Caddy Wont Load DUCKDNS Site

1. Caddy version:

v2.6.2

2. How I installed, and run Caddy:

Caddyfile run through Powershell and Caddy.exe with
Duckdns and Cloudflare Plugins

a. System environment:

Windows 10 Pro x64

b. Command:

./caddy run --config Caddyfile

d. My complete Caddy config:

Caddyfile

navarre-home-requests.duckdns.org {
    reverse_proxy 192.168.1.6:5055
    tls {
        dns duckdns access-token
    }
}
navarre-home-qbit.duckdns.org {
    reverse_proxy 192.168.1.6:8084
    tls {
        dns duckdns access-token
    }
}

3. The problem I’m having:

It wont load my domain. The logs keep saying its timing out when trying to authorized certs.

4. Error messages and/or full log output:

PS C:\Tools\Caddy> ./caddy run --config Caddyfile
2023/01/20 04:33:00.671 ←[34mINFO←[0m   using provided configuration    {"config_file": "Caddyfile", "config_adapter": ""}
2023/01/20 04:33:00.672 ←[33mWARN←[0m   Caddyfile input is not formatted; run the 'caddy fmt' command to fix inconsistencies    {"adapter": "caddyfile", "file": "Caddyfile", "line": 2}
2023/01/20 04:33:00.682 ←[34mINFO←[0m   admin   admin endpoint started  {"address": "localhost:2019", "enforce_origin": false, "origins": ["//[::1]:2019", "//127.0.0.1:2019", "//localhost:2019"]}
2023/01/20 04:33:00.682 ←[34mINFO←[0m   tls.cache.maintenance   started background certificate maintenance      {"cache": "0xc00041a380"}
2023/01/20 04:33:00.682 ←[34mINFO←[0m   http    server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS {"server_name": "srv0", "https_port": 443}
2023/01/20 04:33:00.683 ←[34mINFO←[0m   http    enabling automatic HTTP->HTTPS redirects        {"server_name": "srv0"}
2023/01/20 04:33:00.684 ←[34mINFO←[0m   tls     cleaning storage unit   {"description": "FileStorage:C:\\Users\\jessi\\AppData\\Roaming\\Caddy"}
2023/01/20 04:33:00.684 ←[34mINFO←[0m   http    enabling HTTP/3 listener        {"addr": ":443"}
2023/01/20 04:33:00.685 ←[34mINFO←[0m   http.log        server running  {"name": "srv0", "protocols": ["h1", "h2", "h3"]}
2023/01/20 04:33:00.685 ←[34mINFO←[0m   http.log        server running  {"name": "remaining_auto_https_redirects", "protocols": ["h1", "h2", "h3"]}
2023/01/20 04:33:00.685 ←[34mINFO←[0m   http    enabling automatic TLS certificate management   {"domains": ["navarre-home-requests.duckdns.org", "navarre-home-qbit.duckdns.org"]}
2023/01/20 04:33:00.712 ←[34mINFO←[0m   autosaved config (load with --resume flag)      {"file": "C:\\Users\\jessi\\AppData\\Roaming\\Caddy\\autosave.json"}
2023/01/20 04:33:00.713 ←[34mINFO←[0m   serving initial configuration
2023/01/20 04:33:00.745 ←[34mINFO←[0m   tls.obtain      acquiring lock  {"identifier": "navarre-home-qbit.duckdns.org"}
2023/01/20 04:33:00.745 ←[34mINFO←[0m   tls.obtain      acquiring lock  {"identifier": "navarre-home-requests.duckdns.org"}
2023/01/20 04:33:00.847 ←[34mINFO←[0m   tls.obtain      lock acquired   {"identifier": "navarre-home-qbit.duckdns.org"}
2023/01/20 04:33:00.848 ←[34mINFO←[0m   tls.obtain      obtaining certificate   {"identifier": "navarre-home-qbit.duckdns.org"}
2023/01/20 04:33:00.868 ←[34mINFO←[0m   tls.obtain      lock acquired   {"identifier": "navarre-home-requests.duckdns.org"}
2023/01/20 04:33:00.869 ←[34mINFO←[0m   tls.obtain      obtaining certificate   {"identifier": "navarre-home-requests.duckdns.org"}
2023/01/20 04:33:00.903 ←[34mINFO←[0m   tls     finished cleaning storage units
2023/01/20 04:33:00.935 ←[34mINFO←[0m   http    waiting on internal rate limiter        {"identifiers": ["navarre-home-requests.duckdns.org"], "ca": "https://acme-v02.api.letsencrypt.org/directory", "account": ""}
2023/01/20 04:33:00.935 ←[34mINFO←[0m   http    done waiting on internal rate limiter   {"identifiers": ["navarre-home-requests.duckdns.org"], "ca": "https://acme-v02.api.letsencrypt.org/directory", "account": ""}
2023/01/20 04:33:00.935 ←[34mINFO←[0m   http    waiting on internal rate limiter        {"identifiers": ["navarre-home-qbit.duckdns.org"], "ca": "https://acme-v02.api.letsencrypt.org/directory", "account": ""}
2023/01/20 04:33:00.938 ←[34mINFO←[0m   http    done waiting on internal rate limiter   {"identifiers": ["navarre-home-qbit.duckdns.org"], "ca": "https://acme-v02.api.letsencrypt.org/directory", "account": ""}
2023/01/20 04:33:01.335 ←[34mINFO←[0m   http.acme_client        trying to solve challenge       {"identifier": "navarre-home-requests.duckdns.org", "challenge_type": "dns-01", "ca": "https://acme-v02.api.letsencrypt.org/directory"}
2023/01/20 04:33:01.460 ←[34mINFO←[0m   http.acme_client        trying to solve challenge       {"identifier": "navarre-home-qbit.duckdns.org", "challenge_type": "dns-01", "ca": "https://acme-v02.api.letsencrypt.org/directory"}
2023/01/20 04:35:04.146 ←[31mERROR←[0m  tls.obtain      could not get certificate from issuer   {"identifier": "navarre-home-requests.duckdns.org", "issuer": "acme-v02.api.letsencrypt.org-directory", "error": "[navarre-home-requests.duckdns.org] solving challenges: waiting for solver certmagic.solverWrapper to be ready: timed out waiting for record to fully propagate; verify DNS provider configuration is correct - last error: <nil> (order=https://acme-v02.api.letsencrypt.org/acme/order/921985637/159890593197) (ca=https://acme-v02.api.letsencrypt.org/directory)"}
2023/01/20 04:35:04.183 ←[34mINFO←[0m   http    waiting on internal rate limiter        {"identifiers": ["navarre-home-requests.duckdns.org"], "ca": "https://acme.zerossl.com/v2/DV90", "account": "caddy@zerossl.com"}
2023/01/20 04:35:04.183 ←[34mINFO←[0m   http    done waiting on internal rate limiter   {"identifiers": ["navarre-home-requests.duckdns.org"], "ca": "https://acme.zerossl.com/v2/DV90", "account": "caddy@zerossl.com"}
2023/01/20 04:35:04.225 ←[31mERROR←[0m  tls.obtain      could not get certificate from issuer   {"identifier": "navarre-home-qbit.duckdns.org", "issuer": "acme-v02.api.letsencrypt.org-directory", "error": "[navarre-home-qbit.duckdns.org] solving challenges: waiting for solver certmagic.solverWrapper to be ready: timed out waiting for record to fully propagate; verify DNS provider configuration is correct - last error: <nil> (order=https://acme-v02.api.letsencrypt.org/acme/order/921985637/159890593367) (ca=https://acme-v02.api.letsencrypt.org/directory)"}
2023/01/20 04:35:04.226 ←[34mINFO←[0m   http    waiting on internal rate limiter        {"identifiers": ["navarre-home-qbit.duckdns.org"], "ca": "https://acme.zerossl.com/v2/DV90", "account": "caddy@zerossl.com"}
2023/01/20 04:35:04.229 ←[34mINFO←[0m   http    done waiting on internal rate limiter   {"identifiers": ["navarre-home-qbit.duckdns.org"], "ca": "https://acme.zerossl.com/v2/DV90", "account": "caddy@zerossl.com"}
2023/01/20 04:35:05.792 ←[34mINFO←[0m   http.acme_client        trying to solve challenge       {"identifier": "navarre-home-requests.duckdns.org", "challenge_type": "dns-01", "ca": "https://acme.zerossl.com/v2/DV90"}
2023/01/20 04:35:05.915 ←[34mINFO←[0m   http.acme_client        trying to solve challenge       {"identifier": "navarre-home-qbit.duckdns.org", "challenge_type": "dns-01", "ca": "https://acme.zerossl.com/v2/DV90"}

