Force cert regeneration of revoked certificates

null · June 11, 2021, 3:44pm

1. Caddy version

v2.4.1 (upgraded from v2.3.0 in attempt to fix)

a. System environment:

Ubuntu 18 server

b. Command:

caddy reload

d. My complete Caddyfile or JSON config:

3speak.co {
redir https://3speak.tv{uri}
}

3speak.tv {
reverse_proxy http://127.0.0.1:9400
}

3speak.online {
redir https://3speak.tv{uri}
}

studio.3speak.co {
redir https://3speak.tv{uri}
}

studio.3speak.tv {
reverse_proxy http://127.0.0.1:3005
}

live.3speak.co {
reverse_proxy http://127.0.0.1:3000
}

live.3speak.tv {
reverse_proxy http://127.0.0.1:3000
}

standupx.3speak.co {
reverse_proxy http://127.0.0.1:8080
}

standupx.3speak.tv {
reverse_proxy http://127.0.0.1:8080
}

wsb.3speak.co {
reverse_proxy http://[::1]:5000
}

wsb.3speak.tv {
reverse_proxy http://[::1]:5000
}

img-standupx.3speak.co {
reverse_proxy http://[::1]:3030
}

img-standupx.3speak.tv {
reverse_proxy http://[::1]:3030
}

spk.network {
    root * /var/www
    encode gzip
    file_server
}

3. The problem I’m having:

Firefox is showing the error SEC_ERROR_REVOKED_CERTIFICATE. I’m assuming the OSCP has invalidated the certificate and I’m wondering what the best way to force caddy to regenerate them is? I have considered deleting ~/.local/share/caddy/certificates but don’t want to risk it.

5. What I already tried:

I updated caddy to the latest version and restarted the service reloaded the Caddyfile. I tried to work out how to enforce letsencrypt encryption as the current certificate is ZeroSSL. I think some people have mentioned rate limits and I know there’s a lot of domains here so that could be it.

francislavoie · June 11, 2021, 3:48pm

See this issue:

null · June 11, 2021, 4:02pm

That explains why the certificate was revoked, I still need to know how to force caddy to generate new certificates though?

matt · June 11, 2021, 4:15pm

The help template is missing vital info. Where are your logs? Please post them so we can help you.

null · June 11, 2021, 4:24pm

I’m not sure what is meant by Service/unit/compose file? I’m not using docker-compose or Kubernetes.

francislavoie · June 11, 2021, 4:25pm

That would be your systemd service file, if you installed it that way.

