Could not get certificate from issuer: solving challenges

1. The problem I’m having:

I got error “could not get certificate from issuer”, while run Caddy with Docker compose.

and then I run sudo docker compose up -d, I got error:

2. Error messages and/or full log output:

{"level":"error","ts":1707825058.759367,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"rustsoft.cn","issuer":"acme.zerossl.com-v2-DV90","error":"[rustsoft.cn] solving challenges: authz https://acme.zerossl.com/v2/DV90/authz/PIDEtVSrHQf_wLpdvZuMvw has unexpected status; order will fail: invalid (order=https://acme.zerossl.com/v2/DV90/order/InYlkwaA-e2qsJH4fc0bUg) (ca=https://acme.zerossl.com/v2/DV90)"}
{"level":"error","ts":1707825058.7594156,"logger":"tls.obtain","msg":"will retry","error":"[rustsoft.cn] Obtain: [rustsoft.cn] solving challenges: authz https://acme.zerossl.com/v2/DV90/authz/PIDEtVSrHQf_wLpdvZuMvw has unexpected status; order will fail: invalid (order=https://acme.zerossl.com/v2/DV90/order/InYlkwaA-e2qsJH4fc0bUg) (ca=https://acme.zerossl.com/v2/DV90)","attempt":3,"retrying_in":120,"elapsed":220.908529628,"max_duration":2592000}
{"level":"info","ts":1707825178.7596734,"logger":"tls.obtain","msg":"obtaining certificate","identifier":"rustsoft.cn"}
{"level":"info","ts":1707825179.8808935,"logger":"http.acme_client","msg":"trying to solve challenge","identifier":"rustsoft.cn","challenge_type":"tls-alpn-01","ca":"https://acme-staging-v02.api.letsencrypt.org/directory"}
{"level":"info","ts":1707825181.1697204,"logger":"tls","msg":"served key authentication certificate","server_name":"rustsoft.cn","challenge":"tls-alpn-01","remote":"35.87.243.25:41086","distributed":false}
{"level":"info","ts":1707825181.1897087,"logger":"tls","msg":"served key authentication certificate","server_name":"rustsoft.cn","challenge":"tls-alpn-01","remote":"66.133.109.36:39651","distributed":false}
{"level":"error","ts":1707825181.4692283,"logger":"http.acme_client","msg":"challenge failed","identifier":"rustsoft.cn","challenge_type":"tls-alpn-01","problem":{"type":"urn:ietf:params:acme:error:connection","title":"","detail":"129.211.6.72: Connection reset by peer","instance":"","subproblems":[]}}
{"level":"error","ts":1707825181.469265,"logger":"http.acme_client","msg":"validating authorization","identifier":"rustsoft.cn","problem":{"type":"urn:ietf:params:acme:error:connection","title":"","detail":"129.211.6.72: Connection reset by peer","instance":"","subproblems":[]},"order":"https://acme-staging-v02.api.letsencrypt.org/acme/order/136228593/14485852273","attempt":1,"max_attempts":3}
{"level":"info","ts":1707825183.231731,"logger":"http.acme_client","msg":"trying to solve challenge","identifier":"rustsoft.cn","challenge_type":"http-01","ca":"https://acme-staging-v02.api.letsencrypt.org/directory"}
{"level":"info","ts":1707825183.7408333,"logger":"http","msg":"served key authentication","identifier":"rustsoft.cn","challenge":"http-01","remote":"35.87.243.25:21856","distributed":false}
{"level":"info","ts":1707825183.781432,"logger":"http","msg":"served key authentication","identifier":"rustsoft.cn","challenge":"http-01","remote":"3.128.190.176:65474","distributed":false}
{"level":"info","ts":1707825187.4984515,"logger":"http","msg":"served key authentication","identifier":"rustsoft.cn","challenge":"http-01","remote":"66.133.109.36:56587","distributed":false}
{"level":"error","ts":1707825189.7540982,"logger":"http.acme_client","msg":"challenge failed","identifier":"rustsoft.cn","challenge_type":"http-01","problem":{"type":"urn:ietf:params:acme:error:unauthorized","title":"","detail":"129.211.6.72: Invalid response from https://dnspod.qcloud.com/static/webblock.html?d=rustsoft.cn: \"<!DOCTYPE html>\\n<html>\\n\\t<head>\\n\\t\\t<meta charset=\\\"utf-8\\\" />\\n\\t\\t<meta http-equiv=\\\"X-UA-Compatible\\\" content=\\\"IE=edge,chrome=1\\\" />\\n\\t\\t<\"","instance":"","subproblems":[]}}
{"level":"error","ts":1707825189.7541337,"logger":"http.acme_client","msg":"validating authorization","identifier":"rustsoft.cn","problem":{"type":"urn:ietf:params:acme:error:unauthorized","title":"","detail":"129.211.6.72: Invalid response from https://dnspod.qcloud.com/static/webblock.html?d=rustsoft.cn: \"<!DOCTYPE html>\\n<html>\\n\\t<head>\\n\\t\\t<meta charset=\\\"utf-8\\\" />\\n\\t\\t<meta http-equiv=\\\"X-UA-Compatible\\\" content=\\\"IE=edge,chrome=1\\\" />\\n\\t\\t<\"","instance":"","subproblems":[]},"order":"https://acme-staging-v02.api.letsencrypt.org/acme/order/136228593/14485853573","attempt":2,"max_attempts":3}
{"level":"error","ts":1707825189.7541625,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"rustsoft.cn","issuer":"acme-v02.api.letsencrypt.org-directory","error":"HTTP 403 urn:ietf:params:acme:error:unauthorized - 129.211.6.72: Invalid response from https://dnspod.qcloud.com/static/webblock.html?d=rustsoft.cn: \"<!DOCTYPE html>\\n<html>\\n\\t<head>\\n\\t\\t<meta charset=\\\"utf-8\\\" />\\n\\t\\t<meta http-equiv=\\\"X-UA-Compatible\\\" content=\\\"IE=edge,chrome=1\\\" />\\n\\t\\t<\""}
{"level":"error","ts":1707825192.0629323,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"rustsoft.cn","issuer":"acme.zerossl.com-v2-DV90","error":"[rustsoft.cn] solving challenges: authz https://acme.zerossl.com/v2/DV90/authz/PIDEtVSrHQf_wLpdvZuMvw has unexpected status; order will fail: invalid (order=https://acme.zerossl.com/v2/DV90/order/InYlkwaA-e2qsJH4fc0bUg) (ca=https://acme.zerossl.com/v2/DV90)"}
{"level":"error","ts":1707825192.0629823,"logger":"tls.obtain","msg":"will retry","error":"[rustsoft.cn] Obtain: [rustsoft.cn] solving challenges: authz https://acme.zerossl.com/v2/DV90/authz/PIDEtVSrHQf_wLpdvZuMvw has unexpected status; order will fail: invalid (order=https://acme.zerossl.com/v2/DV90/order/InYlkwaA-e2qsJH4fc0bUg) (ca=https://acme.zerossl.com/v2/DV90)","attempt":4,"retrying_in":300,"elapsed":354.212096638,"max_duration":2592000}

