:18.726	INFO	tls	finished cleaning storage units
2024/04/10 18:58:18.805	INFO	tls.obtain	lock acquired	{"identifier": "tjk-server.duckdns.org"}
2024/04/10 18:58:18.805	INFO	tls.obtain	obtaining certificate	{"identifier": "tjk-server.duckdns.org"}
2024/04/10 18:58:18.805	DEBUG	events	event	{"name": "cert_obtaining", "id": "e450f4b9-79c5-423a-9364-d45279f5e2eb", "origin": "tls", "data": {"identifier":"tjk-server.duckdns.org"}}
2024/04/10 18:58:18.806	DEBUG	tls.obtain	trying issuer 1/2	{"issuer": "acme-v02.api.letsencrypt.org-directory"}
2024/04/10 18:58:18.807	INFO	http	waiting on internal rate limiter	{"identifiers": ["tjk-server.duckdns.org"], "ca": "https://acme-v02.api.letsencrypt.org/directory", "account": "caddy@zerossl.com"}
2024/04/10 18:58:18.807	INFO	http	done waiting on internal rate limiter	{"identifiers": ["tjk-server.duckdns.org"], "ca": "https://acme-v02.api.letsencrypt.org/directory", "account": "caddy@zerossl.com"}
2024/04/10 18:58:19.399	DEBUG	http.acme_client	http request	{"method": "GET", "url": "https://acme-v02.api.letsencrypt.org/directory", "headers": {"User-Agent":["Caddy/2.7.6 CertMagic acmez (darwin; amd64)"]}, "response_headers": {"Cache-Control":["public, max-age=0, no-cache"],"Content-Length":["747"],"Content-Type":["application/json"],"Date":["Wed, 10 Apr 2024 18:58:19 GMT"],"Server":["nginx"],"Strict-Transport-Security":["max-age=604800"],"X-Frame-Options":["DENY"]}, "status_code": 200}
2024/04/10 18:58:19.574	DEBUG	http.acme_client	http request	{"method": "HEAD", "url": "https://acme-v02.api.letsencrypt.org/acme/new-nonce", "headers": {"User-Agent":["Caddy/2.7.6 CertMagic acmez (darwin; amd64)"]}, "response_headers": {"Cache-Control":["public, max-age=0, no-cache"],"Date":["Wed, 10 Apr 2024 18:58:19 GMT"],"Link":["<https://acme-v02.api.letsencrypt.org/directory>;rel=\"index\""],"Replay-Nonce":["oJ2fioii62OoT3dPMjB5R2lFUFkkvskrmN-WpDKgizOeivehSfY"],"Server":["nginx"],"Strict-Transport-Security":["max-age=604800"],"X-Frame-Options":["DENY"]}, "status_code": 200}
2024/04/10 18:58:19.781	DEBUG	http.acme_client	http request	{"method": "POST", "url": "https://acme-v02.api.letsencrypt.org/acme/new-order", "headers": {"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.7.6 CertMagic acmez (darwin; amd64)"]}, "response_headers": {"Boulder-Requester":["1664304447"],"Cache-Control":["public, max-age=0, no-cache"],"Content-Length":["348"],"Content-Type":["application/json"],"Date":["Wed, 10 Apr 2024 18:58:19 GMT"],"Link":["<https://acme-v02.api.letsencrypt.org/directory>;rel=\"index\""],"Location":["https://acme-v02.api.letsencrypt.org/acme/order/1664304447/259816184067"],"Replay-Nonce":["0xgp031jrk6xL7eOz834OCLA6NvHpEOyd_dLAZ17RNMckhca0p4"],"Server":["nginx"],"Strict-Transport-Security":["max-age=604800"],"X-Frame-Options":["DENY"]}, "status_code": 201}
2024/04/10 18:58:19.959	DEBUG	http.acme_client	http request	{"method": "POST", "url": "https://acme-v02.api.letsencrypt.org/acme/authz-v3/336914565117", "headers": {"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.7.6 CertMagic acmez (darwin; amd64)"]}, "response_headers": {"Boulder-Requester":["1664304447"],"Cache-Control":["public, max-age=0, no-cache"],"Content-Length":["806"],"Content-Type":["application/json"],"Date":["Wed, 10 Apr 2024 18:58:19 GMT"],"Link":["<https://acme-v02.api.letsencrypt.org/directory>;rel=\"index\""],"Replay-Nonce":["oJ2fioiil_rxR-7ZKuZJQtBRRdsCrBsc2217Gm-JqGvriOoTx2k"],"Server":["nginx"],"Strict-Transport-Security":["max-age=604800"],"X-Frame-Options":["DENY"]}, "status_code": 200}
2024/04/10 18:58:19.959	INFO	http.acme_client	trying to solve challenge	{"identifier": "tjk-server.duckdns.org", "challenge_type": "tls-alpn-01", "ca": "https://acme-v02.api.letsencrypt.org/directory"}
2024/04/10 18:58:19.961	DEBUG	http.acme_client	waiting for solver before continuing	{"identifier": "tjk-server.duckdns.org", "challenge_type": "tls-alpn-01"}
