1. The problem I’m having:
Caddy is unable to pass a DNS-01 challenge using cadd-dns/porkbun.
2. Error messages and/or full log output:
$ sudo caddy run
2024/11/25 18:58:22.253 INFO using adjacent Caddyfile
2024/11/25 18:58:22.254 INFO adapted config to JSON {"adapter": "caddyfile"}
2024/11/25 18:58:22.255 INFO admin admin endpoint started {"address": "localhost:2019", "enforce_origin": false, "origins": ["//localhost:2019", "//[::1]:2019", "//127.0.0.1:2019"]}
2024/11/25 18:58:22.256 INFO tls.cache.maintenance started background certificate maintenance {"cache": "0xc0005a9100"}
2024/11/25 18:58:22.256 INFO http.auto_https server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS {"server_name": "srv0", "https_port": 443}
2024/11/25 18:58:22.256 INFO http.auto_https enabling automatic HTTP->HTTPS redirects {"server_name": "srv0"}
2024/11/25 18:58:22.257 DEBUG http.auto_https adjusted config {"tls": {"automation":{"policies":[{"subjects":["api.planesover.me","planesover.me"]},{}]}}, "http": {"servers":{"remaining_auto_https_redirects":{"listen":[":80"],"routes":[{},{}]},"srv0":{"listen":[":443"],"routes":[{"handle":[{"handler":"subroute","routes":[{"handle":[{"encodings":{"gzip":{},"zstd":{}},"handler":"encode","prefer":["zstd","gzip"]},{"handler":"reverse_proxy","headers":{"response":{"set":{"Access-Control-Allow-Headers":["Authorization"],"Access-Control-Allow-Methods":["GET, POST, OPTIONS"],"Access-Control-Allow-Origin":["https://planesover.me"]}}},"upstreams":[{"dial":"192.168.1.2:3000"}]}]}]}],"terminal":true},{"handle":[{"handler":"subroute","routes":[{"handle":[{"handler":"vars","root":"/var/www/planesoverme-client/"}]},{"handle":[{"handler":"rewrite","uri":"{http.matchers.file.relative}"}],"match":[{"file":{"try_files":["{http.request.uri.path}","/"]}}]},{"handle":[{"encodings":{"gzip":{},"zstd":{}},"handler":"encode","prefer":["zstd","gzip"]},{"handler":"file_server","hide":["./Caddyfile"]}]}]}],"terminal":true}],"tls_connection_policies":[{}],"automatic_https":{}}}}}
2024/11/25 18:58:22.257 INFO http enabling HTTP/3 listener {"addr": ":443"}
2024/11/25 18:58:22.257 DEBUG dynamic_dns beginning IP address check
2024/11/25 18:58:22.257 DEBUG http starting server loop {"address": "[::]:443", "tls": true, "http3": true}
2024/11/25 18:58:22.257 INFO http.log server running {"name": "srv0", "protocols": ["h1", "h2", "h3"]}
2024/11/25 18:58:22.257 DEBUG http starting server loop {"address": "[::]:80", "tls": false, "http3": false}
2024/11/25 18:58:22.257 INFO http.log server running {"name": "remaining_auto_https_redirects", "protocols": ["h1", "h2", "h3"]}
2024/11/25 18:58:22.257 INFO http enabling automatic TLS certificate management {"domains": ["api.planesover.me", "planesover.me"]}
2024/11/25 18:58:22.258 INFO autosaved config (load with --resume flag) {"file": "/root/.config/caddy/autosave.json"}
2024/11/25 18:58:22.258 INFO serving initial configuration
2024/11/25 18:58:22.259 INFO tls.obtain acquiring lock {"identifier": "planesover.me"}
2024/11/25 18:58:22.259 INFO tls.obtain acquiring lock {"identifier": "api.planesover.me"}
2024/11/25 18:58:22.263 INFO tls storage cleaning happened too recently; skipping for now {"storage": "FileStorage:/root/.local/share/caddy", "instance": "18cf6242-2c65-4803-95eb-7bd7d25bef55", "try_again": "2024/11/26 18:58:22.263", "try_again_in": 86399.999999671}
2024/11/25 18:58:22.263 INFO tls finished cleaning storage units
2024/11/25 18:58:22.266 INFO tls.obtain lock acquired {"identifier": "planesover.me"}
