1. Output of caddy version
:
caddy:2
2. How I run Caddy:
via docker-compose file
a. System environment:
WSL2 with Ubuntu 20.4
b. Command:
docker compose up -d
c. Service/unit/compose file:
version: '3'
services:
vaultwarden:
image: vaultwarden/server:latest
container_name: vaultwarden
restart: always
environment:
WEBSOCKET_ENABLED: "true" # Enable WebSocket notifications.
# DOMAIN: "https://ubuntu22"
SIGNUPS_ALLOWED: "false"
INVITATIONS_ALLOWED: "false"
LOG_LEVEL: "warn"
# DOMAIN: "localhost"
SMTP_HOST: "smtp.google.com"
SMTP_FROM: "myemail"
SMTP_PORT: "587"
SMTP_SECURITY: "starttls"
SMTP_USERNAME: "myemail"
SMTP_PASSWORD: "nothing"
volumes:
- ./vw-data:/data
caddy:
image: caddy:2
container_name: caddy
restart: always
ports:
- 80:80 # Needed for the ACME HTTP-01 challenge.
- 443:443
volumes:
- ./caddy:/usr/bin/caddy # Your custom build of Caddy
- ./Caddyfile:/etc/caddy/Caddyfile:ro
- ./caddy-config:/config
- ./caddy-data:/data
environment:
DOMAIN: "subdomain.duckdns.org" # Your domain.
EMAIL: "zung102@yahoo.com" # The email address to use for ACME registration.
DUCKDNS_TOKEN: "token taken from duckdns website"
LOG_FILE: "/data/access.log"
d. My complete Caddy config:
{$DOMAIN}:443 {
log {
level INFO
output file {$LOG_FILE} {
roll_size 10MB
roll_keep 10
}
}
# Use the ACME HTTP-01 challenge to get a cert for the configured domain.
# tls zung102@yahoo.com
tls {
dns duckdns {$DUCKDNS_TOKEN}
}
# This setting may have compatibility issues with some browsers
# (e.g., attachment downloading on Firefox). Try disabling this
# if you encounter issues.
encode gzip
header {
# Enable cross-site filter (XSS) and tell browser to block detected attacks
X-XSS-Protection "1; mode=block"
# Disallow the site to be rendered within a frame (clickjacking protection)
X-Frame-Options "DENY"
# Prevent search engines from indexing (optional)
X-Robots-Tag "none"
}
# Notifications redirected to the WebSocket server
# The negotiation endpoint is also proxied to Rocket
reverse_proxy /notifications/hub/negotiate vaultwarden:80
# Notifications redirected to the websockets server
reverse_proxy /notifications/hub vaultwarden:3012
# Proxy everything else to Rocket
reverse_proxy vaultwarden:80 {
# Send the true remote IP to Rocket, so that vaultwarden can put this in the
# log, so that fail2ban can ban the correct IP.
header_up X-Real-IP {remote_host}
}
]
3. The problem I’m having:
Starting up vaultwarden and caddy services with this command
docker compose up -d
vaultwarden log showed no error.
Caddy log showed errors trying to obtain the certificates.
Below was the resultsof curl command …
zung@Dzungabc:~/vaultwarden$ curl -v 172.20.0.2
- Trying 172.20.0.2:80…
- TCP_NODELAY set
that was all the command produced for vaultwarden interface… same for Caddy network interface.
4. Error messages and/or full log output:
2023-01-19 13:34:12 {"level":"info","ts":1674153252.1390576,"logger":"http","msg":"waiting on internal rate limiter","identifiers":["new.vfor25.duckdns.org"],"ca":"https://acme-v02.api.letsencrypt.org/directory","account":"zung102@yahoo.com"}
2023-01-19 13:34:12 {"level":"info","ts":1674153252.1391258,"logger":"http","msg":"done waiting on internal rate limiter","identifiers":["new.vfor25.duckdns.org"],"ca":"https://acme-v02.api.letsencrypt.org/directory","account":"zung102@yahoo.com"}
2023-01-19 13:34:12 {"level":"info","ts":1674153252.9048848,"logger":"http.acme_client","msg":"trying to solve challenge","identifier":"new.vfor25.duckdns.org","challenge_type":"dns-01","ca":"https://acme-v02.api.letsencrypt.org/directory"}
2023-01-19 13:34:12 {"level":"error","ts":1674153252.941441,"logger":"http.acme_client","msg":"cleaning up solver","identifier":"new.vfor25.duckdns.org","challenge_type":"dns-01","error":"no memory of presenting a DNS record for \"_acme-challenge.new.vfor25.duckdns.org\" (usually OK if presenting also failed)"}
2023-01-19 13:34:13 {"level":"error","ts":1674153253.0403888,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"new.vfor25.duckdns.org","issuer":"acme-v02.api.letsencrypt.org-directory","error":"[new.vfor25.duckdns.org] solving challenges: presenting for challenge: could not determine zone for domain \"_acme-challenge.new.vfor25.duckdns.org\": could not find the start of authority for _acme-challenge.new.vfor25.duckdns.org.: NOERROR (order=https://acme-v02.api.letsencrypt.org/acme/order/914577057/159805968087) (ca=https://acme-v02.api.letsencrypt.org/directory)"}
5. What I already tried:
I have almost identical setup in a PC with native Ubuntu22.04 and it was successful for both Vaultwarden and Caddy
6. Links to relevant resources:
I do not understand the meanings of the errors. Any help is really appreciated.