1. The problem I’m having:
I got error “could not get certificate from issuer”, while run Caddy with Docker compose.
and then I run sudo docker compose up -d
, I got error:
2. Error messages and/or full log output:
{"level":"error","ts":1707825058.759367,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"rustsoft.cn","issuer":"acme.zerossl.com-v2-DV90","error":"[rustsoft.cn] solving challenges: authz https://acme.zerossl.com/v2/DV90/authz/PIDEtVSrHQf_wLpdvZuMvw has unexpected status; order will fail: invalid (order=https://acme.zerossl.com/v2/DV90/order/InYlkwaA-e2qsJH4fc0bUg) (ca=https://acme.zerossl.com/v2/DV90)"}
{"level":"error","ts":1707825058.7594156,"logger":"tls.obtain","msg":"will retry","error":"[rustsoft.cn] Obtain: [rustsoft.cn] solving challenges: authz https://acme.zerossl.com/v2/DV90/authz/PIDEtVSrHQf_wLpdvZuMvw has unexpected status; order will fail: invalid (order=https://acme.zerossl.com/v2/DV90/order/InYlkwaA-e2qsJH4fc0bUg) (ca=https://acme.zerossl.com/v2/DV90)","attempt":3,"retrying_in":120,"elapsed":220.908529628,"max_duration":2592000}
{"level":"info","ts":1707825178.7596734,"logger":"tls.obtain","msg":"obtaining certificate","identifier":"rustsoft.cn"}
{"level":"info","ts":1707825179.8808935,"logger":"http.acme_client","msg":"trying to solve challenge","identifier":"rustsoft.cn","challenge_type":"tls-alpn-01","ca":"https://acme-staging-v02.api.letsencrypt.org/directory"}
{"level":"info","ts":1707825181.1697204,"logger":"tls","msg":"served key authentication certificate","server_name":"rustsoft.cn","challenge":"tls-alpn-01","remote":"35.87.243.25:41086","distributed":false}
{"level":"info","ts":1707825181.1897087,"logger":"tls","msg":"served key authentication certificate","server_name":"rustsoft.cn","challenge":"tls-alpn-01","remote":"66.133.109.36:39651","distributed":false}
{"level":"error","ts":1707825181.4692283,"logger":"http.acme_client","msg":"challenge failed","identifier":"rustsoft.cn","challenge_type":"tls-alpn-01","problem":{"type":"urn:ietf:params:acme:error:connection","title":"","detail":"129.211.6.72: Connection reset by peer","instance":"","subproblems":[]}}
{"level":"error","ts":1707825181.469265,"logger":"http.acme_client","msg":"validating authorization","identifier":"rustsoft.cn","problem":{"type":"urn:ietf:params:acme:error:connection","title":"","detail":"129.211.6.72: Connection reset by peer","instance":"","subproblems":[]},"order":"https://acme-staging-v02.api.letsencrypt.org/acme/order/136228593/14485852273","attempt":1,"max_attempts":3}
{"level":"info","ts":1707825183.231731,"logger":"http.acme_client","msg":"trying to solve challenge","identifier":"rustsoft.cn","challenge_type":"http-01","ca":"https://acme-staging-v02.api.letsencrypt.org/directory"}
{"level":"info","ts":1707825183.7408333,"logger":"http","msg":"served key authentication","identifier":"rustsoft.cn","challenge":"http-01","remote":"35.87.243.25:21856","distributed":false}
{"level":"info","ts":1707825183.781432,"logger":"http","msg":"served key authentication","identifier":"rustsoft.cn","challenge":"http-01","remote":"3.128.190.176:65474","distributed":false}
{"level":"info","ts":1707825187.4984515,"logger":"http","msg":"served key authentication","identifier":"rustsoft.cn","challenge":"http-01","remote":"66.133.109.36:56587","distributed":false}