2024/11/25 18:58:22.266 INFO tls.obtain lock acquired {"identifier": "api.planesover.me"}
2024/11/25 18:58:22.266 INFO tls.obtain obtaining certificate {"identifier": "planesover.me"}
2024/11/25 18:58:22.266 DEBUG events event {"name": "cert_obtaining", "id": "31fc9c48-2f5b-44f3-8951-56b72ccb1a53", "origin": "tls", "data": {"identifier":"planesover.me"}}
2024/11/25 18:58:22.266 INFO tls.obtain obtaining certificate {"identifier": "api.planesover.me"}
2024/11/25 18:58:22.266 DEBUG events event {"name": "cert_obtaining", "id": "91b84825-e3f5-4203-8474-6dee8ff19373", "origin": "tls", "data": {"identifier":"api.planesover.me"}}
2024/11/25 18:58:22.267 DEBUG tls.obtain trying issuer 1/1 {"issuer": "acme-staging-v02.api.letsencrypt.org-directory"}
2024/11/25 18:58:22.267 DEBUG tls.obtain trying issuer 1/1 {"issuer": "acme-staging-v02.api.letsencrypt.org-directory"}
2024/11/25 18:58:22.267 INFO tls.issuance.acme waiting on internal rate limiter {"identifiers": ["api.planesover.me"], "ca": "https://acme-staging-v02.api.letsencrypt.org/directory", "account": "me@benbuhse.email"}
2024/11/25 18:58:22.267 INFO tls.issuance.acme done waiting on internal rate limiter {"identifiers": ["api.planesover.me"], "ca": "https://acme-staging-v02.api.letsencrypt.org/directory", "account": "me@benbuhse.email"}
2024/11/25 18:58:22.267 INFO tls.issuance.acme using ACME account {"account_id": "https://acme-staging-v02.api.letsencrypt.org/acme/acct/173164964", "account_contact": ["mailto:me@benbuhse.email"]}
2024/11/25 18:58:22.267 INFO tls.issuance.acme waiting on internal rate limiter {"identifiers": ["planesover.me"], "ca": "https://acme-staging-v02.api.letsencrypt.org/directory", "account": "me@benbuhse.email"}
2024/11/25 18:58:22.267 INFO tls.issuance.acme done waiting on internal rate limiter {"identifiers": ["planesover.me"], "ca": "https://acme-staging-v02.api.letsencrypt.org/directory", "account": "me@benbuhse.email"}
2024/11/25 18:58:22.267 INFO tls.issuance.acme using ACME account {"account_id": "https://acme-staging-v02.api.letsencrypt.org/acme/acct/173164964", "account_contact": ["mailto:me@benbuhse.email"]}
2024/11/25 18:58:22.405 DEBUG tls.issuance.acme.acme_client http request {"method": "GET", "url": "https://acme-staging-v02.api.letsencrypt.org/directory", "headers": {"User-Agent":["Caddy/2.8.4 CertMagic acmez (linux; amd64)"]}, "response_headers": {"Cache-Control":["public, max-age=0, no-cache"],"Content-Length":["820"],"Content-Type":["application/json"],"Date":["Mon, 25 Nov 2024 18:58:22 GMT"],"Server":["nginx"],"Strict-Transport-Security":["max-age=604800"],"X-Frame-Options":["DENY"]}, "status_code": 200}
2024/11/25 18:58:22.405 DEBUG tls.issuance.acme.acme_client creating order {"account": "https://acme-staging-v02.api.letsencrypt.org/acme/acct/173164964", "identifiers": ["api.planesover.me"]}
2024/11/25 18:58:22.405 DEBUG tls.issuance.acme.acme_client creating order {"account": "https://acme-staging-v02.api.letsencrypt.org/acme/acct/173164964", "identifiers": ["planesover.me"]}
2024/11/25 18:58:22.449 DEBUG tls.issuance.acme.acme_client http request {"method": "HEAD", "url": "https://acme-staging-v02.api.letsencrypt.org/acme/new-nonce", "headers": {"User-Agent":["Caddy/2.8.4 CertMagic acmez (linux; amd64)"]}, "response_headers": {"Cache-Control":["public, max-age=0, no-cache"],"Date":["Mon, 25 Nov 2024 18:58:22 GMT"],"Link":["<https://acme-staging-v02.api.letsencrypt.org/directory>;rel=\"index\""],"Replay-Nonce":["FW9SwLSLhgNpC_vxOrs-UnBjVi-Rgpngswhkx9Sge-IuOZvjzx4"],"Server":["nginx"],"Strict-Transport-Security":["max-age=604800"],"X-Frame-Options":["DENY"]}, "status_code": 200}
