Caddy throws error getting certificate

Ulrich_Huckinghaus · January 26, 2025, 4:20pm

Yes, you are right.
I have no clue why. There is no firewall installed for this container and the site is not blocked:

curl https://acme-v02.api.letsencrypt.org/directory

works fine. Ports 80 and 443 have been forwarded to this machine.
After playing around (disabling global firewall, Toredo-Filter and WPAD) I got additional error and warnings:

WRN ts=1737907080.324477 logger=http.acme_client msg=HTTP request failed; retrying url=https://acme-v02.api.letsencrypt.org/directory error=performing request: Get "https://acme-v02.api.letsencrypt.org/directory": dial tcp: lookup acme-v02.api.letsencrypt.org on 127.0.0.11:53: server misbehaving

WRN ts=1737907084.5981374 logger=http.acme_client msg=HTTP request failed; retrying url=https://acme-v02.api.letsencrypt.org/directory error=performing request: Get "https://acme-v02.api.letsencrypt.org/directory": dial tcp 172.65.32.248:443: connect: network is unreachable

ERR ts=1737907084.5982218 logger=tls.obtain msg=could not get certificate from issuer identifier=1i09sldzcisqwou6.myfritz.net issuer=acme-v02.api.letsencrypt.org-directory error=registering account [] with server: provisioning client: performing request: Get "https://acme-v02.api.letsencrypt.org/directory": dial tcp 172.65.32.248:443: connect: network is unreachable

I have therefore undone the settings.
Maybe, my problem is related to this: https://caddy.community/t/acme-timeouts-upon-server-start/13943
But I have no clue what I should change in the docker file.

update:
After playing around, I get this from the log-files:

INF ts=1737985200.5663588 logger=docker-proxy msg=Running caddy proxy server

INF ts=1737985200.5676525 logger=admin msg=admin endpoint started address=localhost:2019 enforce_origin=false origins=["//localhost:2019","//[::1]:2019","//127.0.0.1:2019"]

INF ts=1737985200.5678926 msg=autosaved config (load with --resume flag) file=/config/caddy/autosave.json

INF ts=1737985200.5679018 logger=docker-proxy msg=Running caddy proxy controller

INF ts=1737985200.5757825 logger=docker-proxy msg=Start CaddyfilePath= EnvFile= LabelPrefix=caddy PollingInterval=30 ProxyServiceTasks=true ProcessCaddyfile=true ScanStoppedContainers=false IngressNetworks=[seafile-net] DockerSockets=[""] DockerCertsPath=[""] DockerAPIsVersion=[""]

INF ts=1737985200.577011 logger=docker-proxy msg=Connecting to docker events DockerSocket=

INF ts=1737985200.5792189 logger=docker-proxy msg=IngressNetworksMap ingres=map[d84e5c06f4b0cd7174dab0dfa1d12d1875b38edce3a087c4d227f443ec32dbc6:true seafile-net:true]

INF ts=1737985200.6086283 logger=docker-proxy msg=Swarm is available new=false

INF ts=1737985200.614931 logger=docker-proxy msg=New Caddyfile caddyfile=# Empty caddyfile

WRN ts=1737985200.6188383 logger=docker-proxy msg=Caddyfile to json warning warn=[Caddyfile:1: Caddyfile input is not formatted; run 'caddy fmt --overwrite' to fix inconsistencies]

INF ts=1737985200.6188626 logger=docker-proxy msg=New Config JSON json={}

INF ts=1737985200.6188974 logger=docker-proxy msg=Sending configuration to server=localhost

INF ts=1737985200.6197598 logger=admin.api msg=received request method=POST host=localhost:2019 uri=/load remote_ip=127.0.0.1 remote_port=42570 headers={"Accept-Encoding":["gzip"],"Content-Length":["41"],"Content-Type":["application/json"],"User-Agent":["Go-http-client/1.1"]}

INF ts=1737985200.6198 msg=config is unchanged

INF ts=1737985200.6198075 logger=admin.api msg=load complete

INF ts=1737985200.61994 logger=docker-proxy msg=Successfully configured server=localhost

INF ts=1737985220.8674793 logger=docker-proxy msg=New Caddyfile caddyfile=http://xxx.net {
	reverse_proxy 172.18.0.5:80
}

INF ts=1737985220.86789 logger=docker-proxy msg=New Config JSON json={"apps":{"http":{"servers":{"srv0":{"listen":[":80"],"routes":[{"match":[{"host":["xxx.net"]}],"handle":[{"handler":"subroute","routes":[{"handle":[{"handler":"reverse_proxy","upstreams":[{"dial":"172.18.0.5:80"}]}]}]}],"terminal":true}]}}}}}

INF ts=1737985220.8679152 logger=docker-proxy msg=Sending configuration to server=localhost

INF ts=1737985220.8683324 logger=admin.api msg=received request method=POST host=localhost:2019 uri=/load remote_ip=127.0.0.1 remote_port=42570 headers={"Accept-Encoding":["gzip"],"Content-Length":["303"],"Content-Type":["application/json"],"User-Agent":["Go-http-client/1.1"]}

INF ts=1737985220.868914 logger=admin msg=admin endpoint started address=localhost:2019 enforce_origin=false origins=["//localhost:2019","//[::1]:2019","//127.0.0.1:2019"]

WRN ts=1737985220.8690743 logger=http.auto_https msg=server is listening only on the HTTP port, so no automatic HTTPS will be applied to this server server_name=srv0 http_port=80

INF ts=1737985220.8693285 logger=http.log msg=server running name=srv0 protocols=["h1","h2","h3"]

INF ts=1737985220.8694649 msg=autosaved config (load with --resume flag) file=/config/caddy/autosave.json

INF ts=1737985220.8694751 logger=admin.api msg=load complete

INF ts=1737985220.8697443 logger=admin msg=stopped previous server address=localhost:2019

INF ts=1737985220.8697898 logger=tls.cache.maintenance msg=started background certificate maintenance cache=0xc0005fcc80

INF ts=1737985220.8707812 logger=docker-proxy msg=Successfully configured server=localhost

INF ts=1737985220.8760989 logger=tls msg=cleaning storage unit storage=FileStorage:/data/caddy

INF ts=1737985220.876505 logger=tls msg=finished cleaning storage units

But the container is still unhealthy.