null · June 11, 2021, 4:37pm

{"level":"error","ts":1623427801.7903755,"logger":"tls.issuance.acme.acme_client","msg":"validating authorization","identifier":"3speak.online","error":"authorization failed: HTTP 403 urn:ietf:params:acme:error:unauthorized - Invalid response from http://3speak.online/.well-known/acme-challenge/CMOwUeVHDX4akmWwbQN>
Jun 11 16:10:07 threespeak-web caddy[1191049]: {"level":"info","ts":1623427807.422612,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"3speak.online","challenge_type":"http-01","ca":"https://acme.zerossl.com/v2/DV90"}
Jun 11 16:10:39 threespeak-web caddy[1191049]: {"level":"error","ts":1623427839.237129,"logger":"tls.renew","msg":"will retry","error":"[img-standupx.3speak.co] Renew: [img-standupx.3speak.co] solving challenges: [img-standupx.3speak.co] authorization took too long (order=https://acme.zerossl.com/v2/DV90/order/chFlq6uHNyrxrtdUqsovaQ) (ca=https://acme.zerossl.c>
Jun 11 16:10:40 threespeak-web caddy[1191049]: {"level":"error","ts":1623427840.379234,"logger":"tls.renew","msg":"will retry","error":"[studio.3speak.co] Renew: [studio.3speak.co] solving challenges: [studio.3speak.co] authorization took too long (order=https://acme.zerossl.com/v2/DV90/order/T06oCh2U6auOOEuQjQlJKQ) (ca=https://acme.zerossl.com/v2/DV90)","atte>
Jun 11 16:11:14 threespeak-web caddy[1191049]: {"level":"error","ts":1623427874.9223619,"logger":"http.log.error","msg":"dial tcp 127.0.0.1:3000: connect: connection refused","request":{"remote_addr":"66.249.66.155:54942","proto":"HTTP/1.1","method":"GET","host":"live.3speak.tv","uri":"/robots.txt","headers":{"Connection":["keep-alive"],"Accept":["text/plain,t>
Jun 11 16:12:23 threespeak-web caddy[1191049]: {"level":"error","ts":1623427943.5881457,"logger":"http.log.error","msg":"dial tcp 127.0.0.1:3000: connect: connection refused","request":{"remote_addr":"185.130.44.185:57628","proto":"HTTP/1.1","method":"GET","host":"live.3speak.tv","uri":"/list","headers":{"Accept":["*/*"],"User-Agent":["node-fetch/1.0 (+https:/>
Jun 11 16:12:23 threespeak-web caddy[1191049]: {"level":"error","ts":1623427943.72164,"logger":"http.log.error","msg":"dial tcp 127.0.0.1:3000: connect: connection refused","request":{"remote_addr":"185.130.44.185:57632","proto":"HTTP/1.1","method":"GET","host":"live.3speak.tv","uri":"/list","headers":{"Accept":["*/*"],"User-Agent":["node-fetch/1.0 (+https://g>
Jun 11 16:12:39 threespeak-web caddy[1191049]: {"level":"info","ts":1623427959.243415,"logger":"tls.renew","msg":"renewing certificate","identifier":"img-standupx.3speak.co","remaining":-753841.243403211}
Jun 11 16:12:40 threespeak-web caddy[1191049]: {"level":"info","ts":1623427960.3813496,"logger":"tls.renew","msg":"renewing certificate","identifier":"studio.3speak.co","remaining":-753842.38134617}
Jun 11 16:12:40 threespeak-web caddy[1191049]: {"level":"info","ts":1623427960.4727612,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"img-standupx.3speak.co","challenge_type":"tls-alpn-01","ca":"https://acme-staging-v02.api.letsencrypt.org/directory"}
Jun 11 16:12:41 threespeak-web caddy[1191049]: {"level":"error","ts":1623427961.0256994,"logger":"tls.issuance.acme.acme_client","msg":"challenge failed","identifier":"img-standupx.3speak.co","challenge_type":"tls-alpn-01","status_code":400,"problem_type":"urn:ietf:params:acme:error:dns","error":"DNS problem: NXDOMAIN looking up A for img-standupx.3speak.co - >
Jun 11 16:12:41 threespeak-web caddy[1191049]: {"level":"error","ts":1623427961.0258443,"logger":"tls.issuance.acme.acme_client","msg":"validating authorization","identifier":"img-standupx.3speak.co","error":"authorization failed: HTTP 400 urn:ietf:params:acme:error:dns - DNS problem: NXDOMAIN looking up A for img-standupx.3speak.co - check that a DNS record e>
Jun 11 16:12:41 threespeak-web caddy[1191049]: {"level":"info","ts":1623427961.939876,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"studio.3speak.co","challenge_type":"tls-alpn-01","ca":"https://acme-staging-v02.api.letsencrypt.org/directory"}
Jun 11 16:12:42 threespeak-web caddy[1191049]: {"level":"info","ts":1623427962.3766758,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"img-standupx.3speak.co","challenge_type":"http-01","ca":"https://acme-staging-v02.api.letsencrypt.org/directory"}
Jun 11 16:12:42 threespeak-web caddy[1191049]: {"level":"error","ts":1623427962.9453425,"logger":"tls.issuance.acme.acme_client","msg":"challenge failed","identifier":"studio.3speak.co","challenge_type":"tls-alpn-01","status_code":400,"problem_type":"urn:ietf:params:acme:error:dns","error":"DNS problem: NXDOMAIN looking up A for studio.3speak.co - check that a>
Jun 11 16:12:42 threespeak-web caddy[1191049]: {"level":"error","ts":1623427962.945448,"logger":"tls.issuance.acme.acme_client","msg":"validating authorization","identifier":"studio.3speak.co","error":"authorization failed: HTTP 400 urn:ietf:params:acme:error:dns - DNS problem: NXDOMAIN looking up A for studio.3speak.co - check that a DNS record exists for thi>