2024/11/25 18:58:22.490 DEBUG events event {"name": "tls_get_certificate", "id": "c0af0128-4804-45d9-a648-f0fa321b8254", "origin": "tls", "data": {"client_hello":{"CipherSuites":[4866,4865,49196,49200,159,49195,49199,158,49188,49192,107,49187,49191,103,49162,49172,57,49161,49171,51,157,156,61,60,53,47,255],"ServerName":"unifi.benbuhse.com","SupportedCurves":[29,23,30,25,24],"SupportedPoints":"AAEC","SignatureSchemes":[1027,1283,1539,2055,2056,2057,2058,2059,2052,2053,2054,1025,1281,1537,771,515,769,513,770,514,1026,1282,1538],"SupportedProtos":["http/1.1"],"SupportedVersions":[772,771,770,769],"RemoteAddr":{"IP":"192.168.1.10","Port":32774,"Zone":""},"LocalAddr":{"IP":"192.168.1.3","Port":443,"Zone":""}}}}
2024/11/25 18:58:22.490 DEBUG tls.handshake no matching certificates and no custom selection logic {"identifier": "unifi.benbuhse.com"}
2024/11/25 18:58:22.490 DEBUG tls.handshake no matching certificates and no custom selection logic {"identifier": "*.benbuhse.com"}
2024/11/25 18:58:22.490 DEBUG tls.handshake no matching certificates and no custom selection logic {"identifier": "*.*.com"}
2024/11/25 18:58:22.490 DEBUG tls.handshake no matching certificates and no custom selection logic {"identifier": "*.*.*"}
2024/11/25 18:58:22.490 DEBUG tls.handshake no certificate matching TLS ClientHello {"remote_ip": "192.168.1.10", "remote_port": "32774", "server_name": "unifi.benbuhse.com", "remote": "192.168.1.10:32774", "identifier": "unifi.benbuhse.com", "cipher_suites": [4866, 4865, 49196, 49200, 159, 49195, 49199, 158, 49188, 49192, 107, 49187, 49191, 103, 49162, 49172, 57, 49161, 49171, 51, 157, 156, 61, 60, 53, 47, 255], "cert_cache_fill": 0, "load_or_obtain_if_necessary": true, "on_demand": false}
2024/11/25 18:58:22.490 DEBUG http.stdlib http: TLS handshake error from 192.168.1.10:32774: no certificate available for 'unifi.benbuhse.com'
2024/11/25 18:58:22.499 DEBUG tls.issuance.acme.acme_client http request {"method": "HEAD", "url": "https://acme-staging-v02.api.letsencrypt.org/acme/new-nonce", "headers": {"User-Agent":["Caddy/2.8.4 CertMagic acmez (linux; amd64)"]}, "response_headers": {"Cache-Control":["public, max-age=0, no-cache"],"Date":["Mon, 25 Nov 2024 18:58:22 GMT"],"Link":["<https://acme-staging-v02.api.letsencrypt.org/directory>;rel=\"index\""],"Replay-Nonce":["jDZhkUVkcn9GiPn63Ypnip4Pe2hXm0p74RCpgX0hWbSg78RJ0Ig"],"Server":["nginx"],"Strict-Transport-Security":["max-age=604800"],"X-Frame-Options":["DENY"]}, "status_code": 200}
2024/11/25 18:58:22.529 DEBUG tls.issuance.acme.acme_client http request {"method": "POST", "url": "https://acme-staging-v02.api.letsencrypt.org/acme/new-order", "headers": {"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.8.4 CertMagic acmez (linux; amd64)"]}, "response_headers": {"Boulder-Requester":["173164964"],"Cache-Control":["public, max-age=0, no-cache"],"Content-Length":["363"],"Content-Type":["application/json"],"Date":["Mon, 25 Nov 2024 18:58:22 GMT"],"Link":["<https://acme-staging-v02.api.letsencrypt.org/directory>;rel=\"index\""],"Location":["https://acme-staging-v02.api.letsencrypt.org/acme/order/173164964/20787751364"],"Replay-Nonce":["jDZhkUVkCleKSpA3cSNpLWwBxqlOlZ0HLlUH5quY-equB6uPSEs"],"Server":["nginx"],"Strict-Transport-Security":["max-age=604800"],"X-Frame-Options":["DENY"]}, "status_code": 201}
