1. The problem I’m having:
I am trying to caddy for on-demand TLS for our products which are hosted on a custom domain.
What I observed was the certificates that were issued had an expiry of 90 days which is the default of Let’s Encrypt even though the default lifetime configuration in Caddy is 12h.
I wanted to test around if certificate renewal was working fine, so to test that I tried setting renewal_window_ratio to 1 as suggested here.
However, the issue is certificate renewals are not getting triggered even after 4 hours of setting renewal_window_ratio to 1.
2. Error messages and/or full log output:
There are no logs coming related to the issue
3. Caddy version:
caddy-2.6.4
4. How I installed and ran Caddy:
a. System environment:
Caddy alpine docker image
b. Command:
command: ["caddy", "run", "--config", "/config/caddy/caddy.json"]
c. Service/unit/compose file:
Used kubernetes deployment
d. My complete Caddy config:
{
"apps": {
"http": {
"http_port": 80,
"servers": {
"https": {
"listen": [":443"],
"listener_wrappers": [{ "wrapper": "go_proxyproto" }, { "wrapper": "tls" }],
"routes": [
{
"handle": [
{
"handler": "reverse_proxy",
"transport": { "protocol": "http", "tls": {} },
"upstreams": [{ "dial": "localhost:9999" }]
}
],
"terminal": true
}
],
"tls_connection_policies": [{}]
},
"health-check": {
"listen": [":9999"],
"routes": [{ "handle": [{ "body": "OK", "handler": "static_response" }], "match": [{ "path": ["/"] }] }]
}
}
},
"tls": {
"automation": {
"on_demand": { "ask": "http://localhost:9999" },
"policies": [
{
"issuers": [{ "module": "acme", "account_key": "<private_key_pem>" }],
"on_demand": true,
"key_type": "rsa4096",
"renewal_window_ratio": 1
}
]
}
}
},
"logging": { "logs": { "default": { "level": "DEBUG", "writer": { "output": "stdout" } } } },
"storage": { "module": "mysql", "dsn": "" }
}