2024/04/10 18:58:19.961	DEBUG	http.acme_client	done waiting for solver{"identifier": "tjk-server.duckdns.org", "challenge_type": "tls-alpn-01"}
2024/04/10 18:58:20.144	DEBUG	http.acme_client	http request	{"method": "POST", "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/336914565117/Kn-KmQ", "headers": {"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.7.6 CertMagic acmez (darwin; amd64)"]}, "response_headers": {"Boulder-Requester":["1664304447"],"Cache-Control":["public, max-age=0, no-cache"],"Content-Length":["191"],"Content-Type":["application/json"],"Date":["Wed, 10 Apr 2024 18:58:20 GMT"],"Link":["<https://acme-v02.api.letsencrypt.org/directory>;rel=\"index\"","<https://acme-v02.api.letsencrypt.org/acme/authz-v3/336914565117>;rel=\"up\""],"Location":["https://acme-v02.api.letsencrypt.org/acme/chall-v3/336914565117/Kn-KmQ"],"Replay-Nonce":["oJ2fioiikQb8xIxfme8pdhjlNL7hGhNIH_5XAIxVrAjiDUlVIwk"],"Server":["nginx"],"Strict-Transport-Security":["max-age=604800"],"X-Frame-Options":["DENY"]}, "status_code": 200}
2024/04/10 18:58:20.144	DEBUG	http.acme_client	challenge accepted	{"identifier": "tjk-server.duckdns.org", "challenge_type": "tls-alpn-01"}
2024/04/10 18:58:20.575	DEBUG	http.acme_client	http request	{"method": "POST", "url": "https://acme-v02.api.letsencrypt.org/acme/authz-v3/336914565117", "headers": {"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.7.6 CertMagic acmez (darwin; amd64)"]}, "response_headers": {"Boulder-Requester":["1664304447"],"Cache-Control":["public, max-age=0, no-cache"],"Content-Length":["806"],"Content-Type":["application/json"],"Date":["Wed, 10 Apr 2024 18:58:20 GMT"],"Link":["<https://acme-v02.api.letsencrypt.org/directory>;rel=\"index\""],"Replay-Nonce":["0xgp031jzqDZV1AnrU9nnAS9-XzgShsOeE4i9NB4-Bch__NjyM4"],"Server":["nginx"],"Strict-Transport-Security":["max-age=604800"],"X-Frame-Options":["DENY"]}, "status_code": 200}
2024/04/10 18:58:21.007	DEBUG	http.acme_client	http request	{"method": "POST", "url": "https://acme-v02.api.letsencrypt.org/acme/authz-v3/336914565117", "headers": {"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.7.6 CertMagic acmez (darwin; amd64)"]}, "response_headers": {"Boulder-Requester":["1664304447"],"Cache-Control":["public, max-age=0, no-cache"],"Content-Length":["806"],"Content-Type":["application/json"],"Date":["Wed, 10 Apr 2024 18:58:20 GMT"],"Link":["<https://acme-v02.api.letsencrypt.org/directory>;rel=\"index\""],"Replay-Nonce":["oJ2fioiiSSY3NeFb_LJUJMNc82EWD4xtVa1UxlccpTygDnltjgY"],"Server":["nginx"],"Strict-Transport-Security":["max-age=604800"],"X-Frame-Options":["DENY"]}, "status_code": 200}
2024/04/10 18:58:21.440	DEBUG	http.acme_client	http request	{"method": "POST", "url": "https://acme-v02.api.letsencrypt.org/acme/authz-v3/336914565117", "headers": {"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.7.6 CertMagic acmez (darwin; amd64)"]}, "response_headers": {"Boulder-Requester":["1664304447"],"Cache-Control":["public, max-age=0, no-cache"],"Content-Length":["806"],"Content-Type":["application/json"],"Date":["Wed, 10 Apr 2024 18:58:21 GMT"],"Link":["<https://acme-v02.api.letsencrypt.org/directory>;rel=\"index\""],"Replay-Nonce":["0xgp031jk5_aX6AbjkG27ysVa_es4w3qKV-7gZWLfcLghZEZJIY"],"Server":["nginx"],"Strict-Transport-Security":["max-age=604800"],"X-Frame-Options":["DENY"]}, "status_code": 200}
2024/04/10 18:58:21.881	DEBUG	http.acme_client	http request	{"method": "POST", "url": "https://acme-v02.api.letsencrypt.org/acme/authz-v3/336914565117", "headers": {"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.7.6 CertMagic acmez (darwin; amd64)"]}, "response_headers": {"Boulder-Requester":["1664304447"],"Cache-Control":["public, max-age=0, no-cache"],"Content-Length":["806"],"Content-Type":["application/json"],"Date":["Wed, 10 Apr 2024 18:58:21 GMT"],"Link":["<https://acme-v02.api.letsencrypt.org/directory>;rel=\"index\""],"Replay-Nonce":["0xgp031jGTHQ59QQOtwlybrWO3Y7Dq5E2--RzvMIDCosMRUMabk"],"Server":["nginx"],"Strict-Transport-Security":["max-age=604800"],"X-Frame-Options":["DENY"]}, "status_code": 200}
