Caddy / respond "xyz" but NO result (docker)

Help
1

1. My Caddy version (caddy version):

LABEL org.opencontainers.image.version=v2.0.0-beta.17

2. How I run Caddy:

This is the way of IP traffic:
Internet - Router (portforwarding 80->192.1.2.3:81 / 443->192.1.2.3:444) - QNAP NAS-Server including Docker → Caddy-Container (81 and 444)

a. System environment:

Docker-Container caddy/caddy:latest

b. Command:

 caddy run --config /etc/caddy/Caddyfile.txt --adapter caddyfile

c. Service/unit/compose file:

paste full file contents here

d. My complete Caddyfile:

{
	email office@mickymouse.com
	acme_ca https://acme-staging-v02.api.letsencrypt.org/directory
	debug
}


mickymouse.com, 
www.mickymouse.com, 
http://mickymouse.com
	{
		respond "This is a mickymouse-Page"
	}

3. The problem I’m having:

I call up the website http://mickymouse.com in the web browser.
Result: Nothing!
A white page without any content.
I would expect to get the message: “This is a mickymouse-Page”.
But it’s connecting: it shows an insecure connection (see caddy file).
So what is wrong? What would be the steps to check?

What is the difference by using the ACME Staging environment?
Would there be a green SSL sign? Or what is the differnece?

4. Error messages and/or full log output:

020/03/15 20:50:30 [INFO][cache:0xc0001aeaa0] Started certificate maintenance routine                                                                                             
2020/03/15 20:50:30.029 INFO    tls     cleaned up storage units                                                                                                                   
2020/03/15 20:50:30.029 INFO    http    enabling automatic TLS certificate management   {"domains": ["www.mickymouse", "mickymouse"]}                                    
2020/03/15 20:50:30.295 INFO    autosaved config        {"file": "/config/caddy/autosave.json"}                                                                                    
2020/03/15 20:50:30.295 INFO    serving initial configuration                                                                                                                      
2020/03/15 20:50:30 [INFO][www.mickymouse] Obtain certificate                                                                                                                 
2020/03/15 20:50:30 [INFO][www.mickymouse] Obtain: Waiting on rate limiter...                                                                                                 
2020/03/15 20:50:30 [INFO][www.mickymouse] Obtain: Done waiting                                                                                                               
2020/03/15 20:50:30 [INFO] [www.mickymouse] acme: Obtaining bundled SAN certificate                                                                                           
2020/03/15 20:50:30 [INFO][mickymouse] Obtain certificate                                                                                                                     
2020/03/15 20:50:30 [INFO][mickymouse] Obtain: Waiting on rate limiter...                                                                                                     
2020/03/15 20:50:30 [INFO][mickymouse] Obtain: Done waiting                                                                                                                   
2020/03/15 20:50:30 [INFO] [mickymouse] acme: Obtaining bundled SAN certificate                                                                                               
2020/03/15 20:50:31 [INFO] [www.mickymouse] AuthURL: https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/43918201                                                      
2020/03/15 20:50:31 [INFO] [www.mickymouse] acme: Could not find solver for: tls-alpn-01                                                                                      
2020/03/15 20:50:31 [INFO] [www.mickymouse] acme: use http-01 solver                                                                                                          
2020/03/15 20:50:31 [INFO] [www.mickymouse] acme: Trying to solve HTTP-01                                                                                                     
2020/03/15 20:50:31 [INFO] [mickymouse] AuthURL: https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/43918202                                                          
2020/03/15 20:50:31 [INFO] [mickymouse] acme: Could not find solver for: tls-alpn-01                                                                                          
2020/03/15 20:50:31 [INFO] [mickymouse] acme: use http-01 solver                                                                                                              
2020/03/15 20:50:31 [INFO] [mickymouse] acme: Trying to solve HTTP-01                                                                                                         
2020/03/15 20:50:35 [INFO] Deactivating auth: https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/43918202                                                                  
2020/03/15 20:50:36 [INFO] Unable to deactivate the authorization: https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/43918202                                             
2020/03/15 20:50:36 [ERROR][mickymouse] failed to obtain certificate: acme: Error -> One or more domains had a problem:                                                       
[mickymouse] acme: error: 400 :: urn:ietf:params:acme:error:connection :: Fetching http://mickymouse/.well-known/acme-challenge/Qxo-W0GJPUlIXfS5ivx1S3ZV27SSv1Aun9C7v4bgM
1g: Connection refused, url: (attempt 1/2; challenge=http-01)                                                                                                                      
2020/03/15 20:50:37 [INFO] [mickymouse] acme: Obtaining bundled SAN certificate                                                                                               
2020/03/15 20:50:37 [INFO] [mickymouse] AuthURL: https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/43918210                                                          
2020/03/15 20:50:37 [INFO] [mickymouse] acme: Could not find solver for: tls-alpn-01                                                                                          
2020/03/15 20:50:37 [INFO] [mickymouse] acme: use http-01 solver                                                                                                              
2020/03/15 20:50:37 [INFO] [mickymouse] acme: Trying to solve HTTP-01

