ERR_SSL_PROTOCOL_ERROR after failure to renew certificate

1. The problem I’m having:

I initially received an error, viewing the previously working website showed: “SEC_ERROR_EXPIRED_CERTIFICATE”.

I attempted to fix this myself by following the advice of another post here, which said to delete the related “URL folder” and reload caddy due to a bug that stopped caddy auto-renewing.

After doing so, I now get addiferent error:
“ERR_SSL_PROTOCOL_ERROR”

2. Error messages and/or full log output:

Jun 23 14:43:12 calcifer caddy[1008]: {"level":"info","ts":1719117792.4391234,"logger":"tls.renew","msg":"renewing certificate","identifier":"mitchflix.net","remaining":-261962.439121463}
Jun 23 14:43:13 calcifer caddy[1008]: {"level":"info","ts":1719117793.7041316,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"mitchflix.net","challenge_type":"dns>
Jun 23 14:43:13 calcifer caddy[1008]: {"level":"error","ts":1719117793.9657297,"logger":"tls.issuance.acme.acme_client","msg":"cleaning up solver","identifier":"mitchflix.net","challenge_type":"dns-01",">
Jun 23 14:43:14 calcifer caddy[1008]: {"level":"error","ts":1719117794.2104225,"logger":"tls.renew","msg":"could not get certificate from issuer","identifier":"mitchflix.net","issuer":"acme-v02.api.letse>
Jun 23 14:43:14 calcifer caddy[1008]: {"level":"error","ts":1719117794.210461,"logger":"tls.renew","msg":"will retry","error":"[mitchflix.net] Renew: [mitchflix.net] solving challenges: presenting for ch>
Jun 23 14:52:13 calcifer caddy[1008]: {"level":"info","ts":1719118333.736356,"logger":"tls.cache.maintenance","msg":"certificate expires soon; queuing for renewal","identifiers":["mitchflix.net"],"remain>
Jun 23 15:02:13 calcifer caddy[1008]: {"level":"info","ts":1719118933.7361853,"logger":"tls.cache.maintenance","msg":"certificate expires soon; queuing for renewal","identifiers":["mitchflix.net"],"remai>
Jun 23 15:12:13 calcifer caddy[1008]: {"level":"info","ts":1719119533.736418,"logger":"tls.cache.maintenance","msg":"certificate expires soon; queuing for renewal","identifiers":["mitchflix.net"],"remain>
Jun 23 15:22:13 calcifer caddy[1008]: {"level":"info","ts":1719120133.736081,"logger":"tls.cache.maintenance","msg":"certificate expires soon; queuing for renewal","identifiers":["mitchflix.net"],"remain>
Jun 23 15:32:13 calcifer caddy[1008]: {"level":"info","ts":1719120733.735705,"logger":"tls.cache.maintenance","msg":"certificate expires soon; queuing for renewal","identifiers":["mitchflix.net"],"remain>
Jun 23 15:42:13 calcifer caddy[1008]: {"level":"info","ts":1719121333.7363355,"logger":"tls.cache.maintenance","msg":"certificate expires soon; queuing for renewal","identifiers":["mitchflix.net"],"remai>
Jun 23 15:52:13 calcifer caddy[1008]: {"level":"info","ts":1719121933.7357013,"logger":"tls.cache.maintenance","msg":"certificate expires soon; queuing for renewal","identifiers":["mitchflix.net"],"remai>
Jun 23 16:02:13 calcifer caddy[1008]: {"level":"info","ts":1719122533.7362587,"logger":"tls.cache.maintenance","msg":"certificate expires soon; queuing for renewal","identifiers":["mitchflix.net"],"remai>
Jun 23 16:12:13 calcifer caddy[1008]: {"level":"info","ts":1719123133.7363439,"logger":"tls.cache.maintenance","msg":"certificate expires soon; queuing for renewal","identifiers":["mitchflix.net"],"remai>
Jun 23 16:22:13 calcifer caddy[1008]: {"level":"info","ts":1719123733.7363732,"logger":"tls.cache.maintenance","msg":"certificate expires soon; queuing for renewal","identifiers":["mitchflix.net"],"remai>
Jun 23 16:32:13 calcifer caddy[1008]: {"level":"info","ts":1719124333.7360432,"logger":"tls.cache.maintenance","msg":"certificate expires soon; queuing for renewal","identifiers":["mitchflix.net"],"remai>
Jun 23 16:42:13 calcifer caddy[1008]: {"level":"info","ts":1719124933.736262,"logger":"tls.cache.maintenance","msg":"certificate expires soon; queuing for renewal","identifiers":["mitchflix.net"],"remain>
Jun 23 16:52:13 calcifer caddy[1008]: {"level":"info","ts":1719125533.7360039,"logger":"tls.cache.maintenance","msg":"certificate expires soon; queuing for renewal","identifiers":["mitchflix.net"],"remai>
Jun 23 17:02:13 calcifer caddy[1008]: {"level":"info","ts":1719126133.7366436,"logger":"tls.cache.maintenance","msg":"certificate expires soon; queuing for renewal","identifiers":["mitchflix.net"],"remai>
Jun 23 17:12:13 calcifer caddy[1008]: {"level":"info","ts":1719126733.7362483,"logger":"tls.cache.maintenance","msg":"certificate expires soon; queuing for renewal","identifiers":["mitchflix.net"],"remai>
Jun 23 17:22:13 calcifer caddy[1008]: {"level":"info","ts":1719127333.73666,"logger":"tls.cache.maintenance","msg":"certificate expires soon; queuing for renewal","identifiers":["mitchflix.net"],"remaini>
Jun 23 17:32:13 calcifer caddy[1008]: {"level":"info","ts":1719127933.7356758,"logger":"tls.cache.maintenance","msg":"certificate expires soon; queuing for renewal","identifiers":["mitchflix.net"],"remai>
Jun 23 17:42:13 calcifer caddy[1008]: {"level":"info","ts":1719128533.7362783,"logger":"tls.cache.maintenance","msg":"certificate expires soon; queuing for renewal","identifiers":["mitchflix.net"],"remai>
Jun 23 17:52:13 calcifer caddy[1008]: {"level":"info","ts":1719129133.736174,"logger":"tls.cache.maintenance","msg":"certificate expires soon; queuing for renewal","identifiers":["mitchflix.net"],"remain>
Jun 23 18:02:13 calcifer caddy[1008]: {"level":"info","ts":1719129733.7366502,"logger":"tls.cache.maintenance","msg":"certificate expires soon; queuing for renewal","identifiers":["mitchflix.net"],"remai>
Jun 23 18:12:13 calcifer caddy[1008]: {"level":"info","ts":1719130333.735807,"logger":"tls.cache.maintenance","msg":"certificate expires soon; queuing for renewal","identifiers":["mitchflix.net"],"remain>