2024/04/10 18:58:22.309	DEBUG	http.acme_client	http request	{"method": "POST", "url": "https://acme-v02.api.letsencrypt.org/acme/authz-v3/336914565117", "headers": {"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.7.6 CertMagic acmez (darwin; amd64)"]}, "response_headers": {"Boulder-Requester":["1664304447"],"Cache-Control":["public, max-age=0, no-cache"],"Content-Length":["806"],"Content-Type":["application/json"],"Date":["Wed, 10 Apr 2024 18:58:22 GMT"],"Link":["<https://acme-v02.api.letsencrypt.org/directory>;rel=\"index\""],"Replay-Nonce":["0xgp031jW30Ro8F2LTSh8zcM092YoyDQOLXOVKSyKmfLZJNT8YQ"],"Server":["nginx"],"Strict-Transport-Security":["max-age=604800"],"X-Frame-Options":["DENY"]}, "status_code": 200}
2024/04/10 18:58:22.739	DEBUG	http.acme_client	http request	{"method": "POST", "url": "https://acme-v02.api.letsencrypt.org/acme/authz-v3/336914565117", "headers": {"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.7.6 CertMagic acmez (darwin; amd64)"]}, "response_headers": {"Boulder-Requester":["1664304447"],"Cache-Control":["public, max-age=0, no-cache"],"Content-Length":["806"],"Content-Type":["application/json"],"Date":["Wed, 10 Apr 2024 18:58:22 GMT"],"Link":["<https://acme-v02.api.letsencrypt.org/directory>;rel=\"index\""],"Replay-Nonce":["oJ2fioiiSvl3DsYTgW0p0kFf4Y2zOfYm2TI0SoeZ-xf04wYxCYo"],"Server":["nginx"],"Strict-Transport-Security":["max-age=604800"],"X-Frame-Options":["DENY"]}, "status_code": 200}
2024/04/10 18:58:23.168	DEBUG	http.acme_client	http request	{"method": "POST", "url": "https://acme-v02.api.letsencrypt.org/acme/authz-v3/336914565117", "headers": {"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.7.6 CertMagic acmez (darwin; amd64)"]}, "response_headers": {"Boulder-Requester":["1664304447"],"Cache-Control":["public, max-age=0, no-cache"],"Content-Length":["806"],"Content-Type":["application/json"],"Date":["Wed, 10 Apr 2024 18:58:23 GMT"],"Link":["<https://acme-v02.api.letsencrypt.org/directory>;rel=\"index\""],"Replay-Nonce":["oJ2fioiiBJXmrtBG8KQRnZGtTrEHasgEL_9WugXU0srCIoRCZvo"],"Server":["nginx"],"Strict-Transport-Security":["max-age=604800"],"X-Frame-Options":["DENY"]}, "status_code": 200}
2024/04/10 18:58:23.609	DEBUG	http.acme_client	http request	{"method": "POST", "url": "https://acme-v02.api.letsencrypt.org/acme/authz-v3/336914565117", "headers": {"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.7.6 CertMagic acmez (darwin; amd64)"]}, "response_headers": {"Boulder-Requester":["1664304447"],"Cache-Control":["public, max-age=0, no-cache"],"Content-Length":["806"],"Content-Type":["application/json"],"Date":["Wed, 10 Apr 2024 18:58:23 GMT"],"Link":["<https://acme-v02.api.letsencrypt.org/directory>;rel=\"index\""],"Replay-Nonce":["0xgp031jYklIygCxdXY84k0XewzvVhLqfbDONYEAOJZvjIzjm9k"],"Server":["nginx"],"Strict-Transport-Security":["max-age=604800"],"X-Frame-Options":["DENY"]}, "status_code": 200}
2024/04/10 18:58:24.037	DEBUG	http.acme_client	http request	{"method": "POST", "url": "https://acme-v02.api.letsencrypt.org/acme/authz-v3/336914565117", "headers": {"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.7.6 CertMagic acmez (darwin; amd64)"]}, "response_headers": {"Boulder-Requester":["1664304447"],"Cache-Control":["public, max-age=0, no-cache"],"Content-Length":["806"],"Content-Type":["application/json"],"Date":["Wed, 10 Apr 2024 18:58:23 GMT"],"Link":["<https://acme-v02.api.letsencrypt.org/directory>;rel=\"index\""],"Replay-Nonce":["0xgp031jsRU37_GxrektM71-ybAGsK6WukPh5UJYA2Mv8xANfvU"],"Server":["nginx"],"Strict-Transport-Security":["max-age=604800"],"X-Frame-Options":["DENY"]}, "status_code": 200}
