Caddy proxy fails to provide a certificate

I have a Docker container running on localhost:80, and after a question on this forum, I realized I might need a proxy to give anyone the access to this container with HTTPS.

I installed Caddy on my server, created a Caddyfile with the following lines:

https://mydomain.com {
  proxy / localhost:80
}

then ran caddy -conf Caddyfile, but nothing went as expected. I got the following output:

2019/07/03 21:27:34 [INFO] acme: Registering account for jlevarato@pm.me
2019/07/03 21:27:34 [INFO] [mydomain.com] acme: Obtaining bundled SAN certificate
2019/07/03 21:27:35 [INFO] [mydomain.com] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz/lHYfWDjwbm3_cOYeyzKhZRQyyhkZ0pztL08KU8s8L5M
2019/07/03 21:27:35 [INFO] [mydomain.com] acme: use tls-alpn-01 solver
2019/07/03 21:27:35 [INFO] [mydomain.com] acme: Trying to solve TLS-ALPN-01
2019/07/03 21:27:41 [INFO] Unable to deactivated authorizations: https://acme-v02.api.letsencrypt.org/acme/authz/lHYfWDjwbm3_cOYeyzKhZRQyyhkZ0pztL08KU8s8L5M
2019/07/03 21:27:42 [INFO] [mydomain.com] acme: Obtaining bundled SAN certificate
2019/07/03 21:27:42 [INFO] [mydomain.com] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz/j1k95v0--Iil8eZZIpnGCyqZGDT0cGI0iXx-mNfBeYc
2019/07/03 21:27:42 [INFO] [mydomain.com] acme: use tls-alpn-01 solver
2019/07/03 21:27:42 [INFO] [mydomain.com] acme: Trying to solve TLS-ALPN-01
2019/07/03 21:27:51 [INFO] Unable to deactivated authorizations: https://acme-v02.api.letsencrypt.org/acme/authz/j1k95v0--Iil8eZZIpnGCyqZGDT0cGI0iXx-mNfBeYc
2019/07/03 21:27:52 [INFO] [mydomain.com] acme: Obtaining bundled SAN certificate
2019/07/03 21:27:52 [INFO] [mydomain.com] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz/CfaabEOoNz9vorBhAr3xYmW709p47AlCp1ZN3BLj6m4
2019/07/03 21:27:52 [INFO] [mydomain.com] acme: use tls-alpn-01 solver
2019/07/03 21:27:52 [INFO] [mydomain.com] acme: Trying to solve TLS-ALPN-01
2019/07/03 21:27:53 [INFO] Unable to deactivated authorizations: https://acme-v02.api.letsencrypt.org/acme/authz/CfaabEOoNz9vorBhAr3xYmW709p47AlCp1ZN3BLj6m4
2019/07/03 21:27:54 [INFO] [mydomain.com] acme: Obtaining bundled SAN certificate
2019/07/03 21:27:55 [INFO] [mydomain.com] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz/CbNPKTzwiY-oN7IHF2gtC81yVVznaE0x37o63ycpaBw
2019/07/03 21:27:55 [INFO] [mydomain.com] acme: Could not find solver for: tls-alpn-01
2019/07/03 21:27:55 [INFO] [mydomain.com] acme: use http-01 solver
2019/07/03 21:27:55 [INFO] [mydomain.com] acme: Trying to solve HTTP-01
2019/07/03 21:28:00 [INFO] Unable to deactivated authorizations: https://acme-v02.api.letsencrypt.org/acme/authz/CbNPKTzwiY-oN7IHF2gtC81yVVznaE0x37o63ycpaBw
2019/07/03 21:28:01 [INFO] [mydomain.com] acme: Obtaining bundled SAN certificate
2019/07/03 21:28:02 [INFO] [mydomain.com] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz/S7OJRmCiBk9e8t1BINvho_cIaqcplHta__lOXrO8dMU
2019/07/03 21:28:02 [INFO] [mydomain.com] acme: Could not find solver for: tls-alpn-01
2019/07/03 21:28:02 [INFO] [mydomain.com] acme: use http-01 solver
2019/07/03 21:28:02 [INFO] [mydomain.com] acme: Trying to solve HTTP-01
2019/07/03 21:28:08 [INFO] Unable to deactivated authorizations: https://acme-v02.api.letsencrypt.org/acme/authz/S7OJRmCiBk9e8t1BINvho_cIaqcplHta__lOXrO8dMU
2019/07/03 21:28:09 [INFO] [mydomain.com] acme: Obtaining bundled SAN certificate
2019/07/03 21:28:11 failed to obtain certificate: acme: error: 429 :: POST :: https://acme-v02.api.letsencrypt.org/acme/new-order :: urn:ietf:params:acme:error:rateLimited :: Error creating new order :: too many failed authorizations recently: see https://letsencrypt.org/docs/rate-limits/, url:

I don’t know where the problem comes from. When checking out the url given in the logs, I saw that Acme was trying to reach mydomain.com/.well-know/[some stuff] and got a 404 back. Around the last given links, I saw it received a 400 error without telling what was wrong.

Is my configuration wrong ? (I think I should add transparent to the proxy’s config) Or is the problem elsewhere?

Thank you in advance

(bonus question: is the flag -quietenough to run Caddy as a deamon?)

Hi @Drillan767, your configuration looks good to me.

Did you redact any lines from your log?

Which version of Caddy are you using?

Are you using a different web server on port 80?

Hello, I just changed the domain name in my logs and the Caddyfile for a (thin) layer of privacy but excepted this, nothing.

To be honest, I switched on Traefik, and it’s now working, but I still want to know how to make it work with Caddy because of the tons of settings Traefik needs to work correctly.

Do you know which Caddy version you have, and whether there’s another server running on port 80?