1. The problem I’m having:
I had my caddy running for almost 3 years.
Some weeks ago I added additional subdomains.
I only use that caddy to get cert renewal and then I push them into haproxy and reload it.
The problem is that the certs are not renewed anymore.
It looks like letsencrypt is generating the dns entry that caddy should use to use the digitalocean dns plugin to set the TXT entry with the API key.
The TXT entry is never set…
2. Error messages and/or full log output:
Summary
{"level":"info","ts":1779773457.8174965,"logger":"tls.cache.maintenance","msg":"certificate expires soon; queuing for renewal","identifiers":["mqtt.evva.link"],"remaining":1178672.182505945}
{"level":"info","ts":1779773457.8175497,"logger":"tls.cache.maintenance","msg":"certificate expires soon; queuing for renewal","identifiers":["sfwauth.evva.link"],"remaining":2048672.182450478}
{"level":"info","ts":1779773457.8175552,"logger":"tls.cache.maintenance","msg":"certificate expires soon; queuing for renewal","identifiers":["test.mqtt.evva.link"],"remaining":1117472.182445001}
{"level":"info","ts":1779773457.8175764,"logger":"tls.cache.maintenance","msg":"certificate expires soon; queuing for renewal","identifiers":["ops.mqtt.evva.link"],"remaining":1121072.182423845}
{"level":"info","ts":1779773457.817581,"logger":"tls.cache.maintenance","msg":"certificate expires soon; queuing for renewal","identifiers":["prod.mqtt.evva.link"],"remaining":1117472.18241908}
{"level":"info","ts":1779773696.2486317,"logger":"tls.renew","msg":"renewing certificate","identifier":"ops.mqtt.evva.link","remaining":1120833.751370774}
{"level":"info","ts":1779773697.1437333,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"ops.mqtt.evva.link","challenge_type":"dns-01","ca":"https://acme-staging-v02.api.letsencrypt.org/directory"}
{"level":"error","ts":1779773997.344255,"logger":"tls.issuance.acme.acme_client","msg":"cleaning up solver","identifier":"ops.mqtt.evva.link","challenge_type":"dns-01","error":"no memory of presenting a DNS record for \"_acme-challenge.ops.mqtt.evva.link\" (usually OK if presenting also failed)"}
{"level":"error","ts":1779773997.8568244,"logger":"tls.renew","msg":"could not get certificate from issuer","identifier":"ops.mqtt.evva.link","issuer":"acme-v02.api.letsencrypt.org-directory","error":"[ops.mqtt.evva.link] solving challenges: presenting for challenge: could not determine zone for domain \"_acme-challenge.ops.mqtt.evva.link\": could not find the start of authority for _acme-challenge.ops.mqtt.evva.link.: dial tcp 172.64.49.209:53: i/o timeout (order=https://acme-staging-v02.api.letsencrypt.org/acme/order/126281094/39206631323) (ca=https://acme-staging-v02.api.letsencrypt.org/directory)"}
{"level":"error","ts":1779773997.8568776,"logger":"tls.renew","msg":"will retry","error":"[ops.mqtt.evva.link] Renew: [ops.mqtt.evva.link] solving challenges: presenting for challenge: could not determine zone for domain \"_acme-challenge.ops.mqtt.evva.link\": could not find the start of authority for _acme-challenge.ops.mqtt.evva.link.: dial tcp 172.64.49.209:53: i/o timeout (order=https://acme-staging-v02.api.letsencrypt.org/acme/order/126281094/39206631323) (ca=https://acme-staging-v02.api.letsencrypt.org/directory)","attempt":78,"retrying_in":21600,"elapsed":1471140.038508184,"max_duration":2592000}
{"level":"info","ts":1779774057.817129,"logger":"tls.cache.maintenance","msg":"certificate expires soon; queuing for renewal","identifiers":["sfwauth.evva.link"],"remaining":2048072.182876185}
{"level":"info","ts":1779774057.817165,"logger":"tls.cache.maintenance","msg":"certificate expires soon; queuing for renewal","identifiers":["test.mqtt.evva.link"],"remaining":1116872.182835304}