5. What I already tried:

It was working correctly before using 127.0.0.1:8989
once i changed the port to 127.0.0.1:5055 it wont re-authorize certificates.

BOTH 443 and 80 ports are open

image

image

Ive tried a modem and router restart as well.

6. Links to relevant resources:

1 Like

It’s not just me I have multiple other people telling me duckdns won’t authenticate.

DuckDNS is working just fine for me. I wiped my cert storage to force it to try again, and it worked fine.

Make sure your local DNS settings are configured such that it can make DNS queries to duckdns.org.

Make sure you correctly copied your DuckDNS API key. It should look like a UUID (see here for the typical format Universally unique identifier - Wikipedia)

How did you wipe cert storage for duckdns? Also when you say duckdns can make queries from the DNS can you specify. Do you mean adding my external ip to the duckdns domain.

i delete all caddy folder inside C:\Users\(Username)\AppData\Roaming\Caddy and retested this is the new log its still failing to run

PS C:\Tools\Caddy> ./caddy run --config Caddyfile
2023/01/22 05:13:32.903 INFO    using provided configuration    {"config_file": "Caddyfile", "config_adapter": ""}
2023/01/22 05:13:32.983 WARN    Caddyfile input is not formatted; run the 'caddy fmt' command to fix inconsistencies  {"adapter": "caddyfile", "file": "Caddyfile", "line": 2}
2023/01/22 05:13:32.990 INFO    admin   admin endpoint started  {"address": "localhost:2019", "enforce_origin": false, "origins": ["//localhost:2019", "//[::1]:2019", "//127.0.0.1:2019"]}
2023/01/22 05:13:32.990 INFO    tls.cache.maintenance   started background certificate maintenance      {"cache": "0xc00015db20"}
2023/01/22 05:13:32.991 INFO    http    server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS       {"server_name": "srv0", "https_port": 443}
2023/01/22 05:13:32.991 INFO    http    enabling automatic HTTP->HTTPS redirects        {"server_name": "srv0"}
2023/01/22 05:13:32.991 INFO    tls     cleaning storage unit   {"description": "FileStorage:C:\\Users\\jessi\\AppData\\Roaming\\Caddy"}
2023/01/22 05:13:32.991 INFO    tls     finished cleaning storage units
2023/01/22 05:13:32.991 INFO    http    enabling HTTP/3 listener        {"addr": ":443"}
2023/01/22 05:13:32.992 INFO    http.log        server running  {"name": "srv0", "protocols": ["h1", "h2", "h3"]}
2023/01/22 05:13:32.992 INFO    http.log        server running  {"name": "remaining_auto_https_redirects", "protocols": ["h1", "h2", "h3"]}
2023/01/22 05:13:32.992 INFO    http    enabling automatic TLS certificate management   {"domains": ["navarre-home-requests.duckdns.org", "navarre-home-qbit.duckdns.org"]}
2023/01/22 05:13:33.052 INFO    autosaved config (load with --resume flag)      {"file": "C:\\Users\\jessi\\AppData\\Roaming\\Caddy\\autosave.json"}
2023/01/22 05:13:33.052 INFO    serving initial configuration
2023/01/22 05:13:33.264 INFO    tls.obtain      acquiring lock  {"identifier": "navarre-home-requests.duckdns.org"}
2023/01/22 05:13:33.594 INFO    tls.obtain      lock acquired   {"identifier": "navarre-home-requests.duckdns.org"}
2023/01/22 05:13:33.594 INFO    tls.obtain      obtaining certificate   {"identifier": "navarre-home-requests.duckdns.org"}
2023/01/22 05:13:33.610 INFO    tls.obtain      acquiring lock  {"identifier": "navarre-home-qbit.duckdns.org"}
2023/01/22 05:13:33.895 INFO    tls.obtain      lock acquired   {"identifier": "navarre-home-qbit.duckdns.org"}
2023/01/22 05:13:33.895 INFO    tls.obtain      obtaining certificate   {"identifier": "navarre-home-qbit.duckdns.org"}
2023/01/22 05:13:34.442 INFO    http    waiting on internal rate limiter        {"identifiers": ["navarre-home-qbit.duckdns.org"], "ca": "https://acme-v02.api.letsencrypt.org/directory", "account": ""}
2023/01/22 05:13:34.443 INFO    http    done waiting on internal rate limiter   {"identifiers": ["navarre-home-qbit.duckdns.org"], "ca": "https://acme-v02.api.letsencrypt.org/directory", "account": ""}
2023/01/22 05:13:34.442 INFO    http    waiting on internal rate limiter        {"identifiers": ["navarre-home-requests.duckdns.org"], "ca": "https://acme-v02.api.letsencrypt.org/directory", "account": ""}
2023/01/22 05:13:34.444 INFO    http    done waiting on internal rate limiter   {"identifiers": ["navarre-home-requests.duckdns.org"], "ca": "https://acme-v02.api.letsencrypt.org/directory", "account": ""}
2023/01/22 05:13:34.644 INFO    http.acme_client        trying to solve challenge       {"identifier": "navarre-home-requests.duckdns.org", "challenge_type": "dns-01", "ca": "https://acme-v02.api.letsencrypt.org/directory"}
2023/01/22 05:13:34.644 INFO    http.acme_client        trying to solve challenge       {"identifier": "navarre-home-qbit.duckdns.org", "challenge_type": "dns-01", "ca": "https://acme-v02.api.letsencrypt.org/directory"}
2023/01/22 05:15:36.008 ERROR   tls.obtain      could not get certificate from issuer   {"identifier": "navarre-home-requests.duckdns.org", "issuer": "acme-v02.api.letsencrypt.org-directory", "error": "[navarre-home-requests.duckdns.org] solving challenges: waiting for solver certmagic.solverWrapper to be ready: timed out waiting for record to fully propagate; verify DNS provider configuration is correct - last error: <nil> (order=https://acme-v02.api.letsencrypt.org/acme/order/928006977/160279166357) (ca=https://acme-v02.api.letsencrypt.org/directory)"}
mmended to set one for next time
2023/01/22 05:15:36.023 ERROR   tls.obtain      could not get certificate from issuer   {"identifier": "navarre-home-qbit.duckdns.org", "issuer": "acme-v02.api.letsencrypt.org-directory", "error": "[navarre-home-qbit.duckdns.org] solving challenges: waiting for solver certmagic.solverWrapper to be ready: timed out waiting for record to fully propagate; verify DNS provider configuration is correct - last error: <nil> (order=https://acme-v02.api.letsencrypt.org/acme/order/928006967/160279166347) (ca=https://acme-v02.api.letsencrypt.org/directory)"}
2023/01/22 05:15:36.023 WARN    tls.issuance.zerossl    missing email address for ZeroSSL; it is strongly recommended to set one for next time
2023/01/22 05:15:36.704 INFO    tls.issuance.zerossl    generated EAB credentials       {"key_id": "a_01hOQ8PXy0uu1D-HdRpA"}
2023/01/22 05:15:38.789 INFO    tls.issuance.zerossl    generated EAB credentials       {"key_id": "sjfhV_DKlWV-sz3SbmORDg"}
2023/01/22 05:15:44.961 INFO    http    waiting on internal rate limiter        {"identifiers": ["navarre-home-qbit.duckdns.org"], "ca": "https://acme.zerossl.com/v2/DV90", "account": ""}
2023/01/22 05:15:44.961 INFO    http    done waiting on internal rate limiter   {"identifiers": ["navarre-home-qbit.duckdns.org"], "ca": "https://acme.zerossl.com/v2/DV90", "account": ""}
2023/01/22 05:15:45.035 INFO    http    waiting on internal rate limiter        {"identifiers": ["navarre-home-requests.duckdns.org"], "ca": "https://acme.zerossl.com/v2/DV90", "account": ""}
2023/01/22 05:15:45.035 INFO    http    done waiting on internal rate limiter   {"identifiers": ["navarre-home-requests.duckdns.org"], "ca": "https://acme.zerossl.com/v2/DV90", "account": ""}
2023/01/22 05:15:45.710 INFO    http.acme_client        trying to solve challenge       {"identifier": "navarre-home-qbit.duckdns.org", "challenge_type": "dns-01", "ca": "https://acme.zerossl.com/v2/DV90"}
2023/01/22 05:15:45.813 INFO    http.acme_client        trying to solve challenge       {"identifier": "navarre-home-requests.duckdns.org", "challenge_type": "dns-01", "ca": "https://acme.zerossl.com/v2/DV90"}
2023/01/22 05:17:28.406 INFO    shutting down   {"signal": "SIGINT"}
2023/01/22 05:17:28.455 WARN    exiting; byeee!! 👋     {"signal": "SIGINT"}
2023/01/22 05:17:28.576 WARN    force quit      {"signal": "SIGINT"}
PS C:\Tools\Caddy> ./caddy run --config Caddyfile
2023/01/22 05:19:25.982 INFO    using provided configuration    {"config_file": "Caddyfile", "config_adapter": ""}
2023/01/22 05:19:25.985 WARN    Caddyfile input is not formatted; run the 'caddy fmt' command to fix inconsistencies  {"adapter": "caddyfile", "file": "Caddyfile", "line": 2}
2023/01/22 05:19:25.992 INFO    admin   admin endpoint started  {"address": "localhost:2019", "enforce_origin": false, "origins": ["//localhost:2019", "//[::1]:2019", "//127.0.0.1:2019"]}
2023/01/22 05:19:25.992 INFO    tls.cache.maintenance   started background certificate maintenance      {"cache": "0xc000374bd0"}
2023/01/22 05:19:25.992 INFO    http    server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS       {"server_name": "srv0", "https_port": 443}
2023/01/22 05:19:25.992 INFO    http    enabling automatic HTTP->HTTPS redirects        {"server_name": "srv0"}
2023/01/22 05:19:25.993 INFO    tls     cleaning storage unit   {"description": "FileStorage:C:\\Users\\jessi\\AppData\\Roaming\\Caddy"}
2023/01/22 05:19:25.993 INFO    tls     finished cleaning storage units
2023/01/22 05:19:25.993 INFO    http    enabling HTTP/3 listener        {"addr": ":443"}
2023/01/22 05:19:25.994 INFO    http.log        server running  {"name": "srv0", "protocols": ["h1", "h2", "h3"]}
2023/01/22 05:19:25.994 INFO    http.log        server running  {"name": "remaining_auto_https_redirects", "protocols": ["h1", "h2", "h3"]}
2023/01/22 05:19:25.995 INFO    http    enabling automatic TLS certificate management   {"domains": ["navarre-home-qbit.duckdns.org", "navarre-home-requests.duckdns.org"]}
2023/01/22 05:19:25.996 INFO    autosaved config (load with --resume flag)      {"file": "C:\\Users\\jessi\\AppData\\Roaming\\Caddy\\autosave.json"}
2023/01/22 05:19:25.996 INFO    serving initial configuration
2023/01/22 05:19:26.005 INFO    tls.obtain      acquiring lock  {"identifier": "navarre-home-qbit.duckdns.org"}
2023/01/22 05:19:26.005 INFO    tls.obtain      acquiring lock  {"identifier": "navarre-home-requests.duckdns.org"}
2023/01/22 05:19:26.165 INFO    tls.obtain      lock acquired   {"identifier": "navarre-home-requests.duckdns.org"}
2023/01/22 05:19:26.165 INFO    tls.obtain      obtaining certificate   {"identifier": "navarre-home-requests.duckdns.org"}
2023/01/22 05:19:26.205 INFO    tls.obtain      lock acquired   {"identifier": "navarre-home-qbit.duckdns.org"}
2023/01/22 05:19:26.206 INFO    tls.obtain      obtaining certificate   {"identifier": "navarre-home-qbit.duckdns.org"}
2023/01/22 05:19:26.536 INFO    http    waiting on internal rate limiter        {"identifiers": ["navarre-home-requests.duckdns.org"], "ca": "https://acme-v02.api.letsencrypt.org/directory", "account": ""}
2023/01/22 05:19:26.536 INFO    http    done waiting on internal rate limiter   {"identifiers": ["navarre-home-requests.duckdns.org"], "ca": "https://acme-v02.api.letsencrypt.org/directory", "account": ""}
2023/01/22 05:19:26.566 INFO    http    waiting on internal rate limiter        {"identifiers": ["navarre-home-qbit.duckdns.org"], "ca": "https://acme-v02.api.letsencrypt.org/directory", "account": ""}
2023/01/22 05:19:26.566 INFO    http    done waiting on internal rate limiter   {"identifiers": ["navarre-home-qbit.duckdns.org"], "ca": "https://acme-v02.api.letsencrypt.org/directory", "account": ""}
2023/01/22 05:19:26.764 INFO    http.acme_client        trying to solve challenge       {"identifier": "navarre-home-qbit.duckdns.org", "challenge_type": "dns-01", "ca": "https://acme-v02.api.letsencrypt.org/directory"}
2023/01/22 05:19:26.813 INFO    http.acme_client        trying to solve challenge       {"identifier": "navarre-home-requests.duckdns.org", "challenge_type": "dns-01", "ca": "https://acme-v02.api.letsencrypt.org/directory"}

It depends how you’re running Caddy. You can see the storage locations here: Conventions — Caddy Documentation. It’s also mentioned when you start Caddy, if you used the --environ flag.

But wiping storage will probably not help you, since it seems like you’re either having a problem authenticating with DuckDNS, or your local DNS resolver is messed up and now allowing to query for duckdns.org records.

This log is Caddy saying “hmm, I think I set a TXT record, but I can’t see it”. Hence why I’m thinking your resolver settings are messed up.

But if I dig your domain, I don’t see a TXT record set.