Jun 11 16:12:43 threespeak-web caddy[1191049]: {"level":"error","ts":1623427963.345966,"logger":"tls.issuance.acme.acme_client","msg":"challenge failed","identifier":"img-standupx.3speak.co","challenge_type":"http-01","status_code":400,"problem_type":"urn:ietf:params:acme:error:dns","error":"DNS problem: NXDOMAIN looking up A for img-standupx.3speak.co - check>
Jun 11 16:12:43 threespeak-web caddy[1191049]: {"level":"error","ts":1623427963.3460503,"logger":"tls.issuance.acme.acme_client","msg":"validating authorization","identifier":"img-standupx.3speak.co","error":"authorization failed: HTTP 400 urn:ietf:params:acme:error:dns - DNS problem: NXDOMAIN looking up A for img-standupx.3speak.co - check that a DNS record e>
Jun 11 16:12:44 threespeak-web caddy[1191049]: {"level":"info","ts":1623427964.2715092,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"studio.3speak.co","challenge_type":"http-01","ca":"https://acme-staging-v02.api.letsencrypt.org/directory"}
Jun 11 16:12:44 threespeak-web caddy[1191049]: {"level":"error","ts":1623427964.867934,"logger":"tls.issuance.acme.acme_client","msg":"challenge failed","identifier":"studio.3speak.co","challenge_type":"http-01","status_code":400,"problem_type":"urn:ietf:params:acme:error:dns","error":"DNS problem: NXDOMAIN looking up A for studio.3speak.co - check that a DNS >
Jun 11 16:12:44 threespeak-web caddy[1191049]: {"level":"error","ts":1623427964.868,"logger":"tls.issuance.acme.acme_client","msg":"validating authorization","identifier":"studio.3speak.co","error":"authorization failed: HTTP 400 urn:ietf:params:acme:error:dns - DNS problem: NXDOMAIN looking up A for studio.3speak.co - check that a DNS record exists for this d>
Jun 11 16:12:47 threespeak-web caddy[1191049]: {"level":"info","ts":1623427967.4103606,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"img-standupx.3speak.co","challenge_type":"http-01","ca":"https://acme.zerossl.com/v2/DV90"}
Jun 11 16:12:51 threespeak-web caddy[1191049]: {"level":"info","ts":1623427971.0819197,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"studio.3speak.co","challenge_type":"http-01","ca":"https://acme.zerossl.com/v2/DV90"}
Jun 11 16:14:13 threespeak-web caddy[1191049]: {"level":"error","ts":1623428053.4743094,"logger":"http.handlers.reverse_proxy","msg":"aborting with incomplete response","error":"context canceled"}
Jun 11 16:14:41 threespeak-web caddy[1191049]: {"level":"error","ts":1623428081.0980968,"logger":"http.handlers.reverse_proxy","msg":"aborting with incomplete response","error":"write tcp 185.130.44.185:443->89.107.190.86:43052: write: connection reset by peer"}
Jun 11 16:15:05 threespeak-web caddy[1191049]: {"level":"error","ts":1623428105.2022345,"logger":"tls.obtain","msg":"will retry","error":"[img-standupx.3speak.tv] Obtain: [img-standupx.3speak.tv] solving challenges: [img-standupx.3speak.tv] authorization took too long (order=https://acme.zerossl.com/v2/DV90/order/UCS46eodaPSWf7KEvaX3Ng) (ca=https://acme.zeross>
Jun 11 16:15:10 threespeak-web caddy[1191049]: {"level":"error","ts":1623428110.585403,"logger":"tls.obtain","msg":"will retry","error":"[3speak.online] Obtain: [3speak.online] solving challenges: [3speak.online] authorization took too long (order=https://acme.zerossl.com/v2/DV90/order/9J_e55en--fIswYPdLv5Ng) (ca=https://acme.zerossl.com/v2/DV90)","attempt":4,>
Jun 11 16:16:48 threespeak-web caddy[1191049]: {"level":"error","ts":1623428208.0299237,"logger":"http.log.error","msg":"dial tcp 127.0.0.1:3000: connect: connection refused","request":{"remote_addr":"185.130.44.185:58250","proto":"HTTP/1.1","method":"GET","host":"live.3speak.tv","uri":"/list","headers":{"Connection":["close"],"Accept":["*/*"],"User-Agent":["n>
Jun 11 16:17:38 threespeak-web caddy[1191049]: {"level":"error","ts":1623428258.7949874,"logger":"http.handlers.reverse_proxy","msg":"aborting with incomplete response","error":"http2: stream closed"}
Jun 11 16:17:51 threespeak-web caddy[1191049]: {"level":"error","ts":1623428271.3514805,"logger":"tls.renew","msg":"will retry","error":"[img-standupx.3speak.co] Renew: [img-standupx.3speak.co] solving challenges: [img-standupx.3speak.co] authorization took too long (order=https://acme.zerossl.com/v2/DV90/order/JHraWbixcygBFa4FvEf6kg) (ca=https://acme.zerossl.>
Jun 11 16:17:54 threespeak-web caddy[1191049]: {"level":"error","ts":1623428274.5732853,"logger":"tls.renew","msg":"will retry","error":"[studio.3speak.co] Renew: [studio.3speak.co] solving challenges: [studio.3speak.co] authorization took too long (order=https://acme.zerossl.com/v2/DV90/order/ms2h96F_KTBIONwJr8cu-A) (ca=https://acme.zerossl.com/v2/DV90)","att>
Jun 11 16:17:57 threespeak-web caddy[1191049]: {"level":"error","ts":1623428277.2408926,"logger":"http.handlers.reverse_proxy","msg":"aborting with incomplete response","error":"client disconnected"}
Jun 11 16:17:57 threespeak-web caddy[1191049]: {"level":"error","ts":1623428277.2410533,"logger":"http.handlers.reverse_proxy","msg":"aborting with incomplete response","error":"client disconnected"}
Jun 11 16:17:57 threespeak-web caddy[1191049]: {"level":"error","ts":1623428277.2412672,"logger":"http.handlers.reverse_proxy","msg":"aborting with incomplete response","error":"client disconnected"}