2024/04/10 18:58:24.467	DEBUG	http.acme_client	http request	{"method": "POST", "url": "https://acme-v02.api.letsencrypt.org/acme/authz-v3/336914565117", "headers": {"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.7.6 CertMagic acmez (darwin; amd64)"]}, "response_headers": {"Boulder-Requester":["1664304447"],"Cache-Control":["public, max-age=0, no-cache"],"Content-Length":["806"],"Content-Type":["application/json"],"Date":["Wed, 10 Apr 2024 18:58:24 GMT"],"Link":["<https://acme-v02.api.letsencrypt.org/directory>;rel=\"index\""],"Replay-Nonce":["0xgp031jS6Jm7qNZmd24GB62Vp1q7dd0eYolz62IkMMyd1FS_WE"],"Server":["nginx"],"Strict-Transport-Security":["max-age=604800"],"X-Frame-Options":["DENY"]}, "status_code": 200}
2024/04/10 18:58:24.900	DEBUG	http.acme_client	http request	{"method": "POST", "url": "https://acme-v02.api.letsencrypt.org/acme/authz-v3/336914565117", "headers": {"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.7.6 CertMagic acmez (darwin; amd64)"]}, "response_headers": {"Boulder-Requester":["1664304447"],"Cache-Control":["public, max-age=0, no-cache"],"Content-Length":["806"],"Content-Type":["application/json"],"Date":["Wed, 10 Apr 2024 18:58:24 GMT"],"Link":["<https://acme-v02.api.letsencrypt.org/directory>;rel=\"index\""],"Replay-Nonce":["oJ2fioiidboU21P_BlEL9-rlkXIPHsMemLQExgKbS2RKmdQIO_k"],"Server":["nginx"],"Strict-Transport-Security":["max-age=604800"],"X-Frame-Options":["DENY"]}, "status_code": 200}
2024/04/10 18:58:25.341	DEBUG	http.acme_client	http request	{"method": "POST", "url": "https://acme-v02.api.letsencrypt.org/acme/authz-v3/336914565117", "headers": {"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.7.6 CertMagic acmez (darwin; amd64)"]}, "response_headers": {"Boulder-Requester":["1664304447"],"Cache-Control":["public, max-age=0, no-cache"],"Content-Length":["806"],"Content-Type":["application/json"],"Date":["Wed, 10 Apr 2024 18:58:25 GMT"],"Link":["<https://acme-v02.api.letsencrypt.org/directory>;rel=\"index\""],"Replay-Nonce":["0xgp031jxY3eActSzRCHz4d7JPWA6_kIa_AaGHDgemI-op-HYu8"],"Server":["nginx"],"Strict-Transport-Security":["max-age=604800"],"X-Frame-Options":["DENY"]}, "status_code": 200}
2024/04/10 18:58:25.771	DEBUG	http.acme_client	http request	{"method": "POST", "url": "https://acme-v02.api.letsencrypt.org/acme/authz-v3/336914565117", "headers": {"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.7.6 CertMagic acmez (darwin; amd64)"]}, "response_headers": {"Boulder-Requester":["1664304447"],"Cache-Control":["public, max-age=0, no-cache"],"Content-Length":["806"],"Content-Type":["application/json"],"Date":["Wed, 10 Apr 2024 18:58:25 GMT"],"Link":["<https://acme-v02.api.letsencrypt.org/directory>;rel=\"index\""],"Replay-Nonce":["oJ2fioiiKDKTqp7wMJUxC3-XRDhEX0Gz4iHjbSqMihA2UZ0xi50"],"Server":["nginx"],"Strict-Transport-Security":["max-age=604800"],"X-Frame-Options":["DENY"]}, "status_code": 200}
2024/04/10 18:58:26.201	DEBUG	http.acme_client	http request	{"method": "POST", "url": "https://acme-v02.api.letsencrypt.org/acme/authz-v3/336914565117", "headers": {"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.7.6 CertMagic acmez (darwin; amd64)"]}, "response_headers": {"Boulder-Requester":["1664304447"],"Cache-Control":["public, max-age=0, no-cache"],"Content-Length":["806"],"Content-Type":["application/json"],"Date":["Wed, 10 Apr 2024 18:58:26 GMT"],"Link":["<https://acme-v02.api.letsencrypt.org/directory>;rel=\"index\""],"Replay-Nonce":["oJ2fioiixnVCDx6xHFKxN6dzFHYLNNeN6rRJ4yC2KIb1fT-T2sE"],"Server":["nginx"],"Strict-Transport-Security":["max-age=604800"],"X-Frame-Options":["DENY"]}, "status_code": 200}