Actually, now I do see the TXT record, so it’s not an authentication problem:

$ dig TXT navarre-home-qbit.duckdns.org

; <<>> DiG 9.16.1-Ubuntu <<>> TXT navarre-home-qbit.duckdns.org
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 45175
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;navarre-home-qbit.duckdns.org.	IN	TXT

;; ANSWER SECTION:
navarre-home-qbit.duckdns.org. 60 IN	TXT	"ks2qiqYRUeveVDxtmemtx74RY0orGk6mLdFqUNr8_M0"

;; Query time: 56 msec
;; SERVER: 8.8.4.4#53(8.8.4.4)
;; WHEN: Sun Jan 22 05:23:36 UTC 2023
;; MSG SIZE  rcvd: 114

Try adding resolvers 8.8.8.8 to your tls options to have Caddy use Google’s DNS servers to query instead. That might fix it.

how would i go about adding googles dns. Do i do that inside Caddyfile? Could you eleborate

Yes. Add that inside your tls directive. tls (Caddyfile directive) — Caddy Documentation

so like this

navarre-home-requests.duckdns.org {
    reverse_proxy 192.168.1.6:5055
    tls {
        dns duckdns access-token
        resolvers 8.8.8.8
    }
}
navarre-home-qbit.duckdns.org {
    reverse_proxy 192.168.1.6:8084
    tls {
        dns duckdns access-token
        resolvers 8.8.8.8
    }
}

now i get this error

PS C:\Tools\Caddy> ./caddy run --config Caddyfile
2023/01/22 05:32:17.177 INFO    using provided configuration    {"config_file": "Caddyfile", "config_adapter": ""}
2023/01/22 05:32:17.178 WARN    Caddyfile input is not formatted; run the 'caddy fmt' command to fix inconsistencies  {"adapter": "caddyfile", "file": "Caddyfile", "line": 2}
2023/01/22 05:32:17.185 INFO    admin   admin endpoint started  {"address": "localhost:2019", "enforce_origin": false, "origins": ["//localhost:2019", "//[::1]:2019", "//127.0.0.1:2019"]}
2023/01/22 05:32:17.185 INFO    tls.cache.maintenance   started background certificate maintenance      {"cache": "0xc0006eec40"}
2023/01/22 05:32:17.185 INFO    http    server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS       {"server_name": "srv0", "https_port": 443}
2023/01/22 05:32:17.185 INFO    http    enabling automatic HTTP->HTTPS redirects        {"server_name": "srv0"}
2023/01/22 05:32:17.186 INFO    tls     cleaning storage unit   {"description": "FileStorage:C:\\Users\\jessi\\AppData\\Roaming\\Caddy"}
2023/01/22 05:32:17.186 INFO    tls     finished cleaning storage units
2023/01/22 05:32:17.186 INFO    http    enabling HTTP/3 listener        {"addr": ":443"}
2023/01/22 05:32:17.187 INFO    http.log        server running  {"name": "srv0", "protocols": ["h1", "h2", "h3"]}
2023/01/22 05:32:17.187 INFO    http.log        server running  {"name": "remaining_auto_https_redirects", "protocols": ["h1", "h2", "h3"]}
2023/01/22 05:32:17.187 INFO    http    enabling automatic TLS certificate management   {"domains": ["navarre-home-requests.duckdns.org", "navarre-home-qbit.duckdns.org"]}
2023/01/22 05:32:17.189 INFO    autosaved config (load with --resume flag)      {"file": "C:\\Users\\jessi\\AppData\\Roaming\\Caddy\\autosave.json"}
2023/01/22 05:32:17.189 INFO    serving initial configuration
2023/01/22 05:32:17.201 INFO    tls.obtain      acquiring lock  {"identifier": "navarre-home-qbit.duckdns.org"}
2023/01/22 05:32:17.232 INFO    tls.obtain      acquiring lock  {"identifier": "navarre-home-requests.duckdns.org"}
2023/01/22 05:32:17.255 INFO    tls.obtain      lock acquired   {"identifier": "navarre-home-qbit.duckdns.org"}
2023/01/22 05:32:17.256 INFO    tls.obtain      obtaining certificate   {"identifier": "navarre-home-qbit.duckdns.org"}
2023/01/22 05:32:17.265 INFO    tls.obtain      lock acquired   {"identifier": "navarre-home-requests.duckdns.org"}
2023/01/22 05:32:17.281 INFO    tls.obtain      obtaining certificate   {"identifier": "navarre-home-requests.duckdns.org"}
2023/01/22 05:32:17.542 INFO    http    waiting on internal rate limiter        {"identifiers": ["navarre-home-qbit.duckdns.org"], "ca": "https://acme-v02.api.letsencrypt.org/directory", "account": ""}
2023/01/22 05:32:17.542 INFO    http    done waiting on internal rate limiter   {"identifiers": ["navarre-home-qbit.duckdns.org"], "ca": "https://acme-v02.api.letsencrypt.org/directory", "account": ""}
2023/01/22 05:32:17.542 INFO    http    waiting on internal rate limiter        {"identifiers": ["navarre-home-requests.duckdns.org"], "ca": "https://acme-v02.api.letsencrypt.org/directory", "account": ""}
2023/01/22 05:32:17.549 INFO    http    done waiting on internal rate limiter   {"identifiers": ["navarre-home-requests.duckdns.org"], "ca": "https://acme-v02.api.letsencrypt.org/directory", "account": ""}
2023/01/22 05:32:17.696 INFO    http.acme_client        trying to solve challenge       {"identifier": "navarre-home-qbit.duckdns.org", "challenge_type": "dns-01", "ca": "https://acme-v02.api.letsencrypt.org/directory"}
2023/01/22 05:32:17.713 INFO    http.acme_client        trying to solve challenge       {"identifier": "navarre-home-requests.duckdns.org", "challenge_type": "dns-01", "ca": "https://acme-v02.api.letsencrypt.org/directory"}
2023/01/22 05:34:22.185 ERROR   tls.obtain      could not get certificate from issuer   {"identifier": "navarre-home-requests.duckdns.org", "issuer": "acme-v02.api.letsencrypt.org-directory", "error": "[navarre-home-requests.duckdns.org] solving challenges: waiting for solver certmagic.solverWrapper to be ready: timed out waiting for record to fully propagate; verify DNS provider configuration is correct - last error: <nil> (order=https://acme-v02.api.letsencrypt.org/acme/order/928021197/160281662427) (ca=https://acme-v02.api.letsencrypt.org/directory)"}
2023/01/22 05:34:22.186 WARN    tls.issuance.zerossl    missing email address for ZeroSSL; it is strongly recommended to set one for next time
2023/01/22 05:34:22.247 ERROR   tls.obtain      could not get certificate from issuer   {"identifier": "navarre-home-qbit.duckdns.org", "issuer": "acme-v02.api.letsencrypt.org-directory", "error": "[navarre-home-qbit.duckdns.org] solving challenges: waiting for solver certmagic.solverWrapper to be ready: timed out waiting for record to fully propagate; verify DNS provider configuration is correct - last error: <nil> (order=https://acme-v02.api.letsencrypt.org/acme/order/928021207/160281662387) (ca=https://acme-v02.api.letsencrypt.org/directory)"}
2023/01/22 05:34:22.247 WARN    tls.issuance.zerossl    missing email address for ZeroSSL; it is strongly recommended to set one for next time
2023/01/22 05:34:25.913 INFO    tls.issuance.zerossl    generated EAB credentials       {"key_id": "hLX-584TBmuVsrqH52XnFg"}
2023/01/22 05:34:25.917 INFO    tls.issuance.zerossl    generated EAB credentials       {"key_id": "oJHwf3Dk-sed-uDd-jvJOg"}
2023/01/22 05:34:30.245 INFO    http    waiting on internal rate limiter        {"identifiers": ["navarre-home-qbit.duckdns.org"], "ca": "https://acme.zerossl.com/v2/DV90", "account": ""}
2023/01/22 05:34:30.245 INFO    http    done waiting on internal rate limiter   {"identifiers": ["navarre-home-qbit.duckdns.org"], "ca": "https://acme.zerossl.com/v2/DV90", "account": ""}
2023/01/22 05:34:33.546 INFO    http    waiting on internal rate limiter        {"identifiers": ["navarre-home-requests.duckdns.org"], "ca": "https://acme.zerossl.com/v2/DV90", "account": ""}
2023/01/22 05:34:33.547 INFO    http    done waiting on internal rate limiter   {"identifiers": ["navarre-home-requests.duckdns.org"], "ca": "https://acme.zerossl.com/v2/DV90", "account": ""}
2023/01/22 05:34:37.942 INFO    http.acme_client        trying to solve challenge       {"identifier": "navarre-home-qbit.duckdns.org", "challenge_type": "dns-01", "ca": "https://acme.zerossl.com/v2/DV90"}
2023/01/22 05:34:38.048 INFO    http.acme_client        trying to solve challenge       {"identifier": "navarre-home-requests.duckdns.org", "challenge_type": "dns-01", "ca": "https://acme.zerossl.com/v2/DV90"}
2023/01/22 05:36:40.482 ERROR   tls.obtain      could not get certificate from issuer   {"identifier": "navarre-home-requests.duckdns.org", "issuer": "acme.zerossl.com-v2-DV90", "error": "[navarre-home-requests.duckdns.org] solving challenges: waiting for solver certmagic.solverWrapper to be ready: timed out waiting for record to fully propagate; verify DNS provider configuration is correct - last error: <nil> (order=https://acme.zerossl.com/v2/DV90/order/i0QCjUjfI1miyl5oM-1nmg) (ca=https://acme.zerossl.com/v2/DV90)"}
2023/01/22 05:36:40.482 ERROR   tls.obtain      will retry      {"error": "[navarre-home-requests.duckdns.org] Obtain: [navarre-home-requests.duckdns.org] solving challenges: waiting for solver certmagic.solverWrapper to be ready: timed out waiting for record to fully propagate; verify DNS provider configuration is correct - last error: <nil> (order=https://acme.zerossl.com/v2/DV90/order/i0QCjUjfI1miyl5oM-1nmg) (ca=https://acme.zerossl.com/v2/DV90)", "attempt": 1, "retrying_in": 60, "elapsed": 263.2168052, "max_duration": 2592000}
2023/01/22 05:36:44.295 ERROR   tls.obtain      could not get certificate from issuer   {"identifier": "navarre-home-qbit.duckdns.org", "issuer": "acme.zerossl.com-v2-DV90", "error": "[navarre-home-qbit.duckdns.org] solving challenges: waiting for solver certmagic.solverWrapper to be ready: timed out waiting for record to fully propagate; verify DNS provider configuration is correct - last error: <nil> (order=https://acme.zerossl.com/v2/DV90/order/6qZWx5Avna5XgfHhFlf9NA) (ca=https://acme.zerossl.com/v2/DV90)"}
2023/01/22 05:36:44.296 ERROR   tls.obtain      will retry      {"error": "[navarre-home-qbit.duckdns.org] Obtain: [navarre-home-qbit.duckdns.org] solving challenges: waiting for solver certmagic.solverWrapper to be ready: timed out waiting for record to fully propagate; verify DNS provider configuration is correct - last error: <nil> (order=https://acme.zerossl.com/v2/DV90/order/6qZWx5Avna5XgfHhFlf9NA) (ca=https://acme.zerossl.com/v2/DV90)", "attempt": 1, "retrying_in": 60, "elapsed": 267.0407152, "max_duration": 2592000}