{"level":"info","ts":1779774057.81717,"logger":"tls.cache.maintenance","msg":"certificate expires soon; queuing for renewal","identifiers":["ops.mqtt.evva.link"],"remaining":1120472.182830447}
{"level":"info","ts":1779774057.8171742,"logger":"tls.cache.maintenance","msg":"certificate expires soon; queuing for renewal","identifiers":["prod.mqtt.evva.link"],"remaining":1116872.182825806}
{"level":"info","ts":1779774057.8171787,"logger":"tls.cache.maintenance","msg":"certificate expires soon; queuing for renewal","identifiers":["mqtt.evva.link"],"remaining":1178072.182821617}
{"level":"info","ts":1779774657.8171523,"logger":"tls.cache.maintenance","msg":"certificate expires soon; queuing for renewal","identifiers":["mqtt.evva.link"],"remaining":1177472.182851333}
{"level":"info","ts":1779774657.8172011,"logger":"tls.cache.maintenance","msg":"certificate expires soon; queuing for renewal","identifiers":["sfwauth.evva.link"],"remaining":2047472.182799195}
{"level":"info","ts":1779774657.8172083,"logger":"tls.cache.maintenance","msg":"certificate expires soon; queuing for renewal","identifiers":["test.mqtt.evva.link"],"remaining":1116272.182792178}
{"level":"info","ts":1779774657.817214,"logger":"tls.cache.maintenance","msg":"certificate expires soon; queuing for renewal","identifiers":["ops.mqtt.evva.link"],"remaining":1119872.182786397}
{"level":"info","ts":1779774657.8172195,"logger":"tls.cache.maintenance","msg":"certificate expires soon; queuing for renewal","identifiers":["prod.mqtt.evva.link"],"remaining":1116272.182780795}
{"level":"info","ts":1779775257.8165038,"logger":"tls.cache.maintenance","msg":"certificate expires soon; queuing for renewal","identifiers":["test.mqtt.evva.link"],"remaining":1115672.183498447}
{"level":"info","ts":1779775257.8165526,"logger":"tls.cache.maintenance","msg":"certificate expires soon; queuing for renewal","identifiers":["ops.mqtt.evva.link"],"remaining":1119272.18344761}
{"level":"info","ts":1779775257.8165603,"logger":"tls.cache.maintenance","msg":"certificate expires soon; queuing for renewal","identifiers":["prod.mqtt.evva.link"],"remaining":1115672.183439843}
{"level":"info","ts":1779775257.8165646,"logger":"tls.cache.maintenance","msg":"certificate expires soon; queuing for renewal","identifiers":["mqtt.evva.link"],"remaining":1176872.183435654}
{"level":"info","ts":1779775257.8165689,"logger":"tls.cache.maintenance","msg":"certificate expires soon; queuing for renewal","identifiers":["sfwauth.evva.link"],"remaining":2046872.183431446}
{"level":"info","ts":1779775857.8173041,"logger":"tls.cache.maintenance","msg":"certificate expires soon; queuing for renewal","identifiers":["test.mqtt.evva.link"],"remaining":1115072.182698623}
{"level":"info","ts":1779775857.8173454,"logger":"tls.cache.maintenance","msg":"certificate expires soon; queuing for renewal","identifiers":["ops.mqtt.evva.link"],"remaining":1118672.182655026}
{"level":"info","ts":1779775857.81735,"logger":"tls.cache.maintenance","msg":"certificate expires soon; queuing for renewal","identifiers":["prod.mqtt.evva.link"],"remaining":1115072.182650361}
{"level":"info","ts":1779775857.8173542,"logger":"tls.cache.maintenance","msg":"certificate expires soon; queuing for renewal","identifiers":["mqtt.evva.link"],"remaining":1176272.182646036}
{"level":"info","ts":1779775857.8173592,"logger":"tls.cache.maintenance","msg":"certificate expires soon; queuing for renewal","identifiers":["sfwauth.evva.link"],"remaining":2046272.182640982}