2024/04/10 18:58:26.632	DEBUG	http.acme_client	http request	{"method": "POST", "url": "https://acme-v02.api.letsencrypt.org/acme/authz-v3/336914565117", "headers": {"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.7.6 CertMagic acmez (darwin; amd64)"]}, "response_headers": {"Boulder-Requester":["1664304447"],"Cache-Control":["public, max-age=0, no-cache"],"Content-Length":["806"],"Content-Type":["application/json"],"Date":["Wed, 10 Apr 2024 18:58:26 GMT"],"Link":["<https://acme-v02.api.letsencrypt.org/directory>;rel=\"index\""],"Replay-Nonce":["0xgp031jGIizZYlW9Nu5gLipkB_uOjkZFUrY-veukbQHo4WkO5Q"],"Server":["nginx"],"Strict-Transport-Security":["max-age=604800"],"X-Frame-Options":["DENY"]}, "status_code": 200}
2024/04/10 18:58:27.068	DEBUG	http.acme_client	http request	{"method": "POST", "url": "https://acme-v02.api.letsencrypt.org/acme/authz-v3/336914565117", "headers": {"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.7.6 CertMagic acmez (darwin; amd64)"]}, "response_headers": {"Boulder-Requester":["1664304447"],"Cache-Control":["public, max-age=0, no-cache"],"Content-Length":["806"],"Content-Type":["application/json"],"Date":["Wed, 10 Apr 2024 18:58:26 GMT"],"Link":["<https://acme-v02.api.letsencrypt.org/directory>;rel=\"index\""],"Replay-Nonce":["oJ2fioiiheeW1q5kH4whphUY9PkIOyeaQyao5-Ieh40j_xFTf3I"],"Server":["nginx"],"Strict-Transport-Security":["max-age=604800"],"X-Frame-Options":["DENY"]}, "status_code": 200}
2024/04/10 18:58:27.497	DEBUG	http.acme_client	http request	{"method": "POST", "url": "https://acme-v02.api.letsencrypt.org/acme/authz-v3/336914565117", "headers": {"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.7.6 CertMagic acmez (darwin; amd64)"]}, "response_headers": {"Boulder-Requester":["1664304447"],"Cache-Control":["public, max-age=0, no-cache"],"Content-Length":["806"],"Content-Type":["application/json"],"Date":["Wed, 10 Apr 2024 18:58:27 GMT"],"Link":["<https://acme-v02.api.letsencrypt.org/directory>;rel=\"index\""],"Replay-Nonce":["0xgp031j7x40Esg2s3cC33f86-MKR9h1BwVP3G7W-OT1xC9-x2U"],"Server":["nginx"],"Strict-Transport-Security":["max-age=604800"],"X-Frame-Options":["DENY"]}, "status_code": 200}
2024/04/10 18:58:27.956	DEBUG	http.acme_client	http request	{"method": "POST", "url": "https://acme-v02.api.letsencrypt.org/acme/authz-v3/336914565117", "headers": {"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.7.6 CertMagic acmez (darwin; amd64)"]}, "response_headers": {"Boulder-Requester":["1664304447"],"Cache-Control":["public, max-age=0, no-cache"],"Content-Length":["806"],"Content-Type":["application/json"],"Date":["Wed, 10 Apr 2024 18:58:27 GMT"],"Link":["<https://acme-v02.api.letsencrypt.org/directory>;rel=\"index\""],"Replay-Nonce":["oJ2fioiiEZbllOvflgaYHcwm6UL5zaqHlHd14OWXJSLEEXx_s6I"],"Server":["nginx"],"Strict-Transport-Security":["max-age=604800"],"X-Frame-Options":["DENY"]}, "status_code": 200}
2024/04/10 18:58:28.389	DEBUG	http.acme_client	http request	{"method": "POST", "url": "https://acme-v02.api.letsencrypt.org/acme/authz-v3/336914565117", "headers": {"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.7.6 CertMagic acmez (darwin; amd64)"]}, "response_headers": {"Boulder-Requester":["1664304447"],"Cache-Control":["public, max-age=0, no-cache"],"Content-Length":["806"],"Content-Type":["application/json"],"Date":["Wed, 10 Apr 2024 18:58:28 GMT"],"Link":["<https://acme-v02.api.letsencrypt.org/directory>;rel=\"index\""],"Replay-Nonce":["0xgp031jxtXn8VL57_pkA4VQRd1ossFApU35ds00cOtWT5NwWhs"],"Server":["nginx"],"Strict-Transport-Security":["max-age=604800"],"X-Frame-Options":["DENY"]}, "status_code": 200}
2024/04/10 18:58:28.821	DEBUG	http.acme_client	http request	{"method": "POST", "url": "https://acme-v02.api.letsencrypt.org/acme/authz-v3/336914565117", "headers": {"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.7.6 CertMagic acmez (darwin; amd64)"]}, "response_headers": {"Boulder-Requester":["1664304447"],"Cache-Control":["public, max-age=0, no-cache"],"Content-Length":["806"],"Content-Type":["application/json"],"Date":["Wed, 10 Apr 2024 18:58:28 GMT"],"Link":["<https://acme-v02.api.letsencrypt.org/directory>;rel=\"index\""],"Replay-Nonce":["oJ2fioiiisgjH99X2SActqBz6VRII1_gLoS_f7gYjGiMHpIgL-8"],"Server":["nginx"],"Strict-Transport-Security":["max-age=604800"],"X-Frame-Options":["DENY"]}, "status_code": 200}
