Can't get certificate for internal domain

IvanovSvyatoslav · August 12, 2024, 6:20pm

1. The problem I’m having:

I’m trying to setup internal CA for private network. I have wireguard server and bind9 dns server on 10.0.0.1/16(vpn.maslo). Peer on 10.0.0.100(test.maslo). I am also running systemd caddy acme server on 10.0.0.1, according to this guide acme_server (Caddyfile directive) — Caddy Documentation. Certificate for ca.vpn.maslo is successfully obtained. Root ca cert is downloaded and installed on the peer.
But test.maslo(peer) cannot get certificate. It sends a lot of requests and they dont give any result.

Both servers can ping each other by hostname

----vpn.maslo----
nslookup test.maslo
Server:         127.0.0.53
Address:        127.0.0.53#53

Non-authoritative answer:
Name:   test.maslo
Address: 10.0.0.100

----test.maslo----
nslookup vpn.maslo
Server:         127.0.0.53
Address:        127.0.0.53#53

Non-authoritative answer:
vpn.maslo       canonical name = ns.maslo.
Name:   ns.maslo
Address: 10.0.0.1

test.maslo trusts maslo CA certificate

curl https://ca.vpn.maslo/acme/maslo/directory -v
* Host ca.vpn.maslo:443 was resolved.
* IPv6: (none)
* IPv4: 10.0.0.1
*   Trying 10.0.0.1:443...
* Connected to ca.vpn.maslo (10.0.0.1) port 443
* ALPN: curl offers h2,http/1.1
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
*  CAfile: /etc/ssl/certs/ca-certificates.crt
*  CApath: /etc/ssl/certs
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_128_GCM_SHA256 / X25519 / id-ecPublicKey
* ALPN: server accepted h2
* Server certificate:
*  subject: [NONE]
*  start date: Aug 12 15:34:03 2024 GMT
*  expire date: Aug 13 03:34:03 2024 GMT
*  subjectAltName: host "ca.vpn.maslo" matched cert's "ca.vpn.maslo"
*  issuer: CN=maslo official CA - ECC Intermediate
*  SSL certificate verify ok.
*   Certificate level 0: Public key type EC/prime256v1 (256/128 Bits/secBits), signed using ecdsa-with-SHA256
*   Certificate level 1: Public key type EC/prime256v1 (256/128 Bits/secBits), signed using ecdsa-with-SHA256
*   Certificate level 2: Public key type EC/prime256v1 (256/128 Bits/secBits), signed using ecdsa-with-SHA256
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* using HTTP/2
* [HTTP/2] [1] OPENED stream for https://ca.vpn.maslo/acme/maslo/directory
* [HTTP/2] [1] [:method: GET]
* [HTTP/2] [1] [:scheme: https]
* [HTTP/2] [1] [:authority: ca.vpn.maslo]
* [HTTP/2] [1] [:path: /acme/maslo/directory]
* [HTTP/2] [1] [user-agent: curl/8.5.0]
* [HTTP/2] [1] [accept: */*]
> GET /acme/maslo/directory HTTP/2
> Host: ca.vpn.maslo
> User-Agent: curl/8.5.0
> Accept: */*
>
< HTTP/2 200
< alt-svc: h3=":443"; ma=2592000
< content-type: application/json
< server: Caddy
< content-length: 287
< date: Mon, 12 Aug 2024 18:11:14 GMT
<
{"newNonce":"https://ca.vpn.maslo/acme/maslo/new-nonce","newAccount":"https://ca.vpn.maslo/acme/maslo/new-account","newOrder":"https://ca.vpn.maslo/acme/maslo/new-order","revokeCert":"https://ca.vpn.maslo/acme/maslo/revoke-cert","keyChange":"https://ca.vpn.maslo/acme/maslo/key-change"}
* Connection #0 to host ca.vpn.maslo left intact

