1. The problem I’m having:
I am having trouble with multiple things, mainly my using the environmental variables with the systemd file.
I tried using it via .env file, but also simply exporting the variable to the environmental variables. I always received en error, see below in the error section.
Whenever I hardcoded it in the Caddy’s JSON config, it was immediately accepted for some reason.
My second problem is that I am unable to get the SSL working even with the correct Cloudflare API Token key. (NOT API KEY
2. Error messages and/or full log output:
When used the .env or environmental variable, my variable in the config was:
{env.CF_API_TOKEN}
When I have used environmental Variable the error was:
{“success”:false,“errors”:[{“code”:6003,“message”:“Invalid request headers”,“error_chain”:[{“code”:6111,“message”:“Invalid format for Authorization header”}]}],“messages”:,“result”:null}
My Caddy log is here:
{"level":"info","ts":1723077623.1168299,"logger":"admin","msg":"admin endpoint started","address":"localhost:2019","enforce_origin":false,"origins":["//[::1]:2019","//127.0.0.1:2019","//localhost:2019"]}
{"level":"info","ts":1723077623.117798,"logger":"tls.cache.maintenance","msg":"started background certificate maintenance","cache":"0x40008fd500"}
{"level":"warn","ts":1723077623.1178744,"logger":"http.auto_https","msg":"server is listening only on the HTTP port, so no automatic HTTPS will be applied to this server","server_name":"default","http_port":80}
{"level":"info","ts":1723077623.117965,"logger":"http.auto_https","msg":"enabling automatic HTTP->HTTPS redirects","server_name":"https"}
{"level":"debug","ts":1723077623.117995,"logger":"http.auto_https","msg":"adjusted config","tls":{"automation":{"policies":[{}]}},"http":{"servers":{"default":{"listen":[":80"],"routes":[{"handle":[{"handler":"file_server","root":"/home/marcell/_domains/dev.brohosting.eu/public"}]},{},{}],"automatic_https":{"disable":true}},"https":{"listen":[":443"],"routes":[{"handle":[{"handler":"file_server","root":"/home/marcell/_domains/dev.brohosting.eu/public"}]},{"handle":[{"handler":"file_server","root":"/home/marcell/PagerCast/dist"}]},{"handle":[{"handler":"file_server","root":"/home/marcell/_domains/cs2darchive.com/dist"}]},{"handle":[{"handler":"reverse_proxy","upstreams":[{"dial":"localhost:3415"}]}]},{"handle":[{"handler":"file_server","root":"/home/marcell/_domains/verify.gtavc.cc/dist"}]},{"handle":[{"handler":"reverse_proxy","upstreams":[{"dial":"localhost:3000"}]}]}],"tls_connection_policies":[{"certificate_selection":{"any_tag":["default"]}}],"automatic_https":{},"logs":{"logger_names":{"verify.gtavc.cc":["logViceCity"]}}}}}}
{"level":"debug","ts":1723077623.118648,"logger":"dynamic_dns","msg":"beginning IP address check"}
{"level":"info","ts":1723077623.1186674,"logger":"dynamic_dns","msg":"Loaded dynamic domains","domains":["dev.brohosting.eu","pagercast.com","api.pagercast.com","www.pagercast.com","cs2darchive.com","www.cs2darchive.com","verify.gtavc.cc"]}
{"level":"debug","ts":1723077623.1186798,"logger":"dynamic_dns","msg":"looked up current IPs from DNS","lastIPs":{}}
