Docker usage and cert issuing

1. The problem I’m having:

Hi all, i’m using a Caddy as a container, and lately i start encountering errors with duplicate certificate rates exceeded.

2. Error messages and/or full log output:

{"level":"error","ts":1727331999.2136056,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"domain","issuer":"acme-v02.api.letsencrypt.org-directory","error":"HTTP 429 urn:ietf:params:acme:error:rateLimited - too many certificates (5) already issued for this exact set of domains in the last 168h0m0s, retry after 2024-09-26 16:14:04 UTC: see https://letsencrypt.org/docs/duplicate-certificate-limit/"}

3. Caddy version:

I’m running caddy as a docker image caddy:2.7.6

4. How I installed and ran Caddy:

Caddy run in docker compose

a. System environment:

Docker

c. Service/unit/compose file:

 caddy:
    container_name: caddy
    image: caddy:2.7.6
    env_file:
      - .env
    ports:
      - "80:80"
      - "443:443"
    volumes:
      - ./docker/caddy/Caddyfile:/etc/caddy/Caddyfile
    depends_on:
      - api

d. My complete Caddy config:

{$API_DOMAIN} {
	reverse_proxy api:8000
}

When i do docker compose build (to rebuild images of other services caddy is not rebuilded because it’s the same image) and docker compose up, caddy triggers cert renewal for some reasons

See Keep Caddy Running — Caddy Documentation. You must have a volume for /data, otherwise every time you recreate the container you throw away your certificates, so they need to get reissued, meaning you hit rate limits.

Now that you’ve hit rate limits, you’re stuck and you’ll need to wait until they’re cleared, or use a different domain.

Please use the latest version, v2.8.4

2 Likes

Many thanks for help, it solved the issue for me