{"level":"info","ts":1779776457.8170087,"logger":"tls.cache.maintenance","msg":"certificate expires soon; queuing for renewal","identifiers":["ops.mqtt.evva.link"],"remaining":1118072.182994062}
{"level":"info","ts":1779776457.8170526,"logger":"tls.cache.maintenance","msg":"certificate expires soon; queuing for renewal","identifiers":["prod.mqtt.evva.link"],"remaining":1114472.182947503}
{"level":"info","ts":1779776457.8170576,"logger":"tls.cache.maintenance","msg":"certificate expires soon; queuing for renewal","identifiers":["mqtt.evva.link"],"remaining":1175672.18294266}
{"level":"info","ts":1779776457.8170624,"logger":"tls.cache.maintenance","msg":"certificate expires soon; queuing for renewal","identifiers":["sfwauth.evva.link"],"remaining":2045672.182937752}
{"level":"info","ts":1779776457.8170667,"logger":"tls.cache.maintenance","msg":"certificate expires soon; queuing for renewal","identifiers":["test.mqtt.evva.link"],"remaining":1114472.182933414}
{"level":"info","ts":1779777057.8172612,"logger":"tls.cache.maintenance","msg":"certificate expires soon; queuing for renewal","identifiers":["test.mqtt.evva.link"],"remaining":1113872.182740612}
{"level":"info","ts":1779777057.8172991,"logger":"tls.cache.maintenance","msg":"certificate expires soon; queuing for renewal","identifiers":["ops.mqtt.evva.link"],"remaining":1117472.182701148}
{"level":"info","ts":1779777057.8173037,"logger":"tls.cache.maintenance","msg":"certificate expires soon; queuing for renewal","identifiers":["prod.mqtt.evva.link"],"remaining":1113872.182696704}
{"level":"info","ts":1779777057.8173077,"logger":"tls.cache.maintenance","msg":"certificate expires soon; queuing for renewal","identifiers":["mqtt.evva.link"],"remaining":1175072.182692585}
{"level":"info","ts":1779777057.817314,"logger":"tls.cache.maintenance","msg":"certificate expires soon; queuing for renewal","identifiers":["sfwauth.evva.link"],"remaining":2045072.182686336}
{"level":"info","ts":1779777657.8164191,"logger":"tls.cache.maintenance","msg":"certificate expires soon; queuing for renewal","identifiers":["test.mqtt.evva.link"],"remaining":1113272.183582928}
{"level":"info","ts":1779777657.8164523,"logger":"tls.cache.maintenance","msg":"certificate expires soon; queuing for renewal","identifiers":["ops.mqtt.evva.link"],"remaining":1116872.183547904}
{"level":"info","ts":1779777657.8164566,"logger":"tls.cache.maintenance","msg":"certificate expires soon; queuing for renewal","identifiers":["prod.mqtt.evva.link"],"remaining":1113272.183543711}
{"level":"info","ts":1779777657.8164604,"logger":"tls.cache.maintenance","msg":"certificate expires soon; queuing for renewal","identifiers":["mqtt.evva.link"],"remaining":1174472.183539778}
{"level":"info","ts":1779777657.8164654,"logger":"tls.cache.maintenance","msg":"certificate expires soon; queuing for renewal","identifiers":["sfwauth.evva.link"],"remaining":2044472.183534894}
{"level":"info","ts":1779778257.8172877,"logger":"tls.cache.maintenance","msg":"certificate expires soon; queuing for renewal","identifiers":["test.mqtt.evva.link"],"remaining":1112672.182719185}
{"level":"info","ts":1779778257.8173332,"logger":"tls.cache.maintenance","msg":"certificate expires soon; queuing for renewal","identifiers":["ops.mqtt.evva.link"],"remaining":1116272.182666995}
{"level":"info","ts":1779778257.8173375,"logger":"tls.cache.maintenance","msg":"certificate expires soon; queuing for renewal","identifiers":["prod.mqtt.evva.link"],"remaining":1112672.182662598}
{"level":"info","ts":1779778257.8173418,"logger":"tls.cache.maintenance","msg":"certificate expires soon; queuing for renewal","identifiers":["mqtt.evva.link"],"remaining":1173872.182658583}
