The same error being ‘SSL_ERROR_INTERNAL_ERROR_ALERT’ on the webpage when attempting to connect to my new domain, mitchflix.net
Just in case, I rolled a new token on the cloudflare dash and put that token at the bottom of my .bashrc in my root (and only) user’s home folder:
CLOUDFLARE_AUTH_TOKEN=-zvy5_FsqPJWlaDX0iK123456etc0dh6HgjYtwAa
journalctl results:
$ journalctl -f -u caddy
Jul 24 16:43:01 calcifer caddy[1244251]: {"level":"info","ts":1690180981.5333958,"logger":"http","msg":"done waiting on internal rate limiter","identifiers":["mitchflix.net"],"ca":"https://acme-v02.api.letsencrypt.org/directory","account":""}
Jul 24 16:43:03 calcifer caddy[1244251]: {"level":"info","ts":1690180983.1493216,"logger":"http.acme_client","msg":"trying to solve challenge","identifier":"mitchflix.net","challenge_type":"dns-01","ca":"https://acme-v02.api.letsencrypt.org/directory"}
Jul 24 16:43:03 calcifer caddy[1244251]: {"level":"error","ts":1690180983.4815896,"logger":"http.acme_client","msg":"cleaning up solver","identifier":"mitchflix.net","challenge_type":"dns-01","error":"no memory of presenting a DNS record for \"_acme-challenge.mitchflix.net\" (usually OK if presenting also failed)"}
Jul 24 16:43:03 calcifer caddy[1244251]: {"level":"error","ts":1690180983.7752678,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"mitchflix.net","issuer":"acme-v02.api.letsencrypt.org-directory","error":"[mitchflix.net] solving challenges: presenting for challenge: adding temporary record for zone \"mitchflix.net.\": got error status: HTTP 400: [{Code:6003 Message:Invalid request headers}] (order=https://acme-v02.api.letsencrypt.org/acme/order/1221956417/196951955567) (ca=https://acme-v02.api.letsencrypt.org/directory)"}
Jul 24 16:43:03 calcifer caddy[1244251]: {"level":"info","ts":1690180983.7755237,"logger":"http","msg":"waiting on internal rate limiter","identifiers":["mitchflix.net"],"ca":"https://acme.zerossl.com/v2/DV90","account":"caddy@zerossl.com"}
Jul 24 16:43:03 calcifer caddy[1244251]: {"level":"info","ts":1690180983.775531,"logger":"http","msg":"done waiting on internal rate limiter","identifiers":["mitchflix.net"],"ca":"https://acme.zerossl.com/v2/DV90","account":"caddy@zerossl.com"}
Jul 24 16:43:07 calcifer caddy[1244251]: {"level":"info","ts":1690180987.896306,"logger":"http.acme_client","msg":"trying to solve challenge","identifier":"mitchflix.net","challenge_type":"dns-01","ca":"https://acme.zerossl.com/v2/DV90"}
Jul 24 16:43:08 calcifer caddy[1244251]: {"level":"error","ts":1690180988.1270409,"logger":"http.acme_client","msg":"cleaning up solver","identifier":"mitchflix.net","challenge_type":"dns-01","error":"no memory of presenting a DNS record for \"_acme-challenge.mitchflix.net\" (usually OK if presenting also failed)"}
Jul 24 16:43:09 calcifer caddy[1244251]: {"level":"error","ts":1690180989.5768328,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"mitchflix.net","issuer":"acme.zerossl.com-v2-DV90","error":"[mitchflix.net] solving challenges: presenting for challenge: adding temporary record for zone \"mitchflix.net.\": got error status: HTTP 400: [{Code:6003 Message:Invalid request headers}] (order=https://acme.zerossl.com/v2/DV90/order/sjN4V5fOg-J55rRaCWsK3g) (ca=https://acme.zerossl.com/v2/DV90)"}
Jul 24 16:43:09 calcifer caddy[1244251]: {"level":"error","ts":1690180989.5768673,"logger":"tls.obtain","msg":"will retry","error":"[mitchflix.net] Obtain: [mitchflix.net] solving challenges: presenting for challenge: adding temporary record for zone \"mitchflix.net.\": got error status: HTTP 400: [{Code:6003 Message:Invalid request headers}] (order=https://acme.zerossl.com/v2/DV90/order/sjN4V5fOg-J55rRaCWsK3g) (ca=https://acme.zerossl.com/v2/DV90)","attempt":1,"retrying_in":60,"elapsed":8.04396134,"max_duration":2592000}
