Also at about the same time Rocketchat did a new release via Snap which auto-updated to v 54 - some info on the Snap deployment model for the Rocket.chat app here: Deploy with Ubuntu - Rocket.Chat Docs.
I could still SSH to the server and found that my app and db were alive and well, and the update to Rocket.chat v54 had succeeded.
The problem seemed to be that https was being blocked for some reason. So I confirmed firewall was open, which it does appear to be, and then played with Caddy, and found that when using the tls self-signed directive I could connect successfully to my app - except for my browser complaining about security.
So I think I have a problem with caddy retrieving and using a Lets Encrypt cert - but I am not sure how to diagnose what is going wrong there.
Mar 27 23:23:18 Rocketchat systemd[1]: Started Service for snap application rocketchat-server.rocketchat-caddy.
Mar 27 23:23:21 Rocketchat systemd[1]: snap.rocketchat-server.rocketchat-caddy.service: Main process exited, code=exited, status=1/FAILURE
Mar 27 23:23:21 Rocketchat systemd[1]: snap.rocketchat-server.rocketchat-caddy.service: Unit entered failed state.
Mar 27 23:23:21 Rocketchat systemd[1]: snap.rocketchat-server.rocketchat-caddy.service: Failed with result 'exit-code'.
Mar 27 23:23:21 Rocketchat systemd[1]: snap.rocketchat-server.rocketchat-caddy.service: Service hold-off time over, scheduling restart.
Mar 27 23:23:21 Rocketchat systemd[1]: Stopped Service for snap application rocketchat-server.rocketchat-caddy.
Mar 29 02:26:38 Rocketchat systemd[1]: Started Service for snap application rocketchat-server.rocketchat-caddy.
Mar 29 02:26:38 Rocketchat /usr/bin/snap[33501]: cmd.go:111: DEBUG: restarting into "/snap/core/current/usr/bin/snap"
Mar 29 02:26:40 Rocketchat snap[33501]: Activating privacy features...2017/03/29 02:26:40 [<myurl.com>] failed to get certificate: acme: Error 429 - urn:acme:error:rateLim
Mar 29 02:26:40 Rocketchat systemd[1]: snap.rocketchat-server.rocketchat-caddy.service: Main process exited, code=exited, status=1/FAILURE
Mar 29 02:26:40 Rocketchat systemd[1]: snap.rocketchat-server.rocketchat-caddy.service: Unit entered failed state.
Mar 29 02:26:40 Rocketchat systemd[1]: snap.rocketchat-server.rocketchat-caddy.service: Failed with result 'exit-code'.
Mar 29 02:26:41 Rocketchat systemd[1]: snap.rocketchat-server.rocketchat-caddy.service: Service hold-off time over, scheduling restart.
Mar 29 02:26:41 Rocketchat systemd[1]: Stopped Service for snap application rocketchat-server.rocketchat-caddy.
I don’t know why but your log lines are being truncated. Fortunately, they did include “rateLim” which tells us that you’ve been rate limited by Let’s Encrypt. You’ll have to wait until the limits are expired and then try again.
Thanks @matt@Whitestrake for your help - I quickly looked at that Lets Encrypt ratelimit info and cant imagine how I over ran it - I’m using it in a test instance of a chat system that has extremely low usage. Anyway, I’ll wait out my week and see if it comes back to life for me.
Does Caddy have access to persistent storage to keep its certificates? I’m totally unfamiliar with Snaps, but they seem to share some similarities to containers. I know people running Caddy in Docker hit rate limits very quickly when they aren’t mindful of certificate storage. It only takes five startup cycles for a Dockerized Caddy to be rate limited for the same set of certificates (duplicate cert limit 5/week).
Right, thanks for that. I’ll check with the Rocket.chat team who look after the Snap builds. Sounds like I could be hitting that same problem as the Docker folks.
Sorry to bump an old thread. @Whitestrake reached out via email and mentioned a couple of doc changes to improve our caddy documentation. Just wanted to follow up on this. Where would caddy stick the certificates in ubuntu and would it throw any errors if it were unable to write it? Or would it carry on? Snaps only have certain places files can be stored, so this could definitely be an issue much like if you didn’t use a docker volume at the location of the certs.
Caddy puts certificates and OCSP staples etc. in the $HOME/.caddy folder by default (created if it doesn’t exist) or, if $CADDYPATH is set, it puts them in there. Errors are logged to the Caddy log, -log flag configures that. See https://caddyserver.com/docs/cli.
ah perfect! We can set the directory in a write safe place as well as maybe take a look at logs. Stdout and stderr should be hitting the journal.
Also going to push another release here in the next couple of days to get everyone on caddy 0.10 so you shouldn’t get people coming with the timeout error
If you guys get any other rocket.chat related please feel free to drag me in with a mention. We love caddy