Certificate maitainance

Benjamin_Anderson · April 12, 2019, 12:27pm

When attempting to start caddy from the command line, it seems to get stuck after setting privacy features.

Using the log stdout command I can see that it is doing some kind of certificate maintenance.

It shows [warning] TLS disabled for my domain and sub domains

Is this normal behavior? How long should I wait for this maintenance before possibly looking for other issues while caddy is loading

Thanks

matt · April 12, 2019, 3:21pm

Was Caddy (any instance using that $CADDYPATH) recently force-stopped? Like within the last 2 hours?

Benjamin_Anderson · April 12, 2019, 3:49pm

I am unsure. It is possible that Windows did an update last night which restarted the machine, and in turn force stopped the CMD window hosting caddy.

I notice now that some of my domains are directing properly, however a very very long load time.

And still some web apps behind a proxy are not loading at all.

I have since removed the original certificates and re ran caddy, authenticated new certs for the domain, but still long processing and caddy seems to have gotten caught up somewhere in the loading process.

I hope I have explained it properly.

matt · April 12, 2019, 8:04pm

All you should need to remove is $CADDYPATH/acme/locks. Next time it happens, can you try that and tell me if it resolves the blocking issue?

Benjamin_Anderson · April 12, 2019, 9:10pm

Thank you matt,

After removing the “locks” folder, the maintenance routine has now finshed and reports done.

However all my sub domains report with [warning] TLS disabled.

Caddy has completed the privacy settings, but doesn’t list the domains and sub domains all with their proxy address.

Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation.  All rights reserved.

C:\Windows\system32>cd c:\caddy

c:\Caddy>caddy -log stdout -agree=true
Activating privacy features... 2019/04/12 17:07:29 [INFO][FileStorage:C:\Users\M
ediaServer\.caddy] Started certificate maintenance routine
done.
2019/04/12 17:07:29 [WARNING] TLS disabled for http://192.168.2.126:2015
2019/04/12 17:07:29 [WARNING] TLS disabled for http://192.168.2.126:2017
2019/04/12 17:07:29 [WARNING] TLS disabled for http://192.168.2.126:2018
2019/04/12 17:07:29 [WARNING] TLS disabled for http://192.168.2.126:2019
2019/04/12 17:07:29 [WARNING] TLS disabled for http://192.168.2.126:2020

Benjamin_Anderson · April 12, 2019, 10:26pm

Matt,

It looks like sophos antivirus updated their application and enabled a “block-all” on internet traffic.

Sophos will pipe all traffic that cines through the firewall, through their anti virus. It caused major issues. However, once I was able to pinpoint the issue, I was able to fix it and all is well in the world.

Thank you again.

matt · April 12, 2019, 10:39pm

That, and IP addresses are not eligible for automated certificates: Automatic HTTPS — Caddy Documentation

system · July 11, 2019, 10:39pm

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.