Jun 23 18:22:13 calcifer caddy[1008]: {"level":"info","ts":1719130933.736215,"logger":"tls.cache.maintenance","msg":"certificate expires soon; queuing for renewal","identifiers":["mitchflix.net"],"remain>
Jun 23 18:32:13 calcifer caddy[1008]: {"level":"info","ts":1719131533.7360868,"logger":"tls.cache.maintenance","msg":"certificate expires soon; queuing for renewal","identifiers":["mitchflix.net"],"remai>
Jun 23 18:42:13 calcifer caddy[1008]: {"level":"info","ts":1719132133.736473,"logger":"tls.cache.maintenance","msg":"certificate expires soon; queuing for renewal","identifiers":["mitchflix.net"],"remain>
Jun 23 18:52:13 calcifer caddy[1008]: {"level":"info","ts":1719132733.7364755,"logger":"tls.cache.maintenance","msg":"certificate expires soon; queuing for renewal","identifiers":["mitchflix.net"],"remai>
Jun 23 19:02:13 calcifer caddy[1008]: {"level":"info","ts":1719133333.7356699,"logger":"tls.cache.maintenance","msg":"certificate expires soon; queuing for renewal","identifiers":["mitchflix.net"],"remai>
Jun 23 19:12:13 calcifer caddy[1008]: {"level":"info","ts":1719133933.736083,"logger":"tls.cache.maintenance","msg":"certificate expires soon; queuing for renewal","identifiers":["mitchflix.net"],"remain>
Jun 23 19:22:13 calcifer caddy[1008]: {"level":"info","ts":1719134533.736552,"logger":"tls.cache.maintenance","msg":"certificate expires soon; queuing for renewal","identifiers":["mitchflix.net"],"remain>
Jun 23 19:32:13 calcifer caddy[1008]: {"level":"info","ts":1719135133.7366185,"logger":"tls.cache.maintenance","msg":"certificate expires soon; queuing for renewal","identifiers":["mitchflix.net"],"remai>
Jun 23 19:42:13 calcifer caddy[1008]: {"level":"info","ts":1719135733.736418,"logger":"tls.cache.maintenance","msg":"certificate expires soon; queuing for renewal","identifiers":["mitchflix.net"],"remain>
Jun 23 19:52:13 calcifer caddy[1008]: {"level":"info","ts":1719136333.7366254,"logger":"tls.cache.maintenance","msg":"certificate expires soon; queuing for renewal","identifiers":["mitchflix.net"],"remai>
Jun 23 20:02:13 calcifer caddy[1008]: {"level":"info","ts":1719136933.7363403,"logger":"tls.cache.maintenance","msg":"certificate expires soon; queuing for renewal","identifiers":["mitchflix.net"],"remai>
Jun 23 20:12:13 calcifer caddy[1008]: {"level":"info","ts":1719137533.7361393,"logger":"tls.cache.maintenance","msg":"certificate expires soon; queuing for renewal","identifiers":["mitchflix.net"],"remai>
Jun 23 20:22:13 calcifer caddy[1008]: {"level":"info","ts":1719138133.7361264,"logger":"tls.cache.maintenance","msg":"certificate expires soon; queuing for renewal","identifiers":["mitchflix.net"],"remai>
Jun 23 20:32:13 calcifer caddy[1008]: {"level":"info","ts":1719138733.736243,"logger":"tls.cache.maintenance","msg":"certificate expires soon; queuing for renewal","identifiers":["mitchflix.net"],"remain>
Jun 23 20:35:25 calcifer caddy[1008]: {"level":"info","ts":1719138925.928219,"logger":"admin.api","msg":"received request","method":"GET","host":"localhost:2019","uri":"/pki/ca/local","remote_ip":"127.0.>
Jun 23 20:42:13 calcifer caddy[1008]: {"level":"info","ts":1719139333.73634,"logger":"tls.cache.maintenance","msg":"certificate expires soon; queuing for renewal","identifiers":["mitchflix.net"],"remaini>
Jun 23 20:43:14 calcifer caddy[1008]: {"level":"info","ts":1719139394.2116928,"logger":"tls.renew","msg":"renewing certificate","identifier":"mitchflix.net","remaining":-283564.21169079}
Jun 23 20:43:15 calcifer caddy[1008]: {"level":"info","ts":1719139395.738764,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"mitchflix.net","challenge_type":"dns->
Jun 23 20:43:16 calcifer caddy[1008]: {"level":"error","ts":1719139396.044106,"logger":"tls.issuance.acme.acme_client","msg":"cleaning up solver","identifier":"mitchflix.net","challenge_type":"dns-01","e>
Jun 23 20:43:16 calcifer caddy[1008]: {"level":"error","ts":1719139396.2911086,"logger":"tls.renew","msg":"could not get certificate from issuer","identifier":"mitchflix.net","issuer":"acme-v02.api.letse>
Jun 23 20:43:16 calcifer caddy[1008]: {"level":"error","ts":1719139396.2911272,"logger":"tls.renew","msg":"will retry","error":"[mitchflix.net] Renew: [mitchflix.net] solving challenges: presenting for c>
Jun 23 20:45:23 calcifer caddy[1008]: {"level":"info","ts":1719139523.9014416,"logger":"admin.api","msg":"received request","method":"POST","host":"localhost:2019","uri":"/stop","remote_ip":"127.0.0.1",">
Jun 23 20:45:23 calcifer caddy[1008]: {"level":"warn","ts":1719139523.9014926,"logger":"admin.api","msg":"exiting; byeee!! 👋"}
Jun 23 20:45:23 calcifer caddy[1008]: {"level":"info","ts":1719139523.9014995,"logger":"http","msg":"servers shutting down with eternal grace period"}
Jun 23 20:45:25 calcifer caddy[1008]: {"level":"info","ts":1719139525.4872878,"logger":"tls.renew","msg":"releasing lock","identifier":"mitchflix.net"}
Jun 23 20:45:25 calcifer caddy[1008]: {"level":"error","ts":1719139525.4873364,"logger":"tls.renew","msg":"unable to unlock","identifier":"mitchflix.net","lock_key":"issue_cert_mitchflix.net","error":"re>
Jun 23 20:45:25 calcifer caddy[1008]: {"level":"error","ts":1719139525.4873524,"logger":"tls","msg":"job failed","error":"mitchflix.net: renewing certificate: context canceled"}
Jun 23 20:45:25 calcifer caddy[1008]: {"level":"info","ts":1719139525.487531,"logger":"admin","msg":"stopped previous server","address":"localhost:2019"}
Jun 23 20:45:25 calcifer caddy[1008]: {"level":"info","ts":1719139525.4876745,"logger":"admin.api","msg":"shutdown complete","exit_code":0}
Jun 23 20:45:25 calcifer systemd[1]: caddy.service: Deactivated successfully.
Jun 23 20:45:25 calcifer systemd[1]: caddy.service: Consumed 3min 2.559s CPU time.
lines 12116-12164/12164 (END)

After making changes I restarted and ran the logs again:

 ESCOD
Jun 23 21:25:03 calcifer caddy[4515]: LANG=en_AU.UTF-8
Jun 23 21:25:03 calcifer caddy[4515]: LANGUAGE=en_AU:en
Jun 23 21:25:03 calcifer caddy[4515]: PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin
Jun 23 21:25:03 calcifer caddy[4515]: NOTIFY_SOCKET=/run/systemd/notify
Jun 23 21:25:03 calcifer caddy[4515]: HOME=/var/lib/caddy
Jun 23 21:25:03 calcifer caddy[4515]: LOGNAME=caddy
Jun 23 21:25:03 calcifer caddy[4515]: USER=caddy
Jun 23 21:25:03 calcifer caddy[4515]: INVOCATION_ID=f46e8a012f4e43bcbba93bdba757480e
Jun 23 21:25:03 calcifer caddy[4515]: JOURNAL_STREAM=8:42935
Jun 23 21:25:03 calcifer caddy[4515]: SYSTEMD_EXEC_PID=4515
Jun 23 21:25:03 calcifer caddy[4515]: CF_API_TOKEN=7olMWi-_VU2aW4uEVzgdTj8p0glAtWc_T-Waq9mX
Jun 23 21:25:03 calcifer caddy[4515]: {"level":"info","ts":1719141903.6690924,"msg":"using provided configuration","config_file":"/etc/caddy/Caddyfile","config_adapter":""}
Jun 23 21:25:03 calcifer caddy[4515]: {"level":"info","ts":1719141903.6714735,"logger":"admin","msg":"admin endpoint started","address":"localhost:2019","enforce_origin":false,"origins":["//localhost:201>
Jun 23 21:25:03 calcifer caddy[4515]: {"level":"info","ts":1719141903.671735,"logger":"http.auto_https","msg":"server is listening only on the HTTPS port but has no TLS connection policies; adding one to>
Jun 23 21:25:03 calcifer caddy[4515]: {"level":"info","ts":1719141903.6717505,"logger":"http.auto_https","msg":"enabling automatic HTTP->HTTPS redirects","server_name":"srv0"}
Jun 23 21:25:03 calcifer caddy[4515]: {"level":"info","ts":1719141903.6718144,"logger":"tls.cache.maintenance","msg":"started background certificate maintenance","cache":"0xc0002da480"}
Jun 23 21:25:03 calcifer caddy[4515]: {"level":"info","ts":1719141903.6720119,"logger":"http","msg":"enabling HTTP/3 listener","addr":":443"}
Jun 23 21:25:03 calcifer caddy[4515]: {"level":"info","ts":1719141903.6721745,"logger":"http.log","msg":"server running","name":"srv0","protocols":["h1","h2","h3"]}
Jun 23 21:25:03 calcifer caddy[4515]: {"level":"info","ts":1719141903.672213,"logger":"http.log","msg":"server running","name":"remaining_auto_https_redirects","protocols":["h1","h2","h3"]}
Jun 23 21:25:03 calcifer caddy[4515]: {"level":"info","ts":1719141903.6722183,"logger":"http","msg":"enabling automatic TLS certificate management","domains":["mitchflix.net"]}
Jun 23 21:25:03 calcifer caddy[4515]: {"level":"info","ts":1719141903.672389,"msg":"autosaved config (load with --resume flag)","file":"/var/lib/caddy/.config/caddy/autosave.json"}
Jun 23 21:25:03 calcifer caddy[4515]: {"level":"info","ts":1719141903.672449,"msg":"serving initial configuration"}
Jun 23 21:25:03 calcifer systemd[1]: Started Caddy.
Jun 23 21:25:03 calcifer caddy[4515]: {"level":"info","ts":1719141903.673273,"logger":"tls.obtain","msg":"acquiring lock","identifier":"mitchflix.net"}
Jun 23 21:25:03 calcifer caddy[4515]: {"level":"warn","ts":1719141903.674895,"logger":"tls","msg":"storage cleaning happened too recently; skipping for now","storage":"FileStorage:/var/lib/caddy/.local/s>
Jun 23 21:25:03 calcifer caddy[4515]: {"level":"info","ts":1719141903.674968,"logger":"tls","msg":"finished cleaning storage units"}
Jun 23 21:25:03 calcifer caddy[4515]: {"level":"info","ts":1719141903.6768527,"logger":"tls.obtain","msg":"lock acquired","identifier":"mitchflix.net"}
Jun 23 21:25:03 calcifer caddy[4515]: {"level":"info","ts":1719141903.6770055,"logger":"tls.obtain","msg":"obtaining certificate","identifier":"mitchflix.net"}
Jun 23 21:25:03 calcifer caddy[4515]: {"level":"info","ts":1719141903.6776867,"logger":"tls.issuance.acme","msg":"waiting on internal rate limiter","identifiers":["mitchflix.net"],"ca":"https://acme-v02.>
Jun 23 21:25:03 calcifer caddy[4515]: {"level":"info","ts":1719141903.6777027,"logger":"tls.issuance.acme","msg":"done waiting on internal rate limiter","identifiers":["mitchflix.net"],"ca":"https://acme>
Jun 23 21:25:05 calcifer caddy[4515]: {"level":"info","ts":1719141905.1324737,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"mitchflix.net","challenge_type":"dns>
Jun 23 21:25:06 calcifer caddy[4515]: {"level":"error","ts":1719141906.0012805,"logger":"tls.issuance.acme.acme_client","msg":"cleaning up solver","identifier":"mitchflix.net","challenge_type":"dns-01",">
Jun 23 21:25:06 calcifer caddy[4515]: {"level":"error","ts":1719141906.2369552,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"mitchflix.net","issuer":"acme-v02.api.lets>
Jun 23 21:25:06 calcifer caddy[4515]: {"level":"error","ts":1719141906.2370079,"logger":"tls.obtain","msg":"will retry","error":"[mitchflix.net] Obtain: [mitchflix.net] solving challenges: presenting for>
Jun 23 21:26:06 calcifer caddy[4515]: {"level":"info","ts":1719141966.237515,"logger":"tls.obtain","msg":"obtaining certificate","identifier":"mitchflix.net"}
Jun 23 21:26:07 calcifer caddy[4515]: {"level":"info","ts":1719141967.6872106,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"mitchflix.net","challenge_type":"dns>
Jun 23 21:26:07 calcifer caddy[4515]: {"level":"error","ts":1719141967.9567924,"logger":"tls.issuance.acme.acme_client","msg":"cleaning up solver","identifier":"mitchflix.net","challenge_type":"dns-01",">
Jun 23 21:26:08 calcifer caddy[4515]: {"level":"error","ts":1719141968.1994202,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"mitchflix.net","issuer":"acme-v02.api.lets>
Jun 23 21:26:08 calcifer caddy[4515]: {"level":"error","ts":1719141968.1994965,"logger":"tls.obtain","msg":"will retry","error":"[mitchflix.net] Obtain: [mitchflix.net] solving challenges: presenting for>
Jun 23 21:28:08 calcifer caddy[4515]: {"level":"info","ts":1719142088.2006125,"logger":"tls.obtain","msg":"obtaining certificate","identifier":"mitchflix.net"}
Jun 23 21:28:08 calcifer caddy[4515]: {"level":"info","ts":1719142088.9547884,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"mitchflix.net","challenge_type":"dns>
Jun 23 21:28:09 calcifer caddy[4515]: {"level":"error","ts":1719142089.2415254,"logger":"tls.issuance.acme.acme_client","msg":"cleaning up solver","identifier":"mitchflix.net","challenge_type":"dns-01",">
Jun 23 21:28:09 calcifer caddy[4515]: {"level":"error","ts":1719142089.4859412,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"mitchflix.net","issuer":"acme-v02.api.lets>
Jun 23 21:28:09 calcifer caddy[4515]: {"level":"error","ts":1719142089.4859624,"logger":"tls.obtain","msg":"will retry","error":"[mitchflix.net] Obtain: [mitchflix.net] solving challenges: presenting for>
Jun 23 21:30:09 calcifer caddy[4515]: {"level":"info","ts":1719142209.486609,"logger":"tls.obtain","msg":"obtaining certificate","identifier":"mitchflix.net"}
Jun 23 21:30:10 calcifer caddy[4515]: {"level":"info","ts":1719142210.2343276,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"mitchflix.net","challenge_type":"dns>
Jun 23 21:30:10 calcifer caddy[4515]: {"level":"error","ts":1719142210.725009,"logger":"tls.issuance.acme.acme_client","msg":"cleaning up solver","identifier":"mitchflix.net","challenge_type":"dns-01","e>
Jun 23 21:30:10 calcifer caddy[4515]: {"level":"error","ts":1719142210.9585683,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"mitchflix.net","issuer":"acme-v02.api.lets>
Jun 23 21:30:10 calcifer caddy[4515]: {"level":"error","ts":1719142210.9586017,"logger":"tls.obtain","msg":"will retry","error":"[mitchflix.net] Obtain: [mitchflix.net] solving challenges: presenting for>
Jun 23 21:35:10 calcifer caddy[4515]: {"level":"info","ts":1719142510.959261,"logger":"tls.obtain","msg":"obtaining certificate","identifier":"mitchflix.net"}
Jun 23 21:35:12 calcifer caddy[4515]: {"level":"info","ts":1719142512.1697922,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"mitchflix.net","challenge_type":"dns>
Jun 23 21:35:12 calcifer caddy[4515]: {"level":"error","ts":1719142512.4475608,"logger":"tls.issuance.acme.acme_client","msg":"cleaning up solver","identifier":"mitchflix.net","challenge_type":"dns-01",">
Jun 23 21:35:12 calcifer caddy[4515]: {"level":"error","ts":1719142512.6851714,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"mitchflix.net","issuer":"acme-v02.api.lets>
Jun 23 21:35:12 calcifer caddy[4515]: {"level":"error","ts":1719142512.685206,"logger":"tls.obtain","msg":"will retry","error":"[mitchflix.net] Obtain: [mitchflix.net] solving challenges: presenting for >
lines 12339-12392/12392 (END)