Jun 11 16:17:57 threespeak-web caddy[1191049]: {"level":"error","ts":1623428277.2413688,"logger":"http.handlers.reverse_proxy","msg":"aborting with incomplete response","error":"client disconnected"}
Jun 11 16:17:57 threespeak-web caddy[1191049]: {"level":"error","ts":1623428277.241381,"logger":"http.handlers.reverse_proxy","msg":"aborting with incomplete response","error":"client disconnected"}
Jun 11 16:17:57 threespeak-web caddy[1191049]: {"level":"error","ts":1623428277.2415044,"logger":"http.handlers.reverse_proxy","msg":"aborting with incomplete response","error":"client disconnected"}
Jun 11 16:17:57 threespeak-web caddy[1191049]: {"level":"error","ts":1623428277.2415886,"logger":"http.handlers.reverse_proxy","msg":"aborting with incomplete response","error":"client disconnected"}
Jun 11 16:17:57 threespeak-web caddy[1191049]: {"level":"error","ts":1623428277.2416852,"logger":"http.handlers.reverse_proxy","msg":"aborting with incomplete response","error":"client disconnected"}
Jun 11 16:17:57 threespeak-web caddy[1191049]: {"level":"error","ts":1623428277.2417402,"logger":"http.handlers.reverse_proxy","msg":"aborting with incomplete response","error":"client disconnected"}
Jun 11 16:17:57 threespeak-web caddy[1191049]: {"level":"error","ts":1623428277.2417784,"logger":"http.handlers.reverse_proxy","msg":"aborting with incomplete response","error":"client disconnected"}
Jun 11 16:17:57 threespeak-web caddy[1191049]: {"level":"error","ts":1623428277.2418087,"logger":"http.handlers.reverse_proxy","msg":"aborting with incomplete response","error":"client disconnected"}
Jun 11 16:17:57 threespeak-web caddy[1191049]: {"level":"error","ts":1623428277.241819,"logger":"http.handlers.reverse_proxy","msg":"aborting with incomplete response","error":"client disconnected"}
Jun 11 16:17:57 threespeak-web caddy[1191049]: {"level":"error","ts":1623428277.2421236,"logger":"http.handlers.reverse_proxy","msg":"aborting with incomplete response","error":"client disconnected"}
Jun 11 16:19:18 threespeak-web caddy[1191049]: {"level":"info","ts":1623428358.5820925,"logger":"tls.cache.maintenance","msg":"certificate expires soon; queuing for renewal","identifiers":["img-standupx.3speak.co"],"remaining":-754240.582090623}
Jun 11 16:19:18 threespeak-web caddy[1191049]: {"level":"info","ts":1623428358.5824807,"logger":"tls.cache.maintenance","msg":"certificate expires soon; queuing for renewal","identifiers":["studio.3speak.co"],"remaining":-754240.582476654}
Jun 11 16:19:51 threespeak-web caddy[1191049]: {"level":"info","ts":1623428391.3542464,"logger":"tls.renew","msg":"renewing certificate","identifier":"img-standupx.3speak.co","remaining":-754273.354235201}
Jun 11 16:19:52 threespeak-web caddy[1191049]: {"level":"info","ts":1623428392.3231864,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"img-standupx.3speak.co","challenge_type":"tls-alpn-01","ca":"https://acme-staging-v02.api.letsencrypt.org/directory"}
Jun 11 16:19:53 threespeak-web caddy[1191049]: {"level":"error","ts":1623428393.27755,"logger":"tls.issuance.acme.acme_client","msg":"challenge failed","identifier":"img-standupx.3speak.co","challenge_type":"tls-alpn-01","status_code":400,"problem_type":"urn:ietf:params:acme:error:dns","error":"DNS problem: NXDOMAIN looking up A for img-standupx.3speak.co - ch>
Jun 11 16:19:53 threespeak-web caddy[1191049]: {"level":"error","ts":1623428393.2789037,"logger":"tls.issuance.acme.acme_client","msg":"validating authorization","identifier":"img-standupx.3speak.co","error":"authorization failed: HTTP 400 urn:ietf:params:acme:error:dns - DNS problem: NXDOMAIN looking up A for img-standupx.3speak.co - check that a DNS record e>
Jun 11 16:19:54 threespeak-web caddy[1191049]: {"level":"info","ts":1623428394.5754623,"logger":"tls.renew","msg":"renewing certificate","identifier":"studio.3speak.co","remaining":-754276.575458543}
Jun 11 16:19:54 threespeak-web caddy[1191049]: {"level":"info","ts":1623428394.9239206,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"img-standupx.3speak.co","challenge_type":"http-01","ca":"https://acme-staging-v02.api.letsencrypt.org/directory"}
Jun 11 16:19:55 threespeak-web caddy[1191049]: {"level":"error","ts":1623428395.4772484,"logger":"tls.issuance.acme.acme_client","msg":"challenge failed","identifier":"img-standupx.3speak.co","challenge_type":"http-01","status_code":400,"problem_type":"urn:ietf:params:acme:error:dns","error":"DNS problem: NXDOMAIN looking up A for img-standupx.3speak.co - chec>
Jun 11 16:19:55 threespeak-web caddy[1191049]: {"level":"error","ts":1623428395.4773495,"logger":"tls.issuance.acme.acme_client","msg":"validating authorization","identifier":"img-standupx.3speak.co","error":"authorization failed: HTTP 400 urn:ietf:params:acme:error:dns - DNS problem: NXDOMAIN looking up A for img-standupx.3speak.co - check that a DNS record e>
Jun 11 16:19:57 threespeak-web caddy[1191049]: {"level":"info","ts":1623428397.1035252,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"studio.3speak.co","challenge_type":"tls-alpn-01","ca":"https://acme-staging-v02.api.letsencrypt.org/directory"}
