1. Caddy version (caddy version
):
caddy:2.4.3-alpine
2. How I run Caddy:
a. System environment:
Ubuntu 20.04 on DigitalOcean Droplet
Docker version 19.03.13, build 4484c46d9d
b. Command:
docker-compose up --build
c. Service/unit/compose file:
version: "3.7"
services:
database:
image: postgres:13-alpine
restart: always
environment:
POSTGRES_PASSWORD: postgres
POSTGRES_USER: postgres
APP_DB_NAME: snippy_prod
APP_DB_USER: jeepers3327
volumes:
- ./db:/docker-entrypoint-initdb.d/
- postgres_data:/var/lib/postgresql/data/
expose:
- 5432
networks:
- webserver
sessions:
image: redis:6.2-alpine
volumes:
- redis_data:/redis/data
ports:
- 6379
networks:
- webserver
backend:
build: ./backend
restart: unless-stopped
env_file: ./backend/.env.production
depends_on:
- database
- sessions
networks:
- webserver
frontend:
build: ./frontend
restart: unless-stopped
depends_on:
- backend
networks:
- webserver
proxy:
image: caddy:2.4.3-alpine
restart: unless-stopped
ports:
- 80:80
- 443:443
volumes:
- $PWD/Caddyfile:/etc/caddy/Caddyfile
- caddy_data:/data
- caddy_config:/config
depends_on:
- backend
- frontend
networks:
- webserver
volumes:
redis_data:
postgres_data:
caddy_data:
caddy_config:
networks:
webserver:
external: true
d. My complete Caddyfile or JSON config:
{
email [REDACTED]
acme_ca https://acme-staging-v02.api.letsencrypt.org/directory
}
snippy.blanknodes.com {
reverse_proxy frontend:3000
}
snippy.blanknodes.com/api {
reverse_proxy backend:4000
}
3. The problem I’m having:
I cannot seem to make LetsEncrypt to issue a certificate for my domain name.
4. Error messages and/or full log output:
proxy_1 | {"level":"info","ts":1626878188.2895792,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"snippy.blanknodes.com","challenge_type":"http-01","ca":"https://acme-staging-v02.api.letsencrypt.org/directory"}
proxy_1 | {"level":"error","ts":1626878188.923985,"logger":"tls.issuance.acme.acme_client","msg":"challenge failed","identifier":"snippy.blanknodes.com","challenge_type":"http-01","status_code":400,"problem_type":"urn:ietf:params:acme:error:dns","error":"DNS problem: NXDOMAIN looking up A for snippy.blanknodes.com - check that a DNS record exists for this domain"}
proxy_1 | {"level":"error","ts":1626878188.925101,"logger":"tls.issuance.acme.acme_client","msg":"validating authorization","identifier":"snippy.blanknodes.com","error":"authorization failed: HTTP 400 urn:ietf:params:acme:error:dns - DNS problem: NXDOMAIN looking up A for snippy.blanknodes.com - check that a DNS record exists for this domain","order":"https://acme-staging-v02.api.letsencrypt.org/acme/order/20550178/113467668","attempt":1,"max_attempts":3}
proxy_1 | {"level":"info","ts":1626878190.3350503,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"snippy.blanknodes.com","challenge_type":"tls-alpn-01","ca":"https://acme-staging-v02.api.letsencrypt.org/directory"}
proxy_1 | {"level":"error","ts":1626878190.9651515,"logger":"tls.issuance.acme.acme_client","msg":"challenge failed","identifier":"snippy.blanknodes.com","challenge_type":"tls-alpn-01","status_code":400,"problem_type":"urn:ietf:params:acme:error:dns","error":"DNS problem: NXDOMAIN looking up A for snippy.blanknodes.com - check that a DNS record exists for this domain"}
proxy_1 | {"level":"error","ts":1626878190.966305,"logger":"tls.issuance.acme.acme_client","msg":"validating authorization","identifier":"snippy.blanknodes.com","error":"authorization failed: HTTP 400 urn:ietf:params:acme:error:dns - DNS problem: NXDOMAIN looking up A for snippy.blanknodes.com - check that a DNS record exists for this domain","order":"https://acme-staging-v02.api.letsencrypt.org/acme/order/20550178/113467838","attempt":2,"max_attempts":3}
proxy_1 | {"level":"error","ts":1626878192.5552564,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"snippy.blanknodes.com","issuer":"acme-staging-v02.api.letsencrypt.org-directory","error":"[snippy.blanknodes.com] solving challenges: snippy.blanknodes.com: no solvers available for remaining challenges (configured=[http-01 tls-alpn-01] offered=[http-01 dns-01 tls-alpn-01] remaining=[dns-01]) (order=https://acme-staging-v02.api.letsencrypt.org/acme/order/20550178/113468008) (ca=https://acme-staging-v02.api.letsencrypt.org/directory)"}