2. Error messages and/or full log output:

vpn.maslo logs
Aug 12 20:49:28 maslo-vpn caddy[72440]: {"level":"info","ts":1723484968.6237197,"logger":"http.auto_https","msg":"server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS","server_name":"srv0","https_port":443}
Aug 12 20:49:28 maslo-vpn caddy[72440]: {"level":"info","ts":1723484968.623877,"logger":"http.auto_https","msg":"enabling automatic HTTP->HTTPS redirects","server_name":"srv0"}
Aug 12 20:49:28 maslo-vpn caddy[72440]: {"level":"warn","ts":1723484968.6239223,"logger":"http.auto_https","msg":"server is listening only on the HTTP port, so no automatic HTTPS will be applied to this server","server_name":"srv1","http_port":80}
Aug 12 20:49:28 maslo-vpn caddy[72440]: {"level":"info","ts":1723484968.6320724,"logger":"pki.ca.maslo","msg":"root certificate is already trusted by system","path":"storage:pki/authorities/maslo/root.crt"}
Aug 12 20:49:28 maslo-vpn caddy[72440]: {"level":"info","ts":1723484968.6322532,"logger":"http","msg":"enabling HTTP/3 listener","addr":":443"}
Aug 12 20:49:28 maslo-vpn caddy[72440]: {"level":"info","ts":1723484968.6331108,"logger":"http.log","msg":"server running","name":"srv0","protocols":["h1","h2","h3"]}
Aug 12 20:49:28 maslo-vpn caddy[72440]: {"level":"info","ts":1723484968.6332781,"logger":"http.log","msg":"server running","name":"srv1","protocols":["h1","h2","h3"]}
Aug 12 20:49:28 maslo-vpn caddy[72440]: {"level":"info","ts":1723484968.6333778,"logger":"http","msg":"enabling automatic TLS certificate management","domains":["ca.vpn.maslo"]}
Aug 12 20:49:28 maslo-vpn caddy[72440]: {"level":"warn","ts":1723484968.6339653,"logger":"tls","msg":"stapling OCSP","error":"no OCSP stapling for [ca.vpn.maslo]: no OCSP server specified in certificate","identifiers":["ca.vpn.maslo"]}
Aug 12 20:49:28 maslo-vpn caddy[72440]: {"level":"info","ts":1723484968.6341705,"msg":"autosaved config (load with --resume flag)","file":"/var/lib/caddy/.config/caddy/autosave.json"}
Aug 12 20:49:28 maslo-vpn systemd[1]: Started caddy.service - Caddy.
Aug 12 20:49:28 maslo-vpn caddy[72440]: {"level":"info","ts":1723484968.6365266,"msg":"serving initial configuration"}
Aug 12 20:49:28 maslo-vpn caddy[72440]: {"level":"info","ts":1723484968.6424296,"logger":"tls.cache.maintenance","msg":"started background certificate maintenance","cache":"0xc00087e300"}
Aug 12 20:49:28 maslo-vpn caddy[72440]: {"level":"info","ts":1723484968.6441298,"logger":"tls","msg":"storage cleaning happened too recently; skipping for now","storage":"FileStorage:/var/lib/caddy/.local/share/caddy","instance":"04fe3289-12e4-471e-9d48-004152753b68","try_again":1723571368.6441252,"try_again_in":86399.999998672}
Aug 12 20:49:28 maslo-vpn caddy[72440]: {"level":"info","ts":1723484968.6443396,"logger":"tls","msg":"finished cleaning storage units"}
Aug 12 20:51:46 maslo-vpn caddy[72440]: {"level":"info","ts":1723485106.393967,"logger":"http.log.access","msg":"handled request","request":{"remote_ip":"10.0.0.100","remote_port":"50346","client_ip":"10.0.0.100","proto":"HTTP/2.0","method":"POST","host":"ca.vpn.maslo","uri":"/acme/maslo/new-order","headers":{"User-Agent":["Caddy/2.8.4 CertMagic acmez (linux; amd64)"],"Content-Type":["application/jose+json"],"Content-Length":["583"],"Accept-Encoding":["gzip"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"h2","server_name":"ca.vpn.maslo"}},"bytes_read":583,"user_id":"","duration":0.005579816,"size":400,"status":201,"resp_headers":{"Cache-Control":["no-store"],"Link":["<https://ca.vpn.maslo/acme/maslo/directory>;rel=\"index\""],"Location":["https://ca.vpn.maslo/acme/maslo/order/iX8d3gbTtDdR4z0d7TmfKURfqHvjLEdG"],"Content-Type":["application/json"],"Server":["Caddy"],"Alt-Svc":["h3=\":443\"; ma=2592000"],"Replay-Nonce":["WnpBT3h4MWhyakxCdkRYam0yUTRTcFdxWGVuUDhCVjU"]}}
Aug 12 20:51:46 maslo-vpn caddy[72440]: {"level":"info","ts":1723485106.3979106,"logger":"http.log.access","msg":"handled request","request":{"remote_ip":"10.0.0.100","remote_port":"50346","client_ip":"10.0.0.100","proto":"HTTP/2.0","method":"POST","host":"ca.vpn.maslo","uri":"/acme/maslo/authz/CFbGm7SaHSEMVCADqMEOCRCZ2ntn5dqB","headers":{"Content-Length":["436"],"Accept-Encoding":["gzip"],"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.8.4 CertMagic acmez (linux; amd64)"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"h2","server_name":"ca.vpn.maslo"}},"bytes_read":436,"user_id":"","duration":0.001843796,"size":729,"status":200,"resp_headers":{"Replay-Nonce":["UUNoRzhZaHNCWmgxb0RvUTVHbHhVRjV2b042QXQ1Wk0"],"Cache-Control":["no-store"],"Link":["<https://ca.vpn.maslo/acme/maslo/directory>;rel=\"index\""],"Location":["https://ca.vpn.maslo/acme/maslo/authz/CFbGm7SaHSEMVCADqMEOCRCZ2ntn5dqB"],"Content-Type":["application/json"],"Server":["Caddy"],"Alt-Svc":["h3=\":443\"; ma=2592000"]}}
Aug 12 20:52:16 maslo-vpn caddy[72440]: {"level":"info","ts":1723485136.404124,"logger":"http.log.access","msg":"handled request","request":{"remote_ip":"10.0.0.100","remote_port":"50346","client_ip":"10.0.0.100","proto":"HTTP/2.0","method":"POST","host":"ca.vpn.maslo","uri":"/acme/maslo/challenge/CFbGm7SaHSEMVCADqMEOCRCZ2ntn5dqB/P9NG4lvmRaXzKaXfpwloAlQBJKho4f1e","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.8.4 CertMagic acmez (linux; amd64)"],"Content-Length":["488"],"Accept-Encoding":["gzip"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"h2","server_name":"ca.vpn.maslo"}},"bytes_read":488,"user_id":"","duration":30.003038762,"size":319,"status":200,"resp_headers":{"Cache-Control":["no-store"],"Link":["<https://ca.vpn.maslo/acme/maslo/directory>;rel=\"index\"","<https://ca.vpn.maslo/acme/maslo/authz/CFbGm7SaHSEMVCADqMEOCRCZ2ntn5dqB>;rel=\"up\""],"Location":["https://ca.vpn.maslo/acme/maslo/challenge/CFbGm7SaHSEMVCADqMEOCRCZ2ntn5dqB/P9NG4lvmRaXzKaXfpwloAlQBJKho4f1e"],"Content-Type":["application/json"],"Server":["Caddy"],"Alt-Svc":["h3=\":443\"; ma=2592000"],"Replay-Nonce":["MjBlVTZrMWZTVjZaUW9yN3h6aWVoTG50TjNoNFFoVW4"]}}