{"level":"error","ts":1707825189.7540982,"logger":"http.acme_client","msg":"challenge failed","identifier":"rustsoft.cn","challenge_type":"http-01","problem":{"type":"urn:ietf:params:acme:error:unauthorized","title":"","detail":"129.211.6.72: Invalid response from https://dnspod.qcloud.com/static/webblock.html?d=rustsoft.cn: \"<!DOCTYPE html>\\n<html>\\n\\t<head>\\n\\t\\t<meta charset=\\\"utf-8\\\" />\\n\\t\\t<meta http-equiv=\\\"X-UA-Compatible\\\" content=\\\"IE=edge,chrome=1\\\" />\\n\\t\\t<\"","instance":"","subproblems":[]}}
{"level":"error","ts":1707825189.7541337,"logger":"http.acme_client","msg":"validating authorization","identifier":"rustsoft.cn","problem":{"type":"urn:ietf:params:acme:error:unauthorized","title":"","detail":"129.211.6.72: Invalid response from https://dnspod.qcloud.com/static/webblock.html?d=rustsoft.cn: \"<!DOCTYPE html>\\n<html>\\n\\t<head>\\n\\t\\t<meta charset=\\\"utf-8\\\" />\\n\\t\\t<meta http-equiv=\\\"X-UA-Compatible\\\" content=\\\"IE=edge,chrome=1\\\" />\\n\\t\\t<\"","instance":"","subproblems":[]},"order":"https://acme-staging-v02.api.letsencrypt.org/acme/order/136228593/14485853573","attempt":2,"max_attempts":3}
{"level":"error","ts":1707825189.7541625,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"rustsoft.cn","issuer":"acme-v02.api.letsencrypt.org-directory","error":"HTTP 403 urn:ietf:params:acme:error:unauthorized - 129.211.6.72: Invalid response from https://dnspod.qcloud.com/static/webblock.html?d=rustsoft.cn: \"<!DOCTYPE html>\\n<html>\\n\\t<head>\\n\\t\\t<meta charset=\\\"utf-8\\\" />\\n\\t\\t<meta http-equiv=\\\"X-UA-Compatible\\\" content=\\\"IE=edge,chrome=1\\\" />\\n\\t\\t<\""}
{"level":"error","ts":1707825192.0629323,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"rustsoft.cn","issuer":"acme.zerossl.com-v2-DV90","error":"[rustsoft.cn] solving challenges: authz https://acme.zerossl.com/v2/DV90/authz/PIDEtVSrHQf_wLpdvZuMvw has unexpected status; order will fail: invalid (order=https://acme.zerossl.com/v2/DV90/order/InYlkwaA-e2qsJH4fc0bUg) (ca=https://acme.zerossl.com/v2/DV90)"}
{"level":"error","ts":1707825192.0629823,"logger":"tls.obtain","msg":"will retry","error":"[rustsoft.cn] Obtain: [rustsoft.cn] solving challenges: authz https://acme.zerossl.com/v2/DV90/authz/PIDEtVSrHQf_wLpdvZuMvw has unexpected status; order will fail: invalid (order=https://acme.zerossl.com/v2/DV90/order/InYlkwaA-e2qsJH4fc0bUg) (ca=https://acme.zerossl.com/v2/DV90)","attempt":4,"retrying_in":300,"elapsed":354.212096638,"max_duration":2592000}
error message very long, so I cut part of them.
BUT! if I run docker run command:
sudo docker run -d -p 80:80 -p 443:443 -v ./site:/srv -v ./Caddyfile:/etc/caddy/Caddyfile -v caddy_data:/data caddy:2 caddy file-server --domain rustsoft.cn
It will work fine!
4. How I installed and ran Caddy:
I use Caddy with Dorker
a. System environment:
Debian12 with Docker
b. Command:
docker compose not work
sudo docker compose up -d
but if I run docker run will work well:
sudo docker run -d -p 80:80 -p 443:443 -v ./site:/srv -v ./Caddyfile:/etc/caddy/Caddyfile -v caddy_data:/data caddy:2 caddy file-server --domain rustsoft.cn
c. Service/unit/compose file:
services:
caddy:
image: caddy:latest
restart: unless-stopped
ports:
- "80:80"
- "443:443"
- "443:443/udp"
volumes:
- ./Caddyfile:/etc/caddy/Caddyfile
- ./site:/srv
- caddy_data:/data
- caddy_config:/config
volumes:
caddy_data:
caddy_config:
d. My complete Caddy config:
rustsoft.cn, www.rustsoft.cn {
root * /srv
}
I have already tried:
- searched some similarly questions on the web
- reboot Caddy