Jun 11 16:19:57 threespeak-web caddy[1191049]: {"level":"error","ts":1623428397.6877415,"logger":"tls.issuance.acme.acme_client","msg":"challenge failed","identifier":"studio.3speak.co","challenge_type":"tls-alpn-01","status_code":400,"problem_type":"urn:ietf:params:acme:error:dns","error":"DNS problem: NXDOMAIN looking up A for studio.3speak.co - check that a>
Jun 11 16:19:57 threespeak-web caddy[1191049]: {"level":"error","ts":1623428397.687833,"logger":"tls.issuance.acme.acme_client","msg":"validating authorization","identifier":"studio.3speak.co","error":"authorization failed: HTTP 400 urn:ietf:params:acme:error:dns - DNS problem: NXDOMAIN looking up A for studio.3speak.co - check that a DNS record exists for thi>
Jun 11 16:19:59 threespeak-web caddy[1191049]: {"level":"info","ts":1623428399.0079331,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"studio.3speak.co","challenge_type":"http-01","ca":"https://acme-staging-v02.api.letsencrypt.org/directory"}
Jun 11 16:19:59 threespeak-web caddy[1191049]: {"level":"info","ts":1623428399.2973886,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"img-standupx.3speak.co","challenge_type":"http-01","ca":"https://acme.zerossl.com/v2/DV90"}
Jun 11 16:19:59 threespeak-web caddy[1191049]: {"level":"error","ts":1623428399.5605185,"logger":"tls.issuance.acme.acme_client","msg":"challenge failed","identifier":"studio.3speak.co","challenge_type":"http-01","status_code":400,"problem_type":"urn:ietf:params:acme:error:dns","error":"DNS problem: NXDOMAIN looking up A for studio.3speak.co - check that a DNS>
Jun 11 16:19:59 threespeak-web caddy[1191049]: {"level":"error","ts":1623428399.5606725,"logger":"tls.issuance.acme.acme_client","msg":"validating authorization","identifier":"studio.3speak.co","error":"authorization failed: HTTP 400 urn:ietf:params:acme:error:dns - DNS problem: NXDOMAIN looking up A for studio.3speak.co - check that a DNS record exists for th>
Jun 11 16:20:03 threespeak-web caddy[1191049]: {"level":"info","ts":1623428403.386513,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"studio.3speak.co","challenge_type":"http-01","ca":"https://acme.zerossl.com/v2/DV90"}
Jun 11 16:20:06 threespeak-web caddy[1191049]: {"level":"info","ts":1623428406.1554735,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"img-standupx.3speak.tv","challenge_type":"tls-alpn-01","ca":"https://acme-staging-v02.api.letsencrypt.org/directory"}
Jun 11 16:20:06 threespeak-web caddy[1191049]: {"level":"error","ts":1623428406.4885957,"logger":"http.log.error","msg":"dial tcp 127.0.0.1:3000: connect: connection refused","request":{"remote_addr":"66.249.66.155:59973","proto":"HTTP/1.1","method":"GET","host":"live.3speak.tv","uri":"/robots.txt","headers":{"Connection":["keep-alive"],"Accept":["text/plain,t>
Jun 11 16:20:09 threespeak-web caddy[1191049]: {"level":"error","ts":1623428409.58862,"logger":"tls.issuance.acme.acme_client","msg":"challenge failed","identifier":"img-standupx.3speak.tv","challenge_type":"tls-alpn-01","status_code":400,"problem_type":"urn:ietf:params:acme:error:dns","error":"DNS problem: NXDOMAIN looking up A for img-standupx.3speak.tv - ch>
Jun 11 16:20:09 threespeak-web caddy[1191049]: {"level":"error","ts":1623428409.5887358,"logger":"tls.issuance.acme.acme_client","msg":"validating authorization","identifier":"img-standupx.3speak.tv","error":"authorization failed: HTTP 400 urn:ietf:params:acme:error:dns - DNS problem: NXDOMAIN looking up A for img-standupx.3speak.tv - check that a DNS record e>
Jun 11 16:20:10 threespeak-web caddy[1191049]: {"level":"info","ts":1623428410.9303668,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"img-standupx.3speak.tv","challenge_type":"http-01","ca":"https://acme-staging-v02.api.letsencrypt.org/directory"}
Jun 11 16:20:11 threespeak-web caddy[1191049]: {"level":"error","ts":1623428411.4885888,"logger":"tls.issuance.acme.acme_client","msg":"challenge failed","identifier":"img-standupx.3speak.tv","challenge_type":"http-01","status_code":400,"problem_type":"urn:ietf:params:acme:error:dns","error":"DNS problem: NXDOMAIN looking up A for img-standupx.3speak.tv - chec>
Jun 11 16:20:11 threespeak-web caddy[1191049]: {"level":"error","ts":1623428411.488706,"logger":"tls.issuance.acme.acme_client","msg":"validating authorization","identifier":"img-standupx.3speak.tv","error":"authorization failed: HTTP 400 urn:ietf:params:acme:error:dns - DNS problem: NXDOMAIN looking up A for img-standupx.3speak.tv - check that a DNS record ex>
Jun 11 16:20:11 threespeak-web caddy[1191049]: {"level":"info","ts":1623428411.5217717,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"3speak.online","challenge_type":"tls-alpn-01","ca":"https://acme-staging-v02.api.letsencrypt.org/directory"}
Jun 11 16:20:13 threespeak-web caddy[1191049]: {"level":"error","ts":1623428413.3113034,"logger":"tls.issuance.acme.acme_client","msg":"challenge failed","identifier":"3speak.online","challenge_type":"tls-alpn-01","status_code":403,"problem_type":"urn:ietf:params:acme:error:unauthorized","error":"Cannot negotiate ALPN protocol \"acme-tls/1\" for tls-alpn-01 ch>
Jun 11 16:20:13 threespeak-web caddy[1191049]: {"level":"error","ts":1623428413.3114333,"logger":"tls.issuance.acme.acme_client","msg":"validating authorization","identifier":"3speak.online","error":"authorization failed: HTTP 403 urn:ietf:params:acme:error:unauthorized - Cannot negotiate ALPN protocol \"acme-tls/1\" for tls-alpn-01 challenge","order":"https:/>