That’s still the same error. Weird.

Well, you can turn off propagation checks like this (it’s unfortunately quite verbose in this version, but 2.6.3 will simplify this):

	tls {
		dns duckdns access-token
		issuer acme {
			propagation_timeout -1
		}
		issuer zerossl {
			propagation_timeout -1
		}
	}

i get this error when trying to run that

S C:\Tools\Caddy> ./caddy run --config Caddyfile
2023/01/22 05:48:16.385 INFO    using provided configuration    {"config_file": "Caddyfile", "config_adapter": ""}
Error: adapting config using caddyfile: parsing caddyfile tokens for 'tls': Caddyfile:12 - Error during parsing: cannot mix issuer subdirective (explicit issuers) with other issuer-specific subdirectives (implicit issuers)
PS C:\Tools\Caddy>

Caddyfile

navarre-home-qbit.duckdns.org {
    reverse_proxy 192.168.1.6:8084
    tls {
        dns duckdns access-token
        resolvers 8.8.8.8
        issuer acme {
            propagation_timeout -1
        }
        issuer zerossl {
            propagation_timeout -1
        }
    }
}

Oh right, sorry. And this is why propagation_timeout is complicated right now. Sigh. Like I said, it’ll be fixed in the next version.

But this is what you need right now:

	tls {
		issuer acme {
			dns duckdns access-token
			propagation_timeout -1
		}
		issuer zerossl {
			dns duckdns access-token
			propagation_timeout -1
		}
	}

new log i changed the caddyfile because his docker stopped and that can be fixed another day