Aug 12 20:52:16 maslo-vpn caddy[72440]: {"level":"info","ts":1723485136.6543808,"logger":"http.log.access","msg":"handled request","request":{"remote_ip":"10.0.0.100","remote_port":"50346","client_ip":"10.0.0.100","proto":"HTTP/2.0","method":"POST","host":"ca.vpn.maslo","uri":"/acme/maslo/challenge/CFbGm7SaHSEMVCADqMEOCRCZ2ntn5dqB/P9NG4lvmRaXzKaXfpwloAlQBJKho4f1e","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.8.4 CertMagic acmez (linux; amd64)"],"Content-Length":["488"],"Accept-Encoding":["gzip"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"h2","server_name":"ca.vpn.maslo"}},"bytes_read":488,"user_id":"","duration":0.001097765,"size":89,"status":400,"resp_headers":{"Server":["Caddy"],"Alt-Svc":["h3=\":443\"; ma=2592000"],"Replay-Nonce":["NjVadnRPeWZiOHpvOXI2RkNXZ0VhcGprMVBYSGlFS3E"],"Cache-Control":["no-store"],"Link":["<https://ca.vpn.maslo/acme/maslo/directory>;rel=\"index\""],"Content-Type":["application/problem+json"]}}
Aug 12 20:52:46 maslo-vpn caddy[72440]: {"level":"info","ts":1723485166.91061,"logger":"http.log.access","msg":"handled request","request":{"remote_ip":"10.0.0.100","remote_port":"50346","client_ip":"10.0.0.100","proto":"HTTP/2.0","method":"POST","host":"ca.vpn.maslo","uri":"/acme/maslo/challenge/CFbGm7SaHSEMVCADqMEOCRCZ2ntn5dqB/P9NG4lvmRaXzKaXfpwloAlQBJKho4f1e","headers":{"User-Agent":["Caddy/2.8.4 CertMagic acmez (linux; amd64)"],"Content-Length":["488"],"Accept-Encoding":["gzip"],"Content-Type":["application/jose+json"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"h2","server_name":"ca.vpn.maslo"}},"bytes_read":488,"user_id":"","duration":30.003450898,"size":319,"status":200,"resp_headers":{"Replay-Nonce":["MWdnWUNEeTY3c1l0WVRoQ29UY3NROUZ5RUV3QVRTbE8"],"Cache-Control":["no-store"],"Link":["<https://ca.vpn.maslo/acme/maslo/directory>;rel=\"index\"","<https://ca.vpn.maslo/acme/maslo/authz/CFbGm7SaHSEMVCADqMEOCRCZ2ntn5dqB>;rel=\"up\""],"Location":["https://ca.vpn.maslo/acme/maslo/challenge/CFbGm7SaHSEMVCADqMEOCRCZ2ntn5dqB/P9NG4lvmRaXzKaXfpwloAlQBJKho4f1e"],"Content-Type":["application/json"],"Server":["Caddy"],"Alt-Svc":["h3=\":443\"; ma=2592000"]}}
Aug 12 20:52:47 maslo-vpn caddy[72440]: {"level":"info","ts":1723485167.1608775,"logger":"http.log.access","msg":"handled request","request":{"remote_ip":"10.0.0.100","remote_port":"50346","client_ip":"10.0.0.100","proto":"HTTP/2.0","method":"POST","host":"ca.vpn.maslo","uri":"/acme/maslo/challenge/CFbGm7SaHSEMVCADqMEOCRCZ2ntn5dqB/P9NG4lvmRaXzKaXfpwloAlQBJKho4f1e","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.8.4 CertMagic acmez (linux; amd64)"],"Content-Length":["488"],"Accept-Encoding":["gzip"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"h2","server_name":"ca.vpn.maslo"}},"bytes_read":488,"user_id":"","duration":0.001425809,"size":89,"status":400,"resp_headers":{"Server":["Caddy"],"Alt-Svc":["h3=\":443\"; ma=2592000"],"Replay-Nonce":["RGVuMFhQdkViZllWd0V4bjJ2SUJaWUhaSzVnQUoxazc"],"Cache-Control":["no-store"],"Link":["<https://ca.vpn.maslo/acme/maslo/directory>;rel=\"index\""],"Content-Type":["application/problem+json"]}}
Aug 12 20:53:17 maslo-vpn caddy[72440]: {"level":"info","ts":1723485197.4177547,"logger":"http.log.access","msg":"handled request","request":{"remote_ip":"10.0.0.100","remote_port":"50346","client_ip":"10.0.0.100","proto":"HTTP/2.0","method":"POST","host":"ca.vpn.maslo","uri":"/acme/maslo/challenge/CFbGm7SaHSEMVCADqMEOCRCZ2ntn5dqB/P9NG4lvmRaXzKaXfpwloAlQBJKho4f1e","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.8.4 CertMagic acmez (linux; amd64)"],"Content-Length":["488"],"Accept-Encoding":["gzip"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"h2","server_name":"ca.vpn.maslo"}},"bytes_read":488,"user_id":"","duration":30.003788538,"size":319,"status":200,"resp_headers":{"Link":["<https://ca.vpn.maslo/acme/maslo/directory>;rel=\"index\"","<https://ca.vpn.maslo/acme/maslo/authz/CFbGm7SaHSEMVCADqMEOCRCZ2ntn5dqB>;rel=\"up\""],"Location":["https://ca.vpn.maslo/acme/maslo/challenge/CFbGm7SaHSEMVCADqMEOCRCZ2ntn5dqB/P9NG4lvmRaXzKaXfpwloAlQBJKho4f1e"],"Content-Type":["application/json"],"Server":["Caddy"],"Alt-Svc":["h3=\":443\"; ma=2592000"],"Replay-Nonce":["WnFVTXBSUjdYeFVWa1pzYU9GaWd0UzVKaDdQaHQ1UFM"],"Cache-Control":["no-store"]}}
Aug 12 20:53:17 maslo-vpn caddy[72440]: {"level":"info","ts":1723485197.6663978,"logger":"http.log.access","msg":"handled request","request":{"remote_ip":"10.0.0.100","remote_port":"50346","client_ip":"10.0.0.100","proto":"HTTP/2.0","method":"POST","host":"ca.vpn.maslo","uri":"/acme/maslo/challenge/CFbGm7SaHSEMVCADqMEOCRCZ2ntn5dqB/P9NG4lvmRaXzKaXfpwloAlQBJKho4f1e","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.8.4 CertMagic acmez (linux; amd64)"],"Content-Length":["488"],"Accept-Encoding":["gzip"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"h2","server_name":"ca.vpn.maslo"}},"bytes_read":488,"user_id":"","duration":0.00136592,"size":89,"status":400,"resp_headers":{"Cache-Control":["no-store"],"Link":["<https://ca.vpn.maslo/acme/maslo/directory>;rel=\"index\""],"Content-Type":["application/problem+json"],"Server":["Caddy"],"Alt-Svc":["h3=\":443\"; ma=2592000"],"Replay-Nonce":["WWgxNGxiSTQ3cVlvMWRXT1RIZUhiOWY4UDhDb2c3c3E"]}}
Aug 12 20:53:47 maslo-vpn caddy[72440]: {"level":"info","ts":1723485227.9270704,"logger":"http.log.access","msg":"handled request","request":{"remote_ip":"10.0.0.100","remote_p
ort":"50346","client_ip":"10.0.0.100","proto":"HTTP/2.0","method":"POST","host":"ca.vpn.maslo","uri":"/acme/maslo/challenge/CFbGm7SaHSEMVCADqMEOCRCZ2ntn5dqB/P9NG4lvmRaXzKaXfpwl
oAlQBJKho4f1e","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.8.4 CertMagic acmez (linux; amd64)"],"Content-Length":["488"],"Accept-Encoding":["gzip
"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"h2","server_name":"ca.vpn.maslo"}},"bytes_read":488,"user_id":"","duration":30.008190693,"size":319,"statu
s":200,"resp_headers":{"Server":["Caddy"],"Alt-Svc":["h3=\":443\"; ma=2592000"],"Replay-Nonce":["RkM2RWZxMThnSzlORkRGcXBmcTdOMTFLWkF3YlRoeEg"],"Cache-Control":["no-store"],"Lin
