Can't use `cert_issuer zerossl` in Global options after upgrade 2.3

Help
1

1. Caddy version (caddy version):

2.3.0

2. How I run Caddy:

Docker

a. System environment:

Docker 19.03.13,Ubuntu 20.04

b. Command:

docker run -itd \
    --name=caddy \
    --net=host \
    --restart=always \
    --ulimit nofile=1048576 \
    -v /etc/caddy/Caddyfile:/etc/caddy/Caddyfile \
    -v /root/caddy/caddy_data:/data \
    -v /root/caddy/caddy_config:/config \
    -v /root/caddy/files:/files \
    caddy

c. My complete Caddyfile or JSON config:

{
    order filter after encode
    on_demand_tls {
        interval 5s
        burst 10
    }
    cert_issuer zerossl api_key
}

catest.buct.edu.cn {
    encode zstd gzip
    respond / {remote_host}{tls_cipher}{tls_version}
    handle_errors {
	    respond "{http.error.status_code} {http.error.status_text}"
    }
    tls {
        on_demand
    }
    header Strict-Transport-Security max-age=31536000;
}

3. The problem I’m having:

When I start caddy, it raised a error,which is
loading config: loading new config: loading tls app module: tls: invalid configuration: automation policy 2 is the second policy that acts as default/catch-all, but will never be used

4. Error messages and/or full log output:

{"level":"info","ts":1609670773.2256284,"msg":"using provided configuration","config_file":"/etc/caddy/Caddyfile","config_adapter":"caddyfile"} reload: sending configuration to instance: caddy responded with error: HTTP 400: {"error":"loading config: loading new config: loading tls app module: tls: invalid configuration: automation policy 2 is the second policy that acts as default/catch-all, but will never be used"}

5. What I already tried:

I delete cert_issuer zerossl api_key in the Caddyfile, it works, but I just want to use zerossl as my cert issuer

2

I’m not sure. Your config works for me. And it only produces 2 automation policies (positions 0 and 1), not 3 (positions 0 through 2). How can we reproduce the error?

3

Are you sure you’re using v2.3.0? The official docker image hasn’t yet been updated:

https://github.com/docker-library/official-images/pull/9365

4

I build v2.3.0 in docker via caddy:builder, and when I executed docker exec -it caddy caddy version it returned v2.3.0 h1:fnrqJLa3G5vfxcxmOH/+kJOcunPLhSBnjgIvjXV/QTA=

Here is my Dockerfile.

FROM caddy:builder AS builder

ENV GO111MODULE on
ENV GOPROXY https://goproxy.cn

RUN xcaddy build v2.3.0\
    --with github.com/sjtug/caddy2-filter

FROM caddy:latest

COPY --from=builder /usr/bin/caddy /usr/bin/caddy
5

What do you see if you run:

docker exec -it caddy caddy adapt --config /etc/caddy/Caddyfile --pretty
6

Sorry, I missed some contents at the tail of Caddyfile.

{
    order filter after encode
    on_demand_tls {
        interval 5s
        burst 10
    }
    cert_issuer zerossl api_key
}

catest.buct.edu.cn {
    encode zstd gzip
    respond / {remote_host}{tls_cipher}{tls_version}
    handle_errors {
	    respond "{http.error.status_code} {http.error.status_text}"
    }
    tls {
        on_demand
    }
    header Strict-Transport-Security max-age=31536000;
}

http://course.buct.edu.cn {
    redir https://course-proxy2.buct.edu.cn 303
}

:9180 {
    metrics /metrics
}

When I deleted the http block or :9180 block, it returned to normal, but I don`t know what caused it.

7

It returned a json like text

{
    "apps": {
        "http": {
            "servers": {
                "srv0": {
                    "listen": [
                        ":443"
                    ],
                    "routes": [
                        {
                            "match": [
                                {
                                    "host": [
                                        "catest.buct.edu.cn"
                                    ]
                                }
                            ],
                            "handle": [
                                {
                                    "handler": "subroute",
                                    "routes": [
                                        {
                                            "handle": [
                                                {
                                                    "handler": "headers",
                                                    "response": {
                                                        "set": {
                                                            "Strict-Transport-Security": [
                                                                "max-age=31536000;"
                                                            ]
                                                        }
                                                    }
                                                },
                                                {
                                                    "encodings": {
                                                        "gzip": {},
                                                        "zstd": {}
                                                    },
                                                    "handler": "encode"
                                                }
                                            ]
                                        },
                                        {
                                            "handle": [
                                                {
                                                    "body": "{http.request.remote.host}{http.request.tls.cipher_suite}{http.request.tls.version}",
                                                    "handler": "static_response"
                                                }
                                            ],
                                            "match": [
                                                {
                                                    "path": [
                                                        "/"
                                                    ]
                                                }
                                            ]
                                        }
                                    ]
                                }
                            ],
                            "terminal": true
                        }
                    ],
                    "errors": {
                        "routes": [
                            {
                                "match": [
                                    {
                                        "host": [
                                            "catest.buct.edu.cn"
                                        ]
                                    }
                                ],
                                "handle": [
                                    {
                                        "handler": "subroute",
                                        "routes": [
                                            {
                                                "handle": [
                                                    {
                                                        "body": "{http.error.status_code} {http.error.status_text}",
                                                        "handler": "static_response"
                                                    }
                                                ]
                                            }
                                        ]
                                    }
                                ],
                                "terminal": true
                            }
                        ]
                    }
                },
                "srv1": {
                    "listen": [
                        ":80"
                    ],
                    "routes": [
                        {
                            "match": [
                                {
                                    "host": [
                                        "course.buct.edu.cn"
                                    ]
                                }
                            ],
                            "handle": [
                                {
                                    "handler": "subroute",
                                    "routes": [
                                        {
                                            "handle": [
                                                {
                                                    "handler": "static_response",
                                                    "headers": {
                                                        "Location": [
                                                            "https://course-proxy2.buct.edu.cn"
                                                        ]
                                                    },
                                                    "status_code": 303
                                                }
                                            ]
                                        }
                                    ]
                                }
                            ],
                            "terminal": true
                        }
                    ],
                    "automatic_https": {
                        "skip": [
                            "course.buct.edu.cn"
                        ]
                    }
                },
                "srv2": {
                    "listen": [
                        ":9180"
                    ],
                    "routes": [
                        {
                            "match": [
                                {
                                    "path": [
                                        "/metrics"
                                    ]
                                }
                            ],
                            "handle": [
                                {
                                    "handler": "metrics"
                                }
                            ]
                        }
                    ]
                }
            }
        },
        "tls": {
            "automation": {
                "policies": [
                    {
                        "subjects": [
                            "catest.buct.edu.cn"
                        ],
                        "issuers": [
                            {
                                "api_key": "api_key",
                                "module": "zerossl"
                            }
                        ],
                        "on_demand": true
                    },
                    {
                        "issuers": [
                            {
                                "api_key": "api_key",
                                "module": "zerossl"
                            }
                        ]
                    },
                    {
                        "issuers": [
                            {
                                "api_key": "api_key",
                                "module": "zerossl"
                            }
                        ]
                    }
                ],
                "on_demand": {
                    "rate_limit": {
                        "interval": 5000000000,
                        "burst": 10
                    }
                }
            }
        }
    }
}
8

Thanks, we do need the full Caddyfile in order to help.

Can you please file a bug on GitHub? So it won’t be forgotten about. Be sure to post your complete Caddyfile and link to this thread for context. Thank you!

9

This topic was automatically closed after 30 days. New replies are no longer allowed.