2024/11/25 18:58:22.571 DEBUG tls.issuance.acme.acme_client http request {"method": "POST", "url": "https://acme-staging-v02.api.letsencrypt.org/acme/new-order", "headers": {"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.8.4 CertMagic acmez (linux; amd64)"]}, "response_headers": {"Boulder-Requester":["173164964"],"Cache-Control":["public, max-age=0, no-cache"],"Content-Length":["359"],"Content-Type":["application/json"],"Date":["Mon, 25 Nov 2024 18:58:22 GMT"],"Link":["<https://acme-staging-v02.api.letsencrypt.org/directory>;rel=\"index\""],"Location":["https://acme-staging-v02.api.letsencrypt.org/acme/order/173164964/20787751374"],"Replay-Nonce":["FW9SwLSLudlEw2-top-Zt6DqrydTXjJxpcdMN2dzgZFielAezlw"],"Server":["nginx"],"Strict-Transport-Security":["max-age=604800"],"X-Frame-Options":["DENY"]}, "status_code": 201}
2024/11/25 18:58:22.581 DEBUG tls.issuance.acme.acme_client http request {"method": "POST", "url": "https://acme-staging-v02.api.letsencrypt.org/acme/authz/173164964/15082829564", "headers": {"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.8.4 CertMagic acmez (linux; amd64)"]}, "response_headers": {"Boulder-Requester":["173164964"],"Cache-Control":["public, max-age=0, no-cache"],"Content-Length":["843"],"Content-Type":["application/json"],"Date":["Mon, 25 Nov 2024 18:58:22 GMT"],"Link":["<https://acme-staging-v02.api.letsencrypt.org/directory>;rel=\"index\""],"Replay-Nonce":["FW9SwLSL7KbEDpugulvSTS58DFa2uhLerwTWnmBaGarqV5StDTw"],"Server":["nginx"],"Strict-Transport-Security":["max-age=604800"],"X-Frame-Options":["DENY"]}, "status_code": 200}
2024/11/25 18:58:22.582 INFO tls.issuance.acme.acme_client trying to solve challenge {"identifier": "api.planesover.me", "challenge_type": "dns-01", "ca": "https://acme-staging-v02.api.letsencrypt.org/directory"}
2024/11/25 18:58:22.621 DEBUG tls.issuance.acme.acme_client http request {"method": "POST", "url": "https://acme-staging-v02.api.letsencrypt.org/acme/authz/173164964/15082829574", "headers": {"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.8.4 CertMagic acmez (linux; amd64)"]}, "response_headers": {"Boulder-Requester":["173164964"],"Cache-Control":["public, max-age=0, no-cache"],"Content-Length":["839"],"Content-Type":["application/json"],"Date":["Mon, 25 Nov 2024 18:58:22 GMT"],"Link":["<https://acme-staging-v02.api.letsencrypt.org/directory>;rel=\"index\""],"Replay-Nonce":["FW9SwLSL0J2aiPwTDnfmTLp8BMAmJJLAwUg10DPugCjpZqkGlGM"],"Server":["nginx"],"Strict-Transport-Security":["max-age=604800"],"X-Frame-Options":["DENY"]}, "status_code": 200}
2024/11/25 18:58:22.621 INFO tls.issuance.acme.acme_client trying to solve challenge {"identifier": "planesover.me", "challenge_type": "dns-01", "ca": "https://acme-staging-v02.api.letsencrypt.org/directory"}
2024/11/25 18:58:22.691 ERROR tls.issuance.acme.acme_client cleaning up solver {"identifier": "planesover.me", "challenge_type": "dns-01", "error": "no memory of presenting a DNS record for \"_acme-challenge.planesover.me\" (usually OK if presenting also failed)"}
2024/11/25 18:58:22.746 DEBUG tls.issuance.acme.acme_client http request {"method": "POST", "url": "https://acme-staging-v02.api.letsencrypt.org/acme/authz/173164964/15082829574", "headers": {"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.8.4 CertMagic acmez (linux; amd64)"]}, "response_headers": {"Boulder-Requester":["173164964"],"Cache-Control":["public, max-age=0, no-cache"],"Content-Length":["843"],"Content-Type":["application/json"],"Date":["Mon, 25 Nov 2024 18:58:22 GMT"],"Link":["<https://acme-staging-v02.api.letsencrypt.org/directory>;rel=\"index\""],"Replay-Nonce":["FW9SwLSLXbw2LCkwxJtV4FL2yEnfpPWQBOF2F8T8dSH2xS6QPL0"],"Server":["nginx"],"Strict-Transport-Security":["max-age=604800"],"X-Frame-Options":["DENY"]}, "status_code": 200}
