1. Output of caddy version
:
v2.6.2
2. How I run Caddy:
I’ve been using Caddy as the reverse proxy for a few internally-hosted services. Nothing special, just web front-ends.
a. System environment:
Ubuntu sever 20.04 LTS
No docker. Just plain Ubuntu with Caddy installed.
b. Command:
None - happens automatically from however the automated installer handles the setup.
c. Service/unit/compose file:
none
d. My complete Caddy config:
I don’t feel comfortable putting my domain names on a public forum, so have changed them in the below config.
##------------- Global Settings -------------##
{
#acme_ca https://acme-staging-v02.api.letsencrypt.org/directory
email letsencrypt-caddy@example.com
}
##------------- Public External -------------##
#--- Uptime Monitoring ---#
ping.example.net {
respond 200 {
close
}
header {
Strict-Transport-Security max-age=31536000;
}
}
#--- OwnTracks Recorder ---#
location.example.net, location.dyndns.example.org {
encode gzip
reverse_proxy http://192.168.1.45:8083
basicauth * {
# create new password hashes with `caddy hash-password`
user1 ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890
user2 ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890
user3 ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890
user4 ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890
user5 ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890
}
header {
Strict-Transport-Security max-age=31536000;
}
}
#--- Gotify ---#
push.example.net {
reverse_proxy 192.168.1.45:1680
header {
Strict-Transport-Security max-age=31536000;
}
}
#--- Nextcloud ---#
cloud.example.net {
reverse_proxy 192.168.1.45:1480
log {
output file /var/lib/caddy/cloud.access.log {
roll_size 5mib
roll_keep 10
roll_keep_for 168h
}
# format single_field common_log
format console {
time_format wall
}
}
header {
Permissions-Policy "autoplay=(self), camera=(), fullscreen=(self), geolocation=(), microphone=(), payment=()"
Strict-Transport-Security "max-age=31536000" # enable HSTS
}
redir /.well-known/carddav /remote.php/dav 301
redir /.well-known/caldav /remote.php/dav 301
}
#--- Jellyfin ---#
jellyfin.example.net {
reverse_proxy 192.168.1.34:8096
log {
output file /var/lib/caddy/jellyfin.access.log {
roll_size 5mib
roll_keep 10
roll_keep_for 168h
}
# format single_field common_log
}
header {
Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
Content-Security-Policy "upgrade-insecure-requests"
X-Frame-Options "DENY"
X-Content-Type-Options "nosniff"
Referrer-Policy "strict-origin-when-cross-origin"
Permissions-Policy "autoplay=(self), camera=(), fullscreen=(self), geolocation=(), microphone=(), payment=()"
Server "No."
X-Xss-Protection "1; mode=block"
}
}
3. The problem I’m having:
Up until this past month, the services have worked flawlessly and the certificates renewed without issue. However, this past month I’ve started to receive emails from the “Let’s Encrypt Expiry Bot” stating that my certificates will expire within the month - I know this in relation to my Caddy setup as they are sent to my specific Caddy email address.
When I check on the certificates I can see that they are not due to expire, but have been renewed via ZeroSSL ECC Domain Secure Site CA instead of the usual Let’s Encrypt channel.
I have no idea why this has changed.
4. Error messages and/or full log output:
No error, just email stating "Your certificate (or certificates) for the names listed below will expire in X days "
5. What I already tried:
I was hoping to carry out a “test” renewal to see if I could see where the hiccup is, but I’ve not been able to find out how to do that.
6. Links to relevant resources:
None I can see.