3. Caddy version:

v2.7.6 h1:w0NymbG2m9PcvKWsrXO6EEkY9Ru4FJK8uQbYcev1p3A=

4. How I installed and ran Caddy:

Installed via the cloudflare binary natively in ubuntu /var/lib/caddy which now autoruns on startup via systemctl

a. System environment:

Intel cpu, Erying Mobo, Ubuntu latest update, ssd

b. Command:

No relevant information to be put here, given the error occurs automatically upon entering website

c. Service/unit/compose file:

d. My complete Caddy config:

Caddyfile

mitchflix.net {
	reverse_proxy http://192.168.1.31:8096
}

Caddy config

mitchflix.net {
	reverse_proxy 192.168.1.31:8096
	tls {
		issuer acme {
			dns cloudflare {env.CF_API_TOKEN}
			resolvers 1.1.1.1
			propagation_delay 60s
			propagation_timeout -1
		}
	}
}

The latter is the one in use I believe

5. Links to relevant resources:

Hello @www.com.au,

After the renewal failure, is the any valid certificate in place (self signed even)?

Your logs are truncated (notice the > at the ends of lines) so we can’t see the actual error message. Please use the command in our docs to read your full logs. Keep Caddy Running — Caddy Documentation

Clearly Caddy is failing to renew your cert, but we need to see the error message in full to understand why.

Please upgrade to the latest version, v2.8.4

What post? I doubt that’s relevant to your issue.

1 Like

I’m not sure, how do I check this?

I updated via

caddy upgrade
sudo systemctl caddy restart

I am now receiving a different error; SSL_ERROR_INTERNAL_ERROR_ALERT
I am fairly certain I’ve borked something to do with my domain:IP settings but am not sure what.

My cloudflare domain registration renewed so I rerolled the API Key (in the cloudflare website settings) and corresponding ENV variable just in case also. No change there

Logs:

024-06-23 21:50:40.533652885 +1000 AEST, last update: 2024-06-24 17:08:29.283301125 +1000 AEST); removing then retrying: /var/lib/caddy/.local/share/caddy/locks/issue_cert_mitchflix.net.lock"}
Jun 24 17:08:39 calcifer caddy[40421]: {"level":"info","ts":1719212919.6285682,"logger":"tls.obtain","msg":"lock acquired","identifier":"mitchflix.net"}
Jun 24 17:08:39 calcifer caddy[40421]: {"level":"info","ts":1719212919.62863,"logger":"tls.obtain","msg":"obtaining certificate","identifier":"mitchflix.net"}
Jun 24 17:08:39 calcifer caddy[40421]: {"level":"info","ts":1719212919.6290617,"logger":"tls.issuance.acme","msg":"waiting on internal rate limiter","identifiers":["mitchflix.net"],"ca":"https://acme-v02.api.letsencrypt.org/directory","account":""}
Jun 24 17:08:39 calcifer caddy[40421]: {"level":"info","ts":1719212919.629069,"logger":"tls.issuance.acme","msg":"done waiting on internal rate limiter","identifiers":["mitchflix.net"],"ca":"https://acme-v02.api.letsencrypt.org/directory","account":""}
Jun 24 17:08:39 calcifer caddy[40421]: {"level":"info","ts":1719212919.629076,"logger":"tls.issuance.acme","msg":"using ACME account","account_id":"https://acme-v02.api.letsencrypt.org/acme/acct/1221956417","account_contact":[]}
Jun 24 17:08:41 calcifer caddy[40421]: {"level":"info","ts":1719212921.1380534,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"mitchflix.net","challenge_type":"dns-01","ca":"https://acme-v02.api.letsencrypt.org/directory"}
Jun 24 17:08:41 calcifer caddy[40421]: {"level":"error","ts":1719212921.38551,"logger":"tls.issuance.acme.acme_client","msg":"cleaning up solver","identifier":"mitchflix.net","challenge_type":"dns-01","error":"no memory of presenting a DNS record for \"_acme-challenge.mitchflix.net\" (usually OK if presenting also failed)"}
Jun 24 17:08:41 calcifer caddy[40421]: {"level":"error","ts":1719212921.6248877,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"mitchflix.net","issuer":"acme-v02.api.letsencrypt.org-directory","error":"[mitchflix.net] solving challenges: presenting for challenge: adding temporary record for zone \"mitchflix.net.\": got error status: HTTP 403: [{Code:9109 Message:Invalid access token ErrorChain:[]}] (order=https://acme-v02.api.letsencrypt.org/acme/order/1221956417/281202575307) (ca=https://acme-v02.api.letsencrypt.org/directory)"}
Jun 24 17:08:41 calcifer caddy[40421]: {"level":"error","ts":1719212921.624943,"logger":"tls.obtain","msg":"will retry","error":"[mitchflix.net] Obtain: [mitchflix.net] solving challenges: presenting for challenge: adding temporary record for zone \"mitchflix.net.\": got error status: HTTP 403: [{Code:9109 Message:Invalid access token ErrorChain:[]}] (order=https://acme-v02.api.letsencrypt.org/acme/order/1221956417/281202575307) (ca=https://acme-v02.api.letsencrypt.org/directory)","attempt":1,"retrying_in":60,"elapsed":1.996366882,"max_duration":2592000}
Jun 24 17:09:41 calcifer caddy[40421]: {"level":"info","ts":1719212981.62562,"logger":"tls.obtain","msg":"obtaining certificate","identifier":"mitchflix.net"}
Jun 24 17:09:41 calcifer caddy[40421]: {"level":"info","ts":1719212981.6260507,"logger":"tls.issuance.acme","msg":"using ACME account","account_id":"https://acme-staging-v02.api.letsencrypt.org/acme/acct/112117554","account_contact":[]}
Jun 24 17:09:43 calcifer caddy[40421]: {"level":"info","ts":1719212983.086213,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"mitchflix.net","challenge_type":"dns-01","ca":"https://acme-staging-v02.api.letsencrypt.org/directory"}
Jun 24 17:09:43 calcifer caddy[40421]: {"level":"error","ts":1719212983.3425632,"logger":"tls.issuance.acme.acme_client","msg":"cleaning up solver","identifier":"mitchflix.net","challenge_type":"dns-01","error":"no memory of presenting a DNS record for \"_acme-challenge.mitchflix.net\" (usually OK if presenting also failed)"}
Jun 24 17:09:43 calcifer caddy[40421]: {"level":"error","ts":1719212983.5865593,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"mitchflix.net","issuer":"acme-v02.api.letsencrypt.org-directory","error":"[mitchflix.net] solving challenges: presenting for challenge: adding temporary record for zone \"mitchflix.net.\": got error status: HTTP 403: [{Code:9109 Message:Invalid access token ErrorChain:[]}] (order=https://acme-staging-v02.api.letsencrypt.org/acme/order/112117554/17391120463) (ca=https://acme-staging-v02.api.letsencrypt.org/directory)"}
Jun 24 17:09:43 calcifer caddy[40421]: {"level":"error","ts":1719212983.5866158,"logger":"tls.obtain","msg":"will retry","error":"[mitchflix.net] Obtain: [mitchflix.net] solving challenges: presenting for challenge: adding temporary record for zone \"mitchflix.net.\": got error status: HTTP 403: [{Code:9109 Message:Invalid access token ErrorChain:[]}] (order=https://acme-staging-v02.api.letsencrypt.org/acme/order/112117554/17391120463) (ca=https://acme-staging-v02.api.letsencrypt.org/directory)","attempt":2,"retrying_in":120,"elapsed":63.958039612,"max_duration":2592000}
Jun 24 17:11:43 calcifer caddy[40421]: {"level":"info","ts":1719213103.5869293,"logger":"tls.obtain","msg":"obtaining certificate","identifier":"mitchflix.net"}
Jun 24 17:11:43 calcifer caddy[40421]: {"level":"info","ts":1719213103.5873215,"logger":"tls.issuance.acme","msg":"using ACME account","account_id":"https://acme-staging-v02.api.letsencrypt.org/acme/acct/112117554","account_contact":[]}
Jun 24 17:11:44 calcifer caddy[40421]: {"level":"info","ts":1719213104.3537176,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"mitchflix.net","challenge_type":"dns-01","ca":"https://acme-staging-v02.api.letsencrypt.org/directory"}
Jun 24 17:11:44 calcifer caddy[40421]: {"level":"error","ts":1719213104.7595878,"logger":"tls.issuance.acme.acme_client","msg":"cleaning up solver","identifier":"mitchflix.net","challenge_type":"dns-01","error":"no memory of presenting a DNS record for \"_acme-challenge.mitchflix.net\" (usually OK if presenting also failed)"}
Jun 24 17:11:45 calcifer caddy[40421]: {"level":"error","ts":1719213105.006196,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"mitchflix.net","issuer":"acme-v02.api.letsencrypt.org-directory","error":"[mitchflix.net] solving challenges: presenting for challenge: adding temporary record for zone \"mitchflix.net.\": got error status: HTTP 403: [{Code:9109 Message:Invalid access token ErrorChain:[]}] (order=https://acme-staging-v02.api.letsencrypt.org/acme/order/112117554/17391148353) (ca=https://acme-staging-v02.api.letsencrypt.org/directory)"}
Jun 24 17:11:45 calcifer caddy[40421]: {"level":"error","ts":1719213105.0062327,"logger":"tls.obtain","msg":"will retry","error":"[mitchflix.net] Obtain: [mitchflix.net] solving challenges: presenting for challenge: adding temporary record for zone \"mitchflix.net.\": got error status: HTTP 403: [{Code:9109 Message:Invalid access token ErrorChain:[]}] (order=https://acme-staging-v02.api.letsencrypt.org/acme/order/112117554/17391148353) (ca=https://acme-staging-v02.api.letsencrypt.org/directory)","attempt":3,"retrying_in":120,"elapsed":185.377655692,"max_duration":2592000}
(END)

I see the error message refers to my token, so I went to Cloudflare, rerolled the main (and only) API Key and updated my (only) corresponding ENV variable in /etc/environment. Error remains the same.

Here is my zone settings

I found a related post where a user had a similar issue and it ended up being their DNS? Maybe that’s the issue? Although I can’t find an issue with my DNS settings.

Here is my name records

Here is my internal port forwarding (.31 is the caddy machine)

Screenshot from 2024-06-24 17-36-40 Here is my IP and DNS settings on the local box.

What am I missing?

Did you follow these steps, in the DNS plugin’s README?