2024/11/25 18:58:22.746 ERROR tls.obtain could not get certificate from issuer {"identifier": "planesover.me", "issuer": "acme-staging-v02.api.letsencrypt.org-directory", "error": "[planesover.me] solving challenges: presenting for challenge: adding temporary record for zone \"me.\": Invalid http response status, <html>\r\n<head><title>503 Service Temporarily Unavailable</title></head>\r\n<body>\r\n<center><h1>503 Service Temporarily Unavailable</h1></center>\r\n<hr><center>openresty</center>\r\n</body>\r\n</html>\r\n (order=https://acme-staging-v02.api.letsencrypt.org/acme/order/173164964/20787751374) (ca=https://acme-staging-v02.api.letsencrypt.org/directory)"}
2024/11/25 18:58:22.746 DEBUG events event {"name": "cert_failed", "id": "2c5ae5d5-04c0-42ec-8fdf-83c97efe60df", "origin": "tls", "data": {"error":{},"identifier":"planesover.me","issuers":["acme-staging-v02.api.letsencrypt.org-directory"],"renewal":false}}
2024/11/25 18:58:22.746 ERROR tls.obtain will retry {"error": "[planesover.me] Obtain: [planesover.me] solving challenges: presenting for challenge: adding temporary record for zone \"me.\": Invalid http response status, <html>\r\n<head><title>503 Service Temporarily Unavailable</title></head>\r\n<body>\r\n<center><h1>503 Service Temporarily Unavailable</h1></center>\r\n<hr><center>openresty</center>\r\n</body>\r\n</html>\r\n (order=https://acme-staging-v02.api.letsencrypt.org/acme/order/173164964/20787751374) (ca=https://acme-staging-v02.api.letsencrypt.org/directory)", "attempt": 1, "retrying_in": 60, "elapsed": 0.480505494, "max_duration": 2592000}
2024/11/25 18:58:22.875 DEBUG dynamic_dns found DNS record {"type": "A", "name": "", "zone": "planesover.me", "value": "136.62.47.18"}
2024/11/25 18:58:22.875 INFO dynamic_dns domain not found in DNS {"domain": "planesover.me", "type": "AAAA"}
2024/11/25 18:58:22.875 DEBUG dynamic_dns looked up current IPs from DNS {"lastIPs": {"planesover.me":{"A":["136.62.47.18"],"AAAA":[""]}}}
2024/11/25 18:58:22.932 DEBUG dynamic_dns.ip_sources.simple_http lookup {"type": "IPv4", "endpoint": "https://icanhazip.com", "ip": "136.62.47.18"}
2024/11/25 18:58:22.981 DEBUG dynamic_dns.ip_sources.simple_http lookup {"type": "IPv6", "endpoint": "https://icanhazip.com", "ip": "2605:a601:a098:6800:2823:2ff:fe68:a6c0"}
2024/11/25 18:58:22.981 INFO dynamic_dns updating DNS record {"zone": "planesover.me", "type": "AAAA", "name": "@", "value": "2605:a601:a098:6800:2823:2ff:fe68:a6c0", "ttl": 0}
2024/11/25 18:58:23.044 ERROR dynamic_dns failed setting DNS record(s) with new IP address(es) {"zone": "planesover.me", "error": "Invalid http response status, <html>\r\n<head><title>503 Service Temporarily Unavailable</title></head>\r\n<body>\r\n<center><h1>503 Service Temporarily Unavailable</h1></center>\r\n<hr><center>openresty</center>\r\n</body>\r\n</html>\r\n"}
2024/11/25 18:58:23.045 INFO dynamic_dns finished updating DNS {"current_ips": ["136.62.47.18", "2605:a601:a098:6800:2823:2ff:fe68:a6c0"]}
