Challenge failed in logs

Help
1

1. The problem I’m having:

Hello!

I am trying to host a wordpress website with caddy on my debian home server. I can access the site over HTTP when I tell caddy to use HTTP, but when I enable HTTPS I receive an SSL error. When I start caddy I can see in the logs a challenge failed message.

Thanks very much :folded_hands:

2. Error messages and/or full log output:

May 16 17:34:06 kumonine systemd[1]: Starting caddy.service - Caddy...
May 16 17:34:06 kumonine caddy[1550]: caddy.HomeDir=/var/lib/caddy
May 16 17:34:06 kumonine caddy[1550]: caddy.AppDataDir=/var/lib/caddy/.local/share/caddy
May 16 17:34:06 kumonine caddy[1550]: caddy.AppConfigDir=/var/lib/caddy/.config/caddy
May 16 17:34:06 kumonine caddy[1550]: caddy.ConfigAutosavePath=/var/lib/caddy/.config/caddy/autosave.json
May 16 17:34:06 kumonine caddy[1550]: caddy.Version=2.6.2
May 16 17:34:06 kumonine caddy[1550]: runtime.GOOS=linux
May 16 17:34:06 kumonine caddy[1550]: runtime.GOARCH=amd64
May 16 17:34:06 kumonine caddy[1550]: runtime.Compiler=gc
May 16 17:34:06 kumonine caddy[1550]: runtime.NumCPU=6
May 16 17:34:06 kumonine caddy[1550]: runtime.GOMAXPROCS=6
May 16 17:34:06 kumonine caddy[1550]: runtime.Version=go1.19.8
May 16 17:34:06 kumonine caddy[1550]: os.Getwd=/
May 16 17:34:06 kumonine caddy[1550]: LANG=en_GB.UTF-8
May 16 17:34:06 kumonine caddy[1550]: LANGUAGE=en_GB:en
May 16 17:34:06 kumonine caddy[1550]: PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
May 16 17:34:06 kumonine caddy[1550]: NOTIFY_SOCKET=/run/systemd/notify
May 16 17:34:06 kumonine caddy[1550]: HOME=/var/lib/caddy
May 16 17:34:06 kumonine caddy[1550]: LOGNAME=caddy
May 16 17:34:06 kumonine caddy[1550]: USER=caddy
May 16 17:34:06 kumonine caddy[1550]: INVOCATION_ID=fcec19cdfba945dd9075c81208ee0d70
May 16 17:34:06 kumonine caddy[1550]: JOURNAL_STREAM=8:19453
May 16 17:34:06 kumonine caddy[1550]: SYSTEMD_EXEC_PID=1550
May 16 17:34:06 kumonine caddy[1550]: {"level":"info","ts":1747413246.3648922,"msg":"using provided configuration","config_file":"/etc/caddy/Caddyfile","config_adapter":""}
May 16 17:34:06 kumonine caddy[1550]: {"level":"warn","ts":1747413246.3675315,"msg":"Caddyfile input is not formatted; run the 'caddy fmt' command to fix inconsistencies","adapter":"caddyfile","file":"/etc/caddy/Caddyfile","line":12}
May 16 17:34:06 kumonine caddy[1550]: {"level":"info","ts":1747413246.3684354,"logger":"admin","msg":"admin endpoint started","address":"localhost:2019","enforce_origin":false,"origins":["//localhost:2019","//[::1]:2019","//127.0.0.1:2019"]}
May 16 17:34:06 kumonine caddy[1550]: {"level":"info","ts":1747413246.3685694,"logger":"http","msg":"server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS","server_name":"srv0","https_port":443}
May 16 17:34:06 kumonine caddy[1550]: {"level":"info","ts":1747413246.3685837,"logger":"http","msg":"enabling automatic HTTP->HTTPS redirects","server_name":"srv0"}
May 16 17:34:06 kumonine caddy[1550]: {"level":"info","ts":1747413246.3686953,"logger":"tls.cache.maintenance","msg":"started background certificate maintenance","cache":"0xc0004b4bd0"}
May 16 17:34:06 kumonine caddy[1550]: {"level":"info","ts":1747413246.369056,"logger":"tls","msg":"cleaning storage unit","description":"FileStorage:/var/lib/caddy/.local/share/caddy"}
May 16 17:34:06 kumonine caddy[1550]: {"level":"info","ts":1747413246.3690815,"logger":"tls","msg":"finished cleaning storage units"}
May 16 17:34:06 kumonine caddy[1550]: {"level":"info","ts":1747413246.369085,"logger":"http","msg":"enabling HTTP/3 listener","addr":":443"}
