1. Output of caddy version
:
latest – docker
2. How I run Caddy:
docker
a. System environment:
ubuntu/docker
b. Command:
Paste command here.
c. Service/unit/compose file:
services:
caddy:
container_name: caddy
image: caddy:latest
restart: unless-stopped
ports:
- "80:80"
- "443:443"
volumes:
- /docker/caddy/Caddyfile:/etc/caddy/Caddyfile
- /docker/caddy/data:/data
- /docker/caddy/srv:/srv
- /docker/caddy/config:/config
networks:
- t2_proxy
networks:
t2_proxy:
external: true
Paste full file contents here.
Make sure backticks stay on their own lines,
and the post looks nice in the preview pane. -->
d. My complete Caddy config:
{
# Global options block. Entirely optional, https is on by default
# Optional email key for lets encrypt
email lookatme33@protonmail.com
# Optional staging lets encrypt for testing. Comment out for production.
# acme_ca https://acme-staging-v02.api.letsencrypt.org/directory
}
naff.casa {
# enable logging
log
# .well-known is delegated from example.co.uk and served here
header /.well-known/matrix/server {
Content-Type application/json
}
respond /.well-known/matrix/server 200 {
body "{ \"m.server\": \"matrix.naff.casa:443\" }"
close
}
# .well-known delegate for client
header /.well-known/matrix/client {
Content-Type application/json
}
respond /.well-known/matrix/client 200 {
body "{\"m.homeserver\": {\"base_url\": \"https://matrix.naff.casa\"}}"
close
}
reverse_proxy /_matrix/* http://192.168.1.37:8008
reverse_proxy /_synapse/client/* http://192.168.1.37:8008
reverse_proxy 192.168.1.37:2368
}
recipes.naff.casa {
reverse_proxy 192.168.1.37:8081
}
share.naff.casa {
reverse_proxy 192.168.1.37:7070
}
logs.naff.casa {
reverse_proxy 192.168.1.37:9999
}
bin.naff.casa {
reverse_proxy 192.168.1.37:6608
}
paste.naff.casa {
reverse_proxy 192.168.1.37:8085
}
remote.naff.casa {
redir / /guacamole
reverse_proxy 192.168.1.37:6969
}
books.naff.casa {
reverse_proxy 192.168.1.37:5006
}
port.naff.casa {
reverse_proxy 192.168.1.37:9000
}
www.naff.casa {
redir https://naff.casa{uri}
}
sonarr.naff.casa {
reverse_proxy 192.168.1.36:8989
}
radarr.naff.casa {
reverse_proxy 192.168.1.36:7878
}
ombi.naff.casa {
reverse_proxy 192.168.1.36:3579
}
bw.naff.casa {
reverse_proxy 192.168.1.37:8711
}
cctv.naff.casa {
reverse_proxy 192.168.1.224:8123
}
jellyfin.naff.casa {
reverse_proxy 192.168.1.36:8096
}
code.naff.casa {
reverse_proxy 192.168.1.37:4443
}
matrix.naff.casa {
reverse_proxy 192.168.1.37:8008
}
element.naff.casa {
reverse_proxy 192.168.1.37:8089
}
prox.naff.casa {
reverse_proxy 192.168.1.218:8006 {
transport http {
tls_insecure_skip_verify
}
}
}
3. The problem I’m having:
sonarr.naff.casa works great.
radarr.naff.casa does NOT.
I’ve had this working config for awhile but decided to start fresh to keep my skills sharp – welp.
4. Error messages and/or full log output:
dy","Synapse/1.74.0"],"Alt-Svc":["h3=\":443\"; ma=2592000"],"Date":["Sat, 07 Jan 2023 03:03:52 GMT"],"Content-Type":["application/json"],"Access-Control-Allow-Origin":["*"],"Access-Control-Allow-Headers":["X-Requested-With, Content-Type, Authorization, Date"]}}
{"level":"info","ts":1673060700.0188181,"logger":"http.log.access","msg":"handled request","request":{"remote_ip":"5.161.113.33","remote_port":"44806","proto":"HTTP/1.1","method":"PUT","host":"matrix.naff.casa:443","uri":"/_matrix/federation/v1/send/1672935681645","headers":{"Content-Length":["231"],"User-Agent":["Synapse/1.73.0"],"Content-Type":["application/json"],"Authorization":[]},"tls":{"resumed":false,"version":772,"cipher_suite":4867,"proto":"","server_name":"matrix.naff.casa"}},"user_id":"","duration":0.037755543,"size":11,"status":200,"resp_headers":{"Access-Control-Allow-Headers":["X-Requested-With, Content-Type, Authorization, Date"],"Cache-Control":["no-cache, no-store, must-revalidate"],"Access-Control-Allow-Origin":["*"],"Access-Control-Allow-Methods":["GET, HEAD, POST, PUT, DELETE, OPTIONS"],"Server":["Caddy","Synapse/1.74.0"],"Alt-Svc":["h3=\":443\"; ma=2592000"],"Date":["Sat, 07 Jan 2023 03:04:59 GMT"],"Content-Type":["application/json"]}}
{"level":"info","ts":1673060721.731444,"logger":"tls.obtain","msg":"obtaining certificate","identifier":"radarr.naff.casa"}
{"level":"info","ts":1673060721.879135,"logger":"http.acme_client","msg":"authorization finalized","identifier":"radarr.naff.casa","authz_status":"valid"}
