ERR_SSL_PROTOCOL_ERROR after upgrade from caddy 0.1.x to 2.4.x

1. Output of caddy version:

Caddy 2.4.x

2. How I run Caddy:

a. System environment:

CentOS 7, docker, Python Django server app, Gunicorn

b. Command:

nano Caddyfile

c. Service/unit/compose file:

version: '3'

services:
  web:
    build:
      context: ../../
      dockerfile: ./compose/prod/app
    image: dina-prod
    depends_on:
      - db
    env_file:
      - ../../.envs/.prod/.django
      - ../../.envs/.prod/.postgres
    command: ["sh", "./compose/prod/gunicorn.sh"]

  db:
    build:
      context: ../../
      dockerfile: ./compose/prod/postgres/Dockerfile
    image: dina-db-prod
    env_file:
      - ../../.envs/.prod/.postgres
    volumes:
      - /var/lib/postgresql/data/dina-intranet:/var/lib/postgresql/data
      - /var/lib/postgresql/backups/dina-prod:/backups

  caddy:
    build:
      context: ../../
      dockerfile: ./compose/prod/caddy
    image: dina-intranet-caddy
    depends_on:
      - web
    volumes:
      - /var/lib/caddy:/root/.caddy
    ports:
      - '0.0.0.0:80:80'
      - '0.0.0.0:443:443'


d. My complete Caddy config:

    root * /var/www

    reverse_proxy /avnav/* 172.16.0.21:80 {
      header_up Host {host}
      header_up X-Real-IP {remote}
    }

    reverse_proxy web:5000 {
      header_up Host {host}
      header_up X-Real-IP {remote}
    }

    reverse_proxy /booked 172.16.0.21:80 {
      header_up Host {host}
      header_up X-Real-IP {remote}
    }

    reverse_proxy /stats 172.16.0.21:80 {
      header_up Host {host}
      header_up X-Real-IP {remote}
    }

    reverse_proxy /reportes 172.16.0.21:80 {
      header_up Host {host}
      header_up X-Real-IP {remote}
    }

    reverse_proxy /_portal/* 172.16.0.21:80 {
      header_up Host {host}
      header_up X-Real-IP {remote}
    }

    reverse_proxy /dashboard/* 172.16.0.21:80 {
      header_up Host {host}
      header_up X-Real-IP {remote}
    }

    reverse_proxy /permisos 172.16.0.21:80 {
      header_up Host {host}
      header_up X-Real-IP {remote}
    }

    file_server
    log {
        output file /var/log/caddy/caddy-access.log
        format console
    }
}

Paste your config here, replacing this text.
Use `caddy fmt` to make it readable.
DO NOT REDACT anything except credentials.
LEAVE DOMAIN NAMES INTACT.
Make sure the backticks stay on their own lines.

3. The problem I’m having:

Site sent an invalid response.
ERR_SSL_PROTOCOL_ERROR

4. Error messages and/or full log output:

ERR_SSL_PROTOCOL_ERROR
USE THE PREVIEW PANE TO MAKE SURE IT LOOKS NICELY FORMATTED.

5. What I already tried:

Everything that I have read in post and every single article that explains this error using caddy…
I have:

  • Upgraded caddy from 0.1.x to 2.4.x
  • Updated directives from caddyfile
  • Renew containers many times…
  • Everything in the backend seems to work Ok!, but the certificate that manages https connections are not working.
  • Really need help… I thought this was going to be lot easier, cause I have been working a few weeks with caddy and it’s an awsome solution…
  • I know this might be a covered topic, but I think that since I upgrade caddy that could be the problem… Sorry but really need help here… This project depends on my future… hehe…

6. Links to relevant resources:

dina.idac.gov.do

Which version, exactly? It matters.

The latest is v2.5.2, please upgrade.

This is incorrect, that’s not where Caddy stores its data. See the docs on Docker Hub

Your config looks incomplete. It’s missing your site address.

You don’t need any of this. Caddy sets the appropriate headers automatically.

These two bits of config are in opposition. The reverse_proxy directive has a higher directive order than file_server, so requests will all go to your web:5000 upstream, and never get handled by the file server.

If you have multiple paths that need to get proxied, use a named matcher to define all the paths at once, then only use a single reverse_proxy. This will be much more efficient.

@app path /avnav/* /booked* /stats* /reportes* /_portal* /dashboard* /permisos*
reverse_proxy @app 172.16.0.21:80

That’s not your logs, that’s the error message from your browser. Please post Caddy’s logs.

3 Likes

Hi francis, sorry for the late response… I have been dealing with a lo of stuff… caddy logs:

Attaching to prod_caddy_1
e[36mcaddy_1  |e[0m {"level":"info","ts":1660841678.444625,"msg":"using provided configuration","config_file":"/etc/caddy/Caddyfile","config_adapter":"caddyfile"}
e[36mcaddy_1  |e[0m {"level":"warn","ts":1660841678.446288,"msg":"Caddyfile input is not formatted; run the 'caddy fmt' command to fix inconsistencies","adapter":"caddyfile","file":"/etc/caddy/Caddyfile","line":2}
e[36mcaddy_1  |e[0m {"level":"info","ts":1660841678.4511209,"logger":"admin","msg":"admin endpoint started","address":"tcp/localhost:2019","enforce_origin":false,"origins":["//localhost:2019","//[::1]:2019","//127.0.0.1:2019"]}
e[36mcaddy_1  |e[0m {"level":"info","ts":1660841678.4513159,"logger":"http","msg":"server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS","server_name":"srv0","https_port":443}
e[36mcaddy_1  |e[0m {"level":"info","ts":1660841678.4513357,"logger":"http","msg":"enabling automatic HTTP->HTTPS redirects","server_name":"srv0"}
e[36mcaddy_1  |e[0m {"level":"info","ts":1660841678.4522586,"logger":"http","msg":"enabling automatic TLS certificate management","domains":["dina.idac.gov.do"]}
e[36mcaddy_1  |e[0m {"level":"info","ts":1660841678.4525983,"logger":"tls.cache.maintenance","msg":"started background certificate maintenance","cache":"0xc00017f3b0"}
e[36mcaddy_1  |e[0m {"level":"info","ts":1660841678.4530365,"logger":"tls","msg":"cleaning storage unit","description":"FileStorage:/data/caddy"}
e[36mcaddy_1  |e[0m {"level":"info","ts":1660841678.453071,"logger":"tls","msg":"finished cleaning storage units"}
e[36mcaddy_1  |e[0m {"level":"info","ts":1660841678.4531124,"logger":"tls.obtain","msg":"acquiring lock","identifier":"dina.idac.gov.do"}
e[36mcaddy_1  |e[0m {"level":"info","ts":1660841678.4533544,"msg":"autosaved config (load with --resume flag)","file":"/config/caddy/autosave.json"}
e[36mcaddy_1  |e[0m {"level":"info","ts":1660841678.4533608,"msg":"serving initial configuration"}
e[36mcaddy_1  |e[0m {"level":"info","ts":1660841678.4555762,"logger":"tls.obtain","msg":"lock acquired","identifier":"dina.idac.gov.do"}
e[36mcaddy_1  |e[0m {"level":"info","ts":1660841679.246061,"logger":"tls.issuance.acme","msg":"waiting on internal rate limiter","identifiers":["dina.idac.gov.do"],"ca":"https://acme-v02.api.letsencrypt.org/directory","account":""}
e[36mcaddy_1  |e[0m {"level":"info","ts":1660841679.2460904,"logger":"tls.issuance.acme","msg":"done waiting on internal rate limiter","identifiers":["dina.idac.gov.do"],"ca":"https://acme-v02.api.letsencrypt.org/directory","account":""}
e[36mcaddy_1  |e[0m {"level":"error","ts":1660841679.3652773,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"dina.idac.gov.do","issuer":"acme-v02.api.letsencrypt.org-directory","error":"HTTP 429 urn:ietf:params:acme:error:rateLimited - Error creating new order :: too many certificates (5) already issued for this exact set of domains in the last 168 hours: dina.idac.gov.do, retry after 2022-08-19T09:32:46Z: see https://letsencrypt.org/docs/duplicate-certificate-limit/"}
e[36mcaddy_1  |e[0m {"level":"warn","ts":1660841679.3656468,"logger":"tls.issuance.zerossl","msg":"missing email address for ZeroSSL; it is strongly recommended to set one for next time"}
e[36mcaddy_1  |e[0m {"level":"info","ts":1660841680.2657652,"logger":"tls.issuance.zerossl","msg":"generated EAB credentials","key_id":"1gbAUUYTXPxIUvLfJcOP8A"}
e[36mcaddy_1  |e[0m {"level":"info","ts":1660841688.197065,"logger":"tls.issuance.acme","msg":"waiting on internal rate limiter","identifiers":["dina.idac.gov.do"],"ca":"https://acme.zerossl.com/v2/DV90","account":""}
e[36mcaddy_1  |e[0m {"level":"info","ts":1660841688.1971006,"logger":"tls.issuance.acme","msg":"done waiting on internal rate limiter","identifiers":["dina.idac.gov.do"],"ca":"https://acme.zerossl.com/v2/DV90","account":""}
e[36mcaddy_1  |e[0m {"level":"info","ts":1660841699.0850983,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"dina.idac.gov.do","challenge_type":"http-01","ca":"https://acme.zerossl.com/v2/DV90"}
e[36mcaddy_1  |e[0m {"level":"error","ts":1660842009.2695842,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"dina.idac.gov.do","issuer":"acme.zerossl.com-v2-DV90","error":"[dina.idac.gov.do] solving challenges: [dina.idac.gov.do] authorization took too long (order=https://acme.zerossl.com/v2/DV90/order/IiZsMBI9NPciy166vpMjyA) (ca=https://acme.zerossl.com/v2/DV90)"}
e[36mcaddy_1  |e[0m {"level":"error","ts":1660842009.2706504,"logger":"tls.obtain","msg":"will retry","error":"[dina.idac.gov.do] Obtain: [dina.idac.gov.do] solving challenges: [dina.idac.gov.do] authorization took too long (order=https://acme.zerossl.com/v2/DV90/order/IiZsMBI9NPciy166vpMjyA) (ca=https://acme.zerossl.com/v2/DV90)","attempt":1,"retrying_in":60,"elapsed":330.815062262,"max_duration":2592000}
e[36mcaddy_1  |e[0m {"level":"info","ts":1660842070.0943398,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"dina.idac.gov.do","challenge_type":"http-01","ca":"https://acme-staging-v02.api.letsencrypt.org/directory"}
e[36mcaddy_1  |e[0m {"level":"info","ts":1660842070.587165,"logger":"tls.issuance.acme","msg":"served key authentication","identifier":"dina.idac.gov.do","challenge":"http-01","remote":"23.178.112.106:46732","distributed":false}
e[36mcaddy_1  |e[0m {"level":"info","ts":1660842070.603907,"logger":"tls.issuance.acme","msg":"served key authentication","identifier":"dina.idac.gov.do","challenge":"http-01","remote":"34.217.36.58:64618","distributed":false}
e[36mcaddy_1  |e[0m {"level":"error","ts":1660842080.7546318,"logger":"tls.issuance.acme.acme_client","msg":"challenge failed","identifier":"dina.idac.gov.do","challenge_type":"http-01","problem":{"type":"urn:ietf:params:acme:error:connection","title":"","detail":"During secondary validation: 179.51.64.30: Fetching http://dina.idac.gov.do/.well-known/acme-challenge/nLQ4RFlkruKyy29sqANC4Ey-3BhqPoY9bBRkF_N6yzE: Timeout during connect (likely firewall problem)","instance":"","subproblems":[]}}
e[36mcaddy_1  |e[0m {"level":"error","ts":1660842080.754766,"logger":"tls.issuance.acme.acme_client","msg":"validating authorization","identifier":"dina.idac.gov.do","problem":{"type":"urn:ietf:params:acme:error:connection","title":"","detail":"During secondary validation: 179.51.64.30: Fetching http://dina.idac.gov.do/.well-known/acme-challenge/nLQ4RFlkruKyy29sqANC4Ey-3BhqPoY9bBRkF_N6yzE: Timeout during connect (likely firewall problem)","instance":"","subproblems":[]},"order":"https://acme-staging-v02.api.letsencrypt.org/acme/order/64987844/3703638724","attempt":1,"max_attempts":3}
e[36mcaddy_1  |e[0m {"level":"info","ts":1660842081.977408,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"dina.idac.gov.do","challenge_type":"tls-alpn-01","ca":"https://acme-staging-v02.api.letsencrypt.org/directory"}
e[36mcaddy_1  |e[0m {"level":"info","ts":1660842082.2481384,"logger":"tls","msg":"served key authentication certificate","server_name":"dina.idac.gov.do","challenge":"tls-alpn-01","remote":"34.217.36.58:40032","distributed":false}
e[36mcaddy_1  |e[0m {"level":"info","ts":1660842082.4336329,"logger":"tls","msg":"served key authentication certificate","server_name":"dina.idac.gov.do","challenge":"tls-alpn-01","remote":"23.178.112.107:25416","distributed":false}
e[36mcaddy_1  |e[0m {"level":"error","ts":1660842092.2601452,"logger":"tls.issuance.acme.acme_client","msg":"challenge failed","identifier":"dina.idac.gov.do","challenge_type":"tls-alpn-01","problem":{"type":"urn:ietf:params:acme:error:connection","title":"","detail":"During secondary validation: 179.51.64.30: Timeout during connect (likely firewall problem)","instance":"","subproblems":[]}}
e[36mcaddy_1  |e[0m {"level":"error","ts":1660842092.2602093,"logger":"tls.issuance.acme.acme_client","msg":"validating authorization","identifier":"dina.idac.gov.do","problem":{"type":"urn:ietf:params:acme:error:connection","title":"","detail":"During secondary validation: 179.51.64.30: Timeout during connect (likely firewall problem)","instance":"","subproblems":[]},"order":"https://acme-staging-v02.api.letsencrypt.org/acme/order/64987844/3703641414","attempt":2,"max_attempts":3}
e[36mcaddy_1  |e[0m {"level":"error","ts":1660842092.260265,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"dina.idac.gov.do","issuer":"acme-v02.api.letsencrypt.org-directory","error":"HTTP 400 urn:ietf:params:acme:error:connection - During secondary validation: 179.51.64.30: Timeout during connect (likely firewall problem)"}
e[36mcaddy_1  |e[0m {"level":"info","ts":1660842106.214804,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"dina.idac.gov.do","challenge_type":"http-01","ca":"https://acme.zerossl.com/v2/DV90"}
e[36mcaddy_1  |e[0m {"level":"error","ts":1660842428.4058893,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"dina.idac.gov.do","issuer":"acme.zerossl.com-v2-DV90","error":"[dina.idac.gov.do] solving challenges: [dina.idac.gov.do] authorization took too long (order=https://acme.zerossl.com/v2/DV90/order/L84tdhjbiMTzlnZzNBZ6WQ) (ca=https://acme.zerossl.com/v2/DV90)"}
e[36mcaddy_1  |e[0m {"level":"error","ts":1660842428.4059987,"logger":"tls.obtain","msg":"will retry","error":"[dina.idac.gov.do] Obtain: [dina.idac.gov.do] solving challenges: [dina.idac.gov.do] authorization took too long (order=https://acme.zerossl.com/v2/DV90/order/L84tdhjbiMTzlnZzNBZ6WQ) (ca=https://acme.zerossl.com/v2/DV90)","attempt":2,"retrying_in":120,"elapsed":749.950411947,"max_duration":2592000}
