Caddy not generating one specific certificate on one server

1. Caddy version (caddy version):

v2.4.3 h1:Y1FaV2N4WO3rBqxSYA8UZsZTQdN+PwcoOcAiZTM8C0I=

2. How I run Caddy:

caddy run --config /etc/caddy/caddy.json

a. System environment:


b. Command:

Paste command here.

c. Service/unit/compose file:

Paste full file contents here.
Make sure backticks stay on their own lines,
and the post looks nice in the preview pane.

d. My complete Caddyfile or JSON config:

  "apps": {
    "tls": {
      "automation": {
        "policies": [
            "subjects": [
                    "", "*", "*"


                    "", "*", "*"
            "issuers": [
                "module": "acme",
                "challenges": {
                  "dns": {
                    "provider": {
                      "name": "route53",
                      "max_retries": 100

3. The problem I’m having:

Caddy is not generating certificate.

This is the certificates directory /data/caddy/certificates/

Is there a way to force caddy to do a full recheck on the certificates?

Obviously I know that would be covered by * certificate but I need to hardcode the certificate path in nginx since I’m using caddy only to manage certificates and those domains are based on environment variables so I don’t want to rely on using the existing wildcard certificate and want a separate one.

4. Error messages and/or full log output:

caddy              | {"level":"info","ts":1629547292.7039404,"msg":"using provided configuration","config_file":"/etc/caddy/caddy.json","config_adapter":""}
caddy              | {"level":"info","ts":1629547292.7050283,"logger":"admin","msg":"admin endpoint started","address":"tcp/localhost:2019","enforce_origin":false,"origins":["localhost:2019","[::1]:2019",""]}
caddy              | {"level":"info","ts":1629547292.705257,"logger":"tls.cache.maintenance","msg":"started background certificate maintenance","cache":"0xc00043bdc0"}
caddy              | {"level":"info","ts":1629547292.7054155,"logger":"tls","msg":"cleaning storage unit","description":"FileStorage:/data/caddy"}
caddy              | {"level":"info","ts":1629547292.7055345,"msg":"autosaved config (load with --resume flag)","file":"/config/caddy/autosave.json"}
caddy              | {"level":"info","ts":1629547292.7055426,"msg":"serving initial configuration"}
caddy              | {"level":"info","ts":1629547292.70762,"logger":"tls","msg":"finished cleaning storage units"}

5. What I already tried:

Restarting caddy didn’t help.

6. Links to relevant resources:

Hmm, I think you might actually need a config more like this:

1 Like

Worked like a charm :100: Thank you @matt !

I had the config setup this way because I just removed the http part from the regular config that I got by formatting Caddyfile to json format. I actually saw your article couple of weeks ago and I just wrongly assumed this was the way to do it and didn’t check thoroughly enough. The reason why I thought it’s just one certificate is that I had all the others already in place from running with http config. Anyway, thanks again.

1 Like

Awesome, glad to hear it! Thanks for describing your experience.

This topic was automatically closed after 30 days. New replies are no longer allowed.