Jun 11 16:20:14 threespeak-web caddy[1191049]: {"level":"info","ts":1623428414.7588787,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"3speak.online","challenge_type":"http-01","ca":"https://acme-staging-v02.api.letsencrypt.org/directory"}
Jun 11 16:20:15 threespeak-web caddy[1191049]: {"level":"error","ts":1623428415.3107536,"logger":"tls.issuance.acme.acme_client","msg":"challenge failed","identifier":"3speak.online","challenge_type":"http-01","status_code":403,"problem_type":"urn:ietf:params:acme:error:unauthorized","error":"Invalid response from http://3speak.online/.well-known/acme-challeng>
Jun 11 16:20:15 threespeak-web caddy[1191049]: {"level":"error","ts":1623428415.3109229,"logger":"tls.issuance.acme.acme_client","msg":"validating authorization","identifier":"3speak.online","error":"authorization failed: HTTP 403 urn:ietf:params:acme:error:unauthorized - Invalid response from http://3speak.online/.well-known/acme-challenge/IuwdE-dTTqO9ChzHEGE>
Jun 11 16:20:15 threespeak-web caddy[1191049]: {"level":"info","ts":1623428415.7000453,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"img-standupx.3speak.tv","challenge_type":"http-01","ca":"https://acme.zerossl.com/v2/DV90"}
Jun 11 16:20:18 threespeak-web caddy[1191049]: {"level":"info","ts":1623428418.3732524,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"3speak.online","challenge_type":"http-01","ca":"https://acme.zerossl.com/v2/DV90"}
Jun 11 16:20:57 threespeak-web caddy[1191049]: {"level":"error","ts":1623428457.5381324,"logger":"http.log.error","msg":"dial tcp 127.0.0.1:3000: connect: connection refused","request":{"remote_addr":"185.130.44.185:58982","proto":"HTTP/1.1","method":"GET","host":"live.3speak.tv","uri":"/list","headers":{"Accept":["*/*"],"User-Agent":["node-fetch/1.0 (+https:/>
Jun 11 16:22:40 threespeak-web caddy[1191049]: {"level":"error","ts":1623428560.3095942,"logger":"http.handlers.reverse_proxy","msg":"aborting with incomplete response","error":"client disconnected"}
Jun 11 16:25:04 threespeak-web caddy[1191049]: {"level":"error","ts":1623428704.317681,"logger":"tls.renew","msg":"will retry","error":"[studio.3speak.co] Renew: [studio.3speak.co] solving challenges: [studio.3speak.co] authorization took too long (order=https://acme.zerossl.com/v2/DV90/order/iLTo5uIT7UN5_IZE4vDHwQ) (ca=https://acme.zerossl.com/v2/DV90)","atte>
Jun 11 16:25:05 threespeak-web caddy[1191049]: {"level":"error","ts":1623428705.2825472,"logger":"tls.renew","msg":"will retry","error":"[img-standupx.3speak.co] Renew: [img-standupx.3speak.co] solving challenges: [img-standupx.3speak.co] authorization took too long (order=https://acme.zerossl.com/v2/DV90/order/LPsqi0QlVkob1uob_kkdGg) (ca=https://acme.zerossl.>
Jun 11 16:25:20 threespeak-web caddy[1191049]: {"level":"error","ts":1623428720.7421381,"logger":"tls.obtain","msg":"will retry","error":"[3speak.online] Obtain: [3speak.online] solving challenges: [3speak.online] authorization took too long (order=https://acme.zerossl.com/v2/DV90/order/ZYjgXrQ4wZF9MgIApykR4Q) (ca=https://acme.zerossl.com/v2/DV90)","attempt":5>
Jun 11 16:25:21 threespeak-web caddy[1191049]: {"level":"error","ts":1623428721.123581,"logger":"tls.obtain","msg":"will retry","error":"[img-standupx.3speak.tv] Obtain: [img-standupx.3speak.tv] solving challenges: [img-standupx.3speak.tv] authorization took too long (order=https://acme.zerossl.com/v2/DV90/order/GO3U1YIiNhvc_Gm7bxMyiw) (ca=https://acme.zerossl>
Jun 11 16:28:39 threespeak-web caddy[1191049]: {"level":"error","ts":1623428919.9919631,"logger":"http.handlers.reverse_proxy","msg":"aborting with incomplete response","error":"context canceled"}
Jun 11 16:29:18 threespeak-web caddy[1191049]: {"level":"info","ts":1623428958.581518,"logger":"tls.cache.maintenance","msg":"certificate expires soon; queuing for renewal","identifiers":["img-standupx.3speak.co"],"remaining":-754840.581516073}
Jun 11 16:29:18 threespeak-web caddy[1191049]: {"level":"info","ts":1623428958.5817173,"logger":"tls.cache.maintenance","msg":"certificate expires soon; queuing for renewal","identifiers":["studio.3speak.co"],"remaining":-754840.581715547}
Jun 11 16:30:04 threespeak-web caddy[1191049]: {"level":"info","ts":1623429004.32659,"logger":"tls.renew","msg":"renewing certificate","identifier":"studio.3speak.co","remaining":-754886.326583808}
Jun 11 16:30:05 threespeak-web caddy[1191049]: {"level":"info","ts":1623429005.288913,"logger":"tls.renew","msg":"renewing certificate","identifier":"img-standupx.3speak.co","remaining":-754887.288909672}
Jun 11 16:30:06 threespeak-web caddy[1191049]: {"level":"info","ts":1623429006.222154,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"img-standupx.3speak.co","challenge_type":"tls-alpn-01","ca":"https://acme-staging-v02.api.letsencrypt.org/directory"}
Jun 11 16:30:06 threespeak-web caddy[1191049]: {"level":"error","ts":1623429006.8080165,"logger":"tls.issuance.acme.acme_client","msg":"challenge failed","identifier":"img-standupx.3speak.co","challenge_type":"tls-alpn-01","status_code":400,"problem_type":"urn:ietf:params:acme:error:dns","error":"DNS problem: NXDOMAIN looking up A for img-standupx.3speak.co - >