May 16 17:34:06 kumonine caddy[1550]: {"level":"info","ts":1747413246.3691587,"msg":"failed to sufficiently increase receive buffer size (was: 208 kiB, wanted: 2048 kiB, got: 416 kiB). See https://github.com/lucas-clemente/quic-go/wiki/UDP-Receive-Buffer-Size for details."}
May 16 17:34:06 kumonine caddy[1550]: {"level":"info","ts":1747413246.3692203,"logger":"http.log","msg":"server running","name":"srv0","protocols":["h1","h2","h3"]}
May 16 17:34:06 kumonine caddy[1550]: {"level":"info","ts":1747413246.3692517,"logger":"http.log","msg":"server running","name":"remaining_auto_https_redirects","protocols":["h1","h2","h3"]}
May 16 17:34:06 kumonine caddy[1550]: {"level":"info","ts":1747413246.3692582,"logger":"http","msg":"enabling automatic TLS certificate management","domains":["blog.shineonthesea.xyz"]}
May 16 17:34:06 kumonine caddy[1550]: {"level":"info","ts":1747413246.3695517,"msg":"autosaved config (load with --resume flag)","file":"/var/lib/caddy/.config/caddy/autosave.json"}
May 16 17:34:06 kumonine caddy[1550]: {"level":"info","ts":1747413246.369598,"msg":"serving initial configuration"}
May 16 17:34:06 kumonine systemd[1]: Started caddy.service - Caddy.
May 16 17:34:06 kumonine caddy[1550]: {"level":"info","ts":1747413246.3697863,"logger":"tls.obtain","msg":"acquiring lock","identifier":"blog.shineonthesea.xyz"}
May 16 17:34:06 kumonine caddy[1550]: {"level":"info","ts":1747413246.421085,"logger":"tls.obtain","msg":"lock acquired","identifier":"blog.shineonthesea.xyz"}
May 16 17:34:06 kumonine caddy[1550]: {"level":"info","ts":1747413246.4213183,"logger":"tls.obtain","msg":"obtaining certificate","identifier":"blog.shineonthesea.xyz"}
May 16 17:34:07 kumonine caddy[1550]: {"level":"info","ts":1747413247.1744635,"logger":"http","msg":"waiting on internal rate limiter","identifiers":["blog.shineonthesea.xyz"],"ca":"https://acme-v02.api.letsencrypt.org/directory","account":""}
May 16 17:34:07 kumonine caddy[1550]: {"level":"info","ts":1747413247.1745214,"logger":"http","msg":"done waiting on internal rate limiter","identifiers":["blog.shineonthesea.xyz"],"ca":"https://acme-v02.api.letsencrypt.org/directory","account":""}
May 16 17:34:07 kumonine caddy[1550]: {"level":"info","ts":1747413247.5557132,"logger":"http.acme_client","msg":"trying to solve challenge","identifier":"blog.shineonthesea.xyz","challenge_type":"http-01","ca":"https://acme-v02.api.letsencrypt.org/directory"}
May 16 17:34:18 kumonine caddy[1550]: {"level":"error","ts":1747413258.0167975,"logger":"http.acme_client","msg":"challenge failed","identifier":"blog.shineonthesea.xyz","challenge_type":"http-01","status_code":400,"problem_type":"urn:ietf:params:acme:error:connection","error":"2a10:d582:d8a8:0:ea48:b8ff:feca:811b: Fetching http://blog.shineonthesea.xyz/.well-known/acme-challenge/LDHTnGm8lPCUTff4nImBYk3mwtMC5egKG9ACfxREt3w: Timeout during connect (likely firewall problem)"}
May 16 17:34:18 kumonine caddy[1550]: {"level":"error","ts":1747413258.0169058,"logger":"http.acme_client","msg":"validating authorization","identifier":"blog.shineonthesea.xyz","error":"authorization failed: HTTP 400 urn:ietf:params:acme:error:connection - 2a10:d582:d8a8:0:ea48:b8ff:feca:811b: Fetching http://blog.shineonthesea.xyz/.well-known/acme-challenge/LDHTnGm8lPCUTff4nImBYk3mwtMC5egKG9ACfxREt3w: Timeout during connect (likely firewall problem)","order":"https://acme-v02.api.letsencrypt.org/acme/order/2403035027/384687049627","attempt":1,"max_attempts":3}
May 16 17:34:19 kumonine caddy[1550]: {"level":"info","ts":1747413259.4110389,"logger":"http.acme_client","msg":"trying to solve challenge","identifier":"blog.shineonthesea.xyz","challenge_type":"tls-alpn-01","ca":"https://acme-v02.api.letsencrypt.org/directory"}

