1. The problem I’m having:
I am attempting to get a certificate by using the DNS challenge, my provider is namecheap.
2. Error messages and/or full log output:
caddy-frontend-1 | {"level":"info","ts":1734807065.8292556,"msg":"using config from file","file":"/etc/caddy/Caddyfile"}
caddy-frontend-1 | {"level":"warn","ts":1734807065.8303928,"logger":"caddyfile","msg":"Unnecessary header_up X-Forwarded-For: the reverse proxy's default behavior is to pass headers to the upstream"}
caddy-frontend-1 | {"level":"warn","ts":1734807065.8305776,"logger":"caddyfile","msg":"Unnecessary header_up X-Forwarded-Proto: the reverse proxy's default behavior is to pass headers to the upstream"}
caddy-frontend-1 | {"level":"info","ts":1734807065.8320034,"msg":"adapted config to JSON","adapter":"caddyfile"}
caddy-frontend-1 | {"level":"warn","ts":1734807065.8321807,"msg":"Caddyfile input is not formatted; run 'caddy fmt --overwrite' to fix inconsistencies","adapter":"caddyfile","file":"/etc/caddy/Caddyfile","line":1}
caddy-frontend-1 | {"level":"info","ts":1734807065.833414,"logger":"admin","msg":"admin endpoint started","address":"localhost:2019","enforce_origin":false,"origins":["//localhost:2019","//[::1]:2019","//*********:2019"]}
caddy-frontend-1 | {"level":"info","ts":1734807065.8339405,"logger":"http.auto_https","msg":"server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS","server_name":"srv0","https_port":443}
caddy-frontend-1 | {"level":"info","ts":1734807065.8341002,"logger":"http.auto_https","msg":"enabling automatic HTTP->HTTPS redirects","server_name":"srv0"}
caddy-frontend-1 | {"level":"info","ts":1734807065.834681,"logger":"http","msg":"enabling HTTP/3 listener","addr":":443"}
caddy-frontend-1 | {"level":"info","ts":1734807065.8349195,"msg":"failed to sufficiently increase receive buffer size (was: 208 kiB, wanted: 7168 kiB, got: 416 kiB). See https://github.com/quic-go/quic-go/wiki/UDP-Buffer-Sizes for details."}
caddy-frontend-1 | {"level":"info","ts":1734807065.8352337,"logger":"http.log","msg":"server running","name":"srv0","protocols":["h1","h2","h3"]}
caddy-frontend-1 | {"level":"info","ts":1734807065.8354578,"logger":"http.log","msg":"server running","name":"remaining_auto_https_redirects","protocols":["h1","h2","h3"]}
caddy-frontend-1 | {"level":"info","ts":1734807065.8356023,"logger":"http","msg":"enabling automatic TLS certificate management","domains":["nc.aslan.cx"]}
caddy-frontend-1 | {"level":"info","ts":1734807065.8359253,"msg":"autosaved config (load with --resume flag)","file":"/config/caddy/autosave.json"}
caddy-frontend-1 | {"level":"info","ts":1734807065.8360724,"msg":"serving initial configuration"}
caddy-frontend-1 | {"level":"info","ts":1734807065.8364809,"logger":"tls.obtain","msg":"acquiring lock","identifier":"nc.aslan.cx"}
caddy-frontend-1 | {"level":"info","ts":1734807065.8369062,"logger":"tls.cache.maintenance","msg":"started background certificate maintenance","cache":"0xc0000cb180"}
caddy-frontend-1 | {"level":"info","ts":1734807065.8378665,"logger":"tls.obtain","msg":"lock acquired","identifier":"nc.aslan.cx"}
caddy-frontend-1 | {"level":"info","ts":1734807065.8380892,"logger":"tls.obtain","msg":"obtaining certificate","identifier":"nc.aslan.cx"}
caddy-frontend-1 | {"level":"info","ts":1734807065.8543036,"logger":"tls","msg":"cleaning storage unit","storage":"FileStorage:/data/caddy"}