Jun 11 16:30:06 threespeak-web caddy[1191049]: {"level":"error","ts":1623429006.8081198,"logger":"tls.issuance.acme.acme_client","msg":"validating authorization","identifier":"img-standupx.3speak.co","error":"authorization failed: HTTP 400 urn:ietf:params:acme:error:dns - DNS problem: NXDOMAIN looking up A for img-standupx.3speak.co - check that a DNS record e>
Jun 11 16:30:07 threespeak-web caddy[1191049]: {"level":"info","ts":1623429007.2100892,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"studio.3speak.co","challenge_type":"tls-alpn-01","ca":"https://acme-staging-v02.api.letsencrypt.org/directory"}
Jun 11 16:30:07 threespeak-web caddy[1191049]: {"level":"error","ts":1623429007.8320138,"logger":"tls.issuance.acme.acme_client","msg":"challenge failed","identifier":"studio.3speak.co","challenge_type":"tls-alpn-01","status_code":400,"problem_type":"urn:ietf:params:acme:error:dns","error":"DNS problem: NXDOMAIN looking up A for studio.3speak.co - check that a>
Jun 11 16:30:07 threespeak-web caddy[1191049]: {"level":"error","ts":1623429007.8321064,"logger":"tls.issuance.acme.acme_client","msg":"validating authorization","identifier":"studio.3speak.co","error":"authorization failed: HTTP 400 urn:ietf:params:acme:error:dns - DNS problem: NXDOMAIN looking up A for studio.3speak.co - check that a DNS record exists for th>
Jun 11 16:30:08 threespeak-web caddy[1191049]: {"level":"info","ts":1623429008.230128,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"img-standupx.3speak.co","challenge_type":"http-01","ca":"https://acme-staging-v02.api.letsencrypt.org/directory"}
Jun 11 16:30:08 threespeak-web caddy[1191049]: {"level":"error","ts":1623429008.8667088,"logger":"tls.issuance.acme.acme_client","msg":"challenge failed","identifier":"img-standupx.3speak.co","challenge_type":"http-01","status_code":400,"problem_type":"urn:ietf:params:acme:error:dns","error":"DNS problem: NXDOMAIN looking up A for img-standupx.3speak.co - chec>
Jun 11 16:30:08 threespeak-web caddy[1191049]: {"level":"error","ts":1623429008.8668272,"logger":"tls.issuance.acme.acme_client","msg":"validating authorization","identifier":"img-standupx.3speak.co","error":"authorization failed: HTTP 400 urn:ietf:params:acme:error:dns - DNS problem: NXDOMAIN looking up A for img-standupx.3speak.co - check that a DNS record e>
Jun 11 16:30:09 threespeak-web caddy[1191049]: {"level":"info","ts":1623429009.1669502,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"studio.3speak.co","challenge_type":"http-01","ca":"https://acme-staging-v02.api.letsencrypt.org/directory"}
Jun 11 16:30:09 threespeak-web caddy[1191049]: {"level":"error","ts":1623429009.722332,"logger":"tls.issuance.acme.acme_client","msg":"challenge failed","identifier":"studio.3speak.co","challenge_type":"http-01","status_code":400,"problem_type":"urn:ietf:params:acme:error:dns","error":"DNS problem: NXDOMAIN looking up A for studio.3speak.co - check that a DNS >
Jun 11 16:30:09 threespeak-web caddy[1191049]: {"level":"error","ts":1623429009.7224517,"logger":"tls.issuance.acme.acme_client","msg":"validating authorization","identifier":"studio.3speak.co","error":"authorization failed: HTTP 400 urn:ietf:params:acme:error:dns - DNS problem: NXDOMAIN looking up A for studio.3speak.co - check that a DNS record exists for th>
Jun 11 16:30:11 threespeak-web caddy[1191049]: {"level":"info","ts":1623429011.6925602,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"img-standupx.3speak.co","challenge_type":"http-01","ca":"https://acme.zerossl.com/v2/DV90"}
Jun 11 16:30:12 threespeak-web caddy[1191049]: {"level":"info","ts":1623429012.623304,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"studio.3speak.co","challenge_type":"http-01","ca":"https://acme.zerossl.com/v2/DV90"}
Jun 11 16:30:20 threespeak-web caddy[1191049]: {"level":"error","ts":1623429020.3842044,"logger":"http.handlers.reverse_proxy","msg":"aborting with incomplete response","error":"context canceled"}
Jun 11 16:32:11 threespeak-web caddy[1191049]: {"level":"error","ts":1623429131.21924,"logger":"http.log.error","msg":"dial tcp 127.0.0.1:3000: connect: connection refused","request":{"remote_addr":"185.130.44.185:60668","proto":"HTTP/1.1","method":"GET","host":"live.3speak.tv","uri":"/list","headers":{"User-Agent":["node-fetch/1.0 (+https://github.com/bitinn/>
Jun 11 16:33:29 threespeak-web caddy[1191049]: {"level":"error","ts":1623429209.814574,"logger":"http.log.error","msg":"dial tcp 127.0.0.1:3000: connect: connection refused","request":{"remote_addr":"185.130.44.185:60830","proto":"HTTP/1.1","method":"GET","host":"live.3speak.tv","uri":"/list","headers":{"User-Agent":["node-fetch/1.0 (+https://github.com/bitinn>
Jun 11 16:33:55 threespeak-web caddy[1191049]: {"level":"error","ts":1623429235.936666,"logger":"http.log.error","msg":"dial tcp 127.0.0.1:3000: connect: connection refused","request":{"remote_addr":"66.249.66.155:60007","proto":"HTTP/1.1","method":"GET","host":"live.3speak.tv","uri":"/robots.txt","headers":{"Accept-Encoding":["gzip, deflate, br"],"Connection">