3. Caddy version:

2.6.2

4. How I installed and ran Caddy:

sudo apt install caddy

a. System environment:

debian 12

b. Command:

sudo systemd start caddy

c. Service/unit/compose file:

# caddy.service
#
# For using Caddy with a config file.
#
# Make sure the ExecStart and ExecReload commands are correct
# for your installation.
#
# See https://caddyserver.com/docs/install for instructions.
#
# WARNING: This service does not use the --resume flag, so if you
# use the API to make changes, they will be overwritten by the
# Caddyfile next time the service is restarted. If you intend to
# use Caddy's API to configure it, add the --resume flag to the
# `caddy run` command or use the caddy-api.service file instead.

[Unit]
Description=Caddy
Documentation=https://caddyserver.com/docs/
After=network.target network-online.target
Requires=network-online.target

[Service]
Type=notify
User=caddy
Group=caddy
ExecStart=/usr/bin/caddy run --environ --config /etc/caddy/Caddyfile
ExecReload=/usr/bin/caddy reload --config /etc/caddy/Caddyfile --force
TimeoutStopSec=5s
LimitNOFILE=1048576
LimitNPROC=512
PrivateTmp=true
ProtectSystem=full
AmbientCapabilities=CAP_NET_BIND_SERVICE

[Install]
WantedBy=multi-user.target

d. My complete Caddy config:

# The Caddyfile is an easy way to configure your Caddy web server.
#
# Unless the file starts with a global options block, the first
# uncommented line is always the address of your site.
#
# To use your own domain name (with automatic HTTPS), first make
# sure your domain's A/AAAA DNS records are properly pointed to
# this machine's public IP, then replace ":80" below with your
# domain name.

# :80 {
	# Set this path to your site's directory.
	# root * /usr/share/caddy

	# Enable the static file server.
	# file_server

	# Another common task is to set up a reverse proxy:
	# reverse_proxy localhost:8080

	# Or serve a PHP site through php-fpm:
	# php_fastcgi localhost:9000
# }

# Refer to the Caddy docs for more information:
# https://caddyserver.com/docs/caddyfile

blog.shineonthesea.xyz {
	log
	root * /var/www/wordpress
	# encode
	php_fastcgi unix//run/php/php-fpm.sock
	file_server
}
2

This is a common issue on the forum - have you checked older posts for that error message?

In short, your site blog.shineonthesea.xyz isn’t reachable from the Internet, which is why both HTTP-01 and TLS-ALPN-01 challenges are failing. If you can’t (or don’t want to) expose your Caddy instance to the Internet, you’ll need to configure it to use the DNS-01 challenge instead.

You can find more details here:

3 Likes
3

Thanks for your help :slight_smile:

My issue was caused by the ipv4 http and https ports being blocked in my router. Up to this point I had only opened the ipv6 ports.

Thanks for the link and advice to search the forum, I hadn’t heard about the different challenge types before.

Thanks again!

2 Likes