e[36mcaddy_1  |e[0m {"level":"info","ts":1660842549.1086185,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"dina.idac.gov.do","challenge_type":"tls-alpn-01","ca":"https://acme-staging-v02.api.letsencrypt.org/directory"}
e[36mcaddy_1  |e[0m {"level":"info","ts":1660842549.5973275,"logger":"tls","msg":"served key authentication certificate","server_name":"dina.idac.gov.do","challenge":"tls-alpn-01","remote":"34.217.36.58:40042","distributed":false}
e[36mcaddy_1  |e[0m {"level":"info","ts":1660842549.6024282,"logger":"tls","msg":"served key authentication certificate","server_name":"dina.idac.gov.do","challenge":"tls-alpn-01","remote":"23.178.112.107:30458","distributed":false}
e[36mcaddy_1  |e[0m {"level":"error","ts":1660842559.8039825,"logger":"tls.issuance.acme.acme_client","msg":"challenge failed","identifier":"dina.idac.gov.do","challenge_type":"tls-alpn-01","problem":{"type":"urn:ietf:params:acme:error:connection","title":"","detail":"During secondary validation: 179.51.64.30: Timeout during connect (likely firewall problem)","instance":"","subproblems":[]}}
e[36mcaddy_1  |e[0m {"level":"error","ts":1660842559.8040757,"logger":"tls.issuance.acme.acme_client","msg":"validating authorization","identifier":"dina.idac.gov.do","problem":{"type":"urn:ietf:params:acme:error:connection","title":"","detail":"During secondary validation: 179.51.64.30: Timeout during connect (likely firewall problem)","instance":"","subproblems":[]},"order":"https://acme-staging-v02.api.letsencrypt.org/acme/order/64988394/3703716904","attempt":1,"max_attempts":3}
e[36mcaddy_1  |e[0m {"level":"info","ts":1660842561.0072832,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"dina.idac.gov.do","challenge_type":"http-01","ca":"https://acme-staging-v02.api.letsencrypt.org/directory"}
e[36mcaddy_1  |e[0m {"level":"info","ts":1660842561.2441318,"logger":"tls.issuance.acme","msg":"served key authentication","identifier":"dina.idac.gov.do","challenge":"http-01","remote":"23.178.112.106:51978","distributed":false}
e[36mcaddy_1  |e[0m {"level":"info","ts":1660842561.248743,"logger":"tls.issuance.acme","msg":"served key authentication","identifier":"dina.idac.gov.do","challenge":"http-01","remote":"34.217.36.58:64636","distributed":false}
e[36mcaddy_1  |e[0m {"level":"error","ts":1660842571.3639164,"logger":"tls.issuance.acme.acme_client","msg":"challenge failed","identifier":"dina.idac.gov.do","challenge_type":"http-01","problem":{"type":"urn:ietf:params:acme:error:connection","title":"","detail":"During secondary validation: 179.51.64.30: Fetching http://dina.idac.gov.do/.well-known/acme-challenge/lGivDPWCmCjEzRhfEBkRJKprQz9le_En7HBmOuDtKcc: Timeout during connect (likely firewall problem)","instance":"","subproblems":[]}}
e[36mcaddy_1  |e[0m {"level":"error","ts":1660842571.3639882,"logger":"tls.issuance.acme.acme_client","msg":"validating authorization","identifier":"dina.idac.gov.do","problem":{"type":"urn:ietf:params:acme:error:connection","title":"","detail":"During secondary validation: 179.51.64.30: Fetching http://dina.idac.gov.do/.well-known/acme-challenge/lGivDPWCmCjEzRhfEBkRJKprQz9le_En7HBmOuDtKcc: Timeout during connect (likely firewall problem)","instance":"","subproblems":[]},"order":"https://acme-staging-v02.api.letsencrypt.org/acme/order/64988394/3703719224","attempt":2,"max_attempts":3}
e[36mcaddy_1  |e[0m {"level":"error","ts":1660842571.3640592,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"dina.idac.gov.do","issuer":"acme-v02.api.letsencrypt.org-directory","error":"HTTP 400 urn:ietf:params:acme:error:connection - During secondary validation: 179.51.64.30: Fetching http://dina.idac.gov.do/.well-known/acme-challenge/lGivDPWCmCjEzRhfEBkRJKprQz9le_En7HBmOuDtKcc: Timeout during connect (likely firewall problem)"}
e[36mcaddy_1  |e[0m {"level":"info","ts":1660842589.522852,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"dina.idac.gov.do","challenge_type":"http-01","ca":"https://acme.zerossl.com/v2/DV90"}
e[36mcaddy_1  |e[0m {"level":"error","ts":1660842901.8798244,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"dina.idac.gov.do","issuer":"acme.zerossl.com-v2-DV90","error":"[dina.idac.gov.do] solving challenges: [dina.idac.gov.do] authorization took too long (order=https://acme.zerossl.com/v2/DV90/order/9m14u_F5pxuzixwFD-uunA) (ca=https://acme.zerossl.com/v2/DV90)"}
e[36mcaddy_1  |e[0m {"level":"error","ts":1660842901.8799732,"logger":"tls.obtain","msg":"will retry","error":"[dina.idac.gov.do] Obtain: [dina.idac.gov.do] solving challenges: [dina.idac.gov.do] authorization took too long (order=https://acme.zerossl.com/v2/DV90/order/9m14u_F5pxuzixwFD-uunA) (ca=https://acme.zerossl.com/v2/DV90)","attempt":3,"retrying_in":120,"elapsed":1223.424386754,"max_duration":2592000}
e[36mcaddy_1  |e[0m {"level":"info","ts":1660843022.5415132,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"dina.idac.gov.do","challenge_type":"tls-alpn-01","ca":"https://acme-staging-v02.api.letsencrypt.org/directory"}
e[36mcaddy_1  |e[0m {"level":"info","ts":1660843022.9768143,"logger":"tls","msg":"served key authentication certificate","server_name":"dina.idac.gov.do","challenge":"tls-alpn-01","remote":"34.217.36.58:40050","distributed":false}
e[36mcaddy_1  |e[0m {"level":"info","ts":1660843023.11069,"logger":"tls","msg":"served key authentication certificate","server_name":"dina.idac.gov.do","challenge":"tls-alpn-01","remote":"23.178.112.107:36346","distributed":false}
e[36mcaddy_1  |e[0m {"level":"error","ts":1660843033.4006267,"logger":"tls.issuance.acme.acme_client","msg":"challenge failed","identifier":"dina.idac.gov.do","challenge_type":"tls-alpn-01","problem":{"type":"urn:ietf:params:acme:error:connection","title":"","detail":"During secondary validation: 179.51.64.30: Timeout during connect (likely firewall problem)","instance":"","subproblems":[]}}
e[36mcaddy_1  |e[0m {"level":"error","ts":1660843033.4006937,"logger":"tls.issuance.acme.acme_client","msg":"validating authorization","identifier":"dina.idac.gov.do","problem":{"type":"urn:ietf:params:acme:error:connection","title":"","detail":"During secondary validation: 179.51.64.30: Timeout during connect (likely firewall problem)","instance":"","subproblems":[]},"order":"https://acme-staging-v02.api.letsencrypt.org/acme/order/64988394/3703808164","attempt":1,"max_attempts":3}
e[36mcaddy_1  |e[0m {"level":"info","ts":1660843034.6151805,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"dina.idac.gov.do","challenge_type":"http-01","ca":"https://acme-staging-v02.api.letsencrypt.org/directory"}
e[36mcaddy_1  |e[0m {"level":"info","ts":1660843034.8403108,"logger":"tls.issuance.acme","msg":"served key authentication","identifier":"dina.idac.gov.do","challenge":"http-01","remote":"23.178.112.106:57820","distributed":false}
e[36mcaddy_1  |e[0m {"level":"info","ts":1660843034.8773224,"logger":"tls.issuance.acme","msg":"served key authentication","identifier":"dina.idac.gov.do","challenge":"http-01","remote":"34.217.36.58:64706","distributed":false}
e[36mcaddy_1  |e[0m {"level":"error","ts":1660843045.1136608,"logger":"tls.issuance.acme.acme_client","msg":"challenge failed","identifier":"dina.idac.gov.do","challenge_type":"http-01","problem":{"type":"urn:ietf:params:acme:error:connection","title":"","detail":"During secondary validation: 179.51.64.30: Fetching http://dina.idac.gov.do/.well-known/acme-challenge/iSg-d7TDNXPvxy0CZQvrAtIFuQxRxo0ra6VMwpAKcpg: Timeout during connect (likely firewall problem)","instance":"","subproblems":[]}}
e[36mcaddy_1  |e[0m {"level":"error","ts":1660843045.1137257,"logger":"tls.issuance.acme.acme_client","msg":"validating authorization","identifier":"dina.idac.gov.do","problem":{"type":"urn:ietf:params:acme:error:connection","title":"","detail":"During secondary validation: 179.51.64.30: Fetching http://dina.idac.gov.do/.well-known/acme-challenge/iSg-d7TDNXPvxy0CZQvrAtIFuQxRxo0ra6VMwpAKcpg: Timeout during connect (likely firewall problem)","instance":"","subproblems":[]},"order":"https://acme-staging-v02.api.letsencrypt.org/acme/order/64988394/3703810444","attempt":2,"max_attempts":3}
e[36mcaddy_1  |e[0m {"level":"error","ts":1660843045.1137815,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"dina.idac.gov.do","issuer":"acme-v02.api.letsencrypt.org-directory","error":"HTTP 400 urn:ietf:params:acme:error:connection - During secondary validation: 179.51.64.30: Fetching http://dina.idac.gov.do/.well-known/acme-challenge/iSg-d7TDNXPvxy0CZQvrAtIFuQxRxo0ra6VMwpAKcpg: Timeout during connect (likely firewall problem)"}
e[36mcaddy_1  |e[0m {"level":"info","ts":1660843059.9648032,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"dina.idac.gov.do","challenge_type":"http-01","ca":"https://acme.zerossl.com/v2/DV90"}
e[36mcaddy_1  |e[0m {"level":"error","ts":1660843376.1242406,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"dina.idac.gov.do","issuer":"acme.zerossl.com-v2-DV90","error":"[dina.idac.gov.do] solving challenges: [dina.idac.gov.do] authorization took too long (order=https://acme.zerossl.com/v2/DV90/order/Kru7kpgySm-1CKUCOwpvLQ) (ca=https://acme.zerossl.com/v2/DV90)"}
e[36mcaddy_1  |e[0m {"level":"error","ts":1660843376.124338,"logger":"tls.obtain","msg":"will retry","error":"[dina.idac.gov.do] Obtain: [dina.idac.gov.do] solving challenges: [dina.idac.gov.do] authorization took too long (order=https://acme.zerossl.com/v2/DV90/order/Kru7kpgySm-1CKUCOwpvLQ) (ca=https://acme.zerossl.com/v2/DV90)","attempt":4,"retrying_in":300,"elapsed":1697.668750977,"max_duration":2592000}