2024/04/10 18:58:29.250	DEBUG	http.acme_client	http request	{"method": "POST", "url": "https://acme-v02.api.letsencrypt.org/acme/authz-v3/336914565117", "headers": {"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.7.6 CertMagic acmez (darwin; amd64)"]}, "response_headers": {"Boulder-Requester":["1664304447"],"Cache-Control":["public, max-age=0, no-cache"],"Content-Length":["806"],"Content-Type":["application/json"],"Date":["Wed, 10 Apr 2024 18:58:29 GMT"],"Link":["<https://acme-v02.api.letsencrypt.org/directory>;rel=\"index\""],"Replay-Nonce":["0xgp031jNmYhsREnKnto5vpZEYlEF4hReTO9aS-DOxSunMxwHW8"],"Server":["nginx"],"Strict-Transport-Security":["max-age=604800"],"X-Frame-Options":["DENY"]}, "status_code": 200}
2024/04/10 18:58:29.682	DEBUG	http.acme_client	http request	{"method": "POST", "url": "https://acme-v02.api.letsencrypt.org/acme/authz-v3/336914565117", "headers": {"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.7.6 CertMagic acmez (darwin; amd64)"]}, "response_headers": {"Boulder-Requester":["1664304447"],"Cache-Control":["public, max-age=0, no-cache"],"Content-Length":["806"],"Content-Type":["application/json"],"Date":["Wed, 10 Apr 2024 18:58:29 GMT"],"Link":["<https://acme-v02.api.letsencrypt.org/directory>;rel=\"index\""],"Replay-Nonce":["oJ2fioiivIwc7j8Sx-l_j5uH79lpcEwD1-ar7kXLyX9YvJfoK9Q"],"Server":["nginx"],"Strict-Transport-Security":["max-age=604800"],"X-Frame-Options":["DENY"]}, "status_code": 200}
2024/04/10 18:58:30.115	DEBUG	http.acme_client	http request	{"method": "POST", "url": "https://acme-v02.api.letsencrypt.org/acme/authz-v3/336914565117", "headers": {"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.7.6 CertMagic acmez (darwin; amd64)"]}, "response_headers": {"Boulder-Requester":["1664304447"],"Cache-Control":["public, max-age=0, no-cache"],"Content-Length":["806"],"Content-Type":["application/json"],"Date":["Wed, 10 Apr 2024 18:58:30 GMT"],"Link":["<https://acme-v02.api.letsencrypt.org/directory>;rel=\"index\""],"Replay-Nonce":["0xgp031jOxUQTf7i2ZeF301DFpVtbelvQYWwwuTSXiW_win-GY0"],"Server":["nginx"],"Strict-Transport-Security":["max-age=604800"],"X-Frame-Options":["DENY"]}, "status_code": 200}
2024/04/10 18:58:30.547	DEBUG	http.acme_client	http request	{"method": "POST", "url": "https://acme-v02.api.letsencrypt.org/acme/authz-v3/336914565117", "headers": {"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.7.6 CertMagic acmez (darwin; amd64)"]}, "response_headers": {"Boulder-Requester":["1664304447"],"Cache-Control":["public, max-age=0, no-cache"],"Content-Length":["1169"],"Content-Type":["application/json"],"Date":["Wed, 10 Apr 2024 18:58:30 GMT"],"Link":["<https://acme-v02.api.letsencrypt.org/directory>;rel=\"index\""],"Replay-Nonce":["oJ2fioiipaqFIde77Guysggc3o2XJKmPWBMZIyfuE-x2WB4Nmww"],"Server":["nginx"],"Strict-Transport-Security":["max-age=604800"],"X-Frame-Options":["DENY"]}, "status_code": 200}
2024/04/10 18:58:30.547	ERROR	http.acme_client	challenge failed	{"identifier": "tjk-server.duckdns.org", "challenge_type": "tls-alpn-01", "problem": {"type": "urn:ietf:params:acme:error:malformed", "title": "", "detail": "Unable to contact \"tjk-server.duckdns.org\" at \"2001:4343:b514:0:405:248e:ad43:36a3\", no IPv4 addresses to try as fallback", "instance": "", "subproblems": []}}
2024/04/10 18:58:30.547	ERROR	http.acme_client	validating authorizatio{"identifier": "tjk-server.duckdns.org", "problem": {"type": "urn:ietf:params:acme:error:malformed", "title": "", "detail": "Unable to contact \"tjk-server.duckdns.org\" at \"2001:4343:b514:0:405:248e:ad43:36a3\", no IPv4 addresses to try as fallback", "instance": "", "subproblems": []}, "order": "https://acme-v02.api.letsencrypt.org/acme/order/1664304447/259816184067", "attempt": 1, "max_attempts": 3}