proxy_1 | {"level":"error","ts":1626878192.5565252,"logger":"tls.obtain","msg":"will retry","error":"[snippy.blanknodes.com] Obtain: [snippy.blanknodes.com] solving challenges: snippy.blanknodes.com: no solvers available for remaining challenges (configured=[http-01 tls-alpn-01] offered=[http-01 dns-01 tls-alpn-01] remaining=[dns-01]) (order=https://acme-staging-v02.api.letsencrypt.org/acme/order/20550178/113468008) (ca=https://acme-staging-v02.api.letsencrypt.org/directory)","attempt":2,"retrying_in":120,"elapsed":71.683335569,"max_duration":2592000}
proxy_1 | {"level":"info","ts":1626878313.7159433,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"snippy.blanknodes.com","challenge_type":"http-01","ca":"https://acme-staging-v02.api.letsencrypt.org/directory"}
proxy_1 | {"level":"error","ts":1626878314.3457026,"logger":"tls.issuance.acme.acme_client","msg":"challenge failed","identifier":"snippy.blanknodes.com","challenge_type":"http-01","status_code":400,"problem_type":"urn:ietf:params:acme:error:dns","error":"DNS problem: NXDOMAIN looking up A for snippy.blanknodes.com - check that a DNS record exists for this domain"}
proxy_1 | {"level":"error","ts":1626878314.346778,"logger":"tls.issuance.acme.acme_client","msg":"validating authorization","identifier":"snippy.blanknodes.com","error":"authorization failed: HTTP 400 urn:ietf:params:acme:error:dns - DNS problem: NXDOMAIN looking up A for snippy.blanknodes.com - check that a DNS record exists for this domain","order":"https://acme-staging-v02.api.letsencrypt.org/acme/order/20550178/113479038","attempt":1,"max_attempts":3}
proxy_1 | {"level":"info","ts":1626878315.7416356,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"snippy.blanknodes.com","challenge_type":"tls-alpn-01","ca":"https://acme-staging-v02.api.letsencrypt.org/directory"}
proxy_1 | {"level":"error","ts":1626878317.2940028,"logger":"tls.issuance.acme.acme_client","msg":"challenge failed","identifier":"snippy.blanknodes.com","challenge_type":"tls-alpn-01","status_code":400,"problem_type":"urn:ietf:params:acme:error:dns","error":"DNS problem: NXDOMAIN looking up A for snippy.blanknodes.com - check that a DNS record exists for this domain"}
proxy_1 | {"level":"error","ts":1626878317.2951005,"logger":"tls.issuance.acme.acme_client","msg":"validating authorization","identifier":"snippy.blanknodes.com","error":"authorization failed: HTTP 400 urn:ietf:params:acme:error:dns - DNS problem: NXDOMAIN looking up A for snippy.blanknodes.com - check that a DNS record exists for this domain","order":"https://acme-staging-v02.api.letsencrypt.org/acme/order/20550178/113479188","attempt":2,"max_attempts":3}
proxy_1 | {"level":"error","ts":1626878318.9292696,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"snippy.blanknodes.com","issuer":"acme-staging-v02.api.letsencrypt.org-directory","error":"[snippy.blanknodes.com] solving challenges: snippy.blanknodes.com: no solvers available for remaining challenges (configured=[http-01 tls-alpn-01] offered=[http-01 dns-01 tls-alpn-01] remaining=[dns-01]) (order=https://acme-staging-v02.api.letsencrypt.org/acme/order/20550178/113479448) (ca=https://acme-staging-v02.api.letsencrypt.org/directory)"}
proxy_1 | {"level":"error","ts":1626878318.9304214,"logger":"tls.obtain","msg":"will retry","error":"[snippy.blanknodes.com] Obtain: [snippy.blanknodes.com] solving challenges: snippy.blanknodes.com: no solvers available for remaining challenges (configured=[http-01 tls-alpn-01] offered=[http-01 dns-01 tls-alpn-01] remaining=[dns-01]) (order=https://acme-staging-v02.api.letsencrypt.org/acme/order/20550178/113479448) (ca=https://acme-staging-v02.api.letsencrypt.org/directory)","attempt":3,"retrying_in":120,"elapsed":198.057243988,"max_duration":2592000}
5. What I already tried:
Before I run the compose file I made sure that the domain name points to the public IP of my DigitalOcean droplet. I added a A
record to my DNS records.
I am using porkbun as my domain name provider.
I have experience deploying traefik app by simply creating a A
record for my subdomain name and it works perfectly upon deployment to GCP Compute.