_ahoi
September 3, 2024, 9:35pm
1
When I try to add a domain, TLS verification fails:
Sep 03 21:27:34 lb1 caddy[139753]: {"level":"error","ts":1725398854.0662513,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"building-neuland.com", "issuer":"acme-v02.api.letsencrypt.org-directory","error":"HTTP 400 urn:ietf:params:acme:error:malformed - JWS verification error"}
v2.8.4 h1:q3pe0wpBj1OcHFZ3n/1nl4V4bxBrYoSoab7rL9BMYNk=
Installed caddy using the repo for ubuntu
Ubuntu 24.04 on ARM
systemctl restart caddy
www.building-neuland.com {
redir https://building-neuland.com{uri}
}
building-neuland.com {
respond "Hello, World!"
}
Bruce5051
September 3, 2024, 9:46pm
2
_ahoi:
Sep 03 21:27:34 lb1 caddy[139753]: {"level":"error","ts":1725398854.0662513,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"building-neuland.com", "issuer":"acme-v02.api.letsencrypt.org-directory","error":"HTTP 400 urn:ietf:params:acme:error:malformed - JWS verification error"}
Here is https://letsdebug.net/ findingshttps://letsdebug.net/building-neuland.com/2214024
Hmm, I’ve seen this happening a few times lately… Quick fix is to blow away the stored ACME account and let Caddy generate a new one.
You’ll find them at Caddy’s data directory under the acme folder. They’re pretty safe to delete, generating a new account is no problem unless you need to do this more than once or twice.
Related recent occurrence:
You could run sudo apt purge caddy which would remove it, I think.
But anyway emptying /var/lib/caddy and restarting Caddy would’ve been enough.
AFAIK, this happens if the ACME account files in storage are corrupted in some way. But since you already blew away the contents, it’s impossible to say in what way they were corrupted.
I think this should be smoothed over in the next release, we think fix: use a tempfile to write files in filestorage. by elee1766 · Pull Request #300 · caddyserver/c…
2 Likes
_ahoi
September 4, 2024, 6:16am
4
Hm let’s see if I get this:
0ms: Making a request to http://building-neuland.com/.well-known/acme-challenge/letsdebug-test (using initial IP 167.235.203.210)https://building-neuland.com/.well-known/acme-challenge/letsdebug-test
(sorry, I had to remove the @, because the form software told me that these are “mentions” and as a new user I am not allowed to mention more than 2
So that test connects to the server on port 80, performs a HTTP call and is getting redirected? Where does this redirect come from?
_ahoi
September 4, 2024, 6:21am
5
That did the trick, thank you.
Bruce5051
September 4, 2024, 4:04pm
6
Correct.
Somewhere in Caddy and its configurations.
I am just learning Caddy myself so not going to say on correct usage of Caddy. However Caddy aims to be secure by default (a very good thing), thus the redirection I kind of expect.
system
October 4, 2024, 4:04pm
7
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.
)