PS C:\Tools\Caddy> ./caddy run --config Caddyfile
2023/01/22 06:13:42.156 INFO    using provided configuration    {"config_file": "Caddyfile", "config_adapter": ""}
2023/01/22 06:13:42.181 WARN    Caddyfile input is not formatted; run the 'caddy fmt' command to fix inconsistencies  {"adapter": "caddyfile", "file": "Caddyfile", "line": 2}
2023/01/22 06:13:42.188 INFO    admin   admin endpoint started  {"address": "localhost:2019", "enforce_origin": false, "origins": ["//[::1]:2019", "//127.0.0.1:2019", "//localhost:2019"]}
2023/01/22 06:13:42.189 INFO    tls.cache.maintenance   started background certificate maintenance      {"cache": "0xc000624f50"}
2023/01/22 06:13:42.189 INFO    http    server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS       {"server_name": "srv0", "https_port": 443}
2023/01/22 06:13:42.189 INFO    http    enabling automatic HTTP->HTTPS redirects        {"server_name": "srv0"}
2023/01/22 06:13:42.192 INFO    tls     cleaning storage unit   {"description": "FileStorage:C:\\Users\\jessi\\AppData\\Roaming\\Caddy"}
2023/01/22 06:13:42.193 INFO    http    enabling HTTP/3 listener        {"addr": ":443"}
2023/01/22 06:13:42.194 INFO    http.log        server running  {"name": "srv0", "protocols": ["h1", "h2", "h3"]}
2023/01/22 06:13:42.194 INFO    http.log        server running  {"name": "remaining_auto_https_redirects", "protocols": ["h1", "h2", "h3"]}
2023/01/22 06:13:42.194 INFO    http    enabling automatic TLS certificate management   {"domains": ["navarre-home-qbit.duckdns.org", "navarre-home-tv.duckdns.org", "navarre-home-movies.duckdns.org", "navarre-home-music.duckdns.org"]}
2023/01/22 06:13:42.236 INFO    autosaved config (load with --resume flag)      {"file": "C:\\Users\\jessi\\AppData\\Roaming\\Caddy\\autosave.json"}
2023/01/22 06:13:42.239 INFO    serving initial configuration
2023/01/22 06:13:42.245 INFO    tls.obtain      acquiring lock  {"identifier": "navarre-home-movies.duckdns.org"}
2023/01/22 06:13:42.246 INFO    tls.obtain      acquiring lock  {"identifier": "navarre-home-tv.duckdns.org"}
2023/01/22 06:13:42.286 INFO    tls.obtain      acquiring lock  {"identifier": "navarre-home-music.duckdns.org"}
2023/01/22 06:13:42.294 INFO    tls     finished cleaning storage units
2023/01/22 06:13:42.374 INFO    tls.obtain      lock acquired   {"identifier": "navarre-home-movies.duckdns.org"}
2023/01/22 06:13:42.376 INFO    tls.obtain      lock acquired   {"identifier": "navarre-home-tv.duckdns.org"}
2023/01/22 06:13:42.383 INFO    tls.obtain      obtaining certificate   {"identifier": "navarre-home-tv.duckdns.org"}
2023/01/22 06:13:42.386 INFO    http    waiting on internal rate limiter        {"identifiers": ["navarre-home-tv.duckdns.org"], "ca": "https://acme-v02.api.letsencrypt.org/directory", "account": ""}
2023/01/22 06:13:42.386 INFO    http    done waiting on internal rate limiter   {"identifiers": ["navarre-home-tv.duckdns.org"], "ca": "https://acme-v02.api.letsencrypt.org/directory", "account": ""}
2023/01/22 06:13:42.396 INFO    tls.obtain      lock acquired   {"identifier": "navarre-home-music.duckdns.org"}
2023/01/22 06:13:42.398 INFO    tls.obtain      obtaining certificate   {"identifier": "navarre-home-music.duckdns.org"}
2023/01/22 06:13:42.397 INFO    tls.obtain      obtaining certificate   {"identifier": "navarre-home-movies.duckdns.org"}
2023/01/22 06:13:42.403 INFO    http    waiting on internal rate limiter        {"identifiers": ["navarre-home-music.duckdns.org"], "ca": "https://acme-v02.api.letsencrypt.org/directory", "account": ""}
2023/01/22 06:13:42.406 INFO    http    done waiting on internal rate limiter   {"identifiers": ["navarre-home-music.duckdns.org"], "ca": "https://acme-v02.api.letsencrypt.org/directory", "account": ""}
2023/01/22 06:13:42.406 INFO    http    waiting on internal rate limiter        {"identifiers": ["navarre-home-movies.duckdns.org"], "ca": "https://acme-v02.api.letsencrypt.org/directory", "account": ""}
2023/01/22 06:13:42.407 INFO    http    done waiting on internal rate limiter   {"identifiers": ["navarre-home-movies.duckdns.org"], "ca": "https://acme-v02.api.letsencrypt.org/directory", "account": ""}
2023/01/22 06:13:42.803 INFO    http.acme_client        trying to solve challenge       {"identifier": "navarre-home-tv.duckdns.org", "challenge_type": "dns-01", "ca": "https://acme-v02.api.letsencrypt.org/directory"}
2023/01/22 06:13:42.812 INFO    http.acme_client        trying to solve challenge       {"identifier": "navarre-home-movies.duckdns.org", "challenge_type": "dns-01", "ca": "https://acme-v02.api.letsencrypt.org/directory"}
2023/01/22 06:13:42.814 INFO    http.acme_client        trying to solve challenge       {"identifier": "navarre-home-music.duckdns.org", "challenge_type": "dns-01", "ca": "https://acme-v02.api.letsencrypt.org/directory"}
2023/01/22 06:13:43.737 INFO    http.acme_client        authorization finalized {"identifier": "navarre-home-movies.duckdns.org", "authz_status": "valid"}
2023/01/22 06:13:43.737 INFO    http.acme_client        validations succeeded; finalizing order {"order": "https://acme-v02.api.letsencrypt.org/acme/order/928021197/160287223737"}
2023/01/22 06:13:44.603 INFO    http.acme_client        successfully downloaded available certificate chains {"count": 2, "first_url": "https://acme-v02.api.letsencrypt.org/acme/cert/0392dcc462977f0d7e44c72a714d40682e25"}
2023/01/22 06:13:44.605 INFO    tls.obtain      certificate obtained successfully       {"identifier": "navarre-home-movies.duckdns.org"}
2023/01/22 06:13:44.610 INFO    tls.obtain      releasing lock  {"identifier": "navarre-home-movies.duckdns.org"}
2023/01/22 06:13:46.240 INFO    http.acme_client        authorization finalized {"identifier": "navarre-home-tv.duckdns.org", "authz_status": "valid"}
2023/01/22 06:13:46.240 INFO    http.acme_client        validations succeeded; finalizing order {"order": "https://acme-v02.api.letsencrypt.org/acme/order/928021197/160287223757"}
2023/01/22 06:13:46.744 INFO    http.acme_client        authorization finalized {"identifier": "navarre-home-music.duckdns.org", "authz_status": "valid"}
2023/01/22 06:13:46.744 INFO    http.acme_client        validations succeeded; finalizing order {"order": "https://acme-v02.api.letsencrypt.org/acme/order/928021197/160287223727"}
2023/01/22 06:13:47.141 INFO    http.acme_client        successfully downloaded available certificate chains {"count": 2, "first_url": "https://acme-v02.api.letsencrypt.org/acme/cert/034043004e99a0d110214f96ae79101f9903"}
2023/01/22 06:13:47.164 INFO    tls.obtain      certificate obtained successfully       {"identifier": "navarre-home-tv.duckdns.org"}
2023/01/22 06:13:47.165 INFO    tls.obtain      releasing lock  {"identifier": "navarre-home-tv.duckdns.org"}
2023/01/22 06:13:47.178 INFO    http.acme_client        successfully downloaded available certificate chains {"count": 2, "first_url": "https://acme-v02.api.letsencrypt.org/acme/cert/03ae6f4910fba6cf400d575388d9a2dc8af4"}
2023/01/22 06:13:47.187 INFO    tls.obtain      certificate obtained successfully       {"identifier": "navarre-home-music.duckdns.org"}
2023/01/22 06:13:47.191 INFO    tls.obtain      releasing lock  {"identifier": "navarre-home-music.duckdns.org"}
2023/01/22 06:14:05.959 ERROR   http.log.error  dial tcp 192.168.1.9:6969: i/o timeout  {"request": {"remote_ip": "15.204.173.67", "remote_port": "47260", "proto": "HTTP/1.1", "method": "GET", "host": "navarre-home-music.duckdns.org", "uri": "/", "headers": {"Connection": ["keep-alive"], "User-Agent": ["Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.0.0 Safari/537.36"], "Accept-Encoding": ["gzip, deflate"], "Accept": ["*/*"]}, "tls": {"resumed": false, "version": 772, "cipher_suite": 4865, "proto": "http/1.1", "server_name": "navarre-home-music.duckdns.org"}}, "duration": 3.0289342, "status": 502, "err_id": "cuywy8yry", "err_trace": "reverseproxy.statusError (reverseproxy.go:1272)"}
2023/01/22 06:14:13.644 ERROR   http.log.error  dial tcp 192.168.1.9:6969: i/o timeout  {"request": {"remote_ip": "195.211.77.140", "remote_port": "58390", "proto": "HTTP/1.1", "method": "GET", "host": "navarre-home-music.duckdns.org", "uri": "/", "headers": {"Accept-Language": ["ru-RU,ru;q=0.8,en-US;q=0.5,en;q=0.3"], "User-Agent": ["Mozilla/5.0 (Windows NT 6.1; Windows NT 5.1; en-US) AppleWebKit/525.13 (KHTML, like Gecko) Chrome/stable Safari/525.13"], "Accept-Encoding": ["*"], "Accept": ["*/*"]}, "tls": {"resumed": false, "version": 772, "cipher_suite": 4865, "proto": "", "server_name": "navarre-home-music.duckdns.org"}}, "duration": 3.0117316, "status": 502, "err_id": "1q7fykjxv", "err_trace": "reverseproxy.statusError (reverseproxy.go:1272)"}
2023/01/22 06:14:14.215 ERROR   http.log.error  dial tcp 192.168.1.9:6969: i/o timeout  {"request": {"remote_ip": "51.75.169.50", "remote_port": "42392", "proto": "HTTP/2.0", "method": "GET", "host": "navarre-home-music.duckdns.org", "uri": "/", "headers": {"Accept-Encoding": ["gzip"], "User-Agent": ["Go-http-client/2.0"]}, "tls": {"resumed": false, "version": 772, "cipher_suite": 4865, "proto": "h2", "server_name": "navarre-home-music.duckdns.org"}}, "duration": 3.0051798, "status": 502, "err_id": "ejc271cp1", "err_trace": "reverseproxy.statusError (reverseproxy.go:1272)"}
2023/01/22 06:14:19.138 ERROR   http.log.error  dial tcp 192.168.1.9:6969: i/o timeout  {"request": {"remote_ip": "63.135.161.175", "remote_port": "11611", "proto": "HTTP/1.1", "method": "GET", "host": "navarre-home-music.duckdns.org", "uri": "/", "headers": {"Accept": ["*/*"], "Accept-Encoding": ["gzip, deflate"], "User-Agent": ["Python/3.8 aiohttp/3.8.3"]}, "tls": {"resumed": false, "version": 772, "cipher_suite": 4865, "proto": "", "server_name": "navarre-home-music.duckdns.org"}}, "duration": 3.0057346, "status": 502, "err_id": "bd55zaj6j", "err_trace": "reverseproxy.statusError (reverseproxy.go:1272)"}
2023/01/22 06:14:20.982 ERROR   http.log.error  dial tcp 192.168.1.9:6969: i/o timeout  {"request": {"remote_ip": "139.144.69.48", "remote_port": "36850", "proto": "HTTP/1.1", "method": "GET", "host": "navarre-home-music.duckdns.org", "uri": "/", "headers": {}, "tls": {"resumed": false, "version": 772, "cipher_suite": 4865, "proto": "", "server_name": "navarre-home-music.duckdns.org"}}, "duration": 3.0028543, "status": 502, "err_id": "s3prizaqm", "err_trace": "reverseproxy.statusError (reverseproxy.go:1272)"}
2023/01/22 06:14:21.920 ERROR   http.log.error  dial tcp 192.168.1.9:6969: i/o timeout  {"request": {"remote_ip": "68.183.18.118", "remote_port": "54728", "proto": "HTTP/2.0", "method": "HEAD", "host": "navarre-home-music.duckdns.org", "uri": "/", "headers": {"Referer": ["http://navarre-home-music.duckdns.org"], "User-Agent": ["Mozilla/5.0 (compatible; Domains Project/1.3.7; +https://domainsproject.org)"]}, "tls": {"resumed": false, "version": 772, "cipher_suite": 4865, "proto": "h2", "server_name": "navarre-home-music.duckdns.org"}}, "duration": 3.0143077, "status": 502, "err_id": "0n67fe0n3", "err_trace": "reverseproxy.statusError (reverseproxy.go:1272)"}
2023/01/22 06:14:24.229 ERROR   http.log.error  dial tcp 192.168.1.9:6969: i/o timeout  {"request": {"remote_ip": "205.169.39.63", "remote_port": "53047", "proto": "HTTP/2.0", "method": "GET", "host": "navarre-home-music.duckdns.org", "uri": "/", "headers": {"Upgrade-Insecure-Requests": ["1"], "Accept-Language": ["en-US"], "Cache-Control": ["no-cache"], "User-Agent": ["Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/104.0.5112.101 Safari/537.36"], "Accept": ["text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9"], "Sec-Fetch-Site": ["none"], "Sec-Fetch-Mode": ["navigate"], "Sec-Fetch-User": ["?1"], "Sec-Fetch-Dest": ["document"], "Accept-Encoding": ["gzip, deflate, br"], "Pragma": ["no-cache"]}, "tls": {"resumed": false, "version": 772, "cipher_suite": 4865, "proto": "h2", "server_name": "navarre-home-music.duckdns.org"}}, "duration": 3.0139536, "status": 502, "err_id": "vrgr8k8vg", "err_trace": "reverseproxy.statusError (reverseproxy.go:1272)"}
2023/01/22 06:14:29.629 ERROR   http.log.error  dial tcp 192.168.1.9:6969: i/o timeout  {"request": {"remote_ip": "63.135.161.175", "remote_port": "11611", "proto": "HTTP/1.1", "method": "GET", "host": "navarre-home-music.duckdns.org", "uri": "/", "headers": {"Accept-Encoding": ["gzip, deflate"], "User-Agent": ["Python/3.8 aiohttp/3.8.3"], "Accept": ["*/*"]}, "tls": {"resumed": false, "version": 772, "cipher_suite": 4865, "proto": "", "server_name": "navarre-home-music.duckdns.org"}}, "duration": 3.0156684, "status": 502, "err_id": "8q6ms3yrf", "err_trace": "reverseproxy.statusError (reverseproxy.go:1272)"}
