Today i swapped out my cable modem with a new modem. All was working well beforehand but now when i try to access my pages i get a certificate error.
I can access services that use my domain just as a dynamic IP redirect, just not the pages served up by caddy. I wouldn’t think the cert would be tied to my old IP address since more than just me are using this on dynamic address but it seems i am certainly doing something wrong as i cant access any of my subdomains or proxies at the moment.
I have rebooted, restarted, etc, etc. Is there maybe someway to make it redo the cert as though i would be doing an initial run? I don’t know if that would even help, just shooting in the dark.
Edit* The error i’m getting is “NET::ERR_CERT_AUTHORITY_INVALID”
I don’t know if it’ll help, depending on what’s causing the issue - it might solve some problems, but not others - but you could do this by renaming your .caddy folder to something else. This would force Caddy to have to reacquire all your certificates from LetsEncrypt again.
You can find your .caddy folder in the home folder of the user you run it as (it might be /root/.caddy or /home/[username]/.caddy).
I am running chrome so tell me how i could possibly find this info or what i could look at to get some clue as to how to fix this and ill happily provide what is required to get you this info… The PC and caddy has not changed at all. I just installed a new SB6190 DOCSIS3 modem and rebooted everything so it would all get happy with the web again. Updated my DDNS for the refreshed IP and then poop.
When trying to regenerate new certs i get the following.
Activating privacy features...2017/07/27 23:47:07 [my-domain.com] failed to get certificate: acme: Error 403 - urn:acme:error:unauthorized - Invalid response from http://my-domain.com/.well-known/acme-challenge/48PmK9bfKinLdre1RfBSa1I_9YzPsKMedAoPRw8Y [188.8.131.52]: 403
Validation for my-domain.com:80
184.108.40.206 is my accurate IP but i’m not sure what the rest of that is telling me. Should i have port 403 forwarded to the server as well via my router for this activity?
Chrome has made it more inconvenient to find this information recently. To view the certificate, you need to open the Developer Tools window with Ctrl+Shift+I (or Cmd+Opt+I on Mac). The Security tab has a button labelled View Certificate.
No, it’s not referring to :403 as a port, it’s giving you Error 403 Forbidden. Your request for a certificate was denied because while the domain resolved to the right IP address, when it sent a request to 220.127.116.11:80, the server that responded did not give the correct response for the challenge.
The most common reason for this is that something other than Caddy is listening at 18.104.22.168:80.
This was a damn close guess for the information you had. I was hitting netstat to look for anything else on the port and didn’t see anything. Upon reading this is made me pull back a level and look at the router ports just to make sure nothing weird was in there.
Typically Upnp is off but i turned it on earlier in the week to do some experimentation and see what ports a program was trying to use. Turns out when the PTZ camera i installed in my infants room powers up it port forwards 80 and 443 to itself by default. That setting is separate form the setting where the viewing portion of the camera is so i did not realize it was even a thing. Turns out the cert it was looking at was a dlink.com cert on the camera that was poop.
So yea, upnp and new hardware that had nothing to do with the modem change, caddy, or my server.
Thanks very much for the inspiration leading to solving the stupid problem.