Are you sure the env var is set for Caddy? How did you set the env var? I think you might have leaked it in your logs in your original post btw, so good thing that you rolled it.

1 Like

I’m not sure of anything I’m doing, generally speaking :joy:

I explained how I set it above, I added a line in my /etc/environment file:

CF_API_KEY="*****************" 

Which I then call in the Caddyfile quoted above. To get the key I go to the Cloudflare website, click the three dots in the screenshot above for the main token, and input that.

Could I just be using the wrong settings file instead of the caddyfile somehow? Maybe I should just reinstall…

I believe I correctly followed the tutorial for the API key, my cloudflare only has one domain so I am using the single API token method. I included a screenshot of my API Keys set zones, which seem to match the tutorial screenshot, although it’s possible I may be misunderstanding something.

You shouldn’t use double quotes for the env var.

1 Like

Ok thanks for the tip. It’s bizarre that it was working for a few months prior to this with it included, but hey that’s tech for ya. I have removed the quotes from the env var, so it now reads

CF_API_KEY=****************

A restart and attempt to access now provides a connection timeout error with no SSL errors, so this may be progress!

Logs:

Jun 26 12:40:19 calcifer caddy[135896]: LANG=en_AU.UTF-8
Jun 26 12:40:19 calcifer caddy[135896]: LANGUAGE=en_AU:en
Jun 26 12:40:19 calcifer caddy[135896]: PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin
Jun 26 12:40:19 calcifer caddy[135896]: NOTIFY_SOCKET=/run/systemd/notify
Jun 26 12:40:19 calcifer caddy[135896]: HOME=/var/lib/caddy
Jun 26 12:40:19 calcifer caddy[135896]: LOGNAME=caddy
Jun 26 12:40:19 calcifer caddy[135896]: USER=caddy
Jun 26 12:40:19 calcifer caddy[135896]: INVOCATION_ID=7ce85b88c04c433e80bffee3115ee9d7
Jun 26 12:40:19 calcifer caddy[135896]: JOURNAL_STREAM=8:1074922
Jun 26 12:40:19 calcifer caddy[135896]: SYSTEMD_EXEC_PID=135896
Jun 26 12:40:19 calcifer caddy[135896]: CF_API_TOKEN=7olMWi-_VU2aW4uEVzgdTj8p0glAtWc_T-Waq9mX
Jun 26 12:40:19 calcifer caddy[135896]: {"level":"info","ts":1719369619.3656642,"msg":"using config from file","file":"/etc/caddy/Caddyfile"}
Jun 26 12:40:19 calcifer caddy[135896]: Error: adapting config using caddyfile: parsing caddyfile tokens for 'tls': getting module named 'dns.providers.cloudflare': module no
t registered: dns.providers.cloudflare, at /etc/caddy/Caddyfile:5
Jun 26 12:40:19 calcifer systemd[1]: caddy.service: Main process exited, code=exited, status=1/FAILURE
Jun 26 12:40:19 calcifer systemd[1]: caddy.service: Failed with result 'exit-code'.
Jun 26 12:40:19 calcifer systemd[1]: Failed to start Caddy.
-- Boot cebd991c14254905bbc83628d4febfa8 --
Jun 26 12:42:55 calcifer systemd[1]: Starting Caddy...
Jun 26 12:42:55 calcifer caddy[1028]: caddy.HomeDir=/var/lib/caddy
Jun 26 12:42:55 calcifer caddy[1028]: caddy.AppDataDir=/var/lib/caddy/.local/share/caddy
Jun 26 12:42:55 calcifer caddy[1028]: caddy.AppConfigDir=/var/lib/caddy/.config/caddy
Jun 26 12:42:55 calcifer caddy[1028]: caddy.ConfigAutosavePath=/var/lib/caddy/.config/caddy/autosave.json
Jun 26 12:42:55 calcifer caddy[1028]: caddy.Version=v2.8.4 h1:q3pe0wpBj1OcHFZ3n/1nl4V4bxBrYoSoab7rL9BMYNk=
Jun 26 12:42:55 calcifer caddy[1028]: runtime.GOOS=linux
Jun 26 12:42:55 calcifer caddy[1028]: runtime.GOARCH=amd64
Jun 26 12:42:55 calcifer caddy[1028]: runtime.Compiler=gc
Jun 26 12:42:55 calcifer caddy[1028]: runtime.NumCPU=12
Jun 26 12:42:55 calcifer caddy[1028]: runtime.GOMAXPROCS=12
Jun 26 12:42:55 calcifer caddy[1028]: runtime.Version=go1.22.3
Jun 26 12:42:55 calcifer caddy[1028]: os.Getwd=/
Jun 26 12:42:55 calcifer caddy[1028]: LANG=en_AU.UTF-8
Jun 26 12:42:55 calcifer caddy[1028]: LANGUAGE=en_AU:en
Jun 26 12:42:55 calcifer caddy[1028]: PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin
Jun 26 12:42:55 calcifer caddy[1028]: NOTIFY_SOCKET=/run/systemd/notify
Jun 26 12:42:55 calcifer caddy[1028]: HOME=/var/lib/caddy
Jun 26 12:42:55 calcifer caddy[1028]: LOGNAME=caddy
Jun 26 12:42:55 calcifer caddy[1028]: USER=caddy
Jun 26 12:42:55 calcifer caddy[1028]: INVOCATION_ID=4fa675fe5e0a4cfeb2888c61ee60a64d
Jun 26 12:42:55 calcifer caddy[1028]: JOURNAL_STREAM=8:24502
Jun 26 12:42:55 calcifer caddy[1028]: SYSTEMD_EXEC_PID=1028
Jun 26 12:42:55 calcifer caddy[1028]: CF_API_TOKEN=7olMWi-_VU2aW4uEVzgdTj8p0glAtWc_T-Waq9mX
Jun 26 12:42:55 calcifer caddy[1028]: {"level":"info","ts":1719369775.2674081,"msg":"using config from file","file":"/etc/caddy/Caddyfile"}
Jun 26 12:42:55 calcifer caddy[1028]: Error: adapting config using caddyfile: parsing caddyfile tokens for 'tls': getting module named 'dns.providers.cloudflare': module not registered: dns.providers.cloudflare, at /etc/caddy/Caddyfile:5
Jun 26 12:42:55 calcifer systemd[1]: caddy.service: Main process exited, code=exited, status=1/FAILURE
Jun 26 12:42:55 calcifer systemd[1]: caddy.service: Failed with result 'exit-code'.
Jun 26 12:42:55 calcifer systemd[1]: Failed to start Caddy.
(END)

Interestingly the API Key in the readout here is not the one in my env var.