{"level":"info","ts":1779778257.8173459,"logger":"tls.cache.maintenance","msg":"certificate expires soon; queuing for renewal","identifiers":["sfwauth.evva.link"],"remaining":2043872.182654334}
{"level":"info","ts":1779778661.5673542,"logger":"tls.renew","msg":"renewing certificate","identifier":"sfwauth.evva.link","remaining":2043468.432650221}
{"level":"info","ts":1779778662.42825,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"sfwauth.evva.link","challenge_type":"dns-01","ca":"https://acme-staging-v02.api.letsencrypt.org/directory"}
{"level":"info","ts":1779778857.817011,"logger":"tls.cache.maintenance","msg":"certificate expires soon; queuing for renewal","identifiers":["test.mqtt.evva.link"],"remaining":1112072.182996907}
{"level":"info","ts":1779778857.8170543,"logger":"tls.cache.maintenance","msg":"certificate expires soon; queuing for renewal","identifiers":["ops.mqtt.evva.link"],"remaining":1115672.182946022}
{"level":"info","ts":1779778857.8170586,"logger":"tls.cache.maintenance","msg":"certificate expires soon; queuing for renewal","identifiers":["prod.mqtt.evva.link"],"remaining":1112072.182941545}
{"level":"info","ts":1779778857.8170626,"logger":"tls.cache.maintenance","msg":"certificate expires soon; queuing for renewal","identifiers":["mqtt.evva.link"],"remaining":1173272.182937479}
{"level":"info","ts":1779778857.817068,"logger":"tls.cache.maintenance","msg":"certificate expires soon; queuing for renewal","identifiers":["sfwauth.evva.link"],"remaining":2043272.182932165}
{"level":"error","ts":1779778902.5191536,"logger":"tls.issuance.acme.acme_client","msg":"cleaning up solver","identifier":"sfwauth.evva.link","challenge_type":"dns-01","error":"no memory of presenting a DNS record for \"_acme-challenge.sfwauth.evva.link\" (usually OK if presenting also failed)"}
{"level":"error","ts":1779778902.67959,"logger":"tls.renew","msg":"could not get certificate from issuer","identifier":"sfwauth.evva.link","issuer":"acme-v02.api.letsencrypt.org-directory","error":"[sfwauth.evva.link] solving challenges: presenting for challenge: could not determine zone for domain \"_acme-challenge.sfwauth.evva.link\": could not find the start of authority for _acme-challenge.sfwauth.evva.link.: dial tcp 172.64.49.209:53: i/o timeout (order=https://acme-staging-v02.api.letsencrypt.org/acme/order/126281094/39212401203) (ca=https://acme-staging-v02.api.letsencrypt.org/directory)"}
{"level":"error","ts":1779778902.6796682,"logger":"tls.renew","msg":"will retry","error":"[sfwauth.evva.link] Renew: [sfwauth.evva.link] solving challenges: presenting for challenge: could not determine zone for domain \"_acme-challenge.sfwauth.evva.link\": could not find the start of authority for _acme-challenge.sfwauth.evva.link.: dial tcp 172.64.49.209:53: i/o timeout (order=https://acme-staging-v02.api.letsencrypt.org/acme/order/126281094/39212401203) (ca=https://acme-staging-v02.api.letsencrypt.org/directory)","attempt":36,"retrying_in":21600,"elapsed":548444.86089397,"max_duration":2592000}
{"level":"info","ts":1779779457.8175457,"logger":"tls.cache.maintenance","msg":"certificate expires soon; queuing for renewal","identifiers":["test.mqtt.evva.link"],"remaining":1111472.182457553}
{"level":"info","ts":1779779457.8175955,"logger":"tls.cache.maintenance","msg":"certificate expires soon; queuing for renewal","identifiers":["ops.mqtt.evva.link"],"remaining":1115072.182405062}
{"level":"info","ts":1779779457.8176012,"logger":"tls.cache.maintenance","msg":"certificate expires soon; queuing for renewal","identifiers":["prod.mqtt.evva.link"],"remaining":1111472.182398973}
{"level":"info","ts":1779779457.8176062,"logger":"tls.cache.maintenance","msg":"certificate expires soon; queuing for renewal","identifiers":["mqtt.evva.link"],"remaining":1172672.182394224}