5. What I already tried:

Did a reverse proxy to a working website, which was showing up as http, but not via https.

6. Links to relevant resources:

2

Using staging will give you a certificate that is not trusted by browsers (you’ll see a certificate trust warning when loading the site over https://) but it allows you to avoid hitting rate limits when you’re just testing things. With the recent versions of Caddy, some measures are taken to avoid hitting rate limits in the first place, so this is less of a concern. The situation where people most often hit the rate limits is when running Caddy in Docker and not having configured the volumes correctly to persist the certificate storage.

The error looks to me like you may not have ports 80 and 443 accessible from the web. Make sure your DNS records are up to date and your firewall/port forwarding are configured to allow the connection.

3

Taking a closer look, this line looks like it might be the culprit. Looks like it tries to connect to mickymouse instead of mickymouse.com. If you’re editing your logs, please don’t, it just makes it harder for us to help.

2 Likes
4

Hi Francis, thanks for your feedback, I will check, but dont believe in a networking issue.
I will report back and maybe send you the original logfile in parallel via private message…

5

Please post them in the open so that others in the community can help you as well.

See this writeup: How to get help with Caddy more effectively

1 Like
6

Hi,
as previously stated, I wanted to report back.
I completely deleted the container and started new with bridge configuration (static IP).
This solved the whole issue.
So -thanks- you can close this ticket.

But in parallel now there seems to be an issue with redirecting xxx.com or http://xxx.com to https://xxx.com (on the other hand: www.xxx.com is automatically redirecting). Is there any hint?
Shall I include a redirect rule (if so which)?

I can see this relevant log lines:

WARN    http    user server is listening on same interface as automatic HTTP->HTTPS redirects; user-configured routes might override these redirects    {"server_name": "srv1", "interface": "tcp/:80"}                                   
INFO    tls     cleaned up storage units
DEBUG   http    starting server loop    {"address": ":443", "http3": false, "tls": true}
DEBUG   http    starting server loop    {"address": ":80", "http3": false, "tls": false}

And another short question:
Is there a possibility to have the acme staging environment only for a specific domain?
I tried but it failed.

I will open another ticket if I cannot find the answer myself :wink:

7

No, this is only available as a global configuration.

Please give us what you’re currently using in your Caddyfile, and post full unredacted logs. We can’t help you effectively with the amount of information you’ve given us.

As I said, please read How to get help with Caddy more effectively

1 Like
8

Just a little nit: that’s not entirely accurate; you can specify the CA endpoint with the tls directive: tls (Caddyfile directive) — Caddy Documentation

9

Oh! My bad.

Btw I’d say the difference with tls having a ca option and global options having acme_ca is a bit confusing.

10

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.