k":["<https://ca.vpn.maslo/acme/maslo/directory>;rel=\"index\"","<https://ca.vpn.maslo/acme/maslo/authz/CFbGm7SaHSEMVCADqMEOCRCZ2ntn5dqB>;rel=\"up\""],"Location":["https://ca.v
pn.maslo/acme/maslo/challenge/CFbGm7SaHSEMVCADqMEOCRCZ2ntn5dqB/P9NG4lvmRaXzKaXfpwloAlQBJKho4f1e"],"Content-Type":["application/json"]}}
Aug 12 20:53:48 maslo-vpn caddy[72440]: {"level":"info","ts":1723485228.1712892,"logger":"http.log.access","msg":"handled request","request":{"remote_ip":"10.0.0.100","remote_p
ort":"50346","client_ip":"10.0.0.100","proto":"HTTP/2.0","method":"POST","host":"ca.vpn.maslo","uri":"/acme/maslo/challenge/CFbGm7SaHSEMVCADqMEOCRCZ2ntn5dqB/P9NG4lvmRaXzKaXfpwl
oAlQBJKho4f1e","headers":{"User-Agent":["Caddy/2.8.4 CertMagic acmez (linux; amd64)"],"Content-Length":["488"],"Accept-Encoding":["gzip"],"Content-Type":["application/jose+json
"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"h2","server_name":"ca.vpn.maslo"}},"bytes_read":488,"user_id":"","duration":0.001152611,"size":89,"status"
:400,"resp_headers":{"Alt-Svc":["h3=\":443\"; ma=2592000"],"Replay-Nonce":["bEFiODJvWlVrcWxxYnZqYm02WEtTTGQxNlJqRURwWFc"],"Cache-Control":["no-store"],"Link":["<https://ca.vpn.
maslo/acme/maslo/directory>;rel=\"index\""],"Content-Type":["application/problem+json"],"Server":["Caddy"]}}
Aug 12 20:54:18 maslo-vpn caddy[72440]: {"level":"info","ts":1723485258.4281454,"logger":"http.log.access","msg":"handled request","request":{"remote_ip":"10.0.0.100","remote_p
ort":"50346","client_ip":"10.0.0.100","proto":"HTTP/2.0","method":"POST","host":"ca.vpn.maslo","uri":"/acme/maslo/challenge/CFbGm7SaHSEMVCADqMEOCRCZ2ntn5dqB/P9NG4lvmRaXzKaXfpwl
oAlQBJKho4f1e","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.8.4 CertMagic acmez (linux; amd64)"],"Content-Length":["488"],"Accept-Encoding":["gzip
"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"h2","server_name":"ca.vpn.maslo"}},"bytes_read":488,"user_id":"","duration":30.004196356,"size":319,"statu
s":200,"resp_headers":{"Alt-Svc":["h3=\":443\"; ma=2592000"],"Replay-Nonce":["Z0lWc01ueG5TdVE2SjNoRjdZSEVSa29sTElIbVk5WHE"],"Cache-Control":["no-store"],"Link":["<https://ca.vp
n.maslo/acme/maslo/directory>;rel=\"index\"","<https://ca.vpn.maslo/acme/maslo/authz/CFbGm7SaHSEMVCADqMEOCRCZ2ntn5dqB>;rel=\"up\""],"Location":["https://ca.vpn.maslo/acme/maslo
/challenge/CFbGm7SaHSEMVCADqMEOCRCZ2ntn5dqB/P9NG4lvmRaXzKaXfpwloAlQBJKho4f1e"],"Content-Type":["application/json"],"Server":["Caddy"]}}
Aug 12 20:54:18 maslo-vpn caddy[72440]: {"level":"info","ts":1723485258.6764495,"logger":"http.log.access","msg":"handled request","request":{"remote_ip":"10.0.0.100","remote_p
ort":"50346","client_ip":"10.0.0.100","proto":"HTTP/2.0","method":"POST","host":"ca.vpn.maslo","uri":"/acme/maslo/challenge/CFbGm7SaHSEMVCADqMEOCRCZ2ntn5dqB/P9NG4lvmRaXzKaXfpwl
oAlQBJKho4f1e","headers":{"User-Agent":["Caddy/2.8.4 CertMagic acmez (linux; amd64)"],"Content-Length":["488"],"Accept-Encoding":["gzip"],"Content-Type":["application/jose+json
"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"h2","server_name":"ca.vpn.maslo"}},"bytes_read":488,"user_id":"","duration":0.001226694,"size":89,"status"
:400,"resp_headers":{"Cache-Control":["no-store"],"Link":["<https://ca.vpn.maslo/acme/maslo/directory>;rel=\"index\""],"Content-Type":["application/problem+json"],"Server":["Ca
ddy"],"Alt-Svc":["h3=\":443\"; ma=2592000"],"Replay-Nonce":["ZVR3SFR2MUxmNjBXMk9YdjZEYmtZd1VxZTZOTlhrZEE"]}}
Aug 12 20:54:48 maslo-vpn caddy[72440]: {"level":"info","ts":1723485288.9347997,"logger":"http.log.access","msg":"handled request","request":{"remote_ip":"10.0.0.100","remote_p
ort":"50346","client_ip":"10.0.0.100","proto":"HTTP/2.0","method":"POST","host":"ca.vpn.maslo","uri":"/acme/maslo/challenge/CFbGm7SaHSEMVCADqMEOCRCZ2ntn5dqB/P9NG4lvmRaXzKaXfpwl
oAlQBJKho4f1e","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.8.4 CertMagic acmez (linux; amd64)"],"Content-Length":["488"],"Accept-Encoding":["gzip
"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"h2","server_name":"ca.vpn.maslo"}},"bytes_read":488,"user_id":"","duration":30.005377554,"size":319,"statu
s":200,"resp_headers":{"Cache-Control":["no-store"],"Link":["<https://ca.vpn.maslo/acme/maslo/directory>;rel=\"index\"","<https://ca.vpn.maslo/acme/maslo/authz/CFbGm7SaHSEMVCAD
qMEOCRCZ2ntn5dqB>;rel=\"up\""],"Location":["https://ca.vpn.maslo/acme/maslo/challenge/CFbGm7SaHSEMVCADqMEOCRCZ2ntn5dqB/P9NG4lvmRaXzKaXfpwloAlQBJKho4f1e"],"Content-Type":["appli
cation/json"],"Server":["Caddy"],"Alt-Svc":["h3=\":443\"; ma=2592000"],"Replay-Nonce":["ZEJvSW1Ib01GQjhzbUJxVVJ3ell0S1Q1QVJSeGF6M2E"]}}
Aug 12 20:54:49 maslo-vpn caddy[72440]: {"level":"info","ts":1723485289.1819074,"logger":"http.log.access","msg":"handled request","request":{"remote_ip":"10.0.0.100","remote_p
ort":"50346","client_ip":"10.0.0.100","proto":"HTTP/2.0","method":"POST","host":"ca.vpn.maslo","uri":"/acme/maslo/challenge/CFbGm7SaHSEMVCADqMEOCRCZ2ntn5dqB/P9NG4lvmRaXzKaXfpwl
oAlQBJKho4f1e","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.8.4 CertMagic acmez (linux; amd64)"],"Content-Length":["488"],"Accept-Encoding":["gzip
"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"h2","server_name":"ca.vpn.maslo"}},"bytes_read":488,"user_id":"","duration":0.001218513,"size":89,"status"
:400,"resp_headers":{"Server":["Caddy"],"Alt-Svc":["h3=\":443\"; ma=2592000"],"Replay-Nonce":["bjhTU00zdERPMzBMUjZCYVZzR3BwaFlzakEydlhaWFM"],"Cache-Control":["no-store"],"Link"
:["<https://ca.vpn.maslo/acme/maslo/directory>;rel=\"index\""],"Content-Type":["application/problem+json"]}}
Aug 12 20:55:19 maslo-vpn caddy[72440]: {"level":"info","ts":1723485319.438813,"logger":"http.log.access","msg":"handled request","request":{"remote_ip":"10.0.0.100","remote_po
rt":"50346","client_ip":"10.0.0.100","proto":"HTTP/2.0","method":"POST","host":"ca.vpn.maslo","uri":"/acme/maslo/challenge/CFbGm7SaHSEMVCADqMEOCRCZ2ntn5dqB/P9NG4lvmRaXzKaXfpwlo
