Caddy redirects to Sonarr but not Radarr

Help
1

1. Output of caddy version:

latest – docker

2. How I run Caddy:

docker

a. System environment:

ubuntu/docker

b. Command:

Paste command here.

c. Service/unit/compose file:


services:
        caddy:
                container_name: caddy
                image: caddy:latest
                restart: unless-stopped
                ports:
                        - "80:80"
                        - "443:443"
                volumes:
                        - /docker/caddy/Caddyfile:/etc/caddy/Caddyfile
                        - /docker/caddy/data:/data
                        - /docker/caddy/srv:/srv
                        - /docker/caddy/config:/config
                networks:
                        - t2_proxy
networks:
  t2_proxy:
    external: true



Paste full file contents here.
Make sure backticks stay on their own lines,
and the post looks nice in the preview pane. -->

d. My complete Caddy config:

{
        # Global options block. Entirely optional, https is on by default
        # Optional email key for lets encrypt
        email lookatme33@protonmail.com
        # Optional staging lets encrypt for testing. Comment out for production.
        #     acme_ca https://acme-staging-v02.api.letsencrypt.org/directory
}
naff.casa {
        # enable logging
        log

        # .well-known is delegated from example.co.uk and served here
        header /.well-known/matrix/server {
                Content-Type application/json
        }
        respond /.well-known/matrix/server 200 {
                body "{ \"m.server\": \"matrix.naff.casa:443\" }"
                close
        }
        # .well-known delegate for client
        header /.well-known/matrix/client {
                Content-Type application/json
        }
        respond /.well-known/matrix/client 200 {
                body "{\"m.homeserver\": {\"base_url\": \"https://matrix.naff.casa\"}}"
                close
        }

        reverse_proxy /_matrix/* http://192.168.1.37:8008
        reverse_proxy /_synapse/client/* http://192.168.1.37:8008
    reverse_proxy 192.168.1.37:2368
}
recipes.naff.casa {
        reverse_proxy 192.168.1.37:8081
}
share.naff.casa {
        reverse_proxy 192.168.1.37:7070
}
logs.naff.casa {
        reverse_proxy 192.168.1.37:9999
}
bin.naff.casa {
        reverse_proxy 192.168.1.37:6608
}
paste.naff.casa {
        reverse_proxy 192.168.1.37:8085
}
remote.naff.casa {
        redir / /guacamole
        reverse_proxy 192.168.1.37:6969
}
books.naff.casa {
        reverse_proxy 192.168.1.37:5006
}
port.naff.casa {
        reverse_proxy 192.168.1.37:9000
}
www.naff.casa {
        redir https://naff.casa{uri}
}
sonarr.naff.casa {
        reverse_proxy 192.168.1.36:8989
}
radarr.naff.casa {
        reverse_proxy 192.168.1.36:7878
}
ombi.naff.casa {
        reverse_proxy 192.168.1.36:3579
}
bw.naff.casa {
        reverse_proxy 192.168.1.37:8711
}
cctv.naff.casa {
        reverse_proxy 192.168.1.224:8123
}
jellyfin.naff.casa {
        reverse_proxy 192.168.1.36:8096
}
code.naff.casa {
        reverse_proxy 192.168.1.37:4443
}
matrix.naff.casa {
        reverse_proxy 192.168.1.37:8008
}
element.naff.casa {
        reverse_proxy 192.168.1.37:8089
}
prox.naff.casa {
        reverse_proxy 192.168.1.218:8006 {
                transport http {
                        tls_insecure_skip_verify
                }
        }
}

3. The problem I’m having:

sonarr.naff.casa works great.
radarr.naff.casa does NOT.

I’ve had this working config for awhile but decided to start fresh to keep my skills sharp – welp.

