1. Caddy version (caddy version
):
Latest.
2. How I run Caddy:
Using a docker-compose file.
a. System environment:
Docker on Debian 11.
b. Command:
docker-compose up -d
docker restart caddy
c. Service/unit/compose file:
caddy:
container_name: caddy
image: hotio/caddy
ports:
- 80:8080
- 443:8443
environment:
- PUID=1000
- PGID=1000
- UMASK=002
- TZ=Europe/Stockholm
- CUSTOM_BUILD=/config/caddy_linux_amd64_custom
volumes:
- ./appdata/caddy:/config
cap_add:
- NET_ADMIN
networks:
- web
d. My complete Caddyfile or JSON config:
(cloudflare) {
tls {
dns cloudflare ${CF_TOKEN}
}
}
*.grillgeek.se {
reverse_proxy grillgeekse
import cloudflare
}
3. The problem I’m having:
The logs…
4. Error messages and/or full log output:
{"level":"info","ts":1629377298.7282708,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"*.grillgeek.se","challenge_type":"dns-01","ca":"https://acme-v02.api.letsencrypt.org/directory"}
{"level":"error","ts":1629377299.662859,"logger":"tls.issuance.acme.acme_client","msg":"cleaning up solver","identifier":"*.grillgeek.se","challenge_type":"dns-01","error":"no memory of presenting a DNS record for grillgeek.se (probably OK if presenting failed)"}
{"level":"error","ts":1629377299.855702,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"*.grillgeek.se","issuer":"acme-v02.api.letsencrypt.org-directory","error":"[*.grillgeek.se] solving challenges: presenting for challenge: adding temporary record for zone grillgeek.se.: got error status: HTTP 400: [{Code:6003 Message:Invalid request headers}] (order=https://acme-v02.api.letsencrypt.org/acme/order/167860000/18051426340) (ca=https://acme-v02.api.letsencrypt.org/directory)"}
{"level":"warn","ts":1629377299.8570433,"logger":"tls.issuance.zerossl","msg":"missing email address for ZeroSSL; it is strongly recommended to set one for next time"}
{"level":"info","ts":1629377300.6286633,"logger":"tls.issuance.zerossl","msg":"generated EAB credentials","key_id":"ISz4K1UnTfyQVzOJKJ7sCQ"}
{"level":"info","ts":1629377302.0398445,"logger":"tls.issuance.acme","msg":"waiting on internal rate limiter","identifiers":["*.grillgeek.se"],"ca":"https://acme.zerossl.com/v2/DV90","account":""}
{"level":"info","ts":1629377302.0399044,"logger":"tls.issuance.acme","msg":"done waiting on internal rate limiter","identifiers":["*.grillgeek.se"],"ca":"https://acme.zerossl.com/v2/DV90","account":""}
{"level":"info","ts":1629377302.887,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"*.grillgeek.se","challenge_type":"dns-01","ca":"https://acme.zerossl.com/v2/DV90"}
{"level":"error","ts":1629377303.766533,"logger":"tls.issuance.acme.acme_client","msg":"cleaning up solver","identifier":"*.grillgeek.se","challenge_type":"dns-01","error":"no memory of presenting a DNS record for grillgeek.se (probably OK if presenting failed)"}
{"level":"error","ts":1629377304.1799765,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"*.grillgeek.se","issuer":"acme.zerossl.com-v2-DV90","error":"[*.grillgeek.se] solving challenges: presenting for challenge: adding temporary record for zone grillgeek.se.: got error status: HTTP 400: [{Code:6003 Message:Invalid request headers}] (order=https://acme.zerossl.com/v2/DV90/order/_8S5xUdu8ypeK01BO5ed0g) (ca=https://acme.zerossl.com/v2/DV90)"}
{"level":"error","ts":1629377304.1800268,"logger":"tls.obtain","msg":"will retry","error":"[*.grillgeek.se] Obtain: [*.grillgeek.se] solving challenges: presenting for challenge: adding temporary record for zone grillgeek.se.: got error status: HTTP 400: [{Code:6003 Message:Invalid request headers}] (order=https://acme.zerossl.com/v2/DV90/order/_8S5xUdu8ypeK01BO5ed0g) (ca=https://acme.zerossl.com/v2/DV90)","attempt":1,"retrying_in":60,"elapsed":6.796249388,"max_duration":2592000}
{"level":"info","ts":1629377365.3561811,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"*.grillgeek.se","challenge_type":"dns-01","ca":"https://acme-staging-v02.api.letsencrypt.org/directory"}