AlQBJKho4f1e","headers":{"Content-Length":["488"],"Accept-Encoding":["gzip"],"User-Agent":["Caddy/2.8.4 CertMagic acmez (linux; amd64)"],"Content-Type":["application/jose+json"
]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"h2","server_name":"ca.vpn.maslo"}},"bytes_read":488,"user_id":"","duration":30.004049227,"size":319,"status
":200,"resp_headers":{"Server":["Caddy"],"Alt-Svc":["h3=\":443\"; ma=2592000"],"Replay-Nonce":["S0Uza0NMeTRnYUZIaUNiR0pZQVdsWDI2QkxENklHUnk"],"Cache-Control":["no-store"],"Link
":["<https://ca.vpn.maslo/acme/maslo/directory>;rel=\"index\"","<https://ca.vpn.maslo/acme/maslo/authz/CFbGm7SaHSEMVCADqMEOCRCZ2ntn5dqB>;rel=\"up\""],"Location":["https://ca.vp
n.maslo/acme/maslo/challenge/CFbGm7SaHSEMVCADqMEOCRCZ2ntn5dqB/P9NG4lvmRaXzKaXfpwloAlQBJKho4f1e"],"Content-Type":["application/json"]}}
Aug 12 20:55:19 maslo-vpn caddy[72440]: {"level":"info","ts":1723485319.687218,"logger":"http.log.access","msg":"handled request","request":{"remote_ip":"10.0.0.100","remote_po
rt":"50346","client_ip":"10.0.0.100","proto":"HTTP/2.0","method":"POST","host":"ca.vpn.maslo","uri":"/acme/maslo/challenge/CFbGm7SaHSEMVCADqMEOCRCZ2ntn5dqB/P9NG4lvmRaXzKaXfpwlo
AlQBJKho4f1e","headers":{"Accept-Encoding":["gzip"],"User-Agent":["Caddy/2.8.4 CertMagic acmez (linux; amd64)"],"Content-Type":["application/jose+json"],"Content-Length":["488"
]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"h2","server_name":"ca.vpn.maslo"}},"bytes_read":488,"user_id":"","duration":0.001330882,"size":89,"status":
400,"resp_headers":{"Link":["<https://ca.vpn.maslo/acme/maslo/directory>;rel=\"index\""],"Content-Type":["application/problem+json"],"Server":["Caddy"],"Alt-Svc":["h3=\":443\";
 ma=2592000"],"Replay-Nonce":["bEE0NkNhU1Mxd3NjaW9oek5OenJOUGEzdkp1ZkhvZU4"],"Cache-Control":["no-store"]}}
Aug 12 20:55:49 maslo-vpn caddy[72440]: {"level":"info","ts":1723485349.9470816,"logger":"http.log.access","msg":"handled request","request":{"remote_ip":"10.0.0.100","remote_p
ort":"50346","client_ip":"10.0.0.100","proto":"HTTP/2.0","method":"POST","host":"ca.vpn.maslo","uri":"/acme/maslo/challenge/CFbGm7SaHSEMVCADqMEOCRCZ2ntn5dqB/P9NG4lvmRaXzKaXfpwl
oAlQBJKho4f1e","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.8.4 CertMagic acmez (linux; amd64)"],"Content-Length":["488"],"Accept-Encoding":["gzip
"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"h2","server_name":"ca.vpn.maslo"}},"bytes_read":488,"user_id":"","duration":30.006924737,"size":319,"statu
s":200,"resp_headers":{"Content-Type":["application/json"],"Server":["Caddy"],"Alt-Svc":["h3=\":443\"; ma=2592000"],"Replay-Nonce":["dWJ4V09tWkFNZEZQZkYxTElmaUxQUDFaaUFhaTZrNlU
"],"Cache-Control":["no-store"],"Link":["<https://ca.vpn.maslo/acme/maslo/directory>;rel=\"index\"","<https://ca.vpn.maslo/acme/maslo/authz/CFbGm7SaHSEMVCADqMEOCRCZ2ntn5dqB>;re
l=\"up\""],"Location":["https://ca.vpn.maslo/acme/maslo/challenge/CFbGm7SaHSEMVCADqMEOCRCZ2ntn5dqB/P9NG4lvmRaXzKaXfpwloAlQBJKho4f1e"]}}
Aug 12 20:55:50 maslo-vpn caddy[72440]: {"level":"info","ts":1723485350.1928725,"logger":"http.log.access","msg":"handled request","request":{"remote_ip":"10.0.0.100","remote_p
ort":"50346","client_ip":"10.0.0.100","proto":"HTTP/2.0","method":"POST","host":"ca.vpn.maslo","uri":"/acme/maslo/challenge/CFbGm7SaHSEMVCADqMEOCRCZ2ntn5dqB/P9NG4lvmRaXzKaXfpwl
oAlQBJKho4f1e","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.8.4 CertMagic acmez (linux; amd64)"],"Content-Length":["488"],"Accept-Encoding":["gzip
"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"h2","server_name":"ca.vpn.maslo"}},"bytes_read":488,"user_id":"","duration":0.00142379,"size":89,"status":
400,"resp_headers":{"Link":["<https://ca.vpn.maslo/acme/maslo/directory>;rel=\"index\""],"Content-Type":["application/problem+json"],"Server":["Caddy"],"Alt-Svc":["h3=\":443\";
 ma=2592000"],"Replay-Nonce":["UGlCaU1abElHeVZ4dFB3Z1UyRGp2ZUpiNlVnUW1OTkM"],"Cache-Control":["no-store"]}}
Aug 12 20:56:20 maslo-vpn caddy[72440]: {"level":"info","ts":1723485380.4499652,"logger":"http.log.access","msg":"handled request","request":{"remote_ip":"10.0.0.100","remote_p
ort":"50346","client_ip":"10.0.0.100","proto":"HTTP/2.0","method":"POST","host":"ca.vpn.maslo","uri":"/acme/maslo/challenge/CFbGm7SaHSEMVCADqMEOCRCZ2ntn5dqB/P9NG4lvmRaXzKaXfpwl
oAlQBJKho4f1e","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.8.4 CertMagic acmez (linux; amd64)"],"Content-Length":["488"],"Accept-Encoding":["gzip
"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"h2","server_name":"ca.vpn.maslo"}},"bytes_read":488,"user_id":"","duration":30.003873186,"size":319,"statu
s":200,"resp_headers":{"Link":["<https://ca.vpn.maslo/acme/maslo/directory>;rel=\"index\"","<https://ca.vpn.maslo/acme/maslo/authz/CFbGm7SaHSEMVCADqMEOCRCZ2ntn5dqB>;rel=\"up\""
],"Location":["https://ca.vpn.maslo/acme/maslo/challenge/CFbGm7SaHSEMVCADqMEOCRCZ2ntn5dqB/P9NG4lvmRaXzKaXfpwloAlQBJKho4f1e"],"Content-Type":["application/json"],"Server":["Cadd
y"],"Alt-Svc":["h3=\":443\"; ma=2592000"],"Replay-Nonce":["SVRFSE51TU1JYjJSb09RQ2trMFlqelVqUEx6eTIwVnQ"],"Cache-Control":["no-store"]}}
Aug 12 20:56:20 maslo-vpn caddy[72440]: {"level":"info","ts":1723485380.6983507,"logger":"http.log.access","msg":"handled request","request":{"remote_ip":"10.0.0.100","remote_p
ort":"50346","client_ip":"10.0.0.100","proto":"HTTP/2.0","method":"POST","host":"ca.vpn.maslo","uri":"/acme/maslo/challenge/CFbGm7SaHSEMVCADqMEOCRCZ2ntn5dqB/P9NG4lvmRaXzKaXfpwl
oAlQBJKho4f1e","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.8.4 CertMagic acmez (linux; amd64)"],"Content-Length":["488"],"Accept-Encoding":["gzip
"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"h2","server_name":"ca.vpn.maslo"}},"bytes_read":488,"user_id":"","duration":0.001169254,"size":89,"status"
:400,"resp_headers":{"Link":["<https://ca.vpn.maslo/acme/maslo/directory>;rel=\"index\""],"Content-Type":["application/problem+json"],"Server":["Caddy"],"Alt-Svc":["h3=\":443\"
