1. The problem I’m having:
Hey guys Im new to Caddy and Im trying to setup HTTPS for my test server, however I keep getting some errors when trying to run the "caddy start" command
Details and Logs below, if you could provide some insight where I'm going wrong I'd definitely appreciate it
Chris :)
2. Error messages and/or full log output:
2023/02/28 15:12:48.973 INFO using adjacent Caddyfile
2023/02/28 15:12:48.974 WARN Caddyfile input is not formatted; run the 'caddy fmt' command to fix inconsistencies {"adapter": "caddyfile", "file": "Caddyfile", "line": 2}
2023/02/28 15:12:48.976 INFO admin admin endpoint started {"address": "localhost:2019", "enforce_origin": false, "origins": ["//[::1]:2019", "//127.0.0.1:2019", "//localhost:2019"]}
2023/02/28 15:12:48.976 INFO http server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS {"server_name": "srv0", "https_port": 443}
2023/02/28 15:12:48.976 INFO http enabling automatic HTTP->HTTPS redirects {"server_name": "srv0"}
2023/02/28 15:12:48.976 INFO tls.cache.maintenance started background certificate maintenance {"cache": "0xc000565650"}
2023/02/28 15:12:48.976 INFO http enabling HTTP/3 listener {"addr": ":443"}
2023/02/28 15:12:48.977 INFO failed to sufficiently increase receive buffer size (was: 208 kiB, wanted: 2048 kiB, got: 416 kiB). See https://github.com/quic-go/quic-go/wiki/UDP-Receive-Buffer-Size for details.
2023/02/28 15:12:48.977 INFO tls cleaning storage unit {"description": "FileStorage:/root/.local/share/caddy"}
2023/02/28 15:12:48.977 INFO http.log server running {"name": "srv0", "protocols": ["h1", "h2", "h3"]}
2023/02/28 15:12:48.977 INFO http.log server running {"name": "remaining_auto_https_redirects", "protocols": ["h1", "h2", "h3"]}
2023/02/28 15:12:48.977 INFO http enabling automatic TLS certificate management {"domains": ["rdcs-dev01.rapid-network.co"]}
2023/02/28 15:12:48.977 INFO autosaved config (load with --resume flag) {"file": "/root/.config/caddy/autosave.json"}
2023/02/28 15:12:48.977 INFO serving initial configuration
2023/02/28 15:12:48.978 INFO tls.obtain acquiring lock {"identifier": "rdcs-dev01.rapid-network.co"}
2023/02/28 15:12:48.978 INFO tls finished cleaning storage units
Successfully started Caddy (pid=271373) - Caddy is running in the background
2023/02/28 15:12:48.979 INFO tls.obtain lock acquired {"identifier": "rdcs-dev01.rapid-network.co"}
2023/02/28 15:12:48.979 INFO tls.obtain obtaining certificate {"identifier": "rdcs-dev01.rapid-network.co"}
2023/02/28 15:12:48.980 INFO http waiting on internal rate limiter {"identifiers": ["rdcs-dev01.rapid-network.co"], "ca": "https://acme-v02.api.letsencrypt.org/directory", "account": ""}
2023/02/28 15:12:48.980 INFO http done waiting on internal rate limiter {"identifiers": ["rdcs-dev01.rapid-network.co"], "ca": "https://acme-v02.api.letsencrypt.org/directory", "account": ""}
[rapidadmin@rdcs-dev01 caddy]$ 2023/02/28 15:12:49.900 INFO http.acme_client trying to solve challenge {"identifier": "rdcs-dev01.rapid-network.co", "challenge_type": "tls-alpn-01", "ca": "https://acme-v02.api.letsencrypt.org/directory"}
2023/02/28 15:12:50.396 ERROR http.acme_client challenge failed {"identifier": "rdcs-dev01.rapid-network.co", "challenge_type": "tls-alpn-01", "problem": {"type": "urn:ietf:params:acme:error:connection", "title": "", "detail": "109.169.85.158: Error getting validation data", "instance": "", "subproblems": []}}
2023/02/28 15:12:50.396 ERROR http.acme_client validating authorization {"identifier": "rdcs-dev01.rapid-network.co", "problem": {"type": "urn:ietf:params:acme:error:connection", "title": "", "detail": "109.169.85.158: Error getting validation data", "instance": "", "subproblems": []}, "order": "https://acme-v02.api.letsencrypt.org/acme/order/978859706/167396125386", "attempt": 1, "max_attempts": 3}