2024/04/10 18:58:30.547	ERROR	tls.obtain	could not get certificate from issuer	{"identifier": "tjk-server.duckdns.org", "issuer": "acme-v02.api.letsencrypt.org-directory", "error": "HTTP 400 urn:ietf:params:acme:error:malformed - Unable to contact \"tjk-server.duckdns.org\" at \"2001:4343:b514:0:405:248e:ad43:36a3\", no IPv4 addresses to try as fallback"}
2024/04/10 18:58:30.547	DEBUG	tls.obtain	trying issuer 2/2	{"issuer": "acme.zerossl.com-v2-DV90"}
2024/04/10 18:58:30.548	INFO	http	waiting on internal rate limiter	{"identifiers": ["tjk-server.duckdns.org"], "ca": "https://acme.zerossl.com/v2/DV90", "account": "caddy@zerossl.com"}
2024/04/10 18:58:30.548	INFO	http	done waiting on internal rate limiter	{"identifiers": ["tjk-server.duckdns.org"], "ca": "https://acme.zerossl.com/v2/DV90", "account": "caddy@zerossl.com"}
2024/04/10 18:58:30.903	DEBUG	http.acme_client	http request	{"method": "GET", "url": "https://acme.zerossl.com/v2/DV90", "headers": {"User-Agent":["Caddy/2.7.6 CertMagic acmez (darwin; amd64)"]}, "response_headers": {"Access-Control-Allow-Origin":["*"],"Content-Length":["645"],"Content-Type":["application/json"],"Date":["Wed, 10 Apr 2024 18:58:30 GMT"],"Server":["nginx"],"Strict-Transport-Security":["max-age=15724800; includeSubDomains"]}, "status_code": 200}
2024/04/10 18:58:31.227	DEBUG	http.acme_client	http request	{"method": "HEAD", "url": "https://acme.zerossl.com/v2/DV90/newNonce", "headers": {"User-Agent":["Caddy/2.7.6 CertMagic acmez (darwin; amd64)"]}, "response_headers": {"Access-Control-Allow-Origin":["*"],"Cache-Control":["max-age=0, no-cache, no-store"],"Content-Type":["application/octet-stream"],"Date":["Wed, 10 Apr 2024 18:58:31 GMT"],"Link":["<https://acme.zerossl.com/v2/DV90>;rel=\"index\""],"Replay-Nonce":["Uw2p-E1G98v8wAYnE1IRt6OaDsrq-GJlSlsMoPDFEfg"],"Server":["nginx"],"Strict-Transport-Security":["max-age=15724800; includeSubDomains"]}, "status_code": 200}
2024/04/10 18:58:31.590	DEBUG	http.acme_client	http request	{"method": "POST", "url": "https://acme.zerossl.com/v2/DV90/newOrder", "headers": {"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.7.6 CertMagic acmez (darwin; amd64)"]}, "response_headers": {"Access-Control-Allow-Origin":["*"],"Cache-Control":["max-age=0, no-cache, no-store"],"Content-Length":["284"],"Content-Type":["application/json"],"Date":["Wed, 10 Apr 2024 18:58:31 GMT"],"Location":["https://acme.zerossl.com/v2/DV90/order/G-AGeT51yJpO-NcYPYeHOA"],"Replay-Nonce":["Z90TwWrD5XAQUUGm_an6udbb7HbyK1vGumf1MEHBIuU"],"Server":["nginx"],"Strict-Transport-Security":["max-age=15724800; includeSubDomains"]}, "status_code": 201}
2024/04/10 18:58:31.932	DEBUG	http.acme_client	http request	{"method": "POST", "url": "https://acme.zerossl.com/v2/DV90/authz/IvcPTUycQfK4R9JK3ZAMsg", "headers": {"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.7.6 CertMagic acmez (darwin; amd64)"]}, "response_headers": {"Access-Control-Allow-Origin":["*"],"Cache-Control":["max-age=0, no-cache, no-store"],"Content-Length":["472"],"Content-Type":["application/json"],"Date":["Wed, 10 Apr 2024 18:58:31 GMT"],"Link":["<https://acme.zerossl.com/v2/DV90>;rel=\"index\""],"Replay-Nonce":["wLgls6P550RgCh4I1GyaLCEx0vVDnyVA51bmgrrYWkY"],"Retry-After":["86400"],"Server":["nginx"],"Strict-Transport-Security":["max-age=15724800; includeSubDomains"]}, "status_code": 200}
2024/04/10 18:58:31.933	DEBUG	http.acme_client	no solver configured	{"challenge_type": "dns-01"}
2024/04/10 18:58:31.933	INFO	http.acme_client	trying to solve challenge	{"identifier": "tjk-server.duckdns.org", "challenge_type": "http-01", "ca": "https://acme.zerossl.com/v2/DV90"}

