1. Caddy version:
2.6.2
2. How I installed, and run Caddy:
a. System environment:
Ubuntu Server 22.04
Docker version 20.10.12, build 20.10.12-0ubuntu4
b. Command:
sudo docker run -d -p 80:80 -p 443:443 --name caddy -v /containers/caddy/config:/config -v /containers/caddy/etc:/etc -v /containers/caddy/data:/data -v /containers/caddy/var:/var caddy:2.6.2
c. Service/unit/compose file:
No docker compose, just running things manually via commands
d. My complete Caddy config:
{
"apps": {
"http": {
"servers": {
"srv0": {
"listen": [":443"],
"routes": [{
"handle": [{
"handler": "subroute",
"routes": [{
"handle": [{
"body": "Hello, World!",
"handler": "static_response"
}]
}]
}],
"match": [{
"host": ["teaguemillette.com"]
}],
"terminal": true
}]
}
}
}
}
}
3. The problem I’m having:
Certicates are not being automatically created.
4. Error messages and/or full log output:
{"level":"info","ts":1674683042.8103337,"msg":"using provided configuration","config_file":"/etc/caddy/Caddyfile","config_adapter":"caddyfile"}
{"level":"info","ts":1674683042.8127081,"logger":"admin","msg":"admin endpoint started","address":"localhost:2019","enforce_origin":false,"origins":["//localhost:2019","//[::1]:2019","//127.0.0.1:2019"]}
{"level":"info","ts":1674683042.8131962,"logger":"http","msg":"server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS","server_name":"srv0","https_port":443}
{"level":"info","ts":1674683042.813281,"logger":"http","msg":"enabling automatic HTTP->HTTPS redirects","server_name":"srv0"}
{"level":"info","ts":1674683042.81367,"logger":"tls.cache.maintenance","msg":"started background certificate maintenance","cache":"0xc00046d260"}
{"level":"info","ts":1674683042.8138368,"logger":"tls","msg":"cleaning storage unit","description":"FileStorage:/data/caddy"}
{"level":"info","ts":1674683042.8139107,"logger":"tls","msg":"finished cleaning storage units"}
{"level":"info","ts":1674683042.814018,"logger":"http","msg":"enabling HTTP/3 listener","addr":":443"}
{"level":"info","ts":1674683042.8142104,"msg":"failed to sufficiently increase receive buffer size (was: 208 kiB, wanted: 2048 kiB, got: 416 kiB). See https://github.com/lucas-clemente/quic-go/wiki/UDP-Receive-Buffer-Size for details."}
{"level":"info","ts":1674683042.8144138,"logger":"http.log","msg":"server running","name":"srv0","protocols":["h1","h2","h3"]}
{"level":"info","ts":1674683042.8145175,"logger":"http.log","msg":"server running","name":"remaining_auto_https_redirects","protocols":["h1","h2","h3"]}
{"level":"info","ts":1674683042.8145523,"logger":"http","msg":"enabling automatic TLS certificate management","domains":["teaguemillette.com"]}
{"level":"info","ts":1674683042.8148646,"msg":"autosaved config (load with --resume flag)","file":"/config/caddy/autosave.json"}
{"level":"info","ts":1674683042.814902,"msg":"serving initial configuration"}
{"level":"info","ts":1674683042.815238,"logger":"tls.obtain","msg":"acquiring lock","identifier":"teaguemillette.com"}
{"level":"info","ts":1674683042.8191254,"logger":"tls.obtain","msg":"lock acquired","identifier":"teaguemillette.com"}
{"level":"info","ts":1674683042.819423,"logger":"tls.obtain","msg":"obtaining certificate","identifier":"teaguemillette.com"}
{"level":"warn","ts":1674683042.9019394,"logger":"http.acme_client","msg":"HTTP request failed; retrying","url":"https://acme-v02.api.letsencrypt.org/directory","error":"performing request: Get \"https://acme-v02.api.letsencrypt.org/directory\": x509: certificate signed by unknown authority"}
{"level":"warn","ts":1674683043.234751,"logger":"http.acme_client","msg":"HTTP request failed; retrying","url":"https://acme-v02.api.letsencrypt.org/directory","error":"performing request: Get \"https://acme-v02.api.letsencrypt.org/directory\": x509: certificate signed by unknown authority"}
{"level":"warn","ts":1674683043.5652618,"logger":"http.acme_client","msg":"HTTP request failed; retrying","url":"https://acme-v02.api.letsencrypt.org/directory","error":"performing request: Get \"https://acme-v02.api.letsencrypt.org/directory\": x509: certificate signed by unknown authority"}
{"level":"error","ts":1674683043.5653849,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"teaguemillette.com","issuer":"acme-v02.api.letsencrypt.org-directory","error":"registering account [] with server: provisioning client: performing request: Get \"https://acme-v02.api.letsencrypt.org/directory\": x509: certificate signed by unknown authority"}
{"level":"warn","ts":1674683043.565789,"logger":"http","msg":"missing email address for ZeroSSL; it is strongly recommended to set one for next time"}
{"level":"error","ts":1674683043.6511488,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"teaguemillette.com","issuer":"acme.zerossl.com-v2-DV90","error":"account pre-registration callback: performing EAB credentials request: Post \"https://api.zerossl.com/acme/eab-credentials-email\": x509: certificate signed by unknown authority"}
{"level":"error","ts":1674683043.6512434,"logger":"tls.obtain","msg":"will retry","error":"[teaguemillette.com] Obtain: account pre-registration callback: performing EAB credentials request: Post \"https://api.zerossl.com/acme/eab-credentials-email\": x509: certificate signed by unknown authority","attempt":1,"retrying_in":60,"elapsed":0.832078596,"max_duration":2592000}
5. What I already tried:
- Rebooting server
- DNS is pointed to proper IP
- Setup worked fine with HTTPS disabled
-
curl https://acme-v02.api.letsencrypt.org/directory
from server console did not have certificate issues
6. Links to relevant resources:
N/A