e[36mcaddy_1  |e[0m {"level":"info","ts":1660843676.836917,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"dina.idac.gov.do","challenge_type":"tls-alpn-01","ca":"https://acme-staging-v02.api.letsencrypt.org/directory"}
e[36mcaddy_1  |e[0m {"level":"info","ts":1660843677.389582,"logger":"tls","msg":"served key authentication certificate","server_name":"dina.idac.gov.do","challenge":"tls-alpn-01","remote":"23.178.112.106:34832","distributed":false}
e[36mcaddy_1  |e[0m {"level":"info","ts":1660843677.4481158,"logger":"tls","msg":"served key authentication certificate","server_name":"dina.idac.gov.do","challenge":"tls-alpn-01","remote":"34.217.36.58:40058","distributed":false}
e[36mcaddy_1  |e[0m {"level":"error","ts":1660843687.704726,"logger":"tls.issuance.acme.acme_client","msg":"challenge failed","identifier":"dina.idac.gov.do","challenge_type":"tls-alpn-01","problem":{"type":"urn:ietf:params:acme:error:connection","title":"","detail":"During secondary validation: 179.51.64.30: Timeout during connect (likely firewall problem)","instance":"","subproblems":[]}}
e[36mcaddy_1  |e[0m {"level":"error","ts":1660843687.7047937,"logger":"tls.issuance.acme.acme_client","msg":"validating authorization","identifier":"dina.idac.gov.do","problem":{"type":"urn:ietf:params:acme:error:connection","title":"","detail":"During secondary validation: 179.51.64.30: Timeout during connect (likely firewall problem)","instance":"","subproblems":[]},"order":"https://acme-staging-v02.api.letsencrypt.org/acme/order/64988394/3703900604","attempt":1,"max_attempts":3}
e[36mcaddy_1  |e[0m {"level":"info","ts":1660843688.926551,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"dina.idac.gov.do","challenge_type":"http-01","ca":"https://acme-staging-v02.api.letsencrypt.org/directory"}
e[36mcaddy_1  |e[0m {"level":"info","ts":1660843689.1589484,"logger":"tls.issuance.acme","msg":"served key authentication","identifier":"dina.idac.gov.do","challenge":"http-01","remote":"34.217.36.58:64744","distributed":false}
e[36mcaddy_1  |e[0m {"level":"info","ts":1660843689.1630776,"logger":"tls.issuance.acme","msg":"served key authentication","identifier":"dina.idac.gov.do","challenge":"http-01","remote":"23.178.112.106:62490","distributed":false}
e[36mcaddy_1  |e[0m {"level":"error","ts":1660843699.4936445,"logger":"tls.issuance.acme.acme_client","msg":"challenge failed","identifier":"dina.idac.gov.do","challenge_type":"http-01","problem":{"type":"urn:ietf:params:acme:error:connection","title":"","detail":"During secondary validation: 179.51.64.30: Fetching http://dina.idac.gov.do/.well-known/acme-challenge/dUj-Snqz9eTphE4RxZgUT_jbZIXXliABiA43wT6oQKg: Timeout during connect (likely firewall problem)","instance":"","subproblems":[]}}
e[36mcaddy_1  |e[0m {"level":"error","ts":1660843699.4937165,"logger":"tls.issuance.acme.acme_client","msg":"validating authorization","identifier":"dina.idac.gov.do","problem":{"type":"urn:ietf:params:acme:error:connection","title":"","detail":"During secondary validation: 179.51.64.30: Fetching http://dina.idac.gov.do/.well-known/acme-challenge/dUj-Snqz9eTphE4RxZgUT_jbZIXXliABiA43wT6oQKg: Timeout during connect (likely firewall problem)","instance":"","subproblems":[]},"order":"https://acme-staging-v02.api.letsencrypt.org/acme/order/64988394/3703902174","attempt":2,"max_attempts":3}
e[36mcaddy_1  |e[0m {"level":"error","ts":1660843699.4937603,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"dina.idac.gov.do","issuer":"acme-v02.api.letsencrypt.org-directory","error":"HTTP 400 urn:ietf:params:acme:error:connection - During secondary validation: 179.51.64.30: Fetching http://dina.idac.gov.do/.well-known/acme-challenge/dUj-Snqz9eTphE4RxZgUT_jbZIXXliABiA43wT6oQKg: Timeout during connect (likely firewall problem)"}
e[36mcaddy_1  |e[0m {"level":"info","ts":1660843712.1153765,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"dina.idac.gov.do","challenge_type":"http-01","ca":"https://acme.zerossl.com/v2/DV90"}
e[36mcaddy_1  |e[0m {"level":"error","ts":1660844021.0881681,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"dina.idac.gov.do","issuer":"acme.zerossl.com-v2-DV90","error":"[dina.idac.gov.do] solving challenges: [dina.idac.gov.do] authorization took too long (order=https://acme.zerossl.com/v2/DV90/order/S9sMYvFZYQl7PWm9TeotFA) (ca=https://acme.zerossl.com/v2/DV90)"}
e[36mcaddy_1  |e[0m {"level":"error","ts":1660844021.090208,"logger":"tls.obtain","msg":"will retry","error":"[dina.idac.gov.do] Obtain: [dina.idac.gov.do] solving challenges: [dina.idac.gov.do] authorization took too long (order=https://acme.zerossl.com/v2/DV90/order/S9sMYvFZYQl7PWm9TeotFA) (ca=https://acme.zerossl.com/v2/DV90)","attempt":5,"retrying_in":600,"elapsed":2342.634620685,"max_duration":2592000}
e[36mcaddy_1  |e[0m {"level":"info","ts":1660844621.702919,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"dina.idac.gov.do","challenge_type":"tls-alpn-01","ca":"https://acme-staging-v02.api.letsencrypt.org/directory"}
e[36mcaddy_1  |e[0m {"level":"info","ts":1660844622.2149296,"logger":"tls","msg":"served key authentication certificate","server_name":"dina.idac.gov.do","challenge":"tls-alpn-01","remote":"23.178.112.107:49966","distributed":false}
e[36mcaddy_1  |e[0m {"level":"info","ts":1660844622.40824,"logger":"tls","msg":"served key authentication certificate","server_name":"dina.idac.gov.do","challenge":"tls-alpn-01","remote":"34.217.36.58:40086","distributed":false}
e[36mcaddy_1  |e[0m {"level":"error","ts":1660844632.6436367,"logger":"tls.issuance.acme.acme_client","msg":"challenge failed","identifier":"dina.idac.gov.do","challenge_type":"tls-alpn-01","problem":{"type":"urn:ietf:params:acme:error:connection","title":"","detail":"During secondary validation: 179.51.64.30: Timeout during connect (likely firewall problem)","instance":"","subproblems":[]}}
e[36mcaddy_1  |e[0m {"level":"error","ts":1660844632.643685,"logger":"tls.issuance.acme.acme_client","msg":"validating authorization","identifier":"dina.idac.gov.do","problem":{"type":"urn:ietf:params:acme:error:connection","title":"","detail":"During secondary validation: 179.51.64.30: Timeout during connect (likely firewall problem)","instance":"","subproblems":[]},"order":"https://acme-staging-v02.api.letsencrypt.org/acme/order/64988394/3704066224","attempt":1,"max_attempts":3}
e[36mcaddy_1  |e[0m {"level":"info","ts":1660844633.8657155,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"dina.idac.gov.do","challenge_type":"http-01","ca":"https://acme-staging-v02.api.letsencrypt.org/directory"}
e[36mcaddy_1  |e[0m {"level":"info","ts":1660844634.1162167,"logger":"tls.issuance.acme","msg":"served key authentication","identifier":"dina.idac.gov.do","challenge":"http-01","remote":"23.178.112.107:24202","distributed":false}
e[36mcaddy_1  |e[0m {"level":"info","ts":1660844634.1367445,"logger":"tls.issuance.acme","msg":"served key authentication","identifier":"dina.idac.gov.do","challenge":"http-01","remote":"34.217.36.58:64822","distributed":false}
e[36mcaddy_1  |e[0m {"level":"error","ts":1660844644.449257,"logger":"tls.issuance.acme.acme_client","msg":"challenge failed","identifier":"dina.idac.gov.do","challenge_type":"http-01","problem":{"type":"urn:ietf:params:acme:error:connection","title":"","detail":"During secondary validation: 179.51.64.30: Fetching http://dina.idac.gov.do/.well-known/acme-challenge/S4SaXMXfuu_s6LNhAWNrE1acdQVrKK24v77vB3OEktw: Timeout during connect (likely firewall problem)","instance":"","subproblems":[]}}
e[36mcaddy_1  |e[0m {"level":"error","ts":1660844644.4493315,"logger":"tls.issuance.acme.acme_client","msg":"validating authorization","identifier":"dina.idac.gov.do","problem":{"type":"urn:ietf:params:acme:error:connection","title":"","detail":"During secondary validation: 179.51.64.30: Fetching http://dina.idac.gov.do/.well-known/acme-challenge/S4SaXMXfuu_s6LNhAWNrE1acdQVrKK24v77vB3OEktw: Timeout during connect (likely firewall problem)","instance":"","subproblems":[]},"order":"https://acme-staging-v02.api.letsencrypt.org/acme/order/64988394/3704068534","attempt":2,"max_attempts":3}
e[36mcaddy_1  |e[0m {"level":"error","ts":1660844644.449436,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"dina.idac.gov.do","issuer":"acme-v02.api.letsencrypt.org-directory","error":"HTTP 400 urn:ietf:params:acme:error:connection - During secondary validation: 179.51.64.30: Fetching http://dina.idac.gov.do/.well-known/acme-challenge/S4SaXMXfuu_s6LNhAWNrE1acdQVrKK24v77vB3OEktw: Timeout during connect (likely firewall problem)"}
e[36mcaddy_1  |e[0m {"level":"info","ts":1660844654.2427182,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"dina.idac.gov.do","challenge_type":"http-01","ca":"https://acme.zerossl.com/v2/DV90"}
e[36mcaddy_1  |e[0m {"level":"error","ts":1660844964.123848,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"dina.idac.gov.do","issuer":"acme.zerossl.com-v2-DV90","error":"[dina.idac.gov.do] solving challenges: [dina.idac.gov.do] authorization took too long (order=https://acme.zerossl.com/v2/DV90/order/E6-Sf0gZqEkorHL40Ox4sQ) (ca=https://acme.zerossl.com/v2/DV90)"}
e[36mcaddy_1  |e[0m {"level":"error","ts":1660844964.1239796,"logger":"tls.obtain","msg":"will retry","error":"[dina.idac.gov.do] Obtain: [dina.idac.gov.do] solving challenges: [dina.idac.gov.do] authorization took too long (order=https://acme.zerossl.com/v2/DV90/order/E6-Sf0gZqEkorHL40Ox4sQ) (ca=https://acme.zerossl.com/v2/DV90)","attempt":6,"retrying_in":1200,"elapsed":3285.668390587,"max_duration":2592000}