; ma=2592000"],"Replay-Nonce":["OHNDOWNTTkJxNlQxem5WTjF1SnAzSW1pSGw5MVM5SU0"],"Cache-Control":["no-store"]}}
Aug 12 20:56:50 maslo-vpn caddy[72440]: {"level":"info","ts":1723485410.955893,"logger":"http.log.access","msg":"handled request","request":{"remote_ip":"10.0.0.100","remote_po
rt":"50346","client_ip":"10.0.0.100","proto":"HTTP/2.0","method":"POST","host":"ca.vpn.maslo","uri":"/acme/maslo/challenge/CFbGm7SaHSEMVCADqMEOCRCZ2ntn5dqB/P9NG4lvmRaXzKaXfpwlo
AlQBJKho4f1e","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.8.4 CertMagic acmez (linux; amd64)"],"Content-Length":["488"],"Accept-Encoding":["gzip"
]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"h2","server_name":"ca.vpn.maslo"}},"bytes_read":488,"user_id":"","duration":30.004099689,"size":319,"status
":200,"resp_headers":{"Location":["https://ca.vpn.maslo/acme/maslo/challenge/CFbGm7SaHSEMVCADqMEOCRCZ2ntn5dqB/P9NG4lvmRaXzKaXfpwloAlQBJKho4f1e"],"Content-Type":["application/js
on"],"Server":["Caddy"],"Alt-Svc":["h3=\":443\"; ma=2592000"],"Replay-Nonce":["dW03VnZxUEhXbnFXb2NWODJxZ2FBbFRxbGcwVkx3cEY"],"Cache-Control":["no-store"],"Link":["<https://ca.v
pn.maslo/acme/maslo/directory>;rel=\"index\"","<https://ca.vpn.maslo/acme/maslo/authz/CFbGm7SaHSEMVCADqMEOCRCZ2ntn5dqB>;rel=\"up\""]}}
Aug 12 20:56:51 maslo-vpn caddy[72440]: {"level":"info","ts":1723485411.2050242,"logger":"http.log.access","msg":"handled request","request":{"remote_ip":"10.0.0.100","remote_p
ort":"50346","client_ip":"10.0.0.100","proto":"HTTP/2.0","method":"POST","host":"ca.vpn.maslo","uri":"/acme/maslo/challenge/CFbGm7SaHSEMVCADqMEOCRCZ2ntn5dqB/P9NG4lvmRaXzKaXfpwl
oAlQBJKho4f1e","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.8.4 CertMagic acmez (linux; amd64)"],"Content-Length":["488"],"Accept-Encoding":["gzip
"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"h2","server_name":"ca.vpn.maslo"}},"bytes_read":488,"user_id":"","duration":0.001564587,"size":89,"status"
:400,"resp_headers":{"Alt-Svc":["h3=\":443\"; ma=2592000"],"Replay-Nonce":["NVZnR2V0anBQQlZPOTRLc0x0R1dkOVZlVXJyaVowdXA"],"Cache-Control":["no-store"],"Link":["<https://ca.vpn.
maslo/acme/maslo/directory>;rel=\"index\""],"Content-Type":["application/problem+json"],"Server":["Caddy"]}}
Aug 12 20:56:51 maslo-vpn caddy[72440]: {"level":"info","ts":1723485411.2104712,"logger":"http.log.access","msg":"handled request","request":{"remote_ip":"10.0.0.100","remote_p
ort":"50346","client_ip":"10.0.0.100","proto":"HTTP/2.0","method":"POST","host":"ca.vpn.maslo","uri":"/acme/maslo/authz/CFbGm7SaHSEMVCADqMEOCRCZ2ntn5dqB","headers":{"Accept-Enc
oding":["gzip"],"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.8.4 CertMagic acmez (linux; amd64)"],"Content-Length":["468"]},"tls":{"resumed":false,"version":
772,"cipher_suite":4865,"proto":"h2","server_name":"ca.vpn.maslo"}},"bytes_read":468,"user_id":"","duration":0.002155256,"size":93,"status":400,"resp_headers":{"Replay-Nonce":[
"NXNXbzVVbDdSREJtcE5kT28wb3ozZVVobUVsZjRzSUI"],"Cache-Control":["no-store"],"Link":["<https://ca.vpn.maslo/acme/maslo/directory>;rel=\"index\""],"Content-Type":["application/pr
oblem+json"],"Server":["Caddy"],"Alt-Svc":["h3=\":443\"; ma=2592000"]}}
Aug 12 20:57:51 maslo-vpn caddy[72440]: {"level":"info","ts":1723485471.2173462,"logger":"http.log.access","msg":"handled request","request":{"remote_ip":"10.0.0.100","remote_p
ort":"50346","client_ip":"10.0.0.100","proto":"HTTP/2.0","method":"HEAD","host":"ca.vpn.maslo","uri":"/acme/maslo/new-nonce","headers":{"User-Agent":["Caddy/2.8.4 CertMagic acm
ez (linux; amd64)"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"h2","server_name":"ca.vpn.maslo"}},"bytes_read":0,"user_id":"","duration":0.001155418,"si
ze":0,"status":200,"resp_headers":{"Server":["Caddy"],"Alt-Svc":["h3=\":443\"; ma=2592000"],"Replay-Nonce":["dDR3Z3dyRGkwUXlSWEt4cFl5b3BUSVhhSXhIQVpIVUU"],"Cache-Control":["no-
store"],"Link":["<https://ca.vpn.maslo/acme/maslo/directory>;rel=\"index\""]}}
Aug 12 20:57:51 maslo-vpn caddy[72440]: {"level":"info","ts":1723485471.223738,"logger":"http.log.access","msg":"handled request","request":{"remote_ip":"10.0.0.100","remote_po
rt":"50346","client_ip":"10.0.0.100","proto":"HTTP/2.0","method":"POST","host":"ca.vpn.maslo","uri":"/acme/maslo/new-order","headers":{"Content-Type":["application/jose+json"],
"User-Agent":["Caddy/2.8.4 CertMagic acmez (linux; amd64)"],"Content-Length":["583"],"Accept-Encoding":["gzip"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto
":"h2","server_name":"ca.vpn.maslo"}},"bytes_read":583,"user_id":"","duration":0.004638875,"size":400,"status":201,"resp_headers":{"Cache-Control":["no-store"],"Link":["<https:
//ca.vpn.maslo/acme/maslo/directory>;rel=\"index\""],"Location":["https://ca.vpn.maslo/acme/maslo/order/UY9RAZJor0f2NPDyDaS5iSzWUoc2ZBMi"],"Content-Type":["application/json"],"
Server":["Caddy"],"Alt-Svc":["h3=\":443\"; ma=2592000"],"Replay-Nonce":["cDdiOHVsZGFwSHZpaHZGRWM4N0FlbllQWklDRFVzUW0"]}}
Aug 12 20:57:51 maslo-vpn caddy[72440]: {"level":"info","ts":1723485471.2273486,"logger":"http.log.access","msg":"handled request","request":{"remote_ip":"10.0.0.100","remote_p
ort":"50346","client_ip":"10.0.0.100","proto":"HTTP/2.0","method":"POST","host":"ca.vpn.maslo","uri":"/acme/maslo/authz/tcesIzigjNAhP0GU6qHp53xxlzGK5oZC","headers":{"Content-Le
ngth":["436"],"Accept-Encoding":["gzip"],"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.8.4 CertMagic acmez (linux; amd64)"]},"tls":{"resumed":false,"version":
772,"cipher_suite":4865,"proto":"h2","server_name":"ca.vpn.maslo"}},"bytes_read":436,"user_id":"","duration":0.001697156,"size":729,"status":200,"resp_headers":{"Server":["Cadd
y"],"Alt-Svc":["h3=\":443\"; ma=2592000"],"Replay-Nonce":["VThzWEU1MFRxcXg3RHRLV1gyQmluMjczU2gxcTdIOWE"],"Cache-Control":["no-store"],"Link":["<https://ca.vpn.maslo/acme/maslo/
directory>;rel=\"index\""],"Location":["https://ca.vpn.maslo/acme/maslo/authz/tcesIzigjNAhP0GU6qHp53xxlzGK5oZC"],"Content-Type":["application/json"]}}