EDIT:

Based on the above logs I redownloaded the cloudflare packaged caddy binary from the website, added to /bin/caddy overwrote and provided permissions. now the SSL error is back:

SSL_ERROR_INTERNAL_ERROR_ALERT

I rolled a new token from cloudflare, added it to the /etc/environment file (without quotes), no change. Logs below

Jun 26 13:07:17 calcifer caddy[6454]: {"level":"info","ts":1719371237.21215,"logger":"tls.issuance.acme","msg":"using ACME account","account_id":"https://acme-v02.api.letsencrypt
.org/acme/acct/1221956417","account_contact":[]}
Jun 26 13:07:18 calcifer caddy[6454]: {"level":"info","ts":1719371238.8037517,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"mitchflix.n
et","challenge_type":"dns-01","ca":"https://acme-v02.api.letsencrypt.org/directory"}
Jun 26 13:07:19 calcifer caddy[6454]: {"level":"error","ts":1719371239.0670824,"logger":"tls.issuance.acme.acme_client","msg":"cleaning up solver","identifier":"mitchflix.net","c
hallenge_type":"dns-01","error":"no memory of presenting a DNS record for \"_acme-challenge.mitchflix.net\" (usually OK if presenting also failed)"}
Jun 26 13:07:19 calcifer caddy[6454]: {"level":"error","ts":1719371239.3367052,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"mitchflix.net","i
ssuer":"acme-v02.api.letsencrypt.org-directory","error":"[mitchflix.net] solving challenges: presenting for challenge: adding temporary record for zone \"mitchflix.net.\": got er
ror status: HTTP 403: [{Code:9109 Message:Invalid access token ErrorChain:[]}] (order=https://acme-v02.api.letsencrypt.org/acme/order/1221956417/281761294627) (ca=https://acme-v0
2.api.letsencrypt.org/directory)"}
Jun 26 13:07:19 calcifer caddy[6454]: {"level":"error","ts":1719371239.3367605,"logger":"tls.obtain","msg":"will retry","error":"[mitchflix.net] Obtain: [mitchflix.net] solving c
hallenges: presenting for challenge: adding temporary record for zone \"mitchflix.net.\": got error status: HTTP 403: [{Code:9109 Message:Invalid access token ErrorChain:[]}] (or
der=https://acme-v02.api.letsencrypt.org/acme/order/1221956417/281761294627) (ca=https://acme-v02.api.letsencrypt.org/directory)","attempt":1,"retrying_in":60,"elapsed":2.1250393
04,"max_duration":2592000}
Jun 26 13:08:19 calcifer caddy[6454]: {"level":"info","ts":1719371299.3381958,"logger":"tls.obtain","msg":"obtaining certificate","identifier":"mitchflix.net"}
Jun 26 13:08:19 calcifer caddy[6454]: {"level":"info","ts":1719371299.338614,"logger":"tls.issuance.acme","msg":"using ACME account","account_id":"https://acme-staging-v02.api.le
tsencrypt.org/acme/acct/112117554","account_contact":[]}
Jun 26 13:08:20 calcifer caddy[6454]: {"level":"info","ts":1719371300.7921634,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identi
fier":"mitchflix.net","challenge_type":"dns-01","ca":"https://acme-staging-v02.api.letsencrypt.org/directory"}
Jun 26 13:08:21 calcifer caddy[6454]: {"level":"error","ts":1719371301.013453,"logger":"tls.issuance.acme.acme_client","msg":"cleaning up solver","identifier":"mitchflix.net","challenge_type":"dns-01","error":"no memory of presenting a DNS record for \"_acme-challenge.mitchflix.net\" (usually OK if presenting also failed)"}
Jun 26 13:08:21 calcifer caddy[6454]: {"level":"error","ts":1719371301.2560008,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"mitchflix.net","issuer":"acme-v02.api.letsencrypt.org-directory","error":"[mitchflix.net] solving challenges: presenting for challenge: adding temporary record for zone \"mitchflix.net.\": got error status: HTTP 403: [{Code:9109 Message:Invalid access token ErrorChain:[]}] (order=https://acme-staging-v02.api.letsencrypt.org/acme/order/112117554/17425735583) (ca=https://acme-staging-v02.api.letsencrypt.org/directory)"}
Jun 26 13:08:21 calcifer caddy[6454]: {"level":"error","ts":1719371301.2560542,"logger":"tls.obtain","msg":"will retry","error":"[mitchflix.net] Obtain: [mitchflix.net] solving challenges: presenting for challenge: adding temporary record for zone \"mitchflix.net.\": got error status: HTTP 403: [{Code:9109 Message:Invalid access token ErrorChain:[]}] (order=https://acme-staging-v02.api.letsencrypt.org/acme/order/112117554/17425735583) (ca=https://acme-staging-v02.api.letsencrypt.org/directory)","attempt":2,"retrying_in":120,"elapsed":64.044333031,"max_duration":2592000}

EDIT 2:
So the API Key being used is still not the same as the one in the caddyfile. I had not been using the “reload” command (only restart) so it probably wasn’t updating the settings this whole time (oops!).

However, after updating the caddyfile, reloading caddy and accessing again I am getting the same error. After checking the logs, still it looks like the API Key being used is the same one as the key I first posted in the OP.

