webchi
(Vasiliy)
September 30, 2020, 5:43am
1
1. Caddy version (caddy version
):
2.2
2. How I run Caddy:
a. System environment:
Docker
c. Service/unit/compose file:
services:
caddy:
deploy:
resources:
limits:
cpus: "1.5"
memory: "2G"
placement:
constraints:
- node.hostname == stag-manager-1
image: caddy:2.2.0
ports:
- 9080:9080
- 9443:9443
volumes:
- ./monitor/caddy/data:/data
- ./monitor/caddy/Caddyfile:/etc/caddy/Caddyfile
d. My complete Caddyfile or JSON config:
{
http_port 9080
https_port 9443
}
stage-prom.rentu.ru {
log {
level WARN
}
reverse_proxy /metrics/* prometheus:9090 {
header_up Connection {http.request.header.Connection}
header_up Upgrade {http.request.header.Upgrade}
header_up X-Forwarded-Proto {http.request.scheme}
}
}
3. The problem I’m having:
Certificates doesn’t obtained
4. Error messages and/or full log output:
{“level”:“error”,“ts”:1601444161.4897149,“logger”:“tls.issuance.acme.acme_client”,“msg”:“challenge failed”,“identifier”:“stage-prom.rentu.ru ”,“challenge_type”:“http-01”,“status_code”:400,“problem_type”:“urn:ietf:params:acme:error:tls”,“error”:“Fetching https://stage-prom.rentu.ru/.well-known/acme-challenge/IDJ9kbAhr42l4q59cgSKsTS0wlOwgcFM3cqrxmtVoMs: remote error: tls: internal error”}
Let’s Encrypt will only attempt to connect to your server on port 80 for the HTTP challenge, and port 443 for the ALPN challenge.
If you can’t make your server accessible on either of these ports, you’ll need to use the DNS challenge, which requires adding a plugin for your DNS provider (you can do this with the builder
Docker image variant, see the docs on Docker Hub) and configure Caddy to use the that DNS plugin. There’s more instructions here:
Caddy 2 uses a new and improved DNS provider interface for solving the ACME DNS challenge.
All you have to do is plug the service provider(s) you need into your build, then add the DNS challenge to your configuration!
Getting a DNS provider plugin
How you choose to get a custom Caddy build is up to you; we’ll describe two common methods here.
Method 1:
Go to the Caddy download page .
Find your DNS provider in the list of modules (dns.providers.*) and select it.
Download your custom Caddy …
This is all explained in the docs here:
FYI, all of these lines are redundant and unnecessary. Caddy already passes through the headers on its own.
header_up Connection {http.request.header.Connection}
header_up Upgrade {http.request.header.Upgrade}
header_up X-Forwarded-Proto {http.request.scheme}
1 Like
webchi
(Vasiliy)
October 3, 2020, 10:15am
3
Thanks for your answer. Perviously I’ve successfully recieved certificate by http challenge on 8080 port That works on caddy 2.1
But never mind… if this is a new rules it’s ok))
matt
(Matt Holt)
October 3, 2020, 2:37pm
4
That works on caddy 2.1
But never mind… if this is a new rules it’s ok))
The rules aren’t new. The ACME spec has always required port 80. Make sure you’re forwarding it to 9080 properly.
system
(system)
Closed
October 30, 2020, 5:43am
5
This topic was automatically closed after 30 days. New replies are no longer allowed.