{"level":"info","ts":1779779457.817612,"logger":"tls.cache.maintenance","msg":"certificate expires soon; queuing for renewal","identifiers":["sfwauth.evva.link"],"remaining":2042672.182388203}
{"level":"info","ts":1779780057.81727,"logger":"tls.cache.maintenance","msg":"certificate expires soon; queuing for renewal","identifiers":["sfwauth.evva.link"],"remaining":2042072.182732159}
{"level":"info","ts":1779780057.8173118,"logger":"tls.cache.maintenance","msg":"certificate expires soon; queuing for renewal","identifiers":["test.mqtt.evva.link"],"remaining":1110872.182688639}
{"level":"info","ts":1779780057.8173175,"logger":"tls.cache.maintenance","msg":"certificate expires soon; queuing for renewal","identifiers":["ops.mqtt.evva.link"],"remaining":1114472.182682914}
{"level":"info","ts":1779780057.8173218,"logger":"tls.cache.maintenance","msg":"certificate expires soon; queuing for renewal","identifiers":["prod.mqtt.evva.link"],"remaining":1110872.182678529}
{"level":"info","ts":1779780057.817326,"logger":"tls.cache.maintenance","msg":"certificate expires soon; queuing for renewal","identifiers":["mqtt.evva.link"],"remaining":1172072.18267397}
{"level":"info","ts":1779780657.8170888,"logger":"tls.cache.maintenance","msg":"certificate expires soon; queuing for renewal","identifiers":["mqtt.evva.link"],"remaining":1171472.18291379}
{"level":"info","ts":1779780657.817131,"logger":"tls.cache.maintenance","msg":"certificate expires soon; queuing for renewal","identifiers":["sfwauth.evva.link"],"remaining":2041472.182869209}
{"level":"info","ts":1779780657.8171372,"logger":"tls.cache.maintenance","msg":"certificate expires soon; queuing for renewal","identifiers":["test.mqtt.evva.link"],"remaining":1110272.182863165}
{"level":"info","ts":1779780657.817142,"logger":"tls.cache.maintenance","msg":"certificate expires soon; queuing for renewal","identifiers":["ops.mqtt.evva.link"],"remaining":1113872.182858267}
{"level":"info","ts":1779780657.817146,"logger":"tls.cache.maintenance","msg":"certificate expires soon; queuing for renewal","identifiers":["prod.mqtt.evva.link"],"remaining":1110272.182854034}
{"level":"info","ts":1779781257.8169134,"logger":"tls.cache.maintenance","msg":"certificate expires soon; queuing for renewal","identifiers":["test.mqtt.evva.link"],"remaining":1109672.183093522}
{"level":"info","ts":1779781257.8169684,"logger":"tls.cache.maintenance","msg":"certificate expires soon; queuing for renewal","identifiers":["ops.mqtt.evva.link"],"remaining":1113272.18303208}
{"level":"info","ts":1779781257.8169732,"logger":"tls.cache.maintenance","msg":"certificate expires soon; queuing for renewal","identifiers":["prod.mqtt.evva.link"],"remaining":1109672.183026853}
{"level":"info","ts":1779781257.8169775,"logger":"tls.cache.maintenance","msg":"certificate expires soon; queuing for renewal","identifiers":["mqtt.evva.link"],"remaining":1170872.183022886}
{"level":"info","ts":1779781257.816982,"logger":"tls.cache.maintenance","msg":"certificate expires soon; queuing for renewal","identifiers":["sfwauth.evva.link"],"remaining":2040872.183018208}
{"level":"info","ts":1779781857.8166358,"logger":"tls.cache.maintenance","msg":"certificate expires soon; queuing for renewal","identifiers":["sfwauth.evva.link"],"remaining":2040272.183366769}
{"level":"info","ts":1779781857.8166971,"logger":"tls.cache.maintenance","msg":"certificate expires soon; queuing for renewal","identifiers":["test.mqtt.evva.link"],"remaining":1109072.183303318}