{"level":"info","ts":1673060721.87921,"logger":"http.acme_client","msg":"validations succeeded; finalizing order","order":"https://acme-staging-v02.api.letsencrypt.org/acme/order/82043553/6376696053"}
{"level":"info","ts":1673060722.3165069,"logger":"tls.obtain","msg":"obtaining certificate","identifier":"bin.naff.casa"}
{"level":"info","ts":1673060722.4655066,"logger":"http.acme_client","msg":"authorization finalized","identifier":"bin.naff.casa","authz_status":"valid"}
{"level":"info","ts":1673060722.4655936,"logger":"http.acme_client","msg":"validations succeeded; finalizing order","order":"https://acme-staging-v02.api.letsencrypt.org/acme/order/82043553/6376696123"}
{"level":"info","ts":1673060722.5000453,"logger":"http.acme_client","msg":"successfully downloaded available certificate chains","count":1,"first_url":"https://acme-staging-v02.api.letsencrypt.org/acme/cert/faa490c9ae9dab75c5ac5edb7c5a79b314f6"}
{"level":"info","ts":1673060722.5006864,"logger":"http","msg":"waiting on internal rate limiter","identifiers":["radarr.naff.casa"],"ca":"https://acme-v02.api.letsencrypt.org/directory","account":"lookatme33@protonmail.com"}
{"level":"info","ts":1673060722.500739,"logger":"http","msg":"done waiting on internal rate limiter","identifiers":["radarr.naff.casa"],"ca":"https://acme-v02.api.letsencrypt.org/directory","account":"lookatme33@protonmail.com"}
{"level":"error","ts":1673060722.5863097,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"radarr.naff.casa","issuer":"acme-v02.api.letsencrypt.org-directory","error":"HTTP 400 urn:ietf:params:acme:error:malformed - JWS verification error"}
{"level":"warn","ts":1673060722.6325548,"logger":"http.acme_client","msg":"HTTP request failed; retrying","url":"https://acme.zerossl.com/v2/DV90","error":"performing request: Get \"https://acme.zerossl.com/v2/DV90\": remote error: tls: internal error"}
{"level":"warn","ts":1673060722.887309,"logger":"http.acme_client","msg":"HTTP request failed; retrying","url":"https://acme.zerossl.com/v2/DV90","error":"performing request: Get \"https://acme.zerossl.com/v2/DV90\": remote error: tls: internal error"}
{"level":"info","ts":1673060722.9188757,"logger":"http.acme_client","msg":"successfully downloaded available certificate chains","count":1,"first_url":"https://acme-staging-v02.api.letsencrypt.org/acme/cert/fac709fcd0ee3c6f929277e5c0fb1ed8fc13"}
{"level":"info","ts":1673060722.919435,"logger":"http","msg":"waiting on internal rate limiter","identifiers":["bin.naff.casa"],"ca":"https://acme-v02.api.letsencrypt.org/directory","account":"lookatme33@protonmail.com"}
{"level":"info","ts":1673060722.9194806,"logger":"http","msg":"done waiting on internal rate limiter","identifiers":["bin.naff.casa"],"ca":"https://acme-v02.api.letsencrypt.org/directory","account":"lookatme33@protonmail.com"}
{"level":"warn","ts":1673060723.1418488,"logger":"http.acme_client","msg":"HTTP request failed; retrying","url":"https://acme.zerossl.com/v2/DV90","error":"performing request: Get \"https://acme.zerossl.com/v2/DV90\": remote error: tls: internal error"}
{"level":"error","ts":1673060723.1419349,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"radarr.naff.casa","issuer":"acme.zerossl.com-v2-DV90","error":"provisioning client: performing request: Get \"https://acme.zerossl.com/v2/DV90\": remote error: tls: internal error"}
{"level":"error","ts":1673060723.1419842,"logger":"tls.obtain","msg":"will retry","error":"[radarr.naff.casa] Obtain: provisioning client: performing request: Get \"https://acme.zerossl.com/v2/DV90\": remote error: tls: internal error","attempt":4,"retrying_in":300,"elapsed":315.823377122,"max_duration":2592000}
{"level":"error","ts":1673060723.221437,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"bin.naff.casa","issuer":"acme-v02.api.letsencrypt.org-directory","error":"HTTP 400 urn:ietf:params:acme:error:malformed - JWS verification error"}
{"level":"warn","ts":1673060723.2250679,"logger":"http.acme_client","msg":"HTTP request failed; retrying","url":"https://acme.zerossl.com/v2/DV90","error":"performing request: Get \"https://acme.zerossl.com/v2/DV90\": remote error: tls: internal error"}