{"level":"error","ts":1629377366.2453837,"logger":"tls.issuance.acme.acme_client","msg":"cleaning up solver","identifier":"*.grillgeek.se","challenge_type":"dns-01","error":"no memory of presenting a DNS record for grillgeek.se (probably OK if presenting failed)"}
{"level":"error","ts":1629377366.4156175,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"*.grillgeek.se","issuer":"acme-v02.api.letsencrypt.org-directory","error":"[*.grillgeek.se] solving challenges: presenting for challenge: adding temporary record for zone grillgeek.se.: got error status: HTTP 400: [{Code:6003 Message:Invalid request headers}] (order=https://acme-staging-v02.api.letsencrypt.org/acme/order/23888938/336216708) (ca=https://acme-staging-v02.api.letsencrypt.org/directory)"}
{"level":"warn","ts":1629377366.416463,"logger":"tls.issuance.zerossl","msg":"missing email address for ZeroSSL; it is strongly recommended to set one for next time"}
{"level":"info","ts":1629377367.10738,"logger":"tls.issuance.zerossl","msg":"generated EAB credentials","key_id":"wk79kd7BZE21QPycjKxphg"}
{"level":"info","ts":1629377369.101417,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"*.grillgeek.se","challenge_type":"dns-01","ca":"https://acme.zerossl.com/v2/DV90"}
{"level":"error","ts":1629377369.9531305,"logger":"tls.issuance.acme.acme_client","msg":"cleaning up solver","identifier":"*.grillgeek.se","challenge_type":"dns-01","error":"no memory of presenting a DNS record for grillgeek.se (probably OK if presenting failed)"}
{"level":"error","ts":1629377370.3966916,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"*.grillgeek.se","issuer":"acme.zerossl.com-v2-DV90","error":"[*.grillgeek.se] solving challenges: presenting for challenge: adding temporary record for zone grillgeek.se.: got error status: HTTP 400: [{Code:6003 Message:Invalid request headers}] (order=https://acme.zerossl.com/v2/DV90/order/W41kPT-k3088RS5yfzCvHw) (ca=https://acme.zerossl.com/v2/DV90)"}
{"level":"error","ts":1629377370.3967605,"logger":"tls.obtain","msg":"will retry","error":"[*.grillgeek.se] Obtain: [*.grillgeek.se] solving challenges: presenting for challenge: adding temporary record for zone grillgeek.se.: got error status: HTTP 400: [{Code:6003 Message:Invalid request headers}] (order=https://acme.zerossl.com/v2/DV90/order/W41kPT-k3088RS5yfzCvHw) (ca=https://acme.zerossl.com/v2/DV90)","attempt":2,"retrying_in":120,"elapsed":73.012982621,"max_duration":2592000}
{"level":"info","ts":1629377491.527611,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"*.grillgeek.se","challenge_type":"dns-01","ca":"https://acme-staging-v02.api.letsencrypt.org/directory"}
{"level":"error","ts":1629377492.4288447,"logger":"tls.issuance.acme.acme_client","msg":"cleaning up solver","identifier":"*.grillgeek.se","challenge_type":"dns-01","error":"no memory of presenting a DNS record for grillgeek.se (probably OK if presenting failed)"}
{"level":"error","ts":1629377492.5922155,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"*.grillgeek.se","issuer":"acme-v02.api.letsencrypt.org-directory","error":"[*.grillgeek.se] solving challenges: presenting for challenge: adding temporary record for zone grillgeek.se.: got error status: HTTP 400: [{Code:6003 Message:Invalid request headers}] (order=https://acme-staging-v02.api.letsencrypt.org/acme/order/23888938/336228308) (ca=https://acme-staging-v02.api.letsencrypt.org/directory)"}
{"level":"warn","ts":1629377492.5925565,"logger":"tls.issuance.zerossl","msg":"missing email address for ZeroSSL; it is strongly recommended to set one for next time"}
{"level":"info","ts":1629377493.4598162,"logger":"tls.issuance.zerossl","msg":"generated EAB credentials","key_id":"lN2szdR-K6V9LMSFSWA3Bw"}
5. What I already tried:
Forums and the web