Now the logs after applying your advise:

Attaching to prod_caddy_1
e[36mcaddy_1  |e[0m {"level":"info","ts":1660841678.444625,"msg":"using provided configuration","config_file":"/etc/caddy/Caddyfile","config_adapter":"caddyfile"}
e[36mcaddy_1  |e[0m {"level":"warn","ts":1660841678.446288,"msg":"Caddyfile input is not formatted; run the 'caddy fmt' command to fix inconsistencies","adapter":"caddyfile","file":"/etc/caddy/Caddyfile","line":2}
e[36mcaddy_1  |e[0m {"level":"info","ts":1660841678.4511209,"logger":"admin","msg":"admin endpoint started","address":"tcp/localhost:2019","enforce_origin":false,"origins":["//localhost:2019","//[::1]:2019","//127.0.0.1:2019"]}
e[36mcaddy_1  |e[0m {"level":"info","ts":1660841678.4513159,"logger":"http","msg":"server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS","server_name":"srv0","https_port":443}
e[36mcaddy_1  |e[0m {"level":"info","ts":1660841678.4513357,"logger":"http","msg":"enabling automatic HTTP->HTTPS redirects","server_name":"srv0"}
e[36mcaddy_1  |e[0m {"level":"info","ts":1660841678.4522586,"logger":"http","msg":"enabling automatic TLS certificate management","domains":["dina.idac.gov.do"]}
e[36mcaddy_1  |e[0m {"level":"info","ts":1660841678.4525983,"logger":"tls.cache.maintenance","msg":"started background certificate maintenance","cache":"0xc00017f3b0"}
e[36mcaddy_1  |e[0m {"level":"info","ts":1660841678.4530365,"logger":"tls","msg":"cleaning storage unit","description":"FileStorage:/data/caddy"}
e[36mcaddy_1  |e[0m {"level":"info","ts":1660841678.453071,"logger":"tls","msg":"finished cleaning storage units"}
e[36mcaddy_1  |e[0m {"level":"info","ts":1660841678.4531124,"logger":"tls.obtain","msg":"acquiring lock","identifier":"dina.idac.gov.do"}
e[36mcaddy_1  |e[0m {"level":"info","ts":1660841678.4533544,"msg":"autosaved config (load with --resume flag)","file":"/config/caddy/autosave.json"}
e[36mcaddy_1  |e[0m {"level":"info","ts":1660841678.4533608,"msg":"serving initial configuration"}
e[36mcaddy_1  |e[0m {"level":"info","ts":1660841678.4555762,"logger":"tls.obtain","msg":"lock acquired","identifier":"dina.idac.gov.do"}
e[36mcaddy_1  |e[0m {"level":"info","ts":1660841679.246061,"logger":"tls.issuance.acme","msg":"waiting on internal rate limiter","identifiers":["dina.idac.gov.do"],"ca":"https://acme-v02.api.letsencrypt.org/directory","account":""}
e[36mcaddy_1  |e[0m {"level":"info","ts":1660841679.2460904,"logger":"tls.issuance.acme","msg":"done waiting on internal rate limiter","identifiers":["dina.idac.gov.do"],"ca":"https://acme-v02.api.letsencrypt.org/directory","account":""}
e[36mcaddy_1  |e[0m {"level":"error","ts":1660841679.3652773,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"dina.idac.gov.do","issuer":"acme-v02.api.letsencrypt.org-directory","error":"HTTP 429 urn:ietf:params:acme:error:rateLimited - Error creating new order :: too many certificates (5) already issued for this exact set of domains in the last 168 hours: dina.idac.gov.do, retry after 2022-08-19T09:32:46Z: see https://letsencrypt.org/docs/duplicate-certificate-limit/"}
e[36mcaddy_1  |e[0m {"level":"warn","ts":1660841679.3656468,"logger":"tls.issuance.zerossl","msg":"missing email address for ZeroSSL; it is strongly recommended to set one for next time"}
e[36mcaddy_1  |e[0m {"level":"info","ts":1660841680.2657652,"logger":"tls.issuance.zerossl","msg":"generated EAB credentials","key_id":"1gbAUUYTXPxIUvLfJcOP8A"}
e[36mcaddy_1  |e[0m {"level":"info","ts":1660841688.197065,"logger":"tls.issuance.acme","msg":"waiting on internal rate limiter","identifiers":["dina.idac.gov.do"],"ca":"https://acme.zerossl.com/v2/DV90","account":""}
e[36mcaddy_1  |e[0m {"level":"info","ts":1660841688.1971006,"logger":"tls.issuance.acme","msg":"done waiting on internal rate limiter","identifiers":["dina.idac.gov.do"],"ca":"https://acme.zerossl.com/v2/DV90","account":""}
e[36mcaddy_1  |e[0m {"level":"info","ts":1660841699.0850983,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"dina.idac.gov.do","challenge_type":"http-01","ca":"https://acme.zerossl.com/v2/DV90"}
e[36mcaddy_1  |e[0m {"level":"error","ts":1660842009.2695842,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"dina.idac.gov.do","issuer":"acme.zerossl.com-v2-DV90","error":"[dina.idac.gov.do] solving challenges: [dina.idac.gov.do] authorization took too long (order=https://acme.zerossl.com/v2/DV90/order/IiZsMBI9NPciy166vpMjyA) (ca=https://acme.zerossl.com/v2/DV90)"}
e[36mcaddy_1  |e[0m {"level":"error","ts":1660842009.2706504,"logger":"tls.obtain","msg":"will retry","error":"[dina.idac.gov.do] Obtain: [dina.idac.gov.do] solving challenges: [dina.idac.gov.do] authorization took too long (order=https://acme.zerossl.com/v2/DV90/order/IiZsMBI9NPciy166vpMjyA) (ca=https://acme.zerossl.com/v2/DV90)","attempt":1,"retrying_in":60,"elapsed":330.815062262,"max_duration":2592000}
e[36mcaddy_1  |e[0m {"level":"info","ts":1660842070.0943398,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"dina.idac.gov.do","challenge_type":"http-01","ca":"https://acme-staging-v02.api.letsencrypt.org/directory"}
e[36mcaddy_1  |e[0m {"level":"info","ts":1660842070.587165,"logger":"tls.issuance.acme","msg":"served key authentication","identifier":"dina.idac.gov.do","challenge":"http-01","remote":"23.178.112.106:46732","distributed":false}
e[36mcaddy_1  |e[0m {"level":"info","ts":1660842070.603907,"logger":"tls.issuance.acme","msg":"served key authentication","identifier":"dina.idac.gov.do","challenge":"http-01","remote":"34.217.36.58:64618","distributed":false}
e[36mcaddy_1  |e[0m {"level":"error","ts":1660842080.7546318,"logger":"tls.issuance.acme.acme_client","msg":"challenge failed","identifier":"dina.idac.gov.do","challenge_type":"http-01","problem":{"type":"urn:ietf:params:acme:error:connection","title":"","detail":"During secondary validation: 179.51.64.30: Fetching http://dina.idac.gov.do/.well-known/acme-challenge/nLQ4RFlkruKyy29sqANC4Ey-3BhqPoY9bBRkF_N6yzE: Timeout during connect (likely firewall problem)","instance":"","subproblems":[]}}
e[36mcaddy_1  |e[0m {"level":"error","ts":1660842080.754766,"logger":"tls.issuance.acme.acme_client","msg":"validating authorization","identifier":"dina.idac.gov.do","problem":{"type":"urn:ietf:params:acme:error:connection","title":"","detail":"During secondary validation: 179.51.64.30: Fetching http://dina.idac.gov.do/.well-known/acme-challenge/nLQ4RFlkruKyy29sqANC4Ey-3BhqPoY9bBRkF_N6yzE: Timeout during connect (likely firewall problem)","instance":"","subproblems":[]},"order":"https://acme-staging-v02.api.letsencrypt.org/acme/order/64987844/3703638724","attempt":1,"max_attempts":3}
e[36mcaddy_1  |e[0m {"level":"info","ts":1660842081.977408,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"dina.idac.gov.do","challenge_type":"tls-alpn-01","ca":"https://acme-staging-v02.api.letsencrypt.org/directory"}
e[36mcaddy_1  |e[0m {"level":"info","ts":1660842082.2481384,"logger":"tls","msg":"served key authentication certificate","server_name":"dina.idac.gov.do","challenge":"tls-alpn-01","remote":"34.217.36.58:40032","distributed":false}
e[36mcaddy_1  |e[0m {"level":"info","ts":1660842082.4336329,"logger":"tls","msg":"served key authentication certificate","server_name":"dina.idac.gov.do","challenge":"tls-alpn-01","remote":"23.178.112.107:25416","distributed":false}
e[36mcaddy_1  |e[0m {"level":"error","ts":1660842092.2601452,"logger":"tls.issuance.acme.acme_client","msg":"challenge failed","identifier":"dina.idac.gov.do","challenge_type":"tls-alpn-01","problem":{"type":"urn:ietf:params:acme:error:connection","title":"","detail":"During secondary validation: 179.51.64.30: Timeout during connect (likely firewall problem)","instance":"","subproblems":[]}}
e[36mcaddy_1  |e[0m {"level":"error","ts":1660842092.2602093,"logger":"tls.issuance.acme.acme_client","msg":"validating authorization","identifier":"dina.idac.gov.do","problem":{"type":"urn:ietf:params:acme:error:connection","title":"","detail":"During secondary validation: 179.51.64.30: Timeout during connect (likely firewall problem)","instance":"","subproblems":[]},"order":"https://acme-staging-v02.api.letsencrypt.org/acme/order/64987844/3703641414","attempt":2,"max_attempts":3}
e[36mcaddy_1  |e[0m {"level":"error","ts":1660842092.260265,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"dina.idac.gov.do","issuer":"acme-v02.api.letsencrypt.org-directory","error":"HTTP 400 urn:ietf:params:acme:error:connection - During secondary validation: 179.51.64.30: Timeout during connect (likely firewall problem)"}
e[36mcaddy_1  |e[0m {"level":"info","ts":1660842106.214804,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"dina.idac.gov.do","challenge_type":"http-01","ca":"https://acme.zerossl.com/v2/DV90"}
e[36mcaddy_1  |e[0m {"level":"error","ts":1660842428.4058893,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"dina.idac.gov.do","issuer":"acme.zerossl.com-v2-DV90","error":"[dina.idac.gov.do] solving challenges: [dina.idac.gov.do] authorization took too long (order=https://acme.zerossl.com/v2/DV90/order/L84tdhjbiMTzlnZzNBZ6WQ) (ca=https://acme.zerossl.com/v2/DV90)"}
e[36mcaddy_1  |e[0m {"level":"error","ts":1660842428.4059987,"logger":"tls.obtain","msg":"will retry","error":"[dina.idac.gov.do] Obtain: [dina.idac.gov.do] solving challenges: [dina.idac.gov.do] authorization took too long (order=https://acme.zerossl.com/v2/DV90/order/L84tdhjbiMTzlnZzNBZ6WQ) (ca=https://acme.zerossl.com/v2/DV90)","attempt":2,"retrying_in":120,"elapsed":749.950411947,"max_duration":2592000}