4. Error messages and/or full log output:

dy","Synapse/1.74.0"],"Alt-Svc":["h3=\":443\"; ma=2592000"],"Date":["Sat, 07 Jan 2023 03:03:52 GMT"],"Content-Type":["application/json"],"Access-Control-Allow-Origin":["*"],"Access-Control-Allow-Headers":["X-Requested-With, Content-Type, Authorization, Date"]}}
{"level":"info","ts":1673060700.0188181,"logger":"http.log.access","msg":"handled request","request":{"remote_ip":"5.161.113.33","remote_port":"44806","proto":"HTTP/1.1","method":"PUT","host":"matrix.naff.casa:443","uri":"/_matrix/federation/v1/send/1672935681645","headers":{"Content-Length":["231"],"User-Agent":["Synapse/1.73.0"],"Content-Type":["application/json"],"Authorization":[]},"tls":{"resumed":false,"version":772,"cipher_suite":4867,"proto":"","server_name":"matrix.naff.casa"}},"user_id":"","duration":0.037755543,"size":11,"status":200,"resp_headers":{"Access-Control-Allow-Headers":["X-Requested-With, Content-Type, Authorization, Date"],"Cache-Control":["no-cache, no-store, must-revalidate"],"Access-Control-Allow-Origin":["*"],"Access-Control-Allow-Methods":["GET, HEAD, POST, PUT, DELETE, OPTIONS"],"Server":["Caddy","Synapse/1.74.0"],"Alt-Svc":["h3=\":443\"; ma=2592000"],"Date":["Sat, 07 Jan 2023 03:04:59 GMT"],"Content-Type":["application/json"]}}
{"level":"info","ts":1673060721.731444,"logger":"tls.obtain","msg":"obtaining certificate","identifier":"radarr.naff.casa"}
{"level":"info","ts":1673060721.879135,"logger":"http.acme_client","msg":"authorization finalized","identifier":"radarr.naff.casa","authz_status":"valid"}
{"level":"info","ts":1673060721.87921,"logger":"http.acme_client","msg":"validations succeeded; finalizing order","order":"https://acme-staging-v02.api.letsencrypt.org/acme/order/82043553/6376696053"}
{"level":"info","ts":1673060722.3165069,"logger":"tls.obtain","msg":"obtaining certificate","identifier":"bin.naff.casa"}
{"level":"info","ts":1673060722.4655066,"logger":"http.acme_client","msg":"authorization finalized","identifier":"bin.naff.casa","authz_status":"valid"}
{"level":"info","ts":1673060722.4655936,"logger":"http.acme_client","msg":"validations succeeded; finalizing order","order":"https://acme-staging-v02.api.letsencrypt.org/acme/order/82043553/6376696123"}
{"level":"info","ts":1673060722.5000453,"logger":"http.acme_client","msg":"successfully downloaded available certificate chains","count":1,"first_url":"https://acme-staging-v02.api.letsencrypt.org/acme/cert/faa490c9ae9dab75c5ac5edb7c5a79b314f6"}
{"level":"info","ts":1673060722.5006864,"logger":"http","msg":"waiting on internal rate limiter","identifiers":["radarr.naff.casa"],"ca":"https://acme-v02.api.letsencrypt.org/directory","account":"lookatme33@protonmail.com"}
{"level":"info","ts":1673060722.500739,"logger":"http","msg":"done waiting on internal rate limiter","identifiers":["radarr.naff.casa"],"ca":"https://acme-v02.api.letsencrypt.org/directory","account":"lookatme33@protonmail.com"}
{"level":"error","ts":1673060722.5863097,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"radarr.naff.casa","issuer":"acme-v02.api.letsencrypt.org-directory","error":"HTTP 400 urn:ietf:params:acme:error:malformed - JWS verification error"}
{"level":"warn","ts":1673060722.6325548,"logger":"http.acme_client","msg":"HTTP request failed; retrying","url":"https://acme.zerossl.com/v2/DV90","error":"performing request: Get \"https://acme.zerossl.com/v2/DV90\": remote error: tls: internal error"}
{"level":"warn","ts":1673060722.887309,"logger":"http.acme_client","msg":"HTTP request failed; retrying","url":"https://acme.zerossl.com/v2/DV90","error":"performing request: Get \"https://acme.zerossl.com/v2/DV90\": remote error: tls: internal error"}
{"level":"info","ts":1673060722.9188757,"logger":"http.acme_client","msg":"successfully downloaded available certificate chains","count":1,"first_url":"https://acme-staging-v02.api.letsencrypt.org/acme/cert/fac709fcd0ee3c6f929277e5c0fb1ed8fc13"}
{"level":"info","ts":1673060722.919435,"logger":"http","msg":"waiting on internal rate limiter","identifiers":["bin.naff.casa"],"ca":"https://acme-v02.api.letsencrypt.org/directory","account":"lookatme33@protonmail.com"}
{"level":"info","ts":1673060722.9194806,"logger":"http","msg":"done waiting on internal rate limiter","identifiers":["bin.naff.casa"],"ca":"https://acme-v02.api.letsencrypt.org/directory","account":"lookatme33@protonmail.com"}
{"level":"warn","ts":1673060723.1418488,"logger":"http.acme_client","msg":"HTTP request failed; retrying","url":"https://acme.zerossl.com/v2/DV90","error":"performing request: Get \"https://acme.zerossl.com/v2/DV90\": remote error: tls: internal error"}
{"level":"error","ts":1673060723.1419349,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"radarr.naff.casa","issuer":"acme.zerossl.com-v2-DV90","error":"provisioning client: performing request: Get \"https://acme.zerossl.com/v2/DV90\": remote error: tls: internal error"}