{"level":"warn","ts":1673060723.4794047,"logger":"http.acme_client","msg":"HTTP request failed; retrying","url":"https://acme.zerossl.com/v2/DV90","error":"performing request: Get \"https://acme.zerossl.com/v2/DV90\": remote error: tls: internal error"}
{"level":"warn","ts":1673060723.734009,"logger":"http.acme_client","msg":"HTTP request failed; retrying","url":"https://acme.zerossl.com/v2/DV90","error":"performing request: Get \"https://acme.zerossl.com/v2/DV90\": remote error: tls: internal error"}
{"level":"error","ts":1673060723.7341018,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"bin.naff.casa","issuer":"acme.zerossl.com-v2-DV90","error":"provisioning client: performing request: Get \"https://acme.zerossl.com/v2/DV90\": remote error: tls: internal error"}
{"level":"error","ts":1673060723.7341719,"logger":"tls.obtain","msg":"will retry","error":"[bin.naff.casa] Obtain: provisioning client: performing request: Get \"https://acme.zerossl.com/v2/DV90\": remote error: tls: internal error","attempt":4,"retrying_in":300,"elapsed":316.421091719,"max_duration":2592000}
{"level":"info","ts":1673060739.3961086,"logger":"http.log.access","msg":"handled request","request":{"remote_ip":"45.77.209.62","remote_port":"33464","proto":"HTTP/1.1","method":"PUT","host":"matrix.naff.casa:443","uri":"/_matrix/federation/v1/send/1671566336325","headers":{"Content-Length":["208"],"User-Agent":["Synapse/1.74.0"],"Content-Type":["application/json"],"Authorization":[]},"tls":{"resumed":false,"version":772,"cipher_suite":4867,"proto":"","server_name":"matrix.naff.casa"}},"user_id":"","duration":0.062760412,"size":11,"status":200,"resp_headers":{"Date":["Sat, 07 Jan 2023 03:05:39 GMT"],"Access-Control-Allow-Headers":["X-Requested-With, Content-Type, Authorization, Date"],"Access-Control-Allow-Origin":["*"],"Access-Control-Allow-Methods":["GET, HEAD, POST, PUT, DELETE, OPTIONS"],"Content-Type":["application/json"],"Cache-Control":["no-cache, no-store, must-revalidate"],"Server":["Caddy","Synapse/1.74.0"],"Alt-Svc":["h3=\":443\"; ma=2592000"]}}
{"level":"info","ts":1673060761.127247,"logger":"http.log.access","msg":"handled request","request":{"remote_ip":"168.119.184.2","remote_port":"45954","proto":"HTTP/1.1","method":"PUT","host":"matrix.naff.casa:443","uri":"/_matrix/federation/v1/send/1671659016309","headers":{"Content-Length":["230"],"User-Agent":["Synapse/1.74.0"],"Content-Type":["application/json"],"Authorization":[]},"tls":{"resumed":false,"version":772,"cipher_suite":4867,"proto":"","server_name":"matrix.naff.casa"}},"user_id":"","duration":0.018330646,"size":11,"status":200,"resp_headers":{"Date":["Sat, 07 Jan 2023 03:06:01 GMT"],"Cache-Control":["no-cache, no-store, must-revalidate"],"Access-Control-Allow-Origin":["*"],"Access-Control-Allow-Headers":["X-Requested-With, Content-Type, Authorization, Date"],"Access-Control-Allow-Methods":["GET, HEAD, POST, PUT, DELETE, OPTIONS"],"Content-Type":["application/json"],"Server":["Caddy","Synapse/1.74.0"],"Alt-Svc":["h3=\":443\"; ma=2592000"]}}
{"level":"info","ts":1673060829.774569,"logger":"http.log.access","msg":"handled request","request":{"remote_ip":"173.230.157.143","remote_port":"42026","proto":"HTTP/1.1","method":"PUT","host":"matrix.naff.casa:443","uri":"/_matrix/federation/v1/send/1671898360357","headers":{"Content-Type":["application/json"],"Authorization":[],"Content-Length":["230"],"User-Agent":["Synapse/1.74.0"]},"tls":{"resumed":false,"version":772,"cipher_suite":4867,"proto":"","server_name":"matrix.naff.casa"}},"user_id":"","duration":0.028746429,"size":11,"status":200,"resp_headers":{"Alt-Svc":["h3=\":443\"; ma=2592000"],"Date":["Sat, 07 Jan 2023 03:07:09 GMT"],"Access-Control-Allow-Origin":["*"],"Content-Type":["application/json"],"Cache-Control":["no-cache, no-store, must-revalidate"],"Access-Control-Allow-Methods":["GET, HEAD, POST, PUT, DELETE, OPTIONS"],"Access-Control-Allow-Headers":["X-Requested-With, Content-Type, Authorization, Date"],"Server":["Caddy","Synapse/1.74.0"]}}
Paste logs/commands/output here.
USE THE PREVIEW PANE TO MAKE SURE IT LOOKS NICELY FORMATTED.
### 5. What I already tried:
My guess is that the cert isn't correct and thats why every other thing in Caddy works except for Radarr. how do I get rid of the Radarr specific cert and try again?
### 6. Links to relevant resources: