How I run Caddy:
Starting a Docker container with Caddyfile:
https://app.ripapp.it {
tls ripappbrescia@gmail.com
reverse_proxy /* {
to backend:48795
flush interval -1
}
}
And Dockerfile:
FROM caddy:2.4.5
COPY Caddyfile /etc/caddy/Caddyfile
ENV ACME_AGREE=true
EXPOSE 443
System environment:
The OS is Debian, application server Apache and a Docker that has 3 containers and a network.
Caddy container points to a Spring Boot application container called backend.
The problem I’m having:
I am new with Caddy. The system was working until yesterday (the certificate was already expired, but I use it to call rest api in development phase so I can accept also an expired certificate).
Accidentally I stopped the docker container with caddy and I am not able to restart it anymore.
Error messages and/or full log output:
2022-02-24T00:49:13.077709051Z 2022/02/24 00:49:13.077 INFO using provided configuration {"config_file": "/etc/caddy/Caddyfile", "config_adapter": "caddyfile"}
2022-02-24T00:49:13.080517683Z 2022/02/24 00:49:13.080 WARN input is not formatted with 'caddy fmt' {"adapter": "caddyfile", "file": "/etc/caddy/Caddyfile", "line": 2}
2022-02-24T00:49:13.082483777Z 2022/02/24 00:49:13.082 INFO admin admin endpoint started {"address": "tcp/localhost:2019", "enforce_origin": false, "origins": ["localhost:2019", "[::1]:2019", "[127.0.0.1:2019](http://127.0.0.1:2019/)"]}
2022-02-24T00:49:13.083012379Z 2022/02/24 00:49:13.082 INFO http server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS {"server_name": "srv0", "https_port": 443}
2022-02-24T00:49:13.083044007Z 2022/02/24 00:49:13.082 INFO http enabling automatic HTTP->HTTPS redirects {"server_name": "srv0"}
2022-02-24T00:49:13.083262915Z 2022/02/24 00:49:13.082 INFO tls.cache.maintenance started background certificate maintenance {"cache": "0xc0003bdb90"}
2022-02-24T00:49:13.088176927Z 2022/02/24 00:49:13.087 INFO tls cleaning storage unit {"description": "FileStorage:/data/caddy"}
2022-02-24T00:49:13.088214299Z 2022/02/24 00:49:13.087 INFO tls finished cleaning storage units
2022-02-24T00:49:13.088566440Z 2022/02/24 00:49:13.088 INFO http enabling automatic TLS certificate management {"domains": ["[app.ripapp.it](http://app.ripapp.it/)"]}
2022-02-24T00:49:13.089217858Z 2022/02/24 00:49:13.088 INFO autosaved config (load with --resume flag) {"file": "/config/caddy/autosave.json"}
2022-02-24T00:49:13.089255497Z 2022/02/24 00:49:13.088 INFO serving initial configuration
2022-02-24T00:49:13.090255185Z 2022/02/24 00:49:13.089 INFO tls.obtain acquiring lock {"identifier": "[app.ripapp.it](http://app.ripapp.it/)"}
2022-02-24T00:49:13.104037308Z 2022/02/24 00:49:13.103 INFO tls.obtain lock acquired {"identifier": "[app.ripapp.it](http://app.ripapp.it/)"}
2022-02-24T00:49:13.980759033Z 2022/02/24 00:49:13.980 INFO tls.issuance.acme waiting on internal rate limiter {"identifiers": ["[app.ripapp.it](http://app.ripapp.it/)"], "ca": "https://acme-v02.api.letsencrypt.org/directory", "account": "[ripappbrescia@gmail.com](mailto:ripappbrescia@gmail.com)"}
2022-02-24T00:49:13.980807648Z 2022/02/24 00:49:13.980 INFO tls.issuance.acme done waiting on internal rate limiter {"identifiers": ["[app.ripapp.it](http://app.ripapp.it/)"], "ca": "https://acme-v02.api.letsencrypt.org/directory", "account": "[ripappbrescia@gmail.com](mailto:ripappbrescia@gmail.com)"}
2022-02-24T00:49:14.538528714Z 2022/02/24 00:49:14.538 INFO tls.issuance.acme.acme_client trying to solve challenge {"identifier": "[app.ripapp.it](http://app.ripapp.it/)", "challenge_type": "tls-alpn-01", "ca": "https://acme-v02.api.letsencrypt.org/directory"}
2022-02-24T00:49:15.976582736Z 2022/02/24 00:49:15.976 ERROR tls.issuance.acme.acme_client challenge failed {"identifier": "[app.ripapp.it](http://app.ripapp.it/)", "challenge_type": "tls-alpn-01", "status_code": 403, "problem_type": "urn:ietf:params:acme:error:unauthorized", "error": "Cannot negotiate ALPN protocol \"acme-tls/1\" for tls-alpn-01 challenge"}
2022-02-24T00:49:15.976692391Z 2022/02/24 00:49:15.976 ERROR tls.issuance.acme.acme_client validating authorization {"identifier": "[app.ripapp.it](http://app.ripapp.it/)", "error": "authorization failed: HTTP 403 urn:ietf:params:acme:error:unauthorized - Cannot negotiate ALPN protocol \"acme-tls/1\" for tls-alpn-01 challenge", "order": "https://acme-v02.api.letsencrypt.org/acme/order/422657490/66417417610", "attempt": 1, "max_attempts": 3}
2022-02-24T00:49:17.508224302Z 2022/02/24 00:49:17.507 INFO tls.issuance.acme.acme_client trying to solve challenge {"identifier": "[app.ripapp.it](http://app.ripapp.it/)", "challenge_type": "http-01", "ca": "https://acme-v02.api.letsencrypt.org/directory"}
2022-02-24T00:49:18.933967989Z 2022/02/24 00:49:18.933 ERROR tls.issuance.acme.acme_client challenge failed {"identifier": "[app.ripapp.it](http://app.ripapp.it/)", "challenge_type": "http-01", "status_code": 403, "problem_type": "urn:ietf:params:acme:error:unauthorized", "error": "Invalid response from http://app.ripapp.it/.well-known/acme-challenge/QG2yr7WcBg8Wbj9evi8oyk1CzaTFM0Y9bkgkmqq5Iww [91.187.200.219]: \"<html lang=\\\"en\\\" xml:lang=\\\"en\\\" xmlns=\\\"[http://www.w3.org/1999/xhtml\\\](http://www.w3.org/1999/xhtml%5C%5C%5C)">\\n<head>\\n <title>Connection denied by Geolocation</title>\\n \""}
2022-02-24T00:49:18.934101729Z 2022/02/24 00:49:18.933 ERROR tls.issuance.acme.acme_client validating authorization {"identifier": "[app.ripapp.it](http://app.ripapp.it/)", "error": "authorization failed: HTTP 403 urn:ietf:params:acme:error:unauthorized - Invalid response from http://app.ripapp.it/.well-known/acme-challenge/QG2yr7WcBg8Wbj9evi8oyk1CzaTFM0Y9bkgkmqq5Iww [91.187.200.219]: \"<html lang=\\\"en\\\" xml:lang=\\\"en\\\" xmlns=\\\"[http://www.w3.org/1999/xhtml\\\](http://www.w3.org/1999/xhtml%5C%5C%5C)">\\n<head>\\n <title>Connection denied by Geolocation</title>\\n \"", "order": "https://acme-v02.api.letsencrypt.org/acme/order/422657490/66417426840", "attempt": 2, "max_attempts": 3}
2022-02-24T00:49:20.696387362Z 2022/02/24 00:49:20.695 ERROR tls.obtain could not get certificate from issuer {"identifier": "[app.ripapp.it](http://app.ripapp.it/)", "issuer": "acme-v02.api.letsencrypt.org-directory", "error": "[[app.ripapp.it](http://app.ripapp.it/)] solving challenges: [app.ripapp.it](http://app.ripapp.it/): no solvers available for remaining challenges (configured=[http-01 tls-alpn-01] offered=[http-01 dns-01 tls-alpn-01] remaining=[dns-01]) (order=https://acme-v02.api.letsencrypt.org/acme/order/422657490/66417435240) (ca=https://acme-v02.api.letsencrypt.org/directory)"}
2022-02-24T00:49:21.383148322Z 2022/02/24 00:49:21.382 INFO tls.issuance.zerossl generated EAB credentials {"key_id": "fiNQgkXxmfwTdX1q1gFasg"}
2022-02-24T00:49:24.460492479Z 2022/02/24 00:49:24.459 INFO tls.issuance.acme waiting on internal rate limiter {"identifiers": ["[app.ripapp.it](http://app.ripapp.it/)"], "ca": "https://acme.zerossl.com/v2/DV90", "account": "[ripappbrescia@gmail.com](mailto:ripappbrescia@gmail.com)"}
2022-02-24T00:49:24.460580992Z 2022/02/24 00:49:24.460 INFO tls.issuance.acme done waiting on internal rate limiter {"identifiers": ["[app.ripapp.it](http://app.ripapp.it/)"], "ca": "https://acme.zerossl.com/v2/DV90", "account": "[ripappbrescia@gmail.com](mailto:ripappbrescia@gmail.com)"}
2022-02-24T00:49:26.842482059Z 2022/02/24 00:49:26.841 INFO tls.issuance.acme.acme_client trying to solve challenge {"identifier": "[app.ripapp.it](http://app.ripapp.it/)", "challenge_type": "http-01", "ca": "https://acme.zerossl.com/v2/DV90"}
2022-02-24T00:54:33.951816056Z 2022/02/24 00:54:33.951 ERROR tls.obtain could not get certificate from issuer {"identifier": "[app.ripapp.it](http://app.ripapp.it/)", "issuer": "acme.zerossl.com-v2-DV90", "error": "[[app.ripapp.it](http://app.ripapp.it/)] solving challenges: [[app.ripapp.it](http://app.ripapp.it/)] authorization took too long (order=https://acme.zerossl.com/v2/DV90/order/vvc7AHQIBYfRzJNt3_3wxQ) (ca=https://acme.zerossl.com/v2/DV90)"}
2022-02-24T00:54:33.951949058Z 2022/02/24 00:54:33.951 ERROR tls.obtain will retry {"error": "[[app.ripapp.it](http://app.ripapp.it/)] Obtain: [[app.ripapp.it](http://app.ripapp.it/)] solving challenges: [[app.ripapp.it](http://app.ripapp.it/)] authorization took too long (order=https://acme.zerossl.com/v2/DV90/order/vvc7AHQIBYfRzJNt3_3wxQ) (ca=https://acme.zerossl.com/v2/DV90)", "attempt": 1, "retrying_in": 60, "elapsed": 320.847651045, "max_duration": 2592000}
2022-02-24T00:55:35.135935104Z 2022/02/24 00:55:35.135 INFO tls.issuance.acme.acme_client trying to solve challenge {"identifier": "[app.ripapp.it](http://app.ripapp.it/)", "challenge_type": "http-01", "ca": "https://acme-staging-v02.api.letsencrypt.org/directory"}
2022-02-24T00:55:36.565592278Z 2022/02/24 00:55:36.565 ERROR tls.issuance.acme.acme_client challenge failed {"identifier": "[app.ripapp.it](http://app.ripapp.it/)", "challenge_type": "http-01", "status_code": 403, "problem_type": "urn:ietf:params:acme:error:unauthorized", "error": "Invalid response from http://app.ripapp.it/.well-known/acme-challenge/-TSfWZ7pWl8oM3Yj3afvpdEgXT7UIzAMNRaq-VeZCYE [91.187.200.219]: \"<html lang=\\\"en\\\" xml:lang=\\\"en\\\" xmlns=\\\"[http://www.w3.org/1999/xhtml\\\](http://www.w3.org/1999/xhtml%5C%5C%5C)">\\n<head>\\n <title>Connection denied by Geolocation</title>\\n \""}
2022-02-24T00:55:36.565695802Z 2022/02/24 00:55:36.565 ERROR tls.issuance.acme.acme_client validating authorization {"identifier": "[app.ripapp.it](http://app.ripapp.it/)", "error": "authorization failed: HTTP 403 urn:ietf:params:acme:error:unauthorized - Invalid response from http://app.ripapp.it/.well-known/acme-challenge/-TSfWZ7pWl8oM3Yj3afvpdEgXT7UIzAMNRaq-VeZCYE [91.187.200.219]: \"<html lang=\\\"en\\\" xml:lang=\\\"en\\\" xmlns=\\\"[http://www.w3.org/1999/xhtml\\\](http://www.w3.org/1999/xhtml%5C%5C%5C)">\\n<head>\\n <title>Connection denied by Geolocation</title>\\n \"", "order": "https://acme-staging-v02.api.letsencrypt.org/acme/order/45163348/1866755948", "attempt": 1, "max_attempts": 3}
2022-02-24T00:55:37.923168556Z 2022/02/24 00:55:37.922 INFO tls.issuance.acme.acme_client trying to solve challenge {"identifier": "[app.ripapp.it](http://app.ripapp.it/)", "challenge_type": "tls-alpn-01", "ca": "https://acme-staging-v02.api.letsencrypt.org/directory"}
2022-02-24T00:55:39.351336221Z 2022/02/24 00:55:39.350 ERROR tls.issuance.acme.acme_client challenge failed {"identifier": "[app.ripapp.it](http://app.ripapp.it/)", "challenge_type": "tls-alpn-01", "status_code": 403, "problem_type": "urn:ietf:params:acme:error:unauthorized", "error": "Cannot negotiate ALPN protocol \"acme-tls/1\" for tls-alpn-01 challenge"}
2022-02-24T00:55:39.351435597Z 2022/02/24 00:55:39.350 ERROR tls.issuance.acme.acme_client validating authorization {"identifier": "[app.ripapp.it](http://app.ripapp.it/)", "error": "authorization failed: HTTP 403 urn:ietf:params:acme:error:unauthorized - Cannot negotiate ALPN protocol \"acme-tls/1\" for tls-alpn-01 challenge", "order": "https://acme-staging-v02.api.letsencrypt.org/acme/order/45163348/1866756108", "attempt": 2, "max_attempts": 3}
2022-02-24T00:55:40.883804533Z 2022/02/24 00:55:40.883 ERROR tls.obtain could not get certificate from issuer {"identifier": "[app.ripapp.it](http://app.ripapp.it/)", "issuer": "acme-v02.api.letsencrypt.org-directory", "error": "[[app.ripapp.it](http://app.ripapp.it/)] solving challenges: [app.ripapp.it](http://app.ripapp.it/): no solvers available for remaining challenges (configured=[http-01 tls-alpn-01] offered=[http-01 dns-01 tls-alpn-01] remaining=[dns-01]) (order=https://acme-staging-v02.api.letsencrypt.org/acme/order/45163348/1866756188) (ca=https://acme-staging-v02.api.letsencrypt.org/directory)"}
2022-02-24T00:55:43.675440119Z 2022/02/24 00:55:43.675 INFO tls.issuance.acme.acme_client trying to solve challenge {"identifier": "[app.ripapp.it](http://app.ripapp.it/)", "challenge_type": "http-01", "ca": "https://acme.zerossl.com/v2/DV90"}
2022-02-24T01:00:46.603147360Z 2022/02/24 01:00:46.602 ERROR tls.obtain could not get certificate from issuer {"identifier": "[app.ripapp.it](http://app.ripapp.it/)", "issuer": "acme.zerossl.com-v2-DV90", "error": "[[app.ripapp.it](http://app.ripapp.it/)] solving challenges: [[app.ripapp.it](http://app.ripapp.it/)] authorization took too long (order=https://acme.zerossl.com/v2/DV90/order/gh50TIYO4EQZq7nw71c9sw) (ca=https://acme.zerossl.com/v2/DV90)"}
2022-02-24T01:00:46.603267096Z 2022/02/24 01:00:46.602 ERROR tls.obtain will retry {"error": "[[app.ripapp.it](http://app.ripapp.it/)] Obtain: [[app.ripapp.it](http://app.ripapp.it/)] solving challenges: [[app.ripapp.it](http://app.ripapp.it/)] authorization took too long (order=https://acme.zerossl.com/v2/DV90/order/gh50TIYO4EQZq7nw71c9sw) (ca=https://acme.zerossl.com/v2/DV90)", "attempt": 2, "retrying_in": 120, "elapsed": 693.498980443, "max_duration": 2592000}
What I already tried:
Tried to create different Dockerfiles using different caddy images, tried to remove tls with email in Caddyfile but everytime I get the same error.