{"level":"error","ts":1673060723.1419842,"logger":"tls.obtain","msg":"will retry","error":"[radarr.naff.casa] Obtain: provisioning client: performing request: Get \"https://acme.zerossl.com/v2/DV90\": remote error: tls: internal error","attempt":4,"retrying_in":300,"elapsed":315.823377122,"max_duration":2592000}
{"level":"error","ts":1673060723.221437,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"bin.naff.casa","issuer":"acme-v02.api.letsencrypt.org-directory","error":"HTTP 400 urn:ietf:params:acme:error:malformed - JWS verification error"}
{"level":"warn","ts":1673060723.2250679,"logger":"http.acme_client","msg":"HTTP request failed; retrying","url":"https://acme.zerossl.com/v2/DV90","error":"performing request: Get \"https://acme.zerossl.com/v2/DV90\": remote error: tls: internal error"}
{"level":"warn","ts":1673060723.4794047,"logger":"http.acme_client","msg":"HTTP request failed; retrying","url":"https://acme.zerossl.com/v2/DV90","error":"performing request: Get \"https://acme.zerossl.com/v2/DV90\": remote error: tls: internal error"}
{"level":"warn","ts":1673060723.734009,"logger":"http.acme_client","msg":"HTTP request failed; retrying","url":"https://acme.zerossl.com/v2/DV90","error":"performing request: Get \"https://acme.zerossl.com/v2/DV90\": remote error: tls: internal error"}
{"level":"error","ts":1673060723.7341018,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"bin.naff.casa","issuer":"acme.zerossl.com-v2-DV90","error":"provisioning client: performing request: Get \"https://acme.zerossl.com/v2/DV90\": remote error: tls: internal error"}
{"level":"error","ts":1673060723.7341719,"logger":"tls.obtain","msg":"will retry","error":"[bin.naff.casa] Obtain: provisioning client: performing request: Get \"https://acme.zerossl.com/v2/DV90\": remote error: tls: internal error","attempt":4,"retrying_in":300,"elapsed":316.421091719,"max_duration":2592000}
{"level":"info","ts":1673060739.3961086,"logger":"http.log.access","msg":"handled request","request":{"remote_ip":"45.77.209.62","remote_port":"33464","proto":"HTTP/1.1","method":"PUT","host":"matrix.naff.casa:443","uri":"/_matrix/federation/v1/send/1671566336325","headers":{"Content-Length":["208"],"User-Agent":["Synapse/1.74.0"],"Content-Type":["application/json"],"Authorization":[]},"tls":{"resumed":false,"version":772,"cipher_suite":4867,"proto":"","server_name":"matrix.naff.casa"}},"user_id":"","duration":0.062760412,"size":11,"status":200,"resp_headers":{"Date":["Sat, 07 Jan 2023 03:05:39 GMT"],"Access-Control-Allow-Headers":["X-Requested-With, Content-Type, Authorization, Date"],"Access-Control-Allow-Origin":["*"],"Access-Control-Allow-Methods":["GET, HEAD, POST, PUT, DELETE, OPTIONS"],"Content-Type":["application/json"],"Cache-Control":["no-cache, no-store, must-revalidate"],"Server":["Caddy","Synapse/1.74.0"],"Alt-Svc":["h3=\":443\"; ma=2592000"]}}
{"level":"info","ts":1673060761.127247,"logger":"http.log.access","msg":"handled request","request":{"remote_ip":"168.119.184.2","remote_port":"45954","proto":"HTTP/1.1","method":"PUT","host":"matrix.naff.casa:443","uri":"/_matrix/federation/v1/send/1671659016309","headers":{"Content-Length":["230"],"User-Agent":["Synapse/1.74.0"],"Content-Type":["application/json"],"Authorization":[]},"tls":{"resumed":false,"version":772,"cipher_suite":4867,"proto":"","server_name":"matrix.naff.casa"}},"user_id":"","duration":0.018330646,"size":11,"status":200,"resp_headers":{"Date":["Sat, 07 Jan 2023 03:06:01 GMT"],"Cache-Control":["no-cache, no-store, must-revalidate"],"Access-Control-Allow-Origin":["*"],"Access-Control-Allow-Headers":["X-Requested-With, Content-Type, Authorization, Date"],"Access-Control-Allow-Methods":["GET, HEAD, POST, PUT, DELETE, OPTIONS"],"Content-Type":["application/json"],"Server":["Caddy","Synapse/1.74.0"],"Alt-Svc":["h3=\":443\"; ma=2592000"]}}
{"level":"info","ts":1673060829.774569,"logger":"http.log.access","msg":"handled request","request":{"remote_ip":"173.230.157.143","remote_port":"42026","proto":"HTTP/1.1","method":"PUT","host":"matrix.naff.casa:443","uri":"/_matrix/federation/v1/send/1671898360357","headers":{"Content-Type":["application/json"],"Authorization":[],"Content-Length":["230"],"User-Agent":["Synapse/1.74.0"]},"tls":{"resumed":false,"version":772,"cipher_suite":4867,"proto":"","server_name":"matrix.naff.casa"}},"user_id":"","duration":0.028746429,"size":11,"status":200,"resp_headers":{"Alt-Svc":["h3=\":443\"; ma=2592000"],"Date":["Sat, 07 Jan 2023 03:07:09 GMT"],"Access-Control-Allow-Origin":["*"],"Content-Type":["application/json"],"Cache-Control":["no-cache, no-store, must-revalidate"],"Access-Control-Allow-Methods":["GET, HEAD, POST, PUT, DELETE, OPTIONS"],"Access-Control-Allow-Headers":["X-Requested-With, Content-Type, Authorization, Date"],"Server":["Caddy","Synapse/1.74.0"]}}