2023/01/22 06:14:45.949 ERROR   http.log.error  dial tcp 192.168.1.9:6969: i/o timeout  {"request": {"remote_ip": "139.144.69.48", "remote_port": "54104", "proto": "HTTP/1.1", "method": "GET", "host": "navarre-home-music.duckdns.org", "uri": "/.vscode/sftp.json", "headers": {"User-Agent": ["Go-http-client/1.1"], "Accept-Encoding": ["gzip"], "Connection": ["close"]}, "tls": {"resumed": false, "version": 772, "cipher_suite": 4865, "proto": "", "server_name": "navarre-home-music.duckdns.org"}}, "duration": 14.8620792, "status": 502, "err_id": "gdfmaxz18", "err_trace": "reverseproxy.statusError (reverseproxy.go:1272)"}
2023/01/22 06:14:46.038 ERROR   http.log.error  dial tcp 192.168.1.9:6969: i/o timeout  {"request": {"remote_ip": "139.144.69.48", "remote_port": "54106", "proto": "HTTP/1.1", "method": "GET", "host": "navarre-home-music.duckdns.org", "uri": "/debug/default/view?panel=config", "headers": {"Accept-Encoding": ["gzip"], "Connection": ["close"], "User-Agent": ["Go-http-client/1.1"]}, "tls": {"resumed": false, "version": 772, "cipher_suite": 4865, "proto": "", "server_name": "navarre-home-music.duckdns.org"}}, "duration": 14.951113, "status": 502, "err_id": "edxasjnvk", "err_trace": "reverseproxy.statusError (reverseproxy.go:1272)"}
2023/01/22 06:14:46.038 ERROR   http.log.error  dial tcp 192.168.1.9:6969: i/o timeout  {"request": {"remote_ip": "139.144.69.48", "remote_port": "54126", "proto": "HTTP/1.1", "method": "GET", "host": "navarre-home-music.duckdns.org", "uri": "/.DS_Store", "headers": {"User-Agent": ["Go-http-client/1.1"], "Accept-Encoding": ["gzip"], "Connection": ["close"]}, "tls": {"resumed": false, "version": 772, "cipher_suite": 4865, "proto": "", "server_name": "navarre-home-music.duckdns.org"}}, "duration": 14.9137965, "status": 502, "err_id": "cnvj9zg5b", "err_trace": "reverseproxy.statusError (reverseproxy.go:1272)"}
2023/01/22 06:14:46.038 ERROR   http.log.error  dial tcp 192.168.1.9:6969: i/o timeout  {"request": {"remote_ip": "139.144.69.48", "remote_port": "54144", "proto": "HTTP/1.1", "method": "GET", "host": "navarre-home-music.duckdns.org", "uri": "/", "headers": {"User-Agent": ["Mozilla/5.0 (Linux; Android 6.0; HTC One M9 Build/MRA799449) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.1279.98 Mobile Safari/537.3"], "Connection": ["close"]}, "tls": {"resumed": false, "version": 772, "cipher_suite": 4865, "proto": "", "server_name": "navarre-home-music.duckdns.org"}}, "duration": 14.9299445, "status": 502, "err_id": "ku7j0qz5s", "err_trace": "reverseproxy.statusError (reverseproxy.go:1272)"}
2023/01/22 06:14:46.038 ERROR   http.log.error  dial tcp 192.168.1.9:6969: i/o timeout  {"request": {"remote_ip": "139.144.69.48", "remote_port": "54136", "proto": "HTTP/1.1", "method": "GET", "host": "navarre-home-music.duckdns.org", "uri": "/.env", "headers": {"Accept-Encoding": ["gzip"], "Connection": ["close"], "User-Agent": ["Go-http-client/1.1"]}, "tls": {"resumed": false, "version": 772, "cipher_suite": 4865, "proto": "", "server_name": "navarre-home-music.duckdns.org"}}, "duration": 14.934967, "status": 502, "err_id": "qbndw1tga", "err_trace": "reverseproxy.statusError (reverseproxy.go:1272)"}
2023/01/22 06:14:46.038 ERROR   http.log.error  dial tcp 192.168.1.9:6969: i/o timeout  {"request": {"remote_ip": "139.144.69.48", "remote_port": "54120", "proto": "HTTP/1.1", "method": "GET", "host": "navarre-home-music.duckdns.org", "uri": "/server-status", "headers": {"User-Agent": ["Go-http-client/1.1"], "Accept-Encoding": ["gzip"], "Connection": ["close"]}, "tls": {"resumed": false, "version": 772, "cipher_suite": 4865, "proto": "", "server_name": "navarre-home-music.duckdns.org"}}, "duration": 14.9500538, "status": 502, "err_id": "e967m84rg", "err_trace": "reverseproxy.statusError (reverseproxy.go:1272)"}
2023/01/22 06:14:46.039 ERROR   http.log.error  dial tcp 192.168.1.9:6969: i/o timeout  {"request": {"remote_ip": "139.144.69.48", "remote_port": "54154", "proto": "HTTP/1.1", "method": "GET", "host": "navarre-home-music.duckdns.org", "uri": "/s/7343e25333e22373e26373/_/;/META-INF/maven/com.atlassian.jira/jira-webapp-dist/pom.properties", "headers": {"User-Agent": ["Go-http-client/1.1"], "Accept-Encoding": ["gzip"], "Connection": ["close"]}, "tls": {"resumed": false, "version": 772, "cipher_suite": 4865, "proto": "", "server_name": "navarre-home-music.duckdns.org"}}, "duration": 14.9309443, "status": 502, "err_id": "6imvt9gne", "err_trace": "reverseproxy.statusError (reverseproxy.go:1272)"}
2023/01/22 06:14:46.118 ERROR   http.log.error  dial tcp 192.168.1.9:6969: i/o timeout  {"request": {"remote_ip": "139.144.69.48", "remote_port": "54108", "proto": "HTTP/1.1", "method": "GET", "host": "navarre-home-music.duckdns.org", "uri": "/ecp/Current/exporttool/microsoft.exchange.ediscovery.exporttool.application", "headers": {"Accept-Encoding": ["gzip"], "Connection": ["close"], "User-Agent": ["Go-http-client/1.1"]}, "tls": {"resumed": false, "version": 772, "cipher_suite": 4865, "proto": "", "server_name": "navarre-home-music.duckdns.org"}}, "duration": 15.0312193, "status": 502, "err_id": "29zp1r0kx", "err_trace": "reverseproxy.statusError (reverseproxy.go:1272)"}
2023/01/22 06:14:46.420 INFO    shutting down   {"signal": "SIGINT"}
2023/01/22 06:14:47.213 WARN    exiting; byeee!! 👋     {"signal": "SIGINT"}
2023/01/22 06:14:48.667 ERROR   http.log        setting HTTP/3 Alt-Svc header   {"error": "no port can be announced, specify it explicitly using Server.Port or Server.Addr"}
2023/01/22 06:14:48.667 ERROR   http.log        setting HTTP/3 Alt-Svc header   {"error": "no port can be announced, specify it explicitly using Server.Port or Server.Addr"}
2023/01/22 06:14:48.787 ERROR   http.log        setting HTTP/3 Alt-Svc header   {"error": "no port can be announced, specify it explicitly using Server.Port or Server.Addr"}
2023/01/22 06:14:49.042 ERROR   http.log        setting HTTP/3 Alt-Svc header   {"error": "no port can be announced, specify it explicitly using Server.Port or Server.Addr"}
2023/01/22 06:14:53.886 INFO    tls.cache.maintenance   stopped background certificate maintenance      {"cache": "0xc000624f50"}
2023/01/22 06:14:54.002 INFO    admin   stopped previous server {"address": "localhost:2019"}
2023/01/22 06:14:54.002 INFO    shutdown complete       {"signal": "SIGINT", "exit_code": 0}