{"level":"info","ts":1779781857.8167017,"logger":"tls.cache.maintenance","msg":"certificate expires soon; queuing for renewal","identifiers":["ops.mqtt.evva.link"],"remaining":1112672.183298386}
{"level":"info","ts":1779781857.8167055,"logger":"tls.cache.maintenance","msg":"certificate expires soon; queuing for renewal","identifiers":["prod.mqtt.evva.link"],"remaining":1109072.183294644}
{"level":"info","ts":1779781857.8167107,"logger":"tls.cache.maintenance","msg":"certificate expires soon; queuing for renewal","identifiers":["mqtt.evva.link"],"remaining":1170272.183289468}
{"level":"info","ts":1779782457.8164644,"logger":"tls.cache.maintenance","msg":"certificate expires soon; queuing for renewal","identifiers":["sfwauth.evva.link"],"remaining":2039672.183538019}
{"level":"info","ts":1779782457.8165052,"logger":"tls.cache.maintenance","msg":"certificate expires soon; queuing for renewal","identifiers":["test.mqtt.evva.link"],"remaining":1108472.183495177}
{"level":"info","ts":1779782457.8165102,"logger":"tls.cache.maintenance","msg":"certificate expires soon; queuing for renewal","identifiers":["ops.mqtt.evva.link"],"remaining":1112072.183490024}
{"level":"info","ts":1779782457.8165143,"logger":"tls.cache.maintenance","msg":"certificate expires soon; queuing for renewal","identifiers":["prod.mqtt.evva.link"],"remaining":1108472.183485887}
{"level":"info","ts":1779782457.8165197,"logger":"tls.cache.maintenance","msg":"certificate expires soon; queuing for renewal","identifiers":["mqtt.evva.link"],"remaining":1169672.183480456}
{"level":"info","ts":1779782545.2019644,"logger":"tls.renew","msg":"renewing certificate","identifier":"mqtt.evva.link","remaining":1169584.798038881}
{"level":"info","ts":1779782546.0260978,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"mqtt.evva.link","challenge_type":"dns-01","ca":"https://acme-staging-v02.api.letsencrypt.org/directory"}
{"level":"error","ts":1779782786.1385968,"logger":"tls.issuance.acme.acme_client","msg":"cleaning up solver","identifier":"mqtt.evva.link","challenge_type":"dns-01","error":"no memory of presenting a DNS record for \"_acme-challenge.mqtt.evva.link\" (usually OK if presenting also failed)"}
{"level":"error","ts":1779782786.2962632,"logger":"tls.renew","msg":"could not get certificate from issuer","identifier":"mqtt.evva.link","issuer":"acme-v02.api.letsencrypt.org-directory","error":"[mqtt.evva.link] solving challenges: presenting for challenge: could not determine zone for domain \"_acme-challenge.mqtt.evva.link\": could not find the start of authority for _acme-challenge.mqtt.evva.link.: dial tcp 172.64.49.209:53: i/o timeout (order=https://acme-staging-v02.api.letsencrypt.org/acme/order/126281094/39217050543) (ca=https://acme-staging-v02.api.letsencrypt.org/directory)"}
{"level":"error","ts":1779782786.296325,"logger":"tls.renew","msg":"will retry","error":"[mqtt.evva.link] Renew: [mqtt.evva.link] solving challenges: presenting for challenge: could not determine zone for domain \"_acme-challenge.mqtt.evva.link\": could not find the start of authority for _acme-challenge.mqtt.evva.link.: dial tcp 172.64.49.209:53: i/o timeout (order=https://acme-staging-v02.api.letsencrypt.org/acme/order/126281094/39217050543) (ca=https://acme-staging-v02.api.letsencrypt.org/directory)","attempt":76,"retrying_in":21600,"elapsed":1422328.478673833,"max_duration":2592000}
{"level":"info","ts":1779783057.8171277,"logger":"tls.cache.maintenance","msg":"certificate expires soon; queuing for renewal","identifiers":["mqtt.evva.link"],"remaining":1169072.182874507}
{"level":"info","ts":1779783057.8177326,"logger":"tls.cache.maintenance","msg":"certificate expires soon; queuing for renewal","identifiers":["sfwauth.evva.link"],"remaining":2039072.18226825}
