1. Caddy version (caddy version
):
v2.3.0 h1:fnrqJLa3G5vfxcxmOH/+kJOcunPLhSBnjgIvjXV/QTA=
2. How I run Caddy:
I run caddy with a basic Caddyfile on a linux machine. I have port 443 and 80 of my machine respectively on port 443 and 8080 on my router. I use a domain from duckdns
a. System environment:
Operating System: Ubuntu 20.10
Kernel: Linux 5.8.0-48-generic
Architecture: x86-64
b. Command:
sudo caddy start
c. Service/unit/compose file:
# caddy.service
#
# For using Caddy with a config file.
#
# Make sure the ExecStart and ExecReload commands are correct
# for your installation.
#
# See https://caddyserver.com/docs/install for instructions.
#
# WARNING: This service does not use the --resume flag, so if you
# use the API to make changes, they will be overwritten by the
# Caddyfile next time the service is restarted. If you intend to
# use Caddy's API to configure it, add the --resume flag to the
# `caddy run` command or use the caddy-api.service file instead.
[Unit]
Description=Caddy
Documentation=https://caddyserver.com/docs/
After=network.target network-online.target
Requires=network-online.target
[Service]
User=caddy
Group=caddy
ExecStart=/usr/bin/caddy run --environ --config /etc/caddy/Caddyfile
ExecReload=/usr/bin/caddy reload --config /etc/caddy/Caddyfile
TimeoutStopSec=5s
LimitNOFILE=1048576
LimitNPROC=512
PrivateTmp=true
ProtectSystem=full
AmbientCapabilities=CAP_NET_BIND_SERVICE
[Install]
WantedBy=multi-user.target
d. My complete Caddyfile or JSON config:
palmiotto.duckdns.org
respond "Hello, world!"
3. The problem I’m having:
I started caddy with a simple handler on a duck dns domain. Locking at the logs it seemed like caddy kept trying obtaining ssl certificates and continuously fails.
When I try to reach my website I get over https the page gives timeout.
4. Error messages and/or full log output:
2021/03/25 11:03:53.014 INFO using adjacent Caddyfile
2021/03/25 11:03:53.016 INFO admin admin endpoint started {"address": "tcp/localhost:2019", "enforce_origin": false, "origins": ["localhost:2019", "[::1]:2019", "127.0.0.1:2019"]}
2021/03/25 11:03:53.016 INFO tls.cache.maintenance started background certificate maintenance {"cache": "0xc000313420"}
2021/03/25 11:03:53.016 INFO http server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS {"server_name": "srv0", "https_port": 443}
2021/03/25 11:03:53.016 INFO http enabling automatic HTTP->HTTPS redirects {"server_name": "srv0"}
2021/03/25 11:03:53.017 INFO http enabling automatic TLS certificate management {"domains": ["palmiotto.duckdns.org"]}
2021/03/25 11:03:53.017 INFO autosaved config {"file": "/root/.config/caddy/autosave.json"}
2021/03/25 11:03:53.017 INFO serving initial configuration
2021/03/25 11:03:53.018 INFO tls.obtain acquiring lock {"identifier": "palmiotto.duckdns.org"}
2021/03/25 11:03:53.018 INFO tls cleaned up storage units
Successfully started Caddy (pid=82196) - Caddy is running in the background
2021/03/25 11:03:53.018 INFO tls.obtain lock acquired {"identifier": "palmiotto.duckdns.org"}
server@palmiottos-server:~$ 2021/03/25 11:03:53.039 INFO tls.issuance.acme waiting on internal rate limite{"identifiers": ["palmiotto.duckdns.org"]}
2021/03/25 11:03:53.039 INFO tls.issuance.acme done waiting on internal rate limiter {"identifiers": ["palmiotto.duckdns.org"]}
2021/03/25 11:03:54.689 INFO tls.issuance.acme.acme_client trying to solve challenge {"identifier": "palmiotto.duckdns.org", "challenge_type": "tls-alpn-01", "ca": "https://acme-v02.api.letsencrypt.org/directory"}
2021/03/25 11:04:05.257 ERROR tls.issuance.acme.acme_client challenge failed {"identifier": "palmiotto.duckdns.org", "challenge_type": "tls-alpn-01", "status_code": 400, "problem_type": "urn:ietf:params:acme:error:connection", "error": "Timeout during connect (likely firewall problem)"}
2021/03/25 11:04:05.257 ERROR tls.issuance.acme.acme_client validating authorization {"identifier": "palmiotto.duckdns.org", "error": "authorization failed: HTTP 400 urn:ietf:params:acme:error:connection - Timeout during connect (likely firewall problem)", "order": "https://acme-v02.api.letsencrypt.org/acme/order/116832725/8659066234", "attempt": 1, "max_attempts": 3}
2021/03/25 11:04:06.782 INFO tls.issuance.acme.acme_client trying to solve challenge {"identifier": "palmiotto.duckdns.org", "challenge_type": "http-01", "ca": "https://acme-v02.api.letsencrypt.org/directory"}
2021/03/25 11:04:07.457 ERROR tls.issuance.acme.acme_client challenge failed {"identifier": "palmiotto.duckdns.org", "challenge_type": "http-01", "status_code": 403, "problem_type": "urn:ietf:params:acme:error:unauthorized", "error": "Invalid response from http://palmiotto.duckdns.org/.well-known/acme-challenge/H7n51SKHC04rTFXzi968VzIRRNf_2vjbrJT3pwsKLL4 [83.174.147.135]: 403"}