{"level":"debug","ts":1723077623.1200945,"logger":"tls.cache","msg":"added certificate to cache","subjects":["cs2darchive.com"],"expiration":1730849825,"managed":true,"issuer_key":"acme-v02.api.letsencrypt.org-directory","hash":"a1692f24b2e9dc477dde093c0445f8282990703d13c3604fb0fa714b60e6c2e7","cache_size":1,"cache_capacity":10000}
{"level":"debug","ts":1723077623.1203012,"logger":"events","msg":"event","name":"cached_managed_cert","id":"b618c16e-bc48-443d-9749-a0ca13bc030f","origin":"tls","data":{"sans":["cs2darchive.com"]}}
{"level":"debug","ts":1723077623.1212285,"logger":"tls.cache","msg":"added certificate to cache","subjects":["verify.gtavc.cc"],"expiration":1730849826,"managed":true,"issuer_key":"acme-v02.api.letsencrypt.org-directory","hash":"63472b85496ffc28a6832916d9893ef7f1ae496b8fc64ff2da5bcb276816a9a6","cache_size":2,"cache_capacity":10000}
{"level":"debug","ts":1723077623.121287,"logger":"events","msg":"event","name":"cached_managed_cert","id":"d4b5ac34-37af-4e23-9cf3-d3e52d3e7ecb","origin":"tls","data":{"sans":["verify.gtavc.cc"]}}
{"level":"debug","ts":1723077623.1217086,"logger":"tls.cache","msg":"added certificate to cache","subjects":["pagercast.com"],"expiration":1730838408,"managed":true,"issuer_key":"acme-v02.api.letsencrypt.org-directory","hash":"3b6ced1c125b77ff50e49a3d569ed40df5a1746faf00fb32d50263683fff70a9","cache_size":3,"cache_capacity":10000}
{"level":"debug","ts":1723077623.1217399,"logger":"events","msg":"event","name":"cached_managed_cert","id":"a9d298de-6952-4480-a44c-0cc44a38c56f","origin":"tls","data":{"sans":["pagercast.com"]}}
{"level":"debug","ts":1723077623.1220663,"logger":"tls.cache","msg":"added certificate to cache","subjects":["dev.brohosting.eu"],"expiration":1730849827,"managed":true,"issuer_key":"acme-v02.api.letsencrypt.org-directory","hash":"562ddffb89c9f4f2b1e2ff9d60d4c4c2e95c82f658e9ea6d9e3c44f1d523f0e3","cache_size":4,"cache_capacity":10000}
{"level":"debug","ts":1723077623.1221044,"logger":"events","msg":"event","name":"cached_managed_cert","id":"4b7143b0-a18f-4e8c-8629-7d958db9920e","origin":"tls","data":{"sans":["dev.brohosting.eu"]}}
{"level":"debug","ts":1723077623.1222875,"logger":"http","msg":"starting server loop","address":"[::]:80","tls":false,"http3":false}{"level":"info","ts":1723077623.122315,"logger":"http.log","msg":"server running","name":"default","protocols":["h1","h2","h3"]}
{"level":"info","ts":1723077623.1223543,"logger":"http","msg":"enabling HTTP/3 listener","addr":":443"}
{"level":"debug","ts":1723077623.122616,"logger":"http","msg":"starting server loop","address":"[::]:443","tls":true,"http3":true}
{"level":"info","ts":1723077623.122634,"logger":"http.log","msg":"server running","name":"https","protocols":["h1","h2","h3"]}
{"level":"info","ts":1723077623.1226397,"logger":"http","msg":"enabling automatic TLS certificate management","domains":["cs2darchive.com","www.cs2darchive.com","verify.gtavc.cc","dev.brohosting.eu","pagercast.com","api.pagercast.com","www.pagercast.com"]}