e[36mcaddy_1  |e[0m {"level":"info","ts":1660842549.1086185,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"dina.idac.gov.do","challenge_type":"tls-alpn-01","ca":"https://acme-staging-v02.api.letsencrypt.org/directory"}
e[36mcaddy_1  |e[0m {"level":"info","ts":1660842549.5973275,"logger":"tls","msg":"served key authentication certificate","server_name":"dina.idac.gov.do","challenge":"tls-alpn-01","remote":"34.217.36.58:40042","distributed":false}
e[36mcaddy_1  |e[0m {"level":"info","ts":1660842549.6024282,"logger":"tls","msg":"served key authentication certificate","server_name":"dina.idac.gov.do","challenge":"tls-alpn-01","remote":"23.178.112.107:30458","distributed":false}
e[36mcaddy_1  |e[0m {"level":"error","ts":1660842559.8039825,"logger":"tls.issuance.acme.acme_client","msg":"challenge failed","identifier":"dina.idac.gov.do","challenge_type":"tls-alpn-01","problem":{"type":"urn:ietf:params:acme:error:connection","title":"","detail":"During secondary validation: 179.51.64.30: Timeout during connect (likely firewall problem)","instance":"","subproblems":[]}}
e[36mcaddy_1  |e[0m {"level":"error","ts":1660842559.8040757,"logger":"tls.issuance.acme.acme_client","msg":"validating authorization","identifier":"dina.idac.gov.do","problem":{"type":"urn:ietf:params:acme:error:connection","title":"","detail":"During secondary validation: 179.51.64.30: Timeout during connect (likely firewall problem)","instance":"","subproblems":[]},"order":"https://acme-staging-v02.api.letsencrypt.org/acme/order/64988394/3703716904","attempt":1,"max_attempts":3}
e[36mcaddy_1  |e[0m {"level":"info","ts":1660842561.0072832,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"dina.idac.gov.do","challenge_type":"http-01","ca":"https://acme-staging-v02.api.letsencrypt.org/directory"}
e[36mcaddy_1  |e[0m {"level":"info","ts":1660842561.2441318,"logger":"tls.issuance.acme","msg":"served key authentication","identifier":"dina.idac.gov.do","challenge":"http-01","remote":"23.178.112.106:51978","distributed":false}
e[36mcaddy_1  |e[0m {"level":"info","ts":1660842561.248743,"logger":"tls.issuance.acme","msg":"served key authentication","identifier":"dina.idac.gov.do","challenge":"http-01","remote":"34.217.36.58:64636","distributed":false}
e[36mcaddy_1  |e[0m {"level":"error","ts":1660842571.3639164,"logger":"tls.issuance.acme.acme_client","msg":"challenge failed","identifier":"dina.idac.gov.do","challenge_type":"http-01","problem":{"type":"urn:ietf:params:acme:error:connection","title":"","detail":"During secondary validation: 179.51.64.30: Fetching http://dina.idac.gov.do/.well-known/acme-challenge/lGivDPWCmCjEzRhfEBkRJKprQz9le_En7HBmOuDtKcc: Timeout during connect (likely firewall problem)","instance":"","subproblems":[]}}
e[36mcaddy_1  |e[0m {"level":"error","ts":1660842571.3639882,"logger":"tls.issuance.acme.acme_client","msg":"validating authorization","identifier":"dina.idac.gov.do","problem":{"type":"urn:ietf:params:acme:error:connection","title":"","detail":"During secondary validation: 179.51.64.30: Fetching http://dina.idac.gov.do/.well-known/acme-challenge/lGivDPWCmCjEzRhfEBkRJKprQz9le_En7HBmOuDtKcc: Timeout during connect (likely firewall problem)","instance":"","subproblems":[]},"order":"https://acme-staging-v02.api.letsencrypt.org/acme/order/64988394/3703719224","attempt":2,"max_attempts":3}
e[36mcaddy_1  |e[0m {"level":"error","ts":1660842571.3640592,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"dina.idac.gov.do","issuer":"acme-v02.api.letsencrypt.org-directory","error":"HTTP 400 urn:ietf:params:acme:error:connection - During secondary validation: 179.51.64.30: Fetching http://dina.idac.gov.do/.well-known/acme-challenge/lGivDPWCmCjEzRhfEBkRJKprQz9le_En7HBmOuDtKcc: Timeout during connect (likely firewall problem)"}
e[36mcaddy_1  |e[0m {"level":"info","ts":1660842589.522852,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"dina.idac.gov.do","challenge_type":"http-01","ca":"https://acme.zerossl.com/v2/DV90"}
e[36mcaddy_1  |e[0m {"level":"error","ts":1660842901.8798244,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"dina.idac.gov.do","issuer":"acme.zerossl.com-v2-DV90","error":"[dina.idac.gov.do] solving challenges: [dina.idac.gov.do] authorization took too long (order=https://acme.zerossl.com/v2/DV90/order/9m14u_F5pxuzixwFD-uunA) (ca=https://acme.zerossl.com/v2/DV90)"}
e[36mcaddy_1  |e[0m {"level":"error","ts":1660842901.8799732,"logger":"tls.obtain","msg":"will retry","error":"[dina.idac.gov.do] Obtain: [dina.idac.gov.do] solving challenges: [dina.idac.gov.do] authorization took too long (order=https://acme.zerossl.com/v2/DV90/order/9m14u_F5pxuzixwFD-uunA) (ca=https://acme.zerossl.com/v2/DV90)","attempt":3,"retrying_in":120,"elapsed":1223.424386754,"max_duration":2592000}
e[36mcaddy_1  |e[0m {"level":"info","ts":1660843022.5415132,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"dina.idac.gov.do","challenge_type":"tls-alpn-01","ca":"https://acme-staging-v02.api.letsencrypt.org/directory"}
e[36mcaddy_1  |e[0m {"level":"info","ts":1660843022.9768143,"logger":"tls","msg":"served key authentication certificate","server_name":"dina.idac.gov.do","challenge":"tls-alpn-01","remote":"34.217.36.58:40050","distributed":false}
e[36mcaddy_1  |e[0m {"level":"info","ts":1660843023.11069,"logger":"tls","msg":"served key authentication certificate","server_name":"dina.idac.gov.do","challenge":"tls-alpn-01","remote":"23.178.112.107:36346","distributed":false}
e[36mcaddy_1  |e[0m {"level":"error","ts":1660843033.4006267,"logger":"tls.issuance.acme.acme_client","msg":"challenge failed","identifier":"dina.idac.gov.do","challenge_type":"tls-alpn-01","problem":{"type":"urn:ietf:params:acme:error:connection","title":"","detail":"During secondary validation: 179.51.64.30: Timeout during connect (likely firewall problem)","instance":"","subproblems":[]}}
e[36mcaddy_1  |e[0m {"level":"error","ts":1660843033.4006937,"logger":"tls.issuance.acme.acme_client","msg":"validating authorization","identifier":"dina.idac.gov.do","problem":{"type":"urn:ietf:params:acme:error:connection","title":"","detail":"During secondary validation: 179.51.64.30: Timeout during connect (likely firewall problem)","instance":"","subproblems":[]},"order":"https://acme-staging-v02.api.letsencrypt.org/acme/order/64988394/3703808164","attempt":1,"max_attempts":3}
e[36mcaddy_1  |e[0m {"level":"info","ts":1660843034.6151805,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"dina.idac.gov.do","challenge_type":"http-01","ca":"https://acme-staging-v02.api.letsencrypt.org/directory"}
e[36mcaddy_1  |e[0m {"level":"info","ts":1660843034.8403108,"logger":"tls.issuance.acme","msg":"served key authentication","identifier":"dina.idac.gov.do","challenge":"http-01","remote":"23.178.112.106:57820","distributed":false}
e[36mcaddy_1  |e[0m {"level":"info","ts":1660843034.8773224,"logger":"tls.issuance.acme","msg":"served key authentication","identifier":"dina.idac.gov.do","challenge":"http-01","remote":"34.217.36.58:64706","distributed":false}
e[36mcaddy_1  |e[0m {"level":"error","ts":1660843045.1136608,"logger":"tls.issuance.acme.acme_client","msg":"challenge failed","identifier":"dina.idac.gov.do","challenge_type":"http-01","problem":{"type":"urn:ietf:params:acme:error:connection","title":"","detail":"During secondary validation: 179.51.64.30: Fetching http://dina.idac.gov.do/.well-known/acme-challenge/iSg-d7TDNXPvxy0CZQvrAtIFuQxRxo0ra6VMwpAKcpg: Timeout during connect (likely firewall problem)","instance":"","subproblems":[]}}
e[36mcaddy_1  |e[0m {"level":"error","ts":1660843045.1137257,"logger":"tls.issuance.acme.acme_client","msg":"validating authorization","identifier":"dina.idac.gov.do","problem":{"type":"urn:ietf:params:acme:error:connection","title":"","detail":"During secondary validation: 179.51.64.30: Fetching http://dina.idac.gov.do/.well-known/acme-challenge/iSg-d7TDNXPvxy0CZQvrAtIFuQxRxo0ra6VMwpAKcpg: Timeout during connect (likely firewall problem)","instance":"","subproblems":[]},"order":"https://acme-staging-v02.api.letsencrypt.org/acme/order/64988394/3703810444","attempt":2,"max_attempts":3}
e[36mcaddy_1  |e[0m {"level":"error","ts":1660843045.1137815,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"dina.idac.gov.do","issuer":"acme-v02.api.letsencrypt.org-directory","error":"HTTP 400 urn:ietf:params:acme:error:connection - During secondary validation: 179.51.64.30: Fetching http://dina.idac.gov.do/.well-known/acme-challenge/iSg-d7TDNXPvxy0CZQvrAtIFuQxRxo0ra6VMwpAKcpg: Timeout during connect (likely firewall problem)"}
e[36mcaddy_1  |e[0m {"level":"info","ts":1660843059.9648032,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"dina.idac.gov.do","challenge_type":"http-01","ca":"https://acme.zerossl.com/v2/DV90"}
e[36mcaddy_1  |e[0m {"level":"error","ts":1660843376.1242406,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"dina.idac.gov.do","issuer":"acme.zerossl.com-v2-DV90","error":"[dina.idac.gov.do] solving challenges: [dina.idac.gov.do] authorization took too long (order=https://acme.zerossl.com/v2/DV90/order/Kru7kpgySm-1CKUCOwpvLQ) (ca=https://acme.zerossl.com/v2/DV90)"}
e[36mcaddy_1  |e[0m {"level":"error","ts":1660843376.124338,"logger":"tls.obtain","msg":"will retry","error":"[dina.idac.gov.do] Obtain: [dina.idac.gov.do] solving challenges: [dina.idac.gov.do] authorization took too long (order=https://acme.zerossl.com/v2/DV90/order/Kru7kpgySm-1CKUCOwpvLQ) (ca=https://acme.zerossl.com/v2/DV90)","attempt":4,"retrying_in":300,"elapsed":1697.668750977,"max_duration":2592000}