test.maslo logs
Aug 12 20:51:46 test caddy[11311]: {"level":"info","ts":1723485106.3544817,"msg":"using config from file","file":"/etc/caddy/Caddyfile"}
Aug 12 20:51:46 test caddy[11311]: {"level":"info","ts":1723485106.3578284,"msg":"adapted config to JSON","adapter":"caddyfile"}
Aug 12 20:51:46 test caddy[11311]: {"level":"info","ts":1723485106.3621323,"logger":"admin","msg":"admin endpoint started","address":"localhost:2019","enforce_origin":false,"origins":["//localhost:2019","//[::1]:2019","//127.0.0.1:2019"]}
Aug 12 20:51:46 test caddy[11311]: {"level":"info","ts":1723485106.362503,"logger":"http.auto_https","msg":"server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS","server_name":"srv0","https_port":443}
Aug 12 20:51:46 test caddy[11311]: {"level":"info","ts":1723485106.3627188,"logger":"http.auto_https","msg":"enabling automatic HTTP->HTTPS redirects","server_name":"srv0"}
Aug 12 20:51:46 test caddy[11311]: {"level":"info","ts":1723485106.3632157,"logger":"http","msg":"enabling HTTP/3 listener","addr":":443"}
Aug 12 20:51:46 test caddy[11311]: {"level":"info","ts":1723485106.3635118,"logger":"http.log","msg":"server running","name":"srv0","protocols":["h1","h2","h3"]}
Aug 12 20:51:46 test caddy[11311]: {"level":"info","ts":1723485106.3635647,"logger":"http.log","msg":"server running","name":"remaining_auto_https_redirects","protocols":["h1","h2","h3"]}
Aug 12 20:51:46 test caddy[11311]: {"level":"info","ts":1723485106.3635714,"logger":"http","msg":"enabling automatic TLS certificate management","domains":["test.maslo"]}
Aug 12 20:51:46 test caddy[11311]: {"level":"info","ts":1723485106.3638206,"msg":"autosaved config (load with --resume flag)","file":"/var/lib/caddy/.config/caddy/autosave.json"}
Aug 12 20:51:46 test systemd[1]: Started caddy.service - Caddy.
Aug 12 20:51:46 test caddy[11311]: {"level":"info","ts":1723485106.3669267,"msg":"serving initial configuration"}
Aug 12 20:51:46 test caddy[11311]: {"level":"info","ts":1723485106.3676403,"logger":"tls.obtain","msg":"acquiring lock","identifier":"test.maslo"}
Aug 12 20:51:46 test caddy[11311]: {"level":"info","ts":1723485106.3734114,"logger":"tls.cache.maintenance","msg":"started background certificate maintenance","cache":"0xc00026b500"}
Aug 12 20:51:46 test caddy[11311]: {"level":"info","ts":1723485106.3755085,"logger":"tls.obtain","msg":"lock acquired","identifier":"test.maslo"}
Aug 12 20:51:46 test caddy[11311]: {"level":"info","ts":1723485106.37559,"logger":"tls.obtain","msg":"obtaining certificate","identifier":"test.maslo"}
Aug 12 20:51:46 test caddy[11311]: {"level":"info","ts":1723485106.3768873,"logger":"tls.issuance.acme","msg":"waiting on internal rate limiter","identifiers":["test.maslo"],"ca":"https://ca.vpn.maslo/acme/maslo/directory","account":""}
Aug 12 20:51:46 test caddy[11311]: {"level":"info","ts":1723485106.3769195,"logger":"tls.issuance.acme","msg":"done waiting on internal rate limiter","identifiers":["test.maslo"],"ca":"https://ca.vpn.maslo/acme/maslo/directory","account":""}
Aug 12 20:51:46 test caddy[11311]: {"level":"info","ts":1723485106.376933,"logger":"tls.issuance.acme","msg":"using ACME account","account_id":"https://ca.vpn.maslo/acme/maslo/account/oCTqiHTye2HpLqRPnlOZtlIYlSjYHJAo","account_contact":[]}
Aug 12 20:51:46 test caddy[11311]: {"level":"info","ts":1723485106.3842049,"logger":"tls","msg":"storage cleaning happened too recently; skipping for now","storage":"FileStorage:/var/lib/caddy/.local/share/caddy","instance":"396319d5-171c-464c-a5fd-b6cec5b4e043","try_again":1723571506.3842032,"try_again_in":86399.999999521}
Aug 12 20:51:46 test caddy[11311]: {"level":"info","ts":1723485106.3843079,"logger":"tls","msg":"finished cleaning storage units"}
Aug 12 20:51:46 test caddy[11311]: {"level":"info","ts":1723485106.4017599,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"test.maslo","challenge_type":"tls-alpn-01","ca":"https://ca.vpn.maslo/acme/maslo/directory"}
Aug 12 20:52:16 test caddy[11311]: {"level":"warn","ts":1723485136.4033773,"logger":"tls.issuance.acme.acme_client","msg":"HTTP request failed; retrying","url":"https://ca.vpn.maslo/acme/maslo/challenge/CFbGm7SaHSEMVCADqMEOCRCZ2ntn5dqB/P9NG4lvmRaXzKaXfpwloAlQBJKho4f1e","error":"performing request: Post \"https://ca.vpn.maslo/acme/maslo/challenge/CFbGm7SaHSEMVCADqMEOCRCZ2ntn5dqB/P9NG4lvmRaXzKaXfpwloAlQBJKho4f1e\": context deadline exceeded (Client.Timeout exceeded while awaiting headers)"}
Aug 12 20:52:46 test caddy[11311]: {"level":"warn","ts":1723485166.909437,"logger":"tls.issuance.acme.acme_client","msg":"HTTP request failed; retrying","url":"https://ca.vpn.maslo/acme/maslo/challenge/CFbGm7SaHSEMVCADqMEOCRCZ2ntn5dqB/P9NG4lvmRaXzKaXfpwloAlQBJKho4f1e","error":"performing request: Post \"https://ca.vpn.maslo/acme/maslo/challenge/CFbGm7SaHSEMVCADqMEOCRCZ2ntn5dqB/P9NG4lvmRaXzKaXfpwloAlQBJKho4f1e\": http2: timeout awaiting response headers (Client.Timeout exceeded while awaiting headers)"}
Aug 12 20:53:17 test caddy[11311]: {"level":"warn","ts":1723485197.4148097,"logger":"tls.issuance.acme.acme_client","msg":"HTTP request failed; retrying","url":"https://ca.vpn.maslo/acme/maslo/challenge/CFbGm7SaHSEMVCADqMEOCRCZ2ntn5dqB/P9NG4lvmRaXzKaXfpwloAlQBJKho4f1e","error":"performing request: Post \"https://ca.vpn.maslo/acme/maslo/challenge/CFbGm7SaHSEMVCADqMEOCRCZ2ntn5dqB/P9NG4lvmRaXzKaXfpwloAlQBJKho4f1e\": context deadline exceeded (Client.Timeout exceeded while awaiting headers)"}
Aug 12 20:53:47 test caddy[11311]: {"level":"warn","ts":1723485227.9194527,"logger":"tls.issuance.acme.acme_client","msg":"HTTP request failed; retrying","url":"https://ca.vpn.maslo/acme/maslo/challenge/CFbGm7SaHSEMVCADqMEOCRCZ2ntn5dqB/P9NG4lvmRaXzKaXfpwloAlQBJKho4f1e","error":"performing request: Post \"https://ca.vpn.maslo/acme/maslo/challenge/CFbGm7SaHSEMVCADqMEOCRCZ2ntn5dqB/P9NG4lvmRaXzKaXfpwloAlQBJKho4f1e\": context deadline exceeded (Client.Timeout exceeded while awaiting headers)"}
Aug 12 20:54:18 test caddy[11311]: {"level":"warn","ts":1723485258.4241157,"logger":"tls.issuance.acme.acme_client","msg":"HTTP request failed; retrying","url":"https://ca.vpn.maslo/acme/maslo/challenge/CFbGm7SaHSEMVCADqMEOCRCZ2ntn5dqB/P9NG4lvmRaXzKaXfpwloAlQBJKho4f1e","error":"performing request: Post \"https://ca.vpn.maslo/acme/maslo/challenge/CFbGm7SaHSEMVCADqMEOCRCZ2ntn5dqB/P9NG4lvmRaXzKaXfpwloAlQBJKho4f1e\": context deadline exceeded (Client.Timeout exceeded while awaiting headers)"}
Aug 12 20:54:48 test caddy[11311]: {"level":"warn","ts":1723485288.9290872,"logger":"tls.issuance.acme.acme_client","msg":"HTTP request failed; retrying","url":"https://ca.vpn.
maslo/acme/maslo/challenge/CFbGm7SaHSEMVCADqMEOCRCZ2ntn5dqB/P9NG4lvmRaXzKaXfpwloAlQBJKho4f1e","error":"performing request: Post \"https://ca.vpn.maslo/acme/maslo/challenge/CFbGm7SaHSEMVCADqMEOCRCZ2ntn5dqB/P9NG4lvmRaXzKaXfpwloAlQBJKho4f1e\": context deadline exceeded (Client.Timeout exceeded while awaiting headers)"}
Aug 12 20:55:19 test caddy[11311]: {"level":"warn","ts":1723485319.4341006,"logger":"tls.issuance.acme.acme_client","msg":"HTTP request failed; retrying","url":"https://ca.vpn.maslo/acme/maslo/challenge/CFbGm7SaHSEMVCADqMEOCRCZ2ntn5dqB/P9NG4lvmRaXzKaXfpwloAlQBJKho4f1e","error":"performing request: Post \"https://ca.vpn.maslo/acme/maslo/challenge/CFbGm7SaHSEMVCADqMEOCRCZ2ntn5dqB/P9NG4lvmRaXzKaXfpwloAlQBJKho4f1e\": context deadline exceeded (Client.Timeout exceeded while awaiting headers)"}
Aug 12 20:55:49 test caddy[11311]: {"level":"warn","ts":1723485349.9392436,"logger":"tls.issuance.acme.acme_client","msg":"HTTP request failed; retrying","url":"https://ca.vpn.maslo/acme/maslo/challenge/CFbGm7SaHSEMVCADqMEOCRCZ2ntn5dqB/P9NG4lvmRaXzKaXfpwloAlQBJKho4f1e","error":"performing request: Post \"https://ca.vpn.maslo/acme/maslo/challenge/CFbGm7SaHSEMVCADqMEOCRCZ2ntn5dqB/P9NG4lvmRaXzKaXfpwloAlQBJKho4f1e\": context deadline exceeded (Client.Timeout exceeded while awaiting headers)"}
Aug 12 20:56:20 test caddy[11311]: {"level":"warn","ts":1723485380.4444196,"logger":"tls.issuance.acme.acme_client","msg":"HTTP request failed; retrying","url":"https://ca.vpn.maslo/acme/maslo/challenge/CFbGm7SaHSEMVCADqMEOCRCZ2ntn5dqB/P9NG4lvmRaXzKaXfpwloAlQBJKho4f1e","error":"performing request: Post \"https://ca.vpn.maslo/acme/maslo/challenge/CFbGm7SaHSEMVCADqMEOCRCZ2ntn5dqB/P9NG4lvmRaXzKaXfpwloAlQBJKho4f1e\": context deadline exceeded (Client.Timeout exceeded while awaiting headers)"}
Aug 12 20:56:50 test caddy[11311]: {"level":"warn","ts":1723485410.949988,"logger":"tls.issuance.acme.acme_client","msg":"HTTP request failed; retrying","url":"https://ca.vpn.maslo/acme/maslo/challenge/CFbGm7SaHSEMVCADqMEOCRCZ2ntn5dqB/P9NG4lvmRaXzKaXfpwloAlQBJKho4f1e","error":"performing request: Post \"https://ca.vpn.maslo/acme/maslo/challenge/CFbGm7SaHSEMVCADqMEOCRCZ2ntn5dqB/P9NG4lvmRaXzKaXfpwloAlQBJKho4f1e\": context deadline exceeded (Client.Timeout exceeded while awaiting headers)"}
Aug 12 20:56:51 test caddy[11311]: {"level":"error","ts":1723485411.210333,"logger":"tls.issuance.acme.acme_client","msg":"deactivating authorization","identifier":"test.maslo","authz":"https://ca.vpn.maslo/acme/maslo/authz/CFbGm7SaHSEMVCADqMEOCRCZ2ntn5dqB","error":"attempt 1: https://ca.vpn.maslo/acme/maslo/authz/CFbGm7SaHSEMVCADqMEOCRCZ2ntn5dqB: HTTP 400 urn:ietf:params:acme:error:malformed - The request message was malformed"}
Aug 12 20:56:51 test caddy[11311]: {"level":"error","ts":1723485411.2104,"logger":"tls.issuance.acme.acme_client","msg":"validating authorization","problem":{"type":"urn:ietf:params:acme:error:badNonce","title":"","detail":"Unacceptable anti-replay nonce","instance":"","subproblems":[]},"order":"https://ca.vpn.maslo/acme/maslo/order/iX8d3gbTtDdR4z0d7TmfKURfqHvjLEdG","attempt":1,"max_attempts":3}
Aug 12 20:56:51 test caddy[11311]: {"level":"error","ts":1723485411.2104576,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"test.maslo","issuer":"ca.vpn.maslo-acme-maslo-directory","error":"HTTP 400 urn:ietf:params:acme:error:badNonce - Unacceptable anti-replay nonce"}
Aug 12 20:56:51 test caddy[11311]: {"level":"error","ts":1723485411.2105703,"logger":"tls.obtain","msg":"will retry","error":"[test.maslo] Obtain: [test.maslo] solving challenge: initiating challenge with server: attempt 11: https://ca.vpn.maslo/acme/maslo/challenge/CFbGm7SaHSEMVCADqMEOCRCZ2ntn5dqB/P9NG4lvmRaXzKaXfpwloAlQBJKho4f1e: HTTP 400 urn:ietf:params:acme:error:badNonce - Unacceptable anti-replay nonce (ca=https://ca.vpn.maslo/acme/maslo/directory)","attempt":1,"retrying_in":60,"elapsed":304.835044535,"max_duration":2592000}