{"level":"debug","ts":1723077623.1230464,"logger":"tls.cache","msg":"added certificate to cache","subjects":["www.cs2darchive.com"],"expiration":1730849846,"managed":true,"issuer_key":"acme-v02.api.letsencrypt.org-directory","hash":"72f2bea85da0498d8effe50cccf28848e6ec329bab763c37b3c5eb0f37f22390","cache_size":5,"cache_capacity":10000}
{"level":"debug","ts":1723077623.1230729,"logger":"events","msg":"event","name":"cached_managed_cert","id":"c500733e-2a5c-4e16-85c9-81028ade1d70","origin":"tls","data":{"sans":["www.cs2darchive.com"]}}
{"level":"debug","ts":1723077623.1234505,"logger":"tls.cache","msg":"added certificate to cache","subjects":["api.pagercast.com"],"expiration":1730838427,"managed":true,"issuer_key":"acme-v02.api.letsencrypt.org-directory","hash":"7b362a0b27a7f3aad5fbb9e53c5388398a402b1a6df3e7681aebba0300066ee9","cache_size":6,"cache_capacity":10000}
{"level":"debug","ts":1723077623.1234808,"logger":"events","msg":"event","name":"cached_managed_cert","id":"20a4fbb8-fb64-4b79-a891-10d6ce940438","origin":"tls","data":{"sans":["api.pagercast.com"]}}
{"level":"info","ts":1723077623.1236129,"logger":"tls","msg":"storage cleaning happened too recently; skipping for now","storage":"FileStorage:/var/lib/caddy/.local/share/caddy","instance":"d9e6f456-e765-4533-95a1-90adaffa3a13","try_again":1723164023.123612,"try_again_in":86399.999999796}
{"level":"info","ts":1723077623.1236944,"logger":"tls","msg":"finished cleaning storage units"}
{"level":"debug","ts":1723077623.1238472,"logger":"tls.cache","msg":"added certificate to cache","subjects":["www.pagercast.com"],"expiration":1730838427,"managed":true,"issuer_key":"acme-v02.api.letsencrypt.org-directory","hash":"df13c4531a598e6a93a72fb04944d6a88e07dd5ac1b1d832cc80308f9afc8af0","cache_size":7,"cache_capacity":10000}
{"level":"debug","ts":1723077623.1238678,"logger":"events","msg":"event","name":"cached_managed_cert","id":"e6a7fcd0-6674-4c28-94dc-d5c822b2f8d0","origin":"tls","data":{"sans":["www.pagercast.com"]}}
{"level":"info","ts":1723077623.1240108,"msg":"autosaved config (load with --resume flag)","file":"/var/lib/caddy/.config/caddy/autosave.json"}
{"level":"info","ts":1723077623.1240911,"msg":"serving initial configuration"}
{"level":"debug","ts":1723077623.306457,"logger":"dynamic_dns.ip_sources.simple_http","msg":"lookup","type":"IPv4","endpoint":"https://icanhazip.com","ip":"5.38.129.122"}
{"level":"debug","ts":1723077623.3065066,"logger":"dynamic_dns","msg":"no IP address change; no update needed"}
3. Caddy version:
- v2.8.4
4. How I installed and ran Caddy:
I ran these commands
sudo apt install -y debian-keyring debian-archive-keyring apt-transport-https curl
curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/gpg.key' | sudo gpg --dearmor -o /usr/share/keyrings/caddy-stable-archive-keyring.gpg
curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/debian.deb.txt' | sudo tee /etc/apt/sources.list.d/caddy-stable.list
sudo apt update
sudo apt install caddy
As well created the global-caddy.json that you can see bellow and used this with the systemd to start it.
a. System environment:
- Ubuntu 24.04
- Aarch64 (Raspi 5)
b. Command:
sudo systemctl start caddy.service
c. Service/unit/compose file:
# caddy.service
#
# For using Caddy with a config file.
#
# Make sure the ExecStart and ExecReload commands are correct
# for your installation.
#
# See https://caddyserver.com/docs/install for instructions.
#
# WARNING: This service does not use the --resume flag, so if you
# use the API to make changes, they will be overwritten by the
# Caddyfile next time the service is restarted. If you intend to
# use Caddy's API to configure it, add the --resume flag to the
# `caddy run` command or use the caddy-api.service file instead.
[Unit]
Description=Caddy
Documentation=https://caddyserver.com/docs/
After=network.target network-online.target
Requires=network-online.target
[Service]
Type=notify
User=caddy
Group=caddy
ExecStart=/usr/bin/caddy run --environ --config /home/marcell/global-caddy.json
ExecReload=/usr/bin/caddy reload --config /home/marcell/global-caddy.json --force
TimeoutStopSec=5s
LimitNOFILE=1048576
PrivateTmp=true
ProtectSystem=full
AmbientCapabilities=CAP_NET_ADMIN CAP_NET_BIND_SERVICE
Environment=/home/marcell/.config/caddy/.env
[Install]
WantedBy=multi-user.target
d. My complete Caddy config:
"apps": {
"dynamic_dns": {
"check_interval": "5m",
"dns_provider": {
"api_token": "XXXXXXXX",
"name": "cloudflare"
},
"dynamic_domains": true,
"ip_sources": [
{
"endpoints": [
"https://icanhazip.com",
"https://api64.ipify.org"
],
"source": "simple_http"
}
],
"versions": {
"ipv6": false
}
},
"http": {
"servers": {
"default": {
"listen": [
":80"
],
"routes": [
{
"handle": [
{
"handler": "file_server",
"root": "/home/marcell/_domains/dev.brohosting.eu/public"
}
],
"match": [
{
"host": [
"dev.brohosting.eu"
]
}
]
}
]
},
"https": {
"listen": [
":443"
],
"logs": {
"logger_names": {
"verify.gtavc.cc": [
"logViceCity"
]
}
},
"routes": [
{
"handle": [
{
"handler": "file_server",
"root": "/home/marcell/_domains/dev.brohosting.eu/public/"
}
],
"match": [
{
"host": [
"dev.brohosting.eu"
]
}
]
},
{
"handle": [
{
"handler": "file_server",
"root": "/home/marcell/PagerCast/dist"
}
],
"match": [
{
"host": [
"pagercast.com",
"api.pagercast.com",
"www.pagercast.com"
]
}
]
},
{
"handle": [
{
"handler": "file_server",
"root": "/home/marcell/_domains/cs2darchive.com/dist"
}
],
"match": [
{
"host": [
"cs2darchive.com",
"www.cs2darchive.com"
],
"not": [
{
"path": [
"/api/*"
]
}
]
}
]
},
{
"handle": [
{
"handler": "reverse_proxy",
"upstreams": [
{
"dial": "localhost:3415"
}
]
}
],
"match": [
{
"host": [
"cs2darchive.com",
"www.cs2darchive.com"
],
"path": [
"/api/*"
]
}
]
},
{
"handle": [
{
"handler": "file_server",
"root": "/home/marcell/_domains/verify.gtavc.cc/dist"
}
],
"match": [
{
"host": [
"verify.gtavc.cc"
],
"not": [
{
"path": [
"/api/v1/*"
]
}
]
}
]
},
{
"handle": [
{
"handler": "reverse_proxy",
"upstreams": [
{
"dial": "localhost:3000"
}
]
}
],
"match": [
{
"host": [
"verify.gtavc.cc"
],
"path": [
"/api/v1/*"
]
}
]
}
],
"tls_connection_policies": [
{
"certificate_selection": {
"any_tag": [
"default"
]
}
}
]
}
}
},
"tls": {
"automation": {
"policies": [
{
"issuers": [
{
"ca": "https://acme-v02.api.letsencrypt.org/directory",
"challenges": {
"dns": {
"provider": {
"api_token": "XXXXXXXX",
"name": "cloudflare"
}
}
},
"module": "acme"
}
]
}
]
},
"certificates": {
"automate": [
"cs2darchive.com",
"verify.gtavc.cc",
"pagercast.com",
"dev.brohosting.eu"
]
}
}
},
"logging": {
"logs": {
"default": {
"level": "INFO",
"writer": {
"output": "stderr"
}
},
"logViceCity": {
"encoder": {
"format": "json"
},
"include": [
"http.log.access.logViceCity"
],
"level": "DEBUG",
"writer": {
"filename": "/home/marcell/_domains/verify.gtavc.cc/logs/access.log",
"output": "file"
}
}
}
}
}
I would be very thankful for any help, I am coming from OpenLiteSpeed, hoping to migrate to the latest technology and auto SSL 
