Can't get cert with caddy

1. Caddy version (caddy version):

caddy 2.4.5

2. How I run Caddy:

systemctl start caddy

a. System environment:

ubuntu 20.04

b. Command:

Paste command here.

c. Service/unit/compose file:

Paste full file contents here.
Make sure backticks stay on their own lines,
and the post looks nice in the preview pane.

d. My complete Caddyfile or JSON config:

lsservice.poteviohealth.com {

proxy http://172.16.3.1:8080

}

3. The problem I’m having:

ERROR LOG:

4. Error messages and/or full log output:

Nov 04 17:53:17 ecs-172 caddy[29034]: {“level”:“error”,“ts”:1636019597.5060143,“logger”:“tls.issuance.acme.acme_client”,“msg”:“validating authorization”,“identifier”:“lsservice.poteviohealth.com”,“error”:“authorization failed: HTTP 400 urn:ietf:params:acme:error:connection - Timeout during connect (likely firewall problem)”,“order”:“https://acme-staging-v02.api.letsencrypt.org/acme/order/29278558/929551768",“attempt”:1,"max_attempts”:3}
Nov 04 17:53:19 ecs-172 caddy[29034]: {“level”:“info”,“ts”:1636019599.8625758,“logger”:“tls.issuance.acme.acme_client”,“msg”:“trying to solve challenge”,“identifier”:“lsservice.poteviohealth.com”,“challenge_type”:“http-01”,“ca”:“https://acme-staging-v02.api.letsencrypt.org/directory”}
Nov 04 17:53:30 ecs-172 caddy[29034]: {“level”:“error”,“ts”:1636019610.9546824,“logger”:“tls.issuance.acme.acme_client”,“msg”:“challenge failed”,“identifier”:“lsservice.poteviohealth.com”,“challenge_type”:“http-01”,“status_code”:400,“problem_type”:“urn:ietf:params:acme:error:connection”,“error”:“Fetching http://lsservice.poteviohealth.com/.well-known/acme-challenge/iKoW5vhqRhtcDQGkFP-KEMQKwirHvNTozZkgSOBdw3M: Timeout during connect (likely firewall problem)”}
Nov 04 17:53:30 ecs-172 caddy[29034]: {“level”:“error”,“ts”:1636019610.9547362,“logger”:“tls.issuance.acme.acme_client”,“msg”:“validating authorization”,“identifier”:“lsservice.poteviohealth.com”,“error”:“authorization failed: HTTP 400 urn:ietf:params:acme:error:connection - Fetching http://lsservice.poteviohealth.com/.well-known/acme-challenge/iKoW5vhqRhtcDQGkFP-KEMQKwirHvNTozZkgSOBdw3M: Timeout during connect (likely firewall problem)”,“order”:“https://acme-staging-v02.api.letsencrypt.org/acme/order/29278558/929552638",“attempt”:2,"max_attempts”:3}
Nov 04 17:53:32 ecs-172 caddy[29034]: {“level”:“error”,“ts”:1636019612.681397,“logger”:“tls.obtain”,“msg”:“could not get certificate from issuer”,“identifier”:“lsservice.poteviohealth.com”,“issuer”:“acme-v02.api.letsencrypt.org-directory”,“error”:"[lsservice.poteviohealth.com] solving challenges: lsservice.poteviohealth.com: no solvers available for remaining challenges (configured=[http-01 tls-alpn-01] offered=[http-01 dns-01 tls-alpn-01] remaining=[dns-01]) (order=https://acme-staging-v02.api.letsencrypt.org/acme/order/29278558/929553358) (ca=https://acme-staging-v02.api.letsencrypt.org/directory)"}
Nov 04 17:53:32 ecs-172 caddy[29034]: {“level”:“warn”,“ts”:1636019612.6816492,“logger”:“tls.issuance.zerossl”,“msg”:“missing email address for ZeroSSL; it is strongly recommended to set one for next time”}
Nov 04 17:53:34 ecs-172 caddy[29034]: {“level”:“info”,“ts”:1636019614.0510418,“logger”:“tls.issuance.zerossl”,“msg”:“generated EAB credentials”,“key_id”:“vLNtbw9wl0Vie-aFzhYJcg”}
Nov 04 17:53:36 ecs-172 caddy[29034]: {“level”:“info”,“ts”:1636019616.1453888,“logger”:“tls.issuance.acme.acme_client”,“msg”:“trying to solve challenge”,“identifier”:“lsservice.poteviohealth.com”,“challenge_type”:“http-01”,“ca”:“https://acme.zerossl.com/v2/DV90”}
Nov 04 17:58:40 ecs-172 caddy[29034]: {“level”:“error”,“ts”:1636019920.6592124,“logger”:“tls.obtain”,“msg”:“could not get certificate from issuer”,“identifier”:“lsservice.poteviohealth.com”,“issuer”:“acme.zerossl.com-v2-DV90”,“error”:"[lsservice.poteviohealth.com] solving challenges: [lsservice.poteviohealth.com] authorization took too long (order=https://acme.zerossl.com/v2/DV90/order/-ApOJvdCHx2wO-T6jKQaQw) (ca=https://acme.zerossl.com/v2/DV90)"}
Nov 04 17:58:40 ecs-172 caddy[29034]: {“level”:“error”,“ts”:1636019920.6592784,“logger”:“tls.obtain”,“msg”:“will retry”,“error”:"[lsservice.poteviohealth.com] Obtain: [lsservice.poteviohealth.com] solving challenges: [lsservice.poteviohealth.com] authorization took too long (order=https://acme.zerossl.com/v2/DV90/order/-ApOJvdCHx2wO-T6jKQaQw) (ca=https://acme.zerossl.com/v2/DV90)",“attempt”:8,“retrying_in”:1800,“elapsed”:6222.505001371,“max_duration”:2592000}

5. What I already tried:

I live in China, so the network to other country is bad.
I told the IT admin to check if the network from other country to the inside network is ok, and got YES.

BUT I am not sure, because I can’t check it from other country.
And

6. Links to relevant resources:

Unfortunately, it seems like Let’s Encrypt, and ZeroSSL (authorization took too long) can’t access your server. Despite what your IT admin says, those CAs aren’t able to reach your server in China.

Maybe you could use the DNS challenge? That way the CA doesn’t have to contact your server.

Thanks a lot, I will try this.

This topic was automatically closed after 30 days. New replies are no longer allowed.