caddy-frontend-1 | {"level":"info","ts":1734807065.8545947,"logger":"tls","msg":"finished cleaning storage units"}
caddy-frontend-1 | {"level":"info","ts":1734807066.669428,"logger":"tls.issuance.acme","msg":"waiting on internal rate limiter","identifiers":["nc.aslan.cx"],"ca":"https://acme-v02.api.letsencrypt.org/directory","account":""}
caddy-frontend-1 | {"level":"info","ts":1734807066.6695213,"logger":"tls.issuance.acme","msg":"done waiting on internal rate limiter","identifiers":["nc.aslan.cx"],"ca":"https://acme-v02.api.letsencrypt.org/directory","account":""}
caddy-frontend-1 | {"level":"info","ts":1734807066.6696029,"logger":"tls.issuance.acme","msg":"using ACME account","account_id":"https://acme-v02.api.letsencrypt.org/acme/acct/2126636525","account_contact":[]}
caddy-frontend-1 | {"level":"info","ts":1734807067.0502334,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"nc.aslan.cx","challenge_type":"dns-01","ca":"https://acme-v02.api.letsencrypt.org/directory"}
caddy-frontend-1 | {"level":"error","ts":1734807067.8478088,"logger":"tls.issuance.acme.acme_client","msg":"cleaning up solver","identifier":"nc.aslan.cx","challenge_type":"dns-01","error":"no memory of presenting a DNS record for \"_acme-challenge.nc.aslan.cx\" (usually OK if presenting also failed)"}
caddy-frontend-1 | {"level":"error","ts":1734807068.0385704,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"nc.aslan.cx","issuer":"acme-v02.api.letsencrypt.org-directory","error":"[nc.aslan.cx] solving challenges: presenting for challenge: adding temporary record for zone \"aslan.cx.\": namecheap api returned error in response. Err: Error0: Parameter APIUser is missing\t (order=https://acme-v02.api.letsencrypt.org/acme/order/2126636525/335758641535) (ca=https://acme-v02.api.letsencrypt.org/directory)"}
caddy-frontend-1 | {"level":"error","ts":1734807068.0388246,"logger":"tls.obtain","msg":"will retry","error":"[nc.aslan.cx] Obtain: [nc.aslan.cx] solving challenges: presenting for challenge: adding temporary record for zone \"aslan.cx.\": namecheap api returned error in response. Err: Error0: Parameter APIUser is missing\t (order=https://acme-v02.api.letsencrypt.org/acme/order/2126636525/335758641535) (ca=https://acme-v02.api.letsencrypt.org/directory)","attempt":1,"retrying_in":60,"elapsed":2.200818294,"max_duration":2592000}
3. Caddy version:
v2.8.4 h1:q3pe0wpBj1OcHFZ3n/1nl4V4bxBrYoSoab7rL9BMYNk=
4. How I installed and ran Caddy:
Dockerfile
FROM caddy:2.8.4-builder-alpine AS builder
RUN xcaddy build --with github.com/caddy-dns/namecheap
FROM caddy:2.8.4-alpine
COPY --from=builder /usr/bin/caddy /usr/bin/caddy
docker-compose.yaml
services:
caddy-frontend:
build: .
restart: always
ports:
- "80:80"
- "443:443"
volumes:
- caddy_data:/data
- caddy_config:/config
environment:
- NAMECHEAP_API_KEY=xxxxxxxxxxxxxxxxx
- NAMECHEAP_USERNAME=xxxxxxxxxxxxxxxx
configs:
- source: Caddyfile
target: /etc/caddy/Caddyfile
configs:
Caddyfile:
content: |
nc.aslan.cx {
tls {
dns namecheap {
api_key {env.NAMECHEAP_API_KEY}
user {env.NAMECHEAP_API_USER}
}
}
reverse_proxy https://192.168.15.2:9000 {
header_up Host {host}
header_up X-Real-IP {remote}
header_up X-Forwarded-For {remote}
header_up X-Forwarded-Proto {scheme}
transport http {
tls_insecure_skip_verify
}
}
}
volumes:
caddy_data:
caddy_config:
a. System environment:
Debian 12 guest running in Proxmox.
Docker version 27.4.1
b. Command:
docker compose up