2024/11/25 18:58:23.064 ERROR tls.issuance.acme.acme_client cleaning up solver {"identifier": "api.planesover.me", "challenge_type": "dns-01", "error": "no memory of presenting a DNS record for \"_acme-challenge.api.planesover.me\" (usually OK if presenting also failed)"}
2024/11/25 18:58:23.123 DEBUG tls.issuance.acme.acme_client http request {"method": "POST", "url": "https://acme-staging-v02.api.letsencrypt.org/acme/authz/173164964/15082829564", "headers": {"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.8.4 CertMagic acmez (linux; amd64)"]}, "response_headers": {"Boulder-Requester":["173164964"],"Cache-Control":["public, max-age=0, no-cache"],"Content-Length":["847"],"Content-Type":["application/json"],"Date":["Mon, 25 Nov 2024 18:58:23 GMT"],"Link":["<https://acme-staging-v02.api.letsencrypt.org/directory>;rel=\"index\""],"Replay-Nonce":["jDZhkUVkLYL3fRPAo0KnSvi95oi244kadbLtYhlWfMve9pEulJM"],"Server":["nginx"],"Strict-Transport-Security":["max-age=604800"],"X-Frame-Options":["DENY"]}, "status_code": 200}
2024/11/25 18:58:23.123 ERROR tls.obtain could not get certificate from issuer {"identifier": "api.planesover.me", "issuer": "acme-staging-v02.api.letsencrypt.org-directory", "error": "[api.planesover.me] solving challenges: presenting for challenge: adding temporary record for zone \"me.\": Invalid http response status, {\"status\":\"ERROR\",\"message\":\"Invalid domain.\"} (order=https://acme-staging-v02.api.letsencrypt.org/acme/order/173164964/20787751364) (ca=https://acme-staging-v02.api.letsencrypt.org/directory)"}
2024/11/25 18:58:23.123 DEBUG events event {"name": "cert_failed", "id": "6706ae37-1744-4a05-9618-2b5e5dc72312", "origin": "tls", "data": {"error":{},"identifier":"api.planesover.me","issuers":["acme-staging-v02.api.letsencrypt.org-directory"],"renewal":false}}
2024/11/25 18:58:23.123 ERROR tls.obtain will retry {"error": "[api.planesover.me] Obtain: [api.planesover.me] solving challenges: presenting for challenge: adding temporary record for zone \"me.\": Invalid http response status, {\"status\":\"ERROR\",\"message\":\"Invalid domain.\"} (order=https://acme-staging-v02.api.letsencrypt.org/acme/order/173164964/20787751364) (ca=https://acme-staging-v02.api.letsencrypt.org/directory)", "attempt": 1, "retrying_in": 60, "elapsed": 0.857076787, "max_duration": 2592000}
^C2024/11/25 18:58:23.492 INFO shutting down {"signal": "SIGINT"}
2024/11/25 18:58:23.493 WARN exiting; byeee!! 👋 {"signal": "SIGINT"}
2024/11/25 18:58:23.493 INFO http servers shutting down with eternal grace period
2024/11/25 18:58:23.493 INFO tls.obtain releasing lock {"identifier": "planesover.me"}
2024/11/25 18:58:23.493 INFO tls.obtain releasing lock {"identifier": "api.planesover.me"}
2024/11/25 18:58:23.493 ERROR unable to clean up lock in storage backend {"signal": "SIGINT", "storage": "FileStorage:/root/.local/share/caddy", "lock_key": "issue_cert_planesover.me", "error": "remove /root/.local/share/caddy/locks/issue_cert_planesover.me.lock: no such file or directory"}
2024/11/25 18:58:23.493 ERROR unable to clean up lock in storage backend {"signal": "SIGINT", "storage": "FileStorage:/root/.local/share/caddy", "lock_key": "issue_cert_api.planesover.me", "error": "remove /root/.local/share/caddy/locks/issue_cert_api.planesover.me.lock: no such file or directory"}
2024/11/25 18:58:23.493 INFO admin stopped previous server {"address": "localhost:2019"}
2024/11/25 18:58:23.493 INFO shutdown complete {"signal": "SIGINT", "exit_code": 0}
All the stuff about benbuhse.com is expected, I don’t have it set up in my Caddyfile at all while I’m testing Caddy.