Jun 26 13:21:24 calcifer systemd[1]: Starting Caddy...
Jun 26 13:21:25 calcifer caddy[7752]: caddy.HomeDir=/var/lib/caddy
Jun 26 13:21:25 calcifer caddy[7752]: caddy.AppDataDir=/var/lib/caddy/.local/share/caddy
Jun 26 13:21:25 calcifer caddy[7752]: caddy.AppConfigDir=/var/lib/caddy/.config/caddy
Jun 26 13:21:25 calcifer caddy[7752]: caddy.ConfigAutosavePath=/var/lib/caddy/.config/caddy/autosave.json
Jun 26 13:21:25 calcifer caddy[7752]: caddy.Version=v2.8.4 h1:q3pe0wpBj1OcHFZ3n/1nl4V4bxBrYoSoab7rL9BMYNk=
Jun 26 13:21:25 calcifer caddy[7752]: runtime.GOOS=linux
Jun 26 13:21:25 calcifer caddy[7752]: runtime.GOARCH=amd64
Jun 26 13:21:25 calcifer caddy[7752]: runtime.Compiler=gc
Jun 26 13:21:25 calcifer caddy[7752]: runtime.NumCPU=12
Jun 26 13:21:25 calcifer caddy[7752]: runtime.GOMAXPROCS=12
Jun 26 13:21:25 calcifer caddy[7752]: runtime.Version=go1.22.3
Jun 26 13:21:25 calcifer caddy[7752]: os.Getwd=/
Jun 26 13:21:25 calcifer caddy[7752]: LANG=en_AU.UTF-8
Jun 26 13:21:25 calcifer caddy[7752]: LANGUAGE=en_AU:en
Jun 26 13:21:25 calcifer caddy[7752]: PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin
Jun 26 13:21:25 calcifer caddy[7752]: NOTIFY_SOCKET=/run/systemd/notify
Jun 26 13:21:25 calcifer caddy[7752]: HOME=/var/lib/caddy
Jun 26 13:21:25 calcifer caddy[7752]: LOGNAME=caddy
Jun 26 13:21:25 calcifer caddy[7752]: USER=caddy
Jun 26 13:21:25 calcifer caddy[7752]: INVOCATION_ID=8a94492c80a44d0a9906c641049fc0eb
Jun 26 13:21:25 calcifer caddy[7752]: JOURNAL_STREAM=8:76941
Jun 26 13:21:25 calcifer caddy[7752]: SYSTEMD_EXEC_PID=7752
Jun 26 13:21:25 calcifer caddy[7752]: CF_API_TOKEN=7olMWi-_VU2aW4uEVzgdTj8p0glAtWc_T-Waq9mX
Jun 26 13:21:25 calcifer caddy[7752]: {"level":"info","ts":1719372085.0383098,"msg":"using config from file","file":"/etc/caddy/Caddyfile"}
Jun 26 13:21:25 calcifer caddy[7752]: {"level":"info","ts":1719372085.0394108,"msg":"adapted config to JSON","adapter":"caddyfile"}
Jun 26 13:21:25 calcifer caddy[7752]: {"level":"info","ts":1719372085.0399692,"logger":"admin","msg":"admin endpoint started","address":"localhost:2019","enforce_origin":false,
"origins":["//127.0.0.1:2019","//localhost:2019","//[::1]:2019"]}
Jun 26 13:21:25 calcifer caddy[7752]: {"level":"info","ts":1719372085.0401723,"logger":"http.auto_https","msg":"server is listening only on the HTTPS port but has no TLS connec
tion policies; adding one to enable TLS","server_name":"srv0","https_port":443}
Jun 26 13:21:25 calcifer caddy[7752]: {"level":"info","ts":1719372085.040181,"logger":"tls.cache.maintenance","msg":"started background certificate maintenance","cache":"0xc000
455e80"}
Jun 26 13:21:25 calcifer caddy[7752]: {"level":"info","ts":1719372085.0401857,"logger":"http.auto_https","msg":"enabling automatic HTTP->HTTPS redirects","server_name":"srv0"}
Jun 26 13:21:25 calcifer caddy[7752]: {"level":"info","ts":1719372085.040399,"logger":"http","msg":"enabling HTTP/3 listener","addr":":443"}
Jun 26 13:21:25 calcifer caddy[7752]: {"level":"info","ts":1719372085.0405512,"logger":"http.log","msg":"server running","name":"srv0","protocols":["h1","h2","h3"]}
Jun 26 13:21:25 calcifer caddy[7752]: {"level":"info","ts":1719372085.0405936,"logger":"http.log","msg":"server running","name":"remaining_auto_https_redirects","protocols":["h
1","h2","h3"]}

I have a feeling I’m missing some very basic step due to my ignorance here so apologies in advance.

Follow these steps to set up a diversion for your custom binary so when you upgrade it doesn’t wipe out the plugins: Build from source — Caddy Documentation

Follow these steps for setting the env var: Keep Caddy Running — Caddy Documentation

2 Likes

Thanks for that!

I followed your advice, and the logs now reflect that the correct API key is being used. I have removed the line in my local environment file also. Unfortunately I am still receiving the same error when attempting to load the website:

SSL_ERROR_INTERNAL_ERROR_ALERT

Logs:

Jun 27 18:52:07 calcifer caddy[155490]: {"level":"info","ts":1719478327.577661,"msg":"using config from file","file":"/etc/caddy/Caddyfile"}
Jun 27 18:52:07 calcifer caddy[155490]: {"level":"info","ts":1719478327.5783885,"msg":"adapted config to JSON","adapter":"caddyfile"}
Jun 27 18:52:07 calcifer caddy[155490]: {"level":"info","ts":1719478327.5788558,"logger":"admin","msg":"admin endpoint started","address":"localhost:2019","enforce_origin":false,"origin
s":["//localhost:2019","//[::1]:2019","//127.0.0.1:2019"]}
Jun 27 18:52:07 calcifer caddy[155490]: {"level":"info","ts":1719478327.5789814,"logger":"http.auto_https","msg":"server is listening only on the HTTPS port but has no TLS connection po
licies; adding one to enable TLS","server_name":"srv0","https_port":443}
Jun 27 18:52:07 calcifer caddy[155490]: {"level":"info","ts":1719478327.5789883,"logger":"http.auto_https","msg":"enabling automatic HTTP->HTTPS redirects","server_name":"srv0"}
Jun 27 18:52:07 calcifer caddy[155490]: {"level":"info","ts":1719478327.5790813,"logger":"tls.cache.maintenance","msg":"started background certificate maintenance","cache":"0xc0006f8180
"}
Jun 27 18:52:07 calcifer caddy[155490]: {"level":"info","ts":1719478327.5791414,"logger":"http","msg":"enabling HTTP/3 listener","addr":":443"}
Jun 27 18:52:07 calcifer caddy[155490]: {"level":"info","ts":1719478327.5792341,
"logger":"http.log","msg":"server running","name":"srv0","protocols":["h1","h2","h3"]}
Jun 27 18:52:07 calcifer caddy[155490]: {"level":"info","ts":1719478327.5792592,"logger":"http.log","msg":"server running","name":"remaining_auto_https_redirects","protocols":["h1","h2","h3"]}
Jun 27 18:52:07 calcifer caddy[155490]: {"level":"info","ts":1719478327.5792627,"logger":"http","msg":"enabling automatic TLS certificate management","domains":["mitchflix.net"]}
Jun 27 18:52:07 calcifer caddy[155490]: {"level":"info","ts":1719478327.5793643,"msg":"autosaved config (load with --resume flag)","file":"/var/lib/caddy/.config/caddy/autosave.json"}
Jun 27 18:52:07 calcifer caddy[155490]: {"level":"info","ts":1719478327.5793922,"msg":"serving initial configuration"}
Jun 27 18:52:07 calcifer systemd[1]: Started Caddy.
Jun 27 18:52:07 calcifer caddy[155490]: {"level":"info","ts":1719478327.579563,"logger":"tls.obtain","msg":"acquiring lock","identifier":"mitchflix.net"}
Jun 27 18:52:07 calcifer caddy[155490]: {"level":"info","ts":1719478327.5819545,"logger":"tls","msg":"storage cleaning happened too recently; skipping for now","storage":"FileStorage:/var/lib/caddy/.local/share/caddy","instance":"bb37a1de-ffc5-4e6d-812c-7d80708c6116","try_again":1719564727.5819538,"try_again_in":86399.99999974}
Jun 27 18:52:07 calcifer caddy[155490]: {"level":"info","ts":1719478327.5819995,"logger":"tls","msg":"finished cleaning storage units"}

There doesn’t seem to be anything in the logs about any connection attempt, so now the problem looks like it’s unrelated to Caddy – the client’s connection is not even making it to Caddy. I would verify networking / firewall settings.

Make sure to use curl -v instead of web browsers when troubleshooting. What is the output?

1 Like