2023/02/28 15:12:51.767 INFO http.acme_client trying to solve challenge {"identifier": "rdcs-dev01.rapid-network.co", "challenge_type": "http-01", "ca": "https://acme-v02.api.letsencrypt.org/directory"}
2023/02/28 15:12:52.262 ERROR http.acme_client challenge failed {"identifier": "rdcs-dev01.rapid-network.co", "challenge_type": "http-01", "problem": {"type": "urn:ietf:params:acme:error:connection", "title": "", "detail": "109.169.85.158: Fetching http://rdcs-dev01.rapid-network.co/.well-known/acme-challenge/-WvNy5E1xWLZkZiUnd_1b7uOdwLaFkxnQAqQDbpSvj8: Error getting validation data", "instance": "", "subproblems": []}}
2023/02/28 15:12:52.262 ERROR http.acme_client validating authorization {"identifier": "rdcs-dev01.rapid-network.co", "problem": {"type": "urn:ietf:params:acme:error:connection", "title": "", "detail": "109.169.85.158: Fetching http://rdcs-dev01.rapid-network.co/.well-known/acme-challenge/-WvNy5E1xWLZkZiUnd_1b7uOdwLaFkxnQAqQDbpSvj8: Error getting validation data", "instance": "", "subproblems": []}, "order": "https://acme-v02.api.letsencrypt.org/acme/order/978859706/167396128236", "attempt": 2, "max_attempts": 3}
2023/02/28 15:12:52.262 ERROR tls.obtain could not get certificate from issuer {"identifier": "rdcs-dev01.rapid-network.co", "issuer": "acme-v02.api.letsencrypt.org-directory", "error": "HTTP 400 urn:ietf:params:acme:error:connection - 109.169.85.158: Fetching http://rdcs-dev01.rapid-network.co/.well-known/acme-challenge/-WvNy5E1xWLZkZiUnd_1b7uOdwLaFkxnQAqQDbpSvj8: Error getting validation data"}
2023/02/28 15:12:52.263 INFO http waiting on internal rate limiter {"identifiers": ["rdcs-dev01.rapid-network.co"], "ca": "https://acme.zerossl.com/v2/DV90", "account": "caddy@zerossl.com"}
2023/02/28 15:12:52.264 INFO http done waiting on internal rate limiter {"identifiers": ["rdcs-dev01.rapid-network.co"], "ca": "https://acme.zerossl.com/v2/DV90", "account": "caddy@zerossl.com"}
2023/02/28 15:12:55.278 INFO http.acme_client trying to solve challenge {"identifier": "rdcs-dev01.rapid-network.co", "challenge_type": "http-01", "ca": "https://acme.zerossl.com/v2/DV90"}
2023/02/28 15:13:00.809 ERROR http.acme_client challenge failed {"identifier": "rdcs-dev01.rapid-network.co", "challenge_type": "http-01", "problem": {"type": "", "title": "", "detail": "", "instance": "", "subproblems": []}}
2023/02/28 15:13:00.809 ERROR http.acme_client validating authorization {"identifier": "rdcs-dev01.rapid-network.co", "problem": {"type": "", "title": "", "detail": "", "instance": "", "subproblems": []}, "order": "https://acme.zerossl.com/v2/DV90/order/zg_mvzRg1V8NEIUUJQZEpA", "attempt": 1, "max_attempts": 3}
2023/02/28 15:13:00.809 ERROR tls.obtain could not get certificate from issuer {"identifier": "rdcs-dev01.rapid-network.co", "issuer": "acme.zerossl.com-v2-DV90", "error": "HTTP 0 - "}
2023/02/28 15:13:00.810 ERROR tls.obtain will retry {"error": "[rdcs-dev01.rapid-network.co] Obtain: [rdcs-dev01.rapid-network.co] solving challenge: rdcs-dev01.rapid-network.co: [rdcs-dev01.rapid-network.co] authorization failed: HTTP 0 - (ca=https://acme.zerossl.com/v2/DV90)", "attempt": 1, "retrying_in": 60, "elapsed": 11.830206939, "max_duration": 2592000}
3. Caddy version:
v2.6.4 h1:2hwYqiRwk1tf3VruhMpLcYTg+11fCdr8S3jhNAdnPy8=
4. How I installed and ran Caddy:
Caddy installed via portainer app templates as well as documentation on their website (git: https://github.com/caddyserver/caddy.git)
a. System environment:
CentOS 8 w/ docker
b. Command:
sudo caddy start
c. Service/unit/compose file:
N/A
d. My complete Caddy config:
rdcs-dev01.rapid-network.co {
file_server
reverse_proxy localhost:9000
}