error message very long, so I cut part of them.

BUT! if I run docker run command:

sudo docker run -d -p 80:80 -p 443:443 -v ./site:/srv -v ./Caddyfile:/etc/caddy/Caddyfile -v caddy_data:/data caddy:2 caddy file-server --domain rustsoft.cn

It will work fine!

4. How I installed and ran Caddy:

I use Caddy with Dorker

a. System environment:

Debian12 with Docker

b. Command:

docker compose not work

sudo docker compose up -d

but if I run docker run will work well:

sudo docker run -d -p 80:80 -p 443:443 -v ./site:/srv -v ./Caddyfile:/etc/caddy/Caddyfile -v caddy_data:/data caddy:2 caddy file-server --domain rustsoft.cn

c. Service/unit/compose file:

services:
  caddy:
    image: caddy:latest
    restart: unless-stopped
    ports:
      - "80:80"
      - "443:443"
      - "443:443/udp"
    volumes:
      - ./Caddyfile:/etc/caddy/Caddyfile
      - ./site:/srv
      - caddy_data:/data
      - caddy_config:/config

volumes:
  caddy_data: 
  caddy_config: 

d. My complete Caddy config:

rustsoft.cn, www.rustsoft.cn {
  root * /srv
}

I have already tried:

1. searched some similarly questions on the web
2. reboot Caddy

5. Links to relevant resources:

Looks like your domain isn’t actually pointing to your server, and instead it’s reaching this error page.

This isn’t a problem with Caddy, you need to resolve the issue with your domain.

thanks for you answer, but if I run command:

sudo docker run -d -p 80:80 -p 443:443 -v ./site:/srv -v ./Caddyfile:/etc/caddy/Caddyfile -v caddy_data:/data caddy:2 caddy file-server --domain rustsoft.cn

it runs well, you can see the --domain above: rustsoft.cn is same with Invalid response from https://dnspod.qcloud.com/static/webblock.html?d=rustsoft.cn

and I ensure the domain rustsoft.cn is point to the correct server, you can access it on browser

Invalid response from https://dnspod.qcloud.com/static/webblock.html?d=rustsoft.cn

Oh!! I think I got the reason!

because of some interesting reason, government need to put domain on record.
so I will come back in a few days.

thank you guys.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.