{"level":"info","ts":1779783057.8177972,"logger":"tls.cache.maintenance","msg":"certificate expires soon; queuing for renewal","identifiers":["test.mqtt.evva.link"],"remaining":1107872.182203071}
{"level":"info","ts":1779783057.8178353,"logger":"tls.cache.maintenance","msg":"certificate expires soon; queuing for renewal","identifiers":["ops.mqtt.evva.link"],"remaining":1111472.182165089}
{"level":"info","ts":1779783057.8178713,"logger":"tls.cache.maintenance","msg":"certificate expires soon; queuing for renewal","identifiers":["prod.mqtt.evva.link"],"remaining":1107872.18212912}
{"level":"info","ts":1779783657.8164961,"logger":"tls.cache.maintenance","msg":"certificate expires soon; queuing for renewal","identifiers":["prod.mqtt.evva.link"],"remaining":1107272.183506266}
{"level":"info","ts":1779783657.8165398,"logger":"tls.cache.maintenance","msg":"certificate expires soon; queuing for renewal","identifiers":["mqtt.evva.link"],"remaining":1168472.183460628}
{"level":"info","ts":1779783657.8165448,"logger":"tls.cache.maintenance","msg":"certificate expires soon; queuing for renewal","identifiers":["sfwauth.evva.link"],"remaining":2038472.1834553}
{"level":"info","ts":1779783657.8165495,"logger":"tls.cache.maintenance","msg":"certificate expires soon; queuing for renewal","identifiers":["test.mqtt.evva.link"],"remaining":1107272.183450553}
{"level":"info","ts":1779783657.816554,"logger":"tls.cache.maintenance","msg":"certificate expires soon; queuing for renewal","identifiers":["ops.mqtt.evva.link"],"remaining":1110872.183446106}
3. Caddy version:
v2.11.3 h1:/vFbdjcs2DtzcWTIxHybf5R5TspYFFThlZffChyBFHg=
4. How I installed and ran Caddy:
installed on ubuntu 24.04
with
dns.providers.digitalocean
a. System environment:
Ubuntu 24.04 amd64
systemd
b. Command:
sudo systemctl start caddy
c. Service/unit/compose file:
[Unit]
Description=Caddy
Documentation=https://caddyserver.com/docs/
After=network.target network-online.target
Requires=network-online.target
[Service]
Type=notify
User=sfwadmin
Group=sfwadmin
ExecStart=/usr/bin/caddy run --environ --config /etc/caddy/Caddyfile
ExecReload=/usr/bin/caddy reload --config /etc/caddy/Caddyfile --force
TimeoutStopSec=5s
LimitNOFILE=1048576
LimitNPROC=512
PrivateDevices=yes
PrivateTmp=true
ProtectSystem=full
AmbientCapabilities=CAP_NET_BIND_SERVICE
[Install]
WantedBy=multi-user.target
d. My complete Caddy config:
{
email admin@evva.link
# Change this to prod only after testing to not get banned from live acme @letsencrypt
# acme_ca https://acme-staging-v02.api.letsencrypt.org/directory
debug
http_port 3000
}
(letls) {
tls {
issuer acme {
disable_http_challenge
disable_tlsalpn_challenge
propagation_delay 30s
resolvers ns1.digitalocean.com ns2.digitalocean.com ns3.digitalocean.com
dns digitalocean REDACTED
}
}
}
https://mqtt.evva.link:4444 {
import letls
bind 127.0.0.1
}
https://prod.mqtt.evva.link:4443 {
import letls
bind 127.0.0.1
}
https://ops.mqtt.evva.link:4442 {
import letls
bind 127.0.0.1
}
https://test.mqtt.evva.link:4441 {
import letls
bind 127.0.0.1
}
https://sfwauth.evva.link:4445 {
import letls
bind 127.0.0.1
}
#https://grafana.evva.link:4446 {
# import letls
# bind 127.0.0.1
#}
#https://prometheus.evva.link:4447 {
# import letls
# bind 127.0.0.1
#}
#https://alertmanager.evva.link:4448 {
# import letls
# bind 127.0.0.1
#}
5. Links to relevant resources:
I checked if the api key expired but I am using the same with the doctl and that is working.
I set a test-txt entry to test if my key is working.
Edit1: I checked and it looks like the dns (53) requests are timeing out. I will check the firewall and report back.