Caddyfile

navarre-home-tv.duckdns.org {
    reverse_proxy 192.168.1.6:8989
    tls {
        issuer acme {
            dns duckdns access-token
            propagation_timeout -1
        }
        issuer zerossl {
            dns duckdns access-token
            propagation_timeout -1
        }               
    }
}
navarre-home-qbit.duckdns.org {
    reverse_proxy 192.168.1.6:8084
    tls {
        issuer acme {
            dns duckdns access-token
            propagation_timeout -1
        }
        issuer zerossl {
            dns duckdns access-token
            propagation_timeout -1
        }
    }   
}
navarre-home-music.duckdns.org {
    reverse_proxy 192.168.1.9:6969
    tls {
        issuer acme {
            dns duckdns access-token
            propagation_timeout -1
        }
        issuer zerossl {
            dns duckdns access-token
            propagation_timeout -1
        }
    }   
}
navarre-home-movies.duckdns.org {
    reverse_proxy 192.168.1.11:7878
    tls {
        issuer acme {
            dns duckdns access-token
            propagation_timeout -1
        }
        issuer zerossl {
            dns duckdns access-token
            propagation_timeout -1
        }
    }   
}

BTW we are remoting into his pc in another state. He travels for work and remotes in using google chrome remote. I dont think this will affect the pc internal ip and external ip of his home based wired systems.

Alright, so you have certificates now. That’s good.

Well, it looks like Caddy can’t reach your upstream apps. You’ll need to figure out why. Are you sure that’s the correct IP/port for each app? Do you have network rules that might be blocking access?

You’ll need to figure that out for yourself.