e[36mcaddy_1  |e[0m {"level":"info","ts":1660843676.836917,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"dina.idac.gov.do","challenge_type":"tls-alpn-01","ca":"https://acme-staging-v02.api.letsencrypt.org/directory"}
e[36mcaddy_1  |e[0m {"level":"info","ts":1660843677.389582,"logger":"tls","msg":"served key authentication certificate","server_name":"dina.idac.gov.do","challenge":"tls-alpn-01","remote":"23.178.112.106:34832","distributed":false}
e[36mcaddy_1  |e[0m {"level":"info","ts":1660843677.4481158,"logger":"tls","msg":"served key authentication certificate","server_name":"dina.idac.gov.do","challenge":"tls-alpn-01","remote":"34.217.36.58:40058","distributed":false}
e[36mcaddy_1  |e[0m {"level":"error","ts":1660843687.704726,"logger":"tls.issuance.acme.acme_client","msg":"challenge failed","identifier":"dina.idac.gov.do","challenge_type":"tls-alpn-01","problem":{"type":"urn:ietf:params:acme:error:connection","title":"","detail":"During secondary validation: 179.51.64.30: Timeout during connect (likely firewall problem)","instance":"","subproblems":[]}}
e[36mcaddy_1  |e[0m {"level":"error","ts":1660843687.7047937,"logger":"tls.issuance.acme.acme_client","msg":"validating authorization","identifier":"dina.idac.gov.do","problem":{"type":"urn:ietf:params:acme:error:connection","title":"","detail":"During secondary validation: 179.51.64.30: Timeout during connect (likely firewall problem)","instance":"","subproblems":[]},"order":"https://acme-staging-v02.api.letsencrypt.org/acme/order/64988394/3703900604","attempt":1,"max_attempts":3}
e[36mcaddy_1  |e[0m {"level":"info","ts":1660843688.926551,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"dina.idac.gov.do","challenge_type":"http-01","ca":"https://acme-staging-v02.api.letsencrypt.org/directory"}
e[36mcaddy_1  |e[0m {"level":"info","ts":1660843689.1589484,"logger":"tls.issuance.acme","msg":"served key authentication","identifier":"dina.idac.gov.do","challenge":"http-01","remote":"34.217.36.58:64744","distributed":false}
e[36mcaddy_1  |e[0m {"level":"info","ts":1660843689.1630776,"logger":"tls.issuance.acme","msg":"served key authentication","identifier":"dina.idac.gov.do","challenge":"http-01","remote":"23.178.112.106:62490","distributed":false}
e[36mcaddy_1  |e[0m {"level":"error","ts":1660843699.4936445,"logger":"tls.issuance.acme.acme_client","msg":"challenge failed","identifier":"dina.idac.gov.do","challenge_type":"http-01","problem":{"type":"urn:ietf:params:acme:error:connection","title":"","detail":"During secondary validation: 179.51.64.30: Fetching http://dina.idac.gov.do/.well-known/acme-challenge/dUj-Snqz9eTphE4RxZgUT_jbZIXXliABiA43wT6oQKg: Timeout during connect (likely firewall problem)","instance":"","subproblems":[]}}
e[36mcaddy_1  |e[0m {"level":"error","ts":1660843699.4937165,"logger":"tls.issuance.acme.acme_client","msg":"validating authorization","identifier":"dina.idac.gov.do","problem":{"type":"urn:ietf:params:acme:error:connection","title":"","detail":"During secondary validation: 179.51.64.30: Fetching http://dina.idac.gov.do/.well-known/acme-challenge/dUj-Snqz9eTphE4RxZgUT_jbZIXXliABiA43wT6oQKg: Timeout during connect (likely firewall problem)","instance":"","subproblems":[]},"order":"https://acme-staging-v02.api.letsencrypt.org/acme/order/64988394/3703902174","attempt":2,"max_attempts":3}
e[36mcaddy_1  |e[0m {"level":"error","ts":1660843699.4937603,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"dina.idac.gov.do","issuer":"acme-v02.api.letsencrypt.org-directory","error":"HTTP 400 urn:ietf:params:acme:error:connection - During secondary validation: 179.51.64.30: Fetching http://dina.idac.gov.do/.well-known/acme-challenge/dUj-Snqz9eTphE4RxZgUT_jbZIXXliABiA43wT6oQKg: Timeout during connect (likely firewall problem)"}
e[36mcaddy_1  |e[0m {"level":"info","ts":1660843712.1153765,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"dina.idac.gov.do","challenge_type":"http-01","ca":"https://acme.zerossl.com/v2/DV90"}
e[36mcaddy_1  |e[0m {"level":"error","ts":1660844021.0881681,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"dina.idac.gov.do","issuer":"acme.zerossl.com-v2-DV90","error":"[dina.idac.gov.do] solving challenges: [dina.idac.gov.do] authorization took too long (order=https://acme.zerossl.com/v2/DV90/order/S9sMYvFZYQl7PWm9TeotFA) (ca=https://acme.zerossl.com/v2/DV90)"}
e[36mcaddy_1  |e[0m {"level":"error","ts":1660844021.090208,"logger":"tls.obtain","msg":"will retry","error":"[dina.idac.gov.do] Obtain: [dina.idac.gov.do] solving challenges: [dina.idac.gov.do] authorization took too long (order=https://acme.zerossl.com/v2/DV90/order/S9sMYvFZYQl7PWm9TeotFA) (ca=https://acme.zerossl.com/v2/DV90)","attempt":5,"retrying_in":600,"elapsed":2342.634620685,"max_duration":2592000}
e[36mcaddy_1  |e[0m {"level":"info","ts":1660844621.702919,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"dina.idac.gov.do","challenge_type":"tls-alpn-01","ca":"https://acme-staging-v02.api.letsencrypt.org/directory"}
e[36mcaddy_1  |e[0m {"level":"info","ts":1660844622.2149296,"logger":"tls","msg":"served key authentication certificate","server_name":"dina.idac.gov.do","challenge":"tls-alpn-01","remote":"23.178.112.107:49966","distributed":false}
e[36mcaddy_1  |e[0m {"level":"info","ts":1660844622.40824,"logger":"tls","msg":"served key authentication certificate","server_name":"dina.idac.gov.do","challenge":"tls-alpn-01","remote":"34.217.36.58:40086","distributed":false}
e[36mcaddy_1  |e[0m {"level":"error","ts":1660844632.6436367,"logger":"tls.issuance.acme.acme_client","msg":"challenge failed","identifier":"dina.idac.gov.do","challenge_type":"tls-alpn-01","problem":{"type":"urn:ietf:params:acme:error:connection","title":"","detail":"During secondary validation: 179.51.64.30: Timeout during connect (likely firewall problem)","instance":"","subproblems":[]}}
e[36mcaddy_1  |e[0m {"level":"error","ts":1660844632.643685,"logger":"tls.issuance.acme.acme_client","msg":"validating authorization","identifier":"dina.idac.gov.do","problem":{"type":"urn:ietf:params:acme:error:connection","title":"","detail":"During secondary validation: 179.51.64.30: Timeout during connect (likely firewall problem)","instance":"","subproblems":[]},"order":"https://acme-staging-v02.api.letsencrypt.org/acme/order/64988394/3704066224","attempt":1,"max_attempts":3}
e[36mcaddy_1  |e[0m {"level":"info","ts":1660844633.8657155,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"dina.idac.gov.do","challenge_type":"http-01","ca":"https://acme-staging-v02.api.letsencrypt.org/directory"}
e[36mcaddy_1  |e[0m {"level":"info","ts":1660844634.1162167,"logger":"tls.issuance.acme","msg":"served key authentication","identifier":"dina.idac.gov.do","challenge":"http-01","remote":"23.178.112.107:24202","distributed":false}
e[36mcaddy_1  |e[0m {"level":"info","ts":1660844634.1367445,"logger":"tls.issuance.acme","msg":"served key authentication","identifier":"dina.idac.gov.do","challenge":"http-01","remote":"34.217.36.58:64822","distributed":false}
e[36mcaddy_1  |e[0m {"level":"error","ts":1660844644.449257,"logger":"tls.issuance.acme.acme_client","msg":"challenge failed","identifier":"dina.idac.gov.do","challenge_type":"http-01","problem":{"type":"urn:ietf:params:acme:error:connection","title":"","detail":"During secondary validation: 179.51.64.30: Fetching http://dina.idac.gov.do/.well-known/acme-challenge/S4SaXMXfuu_s6LNhAWNrE1acdQVrKK24v77vB3OEktw: Timeout during connect (likely firewall problem)","instance":"","subproblems":[]}}
e[36mcaddy_1  |e[0m {"level":"error","ts":1660844644.4493315,"logger":"tls.issuance.acme.acme_client","msg":"validating authorization","identifier":"dina.idac.gov.do","problem":{"type":"urn:ietf:params:acme:error:connection","title":"","detail":"During secondary validation: 179.51.64.30: Fetching http://dina.idac.gov.do/.well-known/acme-challenge/S4SaXMXfuu_s6LNhAWNrE1acdQVrKK24v77vB3OEktw: Timeout during connect (likely firewall problem)","instance":"","subproblems":[]},"order":"https://acme-staging-v02.api.letsencrypt.org/acme/order/64988394/3704068534","attempt":2,"max_attempts":3}
e[36mcaddy_1  |e[0m {"level":"error","ts":1660844644.449436,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"dina.idac.gov.do","issuer":"acme-v02.api.letsencrypt.org-directory","error":"HTTP 400 urn:ietf:params:acme:error:connection - During secondary validation: 179.51.64.30: Fetching http://dina.idac.gov.do/.well-known/acme-challenge/S4SaXMXfuu_s6LNhAWNrE1acdQVrKK24v77vB3OEktw: Timeout during connect (likely firewall problem)"}
e[36mcaddy_1  |e[0m {"level":"info","ts":1660844654.2427182,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"dina.idac.gov.do","challenge_type":"http-01","ca":"https://acme.zerossl.com/v2/DV90"}
e[36mcaddy_1  |e[0m {"level":"error","ts":1660844964.123848,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"dina.idac.gov.do","issuer":"acme.zerossl.com-v2-DV90","error":"[dina.idac.gov.do] solving challenges: [dina.idac.gov.do] authorization took too long (order=https://acme.zerossl.com/v2/DV90/order/E6-Sf0gZqEkorHL40Ox4sQ) (ca=https://acme.zerossl.com/v2/DV90)"}
e[36mcaddy_1  |e[0m {"level":"error","ts":1660844964.1239796,"logger":"tls.obtain","msg":"will retry","error":"[dina.idac.gov.do] Obtain: [dina.idac.gov.do] solving challenges: [dina.idac.gov.do] authorization took too long (order=https://acme.zerossl.com/v2/DV90/order/E6-Sf0gZqEkorHL40Ox4sQ) (ca=https://acme.zerossl.com/v2/DV90)","attempt":6,"retrying_in":1200,"elapsed":3285.668390587,"max_duration":2592000}