Paste logs/commands/output here.
USE THE PREVIEW PANE TO MAKE SURE IT LOOKS NICELY FORMATTED.



### 5. What I already tried:
My guess is that the cert isn't correct and thats why every other thing in Caddy works except for Radarr. how do I get rid of the Radarr specific cert and try again?



### 6. Links to relevant resources:
2

Please try to be more careful with how you format your posts. Code blocks start and end with triple-backticks, i.e. ```, and they must be on their own lines. If you don’t properly terminate a code block, it eats up the rest of your post, making it very difficult to read.

“latest” is not a version. Please find the actual version of Caddy you’re running. The latest docker tag does not necessarily mean you’re running the latest version, because it’s dependent on you continually pulling the latest version down from Docker Hub to update it.

You can run docker-compose exec -w /etc/caddy caddy caddy version to get the version from your running Caddy container.

It seems like your ACME account is broken, for some reason.

You can try wiping out the data from your /data volume to have Caddy re-issue all the certificates again, using a new ACME account.

This one’s weird though. Caddy is failing to connect to ZeroSSL. Unfortunately the error message is not much help, but it’s failing to complete the TLS handshake. It could be that ZeroSSL had downtime at that time though, they don’t tend to have 100% uptime unfortunately: https://status.zerossl.com/

3

Thanks @francislavoie, this solved it and it’s working correctly.

Sorry about hte formatting on the logs, I looked in the preview pane and I thought it was correct! I’ll make sure it’s proper before I post next.

4

This topic was automatically closed after 30 days. New replies are no longer allowed.