2021/03/25 11:04:07.457 ERROR tls.issuance.acme.acme_client validating authorization {"identifier": "palmiotto.duckdns.org", "error": "authorization failed: HTTP 403 urn:ietf:params:acme:error:unauthorized - Invalid response from http://palmiotto.duckdns.org/.well-known/acme-challenge/H7n51SKHC04rTFXzi968VzIRRNf_2vjbrJT3pwsKLL4 [83.174.147.135]: 403", "order": "https://acme-v02.api.letsencrypt.org/acme/order/116832725/8659069541", "attempt": 2, "max_attempts": 3}
2021/03/25 11:04:09.210 INFO tls.issuance.acme waiting on internal rate limiter {"identifiers": ["palmiotto.duckdns.org"]}
2021/03/25 11:04:09.210 INFO tls.issuance.acme done waiting on internal rate limiter {"identifiers": ["palmiotto.duckdns.org"]}
2021/03/25 11:04:11.187 INFO tls.issuance.acme.acme_client trying to solve challenge {"identifier": "palmiotto.duckdns.org", "challenge_type": "http-01", "ca": "https://acme.zerossl.com/v2/DV90"}
2021/03/25 11:09:17.267 ERROR tls.obtain will retry {"error": "[palmiotto.duckdns.org] Obtain: [palmiotto.duckdns.org] solving challenges: [palmiotto.duckdns.org] authorization took too long (order=https://acme.zerossl.com/v2/DV90/order/tTf-kr1QquMRMFDUep6jJg) (ca=https://acme.zerossl.com/v2/DV90)", "attempt": 1, "retrying_in": 60, "elapsed": 324.248714153, "max_duration": 2592000}
2021/03/25 11:10:18.629 INFO tls.issuance.acme.acme_client trying to solve challenge {"identifier": "palmiotto.duckdns.org", "challenge_type": "http-01", "ca": "https://acme-staging-v02.api.letsencrypt.org/directory"}
2021/03/25 11:10:20.467 ERROR tls.issuance.acme.acme_client challenge failed {"identifier": "palmiotto.duckdns.org", "challenge_type": "http-01", "status_code": 403, "problem_type": "urn:ietf:params:acme:error:unauthorized", "error": "Invalid response from http://palmiotto.duckdns.org/.well-known/acme-challenge/Nq-Mi1m09am9R4kX5UbGOWdLwgfZ95-ulWfmasVZ67o [83.174.147.135]: 403"}
2021/03/25 11:10:20.467 ERROR tls.issuance.acme.acme_client validating authorization {"identifier": "palmiotto.duckdns.org", "error": "authorization failed: HTTP 403 urn:ietf:params:acme:error:unauthorized - Invalid response from http://palmiotto.duckdns.org/.well-known/acme-challenge/Nq-Mi1m09am9R4kX5UbGOWdLwgfZ95-ulWfmasVZ67o [83.174.147.135]: 403", "order": "https://acme-staging-v02.api.letsencrypt.org/acme/order/18747809/17663152", "attempt": 1, "max_attempts": 3}
2021/03/25 11:10:21.999 INFO tls.issuance.acme.acme_client trying to solve challenge {"identifier": "palmiotto.duckdns.org", "challenge_type": "tls-alpn-01", "ca": "https://acme-staging-v02.api.letsencrypt.org/directory"}
2021/03/25 11:10:32.407 ERROR tls.issuance.acme.acme_client challenge failed {"identifier": "palmiotto.duckdns.org", "challenge_type": "tls-alpn-01", "status_code": 400, "problem_type": "urn:ietf:params:acme:error:connection", "error": "Timeout during connect (likely firewall problem)"}
2021/03/25 11:10:32.407 ERROR tls.issuance.acme.acme_client validating authorization {"identifier": "palmiotto.duckdns.org", "error": "authorization failed: HTTP 400 urn:ietf:params:acme:error:connection - Timeout during connect (likely firewall problem)", "order": "https://acme-staging-v02.api.letsencrypt.org/acme/order/18747809/17663180", "attempt": 2, "max_attempts": 3}
2021/03/25 11:10:35.904 INFO tls.issuance.acme.acme_client trying to solve challenge {"identifier": "palmiotto.duckdns.org", "challenge_type": "http-01", "ca": "https://acme.zerossl.com/v2/DV90"}
2021/03/25 11:15:36.954 ERROR tls.obtain will retry {"error": "[palmiotto.duckdns.org] Obtain: [palmiotto.duckdns.org] solving challenges: [palmiotto.duckdns.org] authorization took too long (order=https://acme.zerossl.com/v2/DV90/order/_TBNrtol9H4d1CozA6NEhQ) (ca=https://acme.zerossl.com/v2/DV90)", "attempt": 2, "retrying_in": 120, "elapsed": 703.936102239, "max_duration": 2592000}
5. What I already tried:
Originally I forwarded on my router just port 443 and thought the error was somethings like, in the most profane words I’m capable of, the ssl api was trying to send the certificate back to port 80 and found nothing because it was not forwarded. I then talked to my ISP since my router is externally managed and they said I could not forward port 80 because they need it and they forwarded port 80 on my machine running caddy to port 8080 on the router. Will I be able to run caddy with automatic https also with my configuration? Is the error caused by something else? How can I solve this situation?