Please remember that Im running caddy server inside a container…

This here will be my new caddyfile:

dina.idac.gov.do {
    @apps path /avnav/* /booked* /stats* /reportes* /_portal* /dashboard* /permisos*

    reverse_proxy @apps 172.16.0.21:80
    reverse_proxy web:5000

    root * /var/www/
    file_server

}

Please confirm if I have done it right.

Are you sure that you have ports 80 and 443 open to the public internet? ACME issuers need to be able to connect to your server to verify the ACME challenge, so they can know that you do control the domain you’re asking a certificate for.

There’s still a problem here.

You do have a matcher for two different reverse_proxy, but not for the file_server.

Are you actually trying to serve static files? For which requests?

Caddy will never reach file_server with that config, because reverse_proxy is higher on the directive order, and your second one reverse_proxy web:5000 already applies to all requests (except for the ones handled by reverse_proxy @apps 172.16.0.21:80, i.e. only requests matching @apps).

1 Like

“error”:“HTTP 400 urn:ietf:params:acme:error:connection - During secondary validation: 179.51.64.30: Fetching http://dina.idac.gov.do/.well-known/acme-challenge/S4SaXMXfuu_s6LNhAWNrE1acdQVrKK24v77vB3OEktw: Timeout during connect (likely firewall problem)”

Ports are open to public but we are behind a strict firewall (fortinet), that issue was solve after a few days and our caddy implementation has passed that challenge… now the problem is with the revserse_proxy directive. Thanks for your help in this matter…

Ok, got it… thanks

In

We are serving static php files and we need those folder to be able to work, but right now they are not… we are using links that have iframes…

With this directive we are serving django pythong apps…

Django apps are working fine. it is the php statis files that we need to get access to run them… advice in this matter will be a plus. I understand that file_server will serve all that I have under root… while the above proxy with the match that has the ip will work with it.

Like This… if I understood what you are telling me…

And thanks for your quick response francis… I think with this I can restart de container y will work…

This doesn’t make sense. You’re not serving the actual PHP source code, right? So it’s not really static content. PHP is inherently dynamic content.

Unless you mean “static files that live inside the PHP app’s directory structure”.

No, reordering the actual directives in your config doesn’t do anything at all. The Caddyfile adapter sorts the directives for you according to the predetermined directive order (which I linked above).

Run caddy adapt --pretty --config /etc/caddy/Caddyfile, you’ll see what your adapted JSON config looks like (which is what Caddy actually runs with under the hood, in v2).

Notice that the reverse_proxy handlers are both before file_server, with the one with a matcher being the first of those.

This is because the one with a matcher is “more specific” than the one without a matcher (the most specific one must run first, otherwise a more general matcher would overlap/shadow the other one if it came first). This is what’s happening between the reverse_proxy without a matcher and file_server, the proxy is completely shadowing the file server, meaning the file server will never run.

The key is… you need to tell Caddy which requests do what. Right now you only told it “send all requests starting with these paths to go to this proxy” and “everything else goes to this other proxy”. That’s all.

Caddy has no idea what requests are for static files, it can’t just magically intercept that and “do the right thing”, you need to tell it what to do.

So again, what paths are supposed to be served by file_server?

Is your server at 172.16.0.21:80 an apache server?

You could run your PHP apps with Caddy, with the php_fastcgi directive, with a php-fpm container.

Also, it seems like each of those paths in the @apps path matcher are separate apps? I strongly suggest using a subdomain for each of the apps, instead of relying on subpath matching. That can significantly complicate things, depending on what you’re trying to do. A subdomain per would mean making a site block for each of them. So like:

stats.dina.idac.gov.do {
	# serve stats
}

booked.dina.idac.gov.do {
	# serve booked
}
3 Likes

I have been doing homework and I need you to confirm that this config could work so caddy manages to server static and php files from request with those named matchers and then all other request to the frontend web app. And you were right about the folders and apps, your advice for subdomain is an excellent idea, is a work in progress. Be paying attention to your response. Thanks in advance

Do you still need help, or is your issue resolved?


If you do still need help:

Can you explain what isn’t working?
Can you explain in bullet points what you are trying to archive?
Can you share logs?

In your opening post, you wrote that you

It might be easier for us to help you by looking at your old Caddyfile (before you upgraded from 0.1.x to 2.x.x) to understand what you are trying to do :innocent:
Can you share your old Caddyfile before you upgraded?

Is all you are trying to do upgrading from 0.1.x or did you change something else too?

1 Like

Hi there… Yes I still need help please…

Old caddyfile:
dina.idac.gov.do {

reverse_proxy /avnav/* 172.16.0.21:80 {
  header_up Host {host}
  header_up X-Real-IP {remote}
}

reverse_proxy web:5000 {
  header_up Host {host}
  header_up X-Real-IP {remote}
}

reverse_proxy /booked 172.16.0.21:80 {
  header_up Host {host}
  header_up X-Real-IP {remote}
}

reverse_proxy /stats 172.16.0.21:80 {
  header_up Host {host}
  header_up X-Real-IP {remote}
}

reverse_proxy /reportes 172.16.0.21:80 {
  header_up Host {host}
  header_up X-Real-IP {remote}
}

reverse_proxy /_portal/* 172.16.0.21:80 {
  header_up Host {host}
  header_up X-Real-IP {remote}
}

reverse_proxy /dashboard/* 172.16.0.21:80 {
  header_up Host {host}
  header_up X-Real-IP {remote}
}

reverse_proxy /permisos 172.16.0.21:80 {
  header_up Host {host}
  header_up X-Real-IP {remote}
}

root * /var/www
file_server
log {
output file /var/log/caddy/caddy-access.log
format console
}

}

And my new caddyfile (but I haven’t applied it yet, in order not to mess things up):

dina.idac.gov.do {
handle{
@apps path /avnav/* /booked/* /stats/* /reportes/* /_portal/* /dashboard/* /permisos/*
file_server @apps{
root * /var/www/
}
reverse_proxy @apps 172.16.0.21:80
}
handle{
reverse_proxy web:5000
}

}

What Im trying to accomplish here is:

  • proxy serve using caddy the web on port 5000, has Django python running in docker (working right with the help of francis).
  • Reach using reverse proxy links with php apps on another ip server where they are running. (Not working)
  • Handle request with Matchers from the url dina.idac.gov.do folders with the apps that I need to work with (not working).

I just need to make sure if with the caddyfile config I will be able to do it… Cause Im getting a bit confuse with how caddy server work this thing out… I have read some documantion, but I need some light with this one… I think that Caddy is an excellent solution, so in order for to make this work on my job project, will be a plus… thanks in advance for your response Indeed

Hi @noble,

This is an invalid Caddyfile.

Use caddy validate on the command line to help you find issues with your Caddyfile.

In this case:

whitestrake in ~ at merlin
âžś caddy validate
2022/08/24 23:51:39.806	INFO	using adjacent Caddyfile
validate: adapting config using caddyfile: Caddyfile:9 - Error during parsing: Site addresses cannot end with a curly brace: 'handle{' - put a space between the token and the brace

You should also use caddy fmt to correctly format and indent your Caddyfile, especially when posting on these forums; it will help us help you by making your configuration more readable for us.

The file_server directive here will never execute. You can remove it entirely and nothing will change.

Ok, I can understand this, will proceed, thanks

So, what would be the correct way to put it, I’m kind of stuck here with this directive and need to use it in order to serve some static files and php file of the folder above that are in the reverse proxy ip, and be proxying All other request to web:5000

The reverse proxy and the file server are, essentially, mutually exclusive.

Caddy cannot handle a single request with both of these. You must tell Caddy how to determine which requests go to which handler.

If you use the same matcher for both, all requests will simply go to the first applicable option (the reverse proxy) and the last option (the file server) will simply be ignored.

Can you explain to me how Caddy can tell which request would go where for @apps?

Hi, sorry for the late response, caddy should go here, for file server

and for other request that will not serve static and php files should go here,

According to what you have explained, this caddyfile config should make apps under those folders work, cause they are php files. I thought that using handle or route directive could make fileserver work with reverse proxy.