Jul 24 16:44:09 calcifer caddy[1244251]: {"level":"info","ts":1690181049.577499,"logger":"tls.obtain","msg":"obtaining certificate","identifier":"mitchflix.net"}
Jul 24 16:44:10 calcifer caddy[1244251]: {"level":"info","ts":1690181050.9394023,"logger":"http.acme_client","msg":"trying to solve challenge","identifier":"mitchflix.net","challenge_type":"dns-01","ca":"https://acme-staging-v02.api.letsencrypt.org/directory"}
Jul 24 16:44:11 calcifer caddy[1244251]: {"level":"error","ts":1690181051.173163,"logger":"http.acme_client","msg":"cleaning up solver","identifier":"mitchflix.net","challenge_type":"dns-01","error":"no memory of presenting a DNS record for \"_acme-challenge.mitchflix.net\" (usually OK if presenting also failed)"}
Jul 24 16:44:11 calcifer caddy[1244251]: {"level":"error","ts":1690181051.425305,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"mitchflix.net","issuer":"acme-v02.api.letsencrypt.org-directory","error":"[mitchflix.net] solving challenges: presenting for challenge: adding temporary record for zone \"mitchflix.net.\": got error status: HTTP 400: [{Code:6003 Message:Invalid request headers}] (order=https://acme-staging-v02.api.letsencrypt.org/acme/order/112117674/9918401374) (ca=https://acme-staging-v02.api.letsencrypt.org/directory)"}
Jul 24 16:44:14 calcifer caddy[1244251]: {"level":"info","ts":1690181054.0701044,"logger":"http.acme_client","msg":"trying to solve challenge","identifier":"mitchflix.net","challenge_type":"dns-01","ca":"https://acme.zerossl.com/v2/DV90"}
Jul 24 16:44:14 calcifer caddy[1244251]: {"level":"error","ts":1690181054.2926908,"logger":"http.acme_client","msg":"cleaning up solver","identifier":"mitchflix.net","challenge_type":"dns-01","error":"no memory of presenting a DNS record for \"_acme-challenge.mitchflix.net\" (usually OK if presenting also failed)"}
Jul 24 16:44:15 calcifer caddy[1244251]: {"level":"error","ts":1690181055.007349,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"mitchflix.net","issuer":"acme.zerossl.com-v2-DV90","error":"[mitchflix.net] solving challenges: presenting for challenge: adding temporary record for zone \"mitchflix.net.\": got error status: HTTP 400: [{Code:6003 Message:Invalid request headers}] (order=https://acme.zerossl.com/v2/DV90/order/VGJ-1hHKDR9ZivViq_TL_A) (ca=https://acme.zerossl.com/v2/DV90)"}
Jul 24 16:44:15 calcifer caddy[1244251]: {"level":"error","ts":1690181055.0073886,"logger":"tls.obtain","msg":"will retry","error":"[mitchflix.net] Obtain: [mitchflix.net] solving challenges: presenting for challenge: adding temporary record for zone \"mitchflix.net.\": got error status: HTTP 400: [{Code:6003 Message:Invalid request headers}] (order=https://acme.zerossl.com/v2/DV90/order/VGJ-1hHKDR9ZivViq_TL_A) (ca=https://acme.zerossl.com/v2/DV90)","attempt":2,"retrying_in":120,"elapsed":73.474482544,"max_duration":2592000}
Verifying the token:
curl -X GET "https://api.cloudflare.com/client/v4/user/tokens/verify" \
-H "Authorization: Bearer -zvy5_FsqPJWlaDX0iK123456etc0dh6HgjYtwAa" \
-H "Content-Type:application/json"
{"result":{"id":"0b5903ebe18a05d81af7c6dc5ed3a220","status":"active","not_before":"2023-07-24T00:00:00Z","expires_on":"2024-07-24T23:59:59Z"},"success":true,"errors":[],"messages":[{"code":10000,"message":"This API Token is valid and active","type":null}]}
I have the zones set as zone: read and DNS: edit as advised in the documentation linked above, and have made sure to use an API token, not the API key.
I found another link where you suggest a command to check the environment caddy sees. Is there a different command for the systemd process? Using:
caddy environ
Does not show the EV ‘CLOUDFLARE_AUTH_TOKEN’ at all, but I am wondering if that is checking the previous package install and not the systemd process?