3. Caddy version:

v2.8.4

4. How I installed and ran Caddy:

Stable release from here Install — Caddy Documentation

a. System environment:

ubuntu 24.04

b. Command:

sudo service restart caddy

c. Service/unit/compose file:

[Unit]
Description=Caddy
Documentation=https://caddyserver.com/docs/
After=network.target network-online.target
Requires=network-online.target

[Service]
Type=notify
User=caddy
Group=caddy
ExecStart=/usr/bin/caddy run --environ --config /etc/caddy/Caddyfile
ExecReload=/usr/bin/caddy reload --config /etc/caddy/Caddyfile --force
TimeoutStopSec=5s
LimitNOFILE=1048576
PrivateTmp=true
ProtectSystem=full
AmbientCapabilities=CAP_NET_ADMIN CAP_NET_BIND_SERVICE

[Install]
WantedBy=multi-user.targe

d. My complete Caddy config:

----test.maslo----
{
        acme_ca https://ca.vpn.maslo/acme/maslo/directory
}

test.maslo {
        respond "Hello, world!"
}



----vpn.maslo----
{
        pki {
                ca maslo {
                        name "maslo official CA"
                }
        }
        log
}

http://certs.vpn.maslo {
        file_server {
                root /var/lib/caddy/.local/share/caddy/pki/authorities/maslo
                hide *.key
                browse
        }
}

ca.vpn.maslo {
        log
        tls {
                issuer internal {
                        ca maslo
                }
        }
        acme_server {
                ca maslo
        }
}

5. Links to relevant resources:

Mohammed90 · August 12, 2024, 7:24pm

This typically indicates network level issue. Try network troubleshooting steps. When I experienced something similar (Wireguard but using Tailscale; and without the ACME server, plain reverse proxy), the issue was the MTU. I think 1500 is what worked for me.

IvanovSvyatoslav · August 13, 2024, 6:51am

Thank you for reply! What should I do to troubleshoot network? Pings and curl requests are working

Mohammed90 · August 14, 2024, 7:50am

Ping is different because its packets are small. I’m not sure why curl works but not Caddy connections,

To troubleshoot network issues, you should reach out for tcpdump, udpdump, and wireshark. The captures extracted by tcpdump and udpdump can be viewed in Wireshark to see what’s exactly happening. That said, it’s a bit tricky with Wireguard because there’s a TCP layer (Caddy) connecting to the UDP layer (Wireguard interface), and on the other end the reverse is happening (UDP → TCP). You may be able to find signals of the root cause in the tcpdump without having to check the UDP dumps. If you’re not familiar with Wireshark, I suggest you learn it because it’s a handy tool. For your case, I found these resources that seem relevant and beneficial:

Wireguard Optimal MTU (github.com)

https://www.wireshark.org/docs/man-pages/udpdump.html

The links include references about the MTU because, again, when I faced something similar the last time, it was resolved by manually setting the MTU on the interfaces. Just checked my servers, and I have the MTU set at 1200. While investigating, I used tcpdump and Wireshark, and only saw “retransmission”. I replaced the LAN cords to exclude the possibility of damaged packets due to damaged physical layer, then decided to check the network config.

IvanovSvyatoslav · August 14, 2024, 3:10pm

Thank you! It was MTU issue. 1280 works

system · September 13, 2024, 3:11pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.