3. Caddy version:
2.8.4
4. How I installed and ran Caddy:
a. System environment:
amd64 Gentoo. Installed with portage.
b. Command:
Tried with both sudo caddy run and rc-service caddy start.
c. Service/unit/compose file:
#!/sbin/openrc-run
# Copyright 1999-2023 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
extra_commands="checkconfig"
extra_started_commands="reload"
description="Caddy web server"
pidfile=${pidfile:-"/run/${RC_SVCNAME}.pid"}
command="/usr/bin/caddy"
command_user="${command_user:-"http:http"}"
caddy_config="${caddy_config:-"/etc/caddy/Caddyfile"}"
command_args="${command_args:-"run --config ${caddy_config}"}"
command_background="true"
logfile="${logfile:-"/var/log/${RC_SVCNAME}/${RC_SVCNAME}.log"}"
start_stop_daemon_args="--user ${command_user%:*} --group ${command_user#*:}
--stdout ${logfile} --stderr ${logfile}"
: "${supervisor:=supervise-daemon}"
: "${respawn_delay:=5}"
: "${respawn_max:=10}"
: "${respawn_period:=60}"
depend() {
need net
}
checkconfig() {
if [ ! -f "${caddy_config}" ] ; then
ewarn "${caddy_config} does not exist."
return 1
fi
"${command}" validate --config "${caddy_config}" >> "${logfile}" 2>&1
}
start() {
checkconfig || { eerror "Invalid configuration file !" && return 1; }
checkpath --directory --mode 755 --owner root "${pidfile%/*}"
checkpath --directory --mode 755 --owner "${command_user}" "${logfile%/*}"
default_start
}
reload() {
if ! service_started "${SVCNAME}" ; then
eerror "${SVCNAME} isn't running"
return 1
fi
checkconfig || { eerror "Invalid configuration file !" && return 1; }
ebegin "Reloading ${SVCNAME}"
"${command}" reload --force --config "${caddy_config}" > /dev/null 2>&1
eend $?
}
d. My complete Caddy config:
{
debug
email me@benbuhse.email
acme_ca https://acme-staging-v02.api.letsencrypt.org/directory
acme_dns porkbun {
api_key {file./etc/caddy/creds/porkbun_api_key}
api_secret_key {file./etc/caddy/creds/porkbun_secret_key}
}
dynamic_dns {
provider porkbun {
api_key {file./etc/caddy/creds/porkbun_api_key}
api_secret_key {file./etc/caddy/creds/porkbun_secret_key}
}
domains {
planesover.me
}
}
}
# planesover.me server
planesover.me {
root * /var/www/planesoverme-client/
try_files {path} /
file_server
encode zstd gzip
}
# planesover.me client reverse-proxy
api.planesover.me {
reverse_proxy http://192.168.1.2:3000 {
header_down "Access-Control-Allow-Origin" "https://planesover.me"
header_down "Access-Control-Allow-Methods" "GET, POST, OPTIONS"
header_down "Access-Control-Allow-Headers" "Authorization"
}
encode zstd gzip
}