3. Caddy version:

v2.7.6 h1:w0NymbG2m9PcvKWsrXO6EEkY9Ru4FJK8uQbYcev1p3A=

4. How I installed and ran Caddy:

Downloaded from caddyserver.com/download, with extra DUCKDNS feature. Moved the package from Downloads to bin 
sudo mv caddy /usr/local/bin/

a. System environment:

Mac OS High Sierra 10.13.6 (17G14042)

b. Command:

sudo caddy run --config /Users/tjkserver/Documents/Caddyfile/Caddyfile

c. Service/unit/compose file:

d. My complete Caddy config:

{
    debug
}

# Caddyfile for tjk-server.duckdns.org
tjk-server.duckdns.org {
	reverse_proxy 127.0.0.1:8096
}

5. Links to relevant resources:

francislavoie · April 10, 2024, 8:23pm

You didn’t configure Caddy to use the dns challenge though.

Caddy is trying to issue a cert using the ACME HTTP challenge, but the issuers aren’t able to connect to your server with that IP address.

Either configure your router to forward ports 80 and 443 to your server, or configure your Caddyfile with the DNS challenge.

Tord_Johannessen_Knu · April 10, 2024, 8:44pm

Thank you for helping me out!! I have forwarded the port 80 and 443, on the router, but it is still not working. I will read up on DNS Challenge. Any other thoughts about what could be the issue? Caddy worked great on my windows setup, that I no longer use.

Bruce5051 · April 10, 2024, 10:50pm

Hi @Tord_Johannessen_Knu

You have a DNS issue presently, so look towards the DNS Authoritative Name Servers. Edit the A and AAAA Records.

Using the online tool Let’s Debug yields these results https://letsdebug.net/tjk-server.duckdns.org/1865334

ReservedAddress
FATAL
A private, inaccessible, IANA/IETF-reserved IP address was found for tjk-server.duckdns.org. Let's Encrypt will always fail HTTP validation for any domain that is pointing to an address that is not routable on the internet. You should either remove this address and replace it with a public one or use the DNS validation method instead.
192.168.1.178

Here is what I find for DNS IP Addresses

$ nslookup tjk-server.duckdns.org ns1.duckdns.org.
Server:         ns1.duckdns.org.
Address:        99.79.143.35#53

Name:   tjk-server.duckdns.org
Address: 192.168.1.178
Name:   tjk-server.duckdns.org
Address: 2001:4643:b515:0:406:248e:ad53:36a4

You need a public facing Internet Address, but the IPv4 Address 192.168.1.178 is a IPv4 Private Address Space and Filtering - American Registry for Internet Numbers and Private network - Wikipedia for the HTTP-01 challenge of the Challenge Types which you showed you are using.

From the web server itself you can find your public face Internet Address by one or more of the following.

curl -4 ifconfig.me
curl -6 ifconfig.me

and/or

curl -4 ifconfig.co
curl -6 ifconfig.co

and/or

curl -4 ifconfig.io
curl -6 ifconfig.io

Tord_Johannessen_Knu · April 11, 2024, 10:10am

Thanks alot for clearing that up for me! I restarted the network, added the public ipv4 and ipv6 to duckdns.

I also noticed there very several caddy instances running, possibly due to misconfigured services. So I closed all of them and restarted, and now it works!
Thanks alot for all the help! Love caddy!

francislavoie · April 11, 2024, 9:50pm

You probably ran caddy start at some point. Don’t use that, always use the systemd commands to manipulate the Caddy service.

Tord_Johannessen_Knu · April 15, 2024, 9:30am

Ok, thanks for the heads up!