Mohammed90 · June 11, 2021, 4:49pm

It’s DNS. There aren’t A records for those domain names pointing the domain name to an IP address.

francislavoie · June 11, 2021, 5:01pm

The problem you’re having doesn’t look the same as the others in the github issue I linked earlier. As @Mohammed90 says, this looks like a DNS issue preventing Caddy from actually performing the renewal.

Also, your logs are truncated, so there’s possibly some important details missing. See the > at the end of each line.

Instead, use this command to see your logs, with no truncation (assumes you’re running with systemd, which you didn’t clearly specify):

journalctl -u caddy --no-pager | less

null · June 12, 2021, 12:48pm

Fixed that issue, the certs still arent being renewed:

Jun 12 10:49:19 threespeak-web caddy[1247373]: {"level":"error","ts":1623494959.2805738,"logger":"tls.issuance.acme","msg":"looking up info for HTTP challenge","host":"studio.3speak.co","error":"no information found to solve challenge for identifier: studio.3speak.co"}
Jun 12 10:49:19 threespeak-web caddy[1247373]: {"level":"error","ts":1623494959.2810774,"logger":"tls.issuance.acme","msg":"looking up info for HTTP challenge","host":"studio.3speak.co","error":"no information found to solve challenge for identifier: studio.3speak.co"}
Jun 12 10:50:06 threespeak-web caddy[1247373]: {"level":"error","ts":1623495006.9482462,"logger":"http.handlers.reverse_proxy","msg":"aborting with incomplete response","error":"context canceled"}
Jun 12 10:56:37 threespeak-web caddy[1247373]: {"level":"warn","ts":1623495397.626513,"logger":"tls.cache.maintenance","msg":"OCSP status for managed certificate is REVOKED; attempting to replace with new certificate","identifiers":["3speak.tv"],"expiration":1627862399}
Jun 12 10:56:37 threespeak-web caddy[1247373]: {"level":"info","ts":1623495397.6275856,"logger":"tls.renew","msg":"acquiring lock","identifier":"3speak.tv"}
Jun 12 10:56:37 threespeak-web caddy[1247373]: {"level":"info","ts":1623495397.6440058,"logger":"tls.renew","msg":"lock acquired","identifier":"3speak.tv"}
Jun 12 10:56:37 threespeak-web caddy[1247373]: {"level":"info","ts":1623495397.647265,"logger":"tls.renew","msg":"certificate appears to have been renewed already","identifier":"3speak.tv","remaining":4367001.352739434}
Jun 12 10:56:37 threespeak-web caddy[1247373]: {"level":"info","ts":1623495397.6477215,"logger":"tls.renew","msg":"releasing lock","identifier":"3speak.tv"}
Jun 12 10:56:37 threespeak-web caddy[1247373]: {"level":"info","ts":1623495397.6484296,"logger":"tls","msg":"reloading managed certificate","identifiers":["3speak.tv"]}
Jun 12 10:56:37 threespeak-web caddy[1247373]: {"level":"info","ts":1623495397.6867678,"logger":"tls.cache","msg":"replaced certificate in cache","identifiers":["3speak.tv"],"new_expiration":1627862399}
Jun 12 10:56:37 threespeak-web caddy[1247373]: {"level":"warn","ts":1623495397.6875908,"logger":"tls.cache.maintenance","msg":"OCSP status for managed certificate is REVOKED; attempting to replace with new certificate","identifiers":["studio.3speak.tv"],"expiration":1627862399}
Jun 12 10:56:37 threespeak-web caddy[1247373]: {"level":"info","ts":1623495397.6886408,"logger":"tls.renew","msg":"acquiring lock","identifier":"studio.3speak.tv"}
Jun 12 10:56:37 threespeak-web caddy[1247373]: {"level":"info","ts":1623495397.702468,"logger":"tls.renew","msg":"lock acquired","identifier":"studio.3speak.tv"}
Jun 12 10:56:37 threespeak-web caddy[1247373]: {"level":"info","ts":1623495397.7052927,"logger":"tls.renew","msg":"certificate appears to have been renewed already","identifier":"studio.3speak.tv","remaining":4367001.294710972}
Jun 12 10:56:37 threespeak-web caddy[1247373]: {"level":"info","ts":1623495397.7056499,"logger":"tls.renew","msg":"releasing lock","identifier":"studio.3speak.tv"}
Jun 12 10:56:37 threespeak-web caddy[1247373]: {"level":"info","ts":1623495397.7061207,"logger":"tls","msg":"reloading managed certificate","identifiers":["studio.3speak.tv"]}
Jun 12 10:56:37 threespeak-web caddy[1247373]: {"level":"info","ts":1623495397.7687209,"logger":"tls.cache","msg":"replaced certificate in cache","identifiers":["studio.3speak.tv"],"new_expiration":1627862399}
Jun 12 11:10:11 threespeak-web caddy[1247373]: {"level":"error","ts":1623496211.581724,"logger":"tls.issuance.acme","msg":"looking up info for HTTP challenge","host":"studio.3speak.co","error":"no information found to solve challenge for identifier: studio.3speak.co"}
Jun 12 11:10:11 threespeak-web caddy[1247373]: {"level":"error","ts":1623496211.5819218,"logger":"tls.issuance.acme","msg":"looking up info for HTTP challenge","host":"studio.3speak.co","error":"no information found to solve challenge for identifier: studio.3speak.co"}
Jun 12 11:13:59 threespeak-web caddy[1247373]: {"level":"error","ts":1623496439.709958,"logger":"tls.issuance.acme","msg":"looking up info for HTTP challenge","host":"studio.3speak.co","error":"no information found to solve challenge for identifier: studio.3speak.co"}
Jun 12 11:13:59 threespeak-web caddy[1247373]: {"level":"error","ts":1623496439.716866,"logger":"tls.issuance.acme","msg":"looking up info for HTTP challenge","host":"studio.3speak.co","error":"no information found to solve challenge for identifier: studio.3speak.co"}
Jun 12 11:15:07 threespeak-web caddy[1247373]: {"level":"error","ts":1623496507.9654686,"logger":"http.handlers.reverse_proxy","msg":"aborting with incomplete response","error":"context canceled"}
Jun 12 11:31:14 threespeak-web caddy[1247373]: {"level":"error","ts":1623497474.6002605,"logger":"http.handlers.reverse_proxy","msg":"aborting with incomplete response","error":"http2: stream closed"}
Jun 12 11:31:32 threespeak-web caddy[1247373]: {"level":"error","ts":1623497492.8909292,"logger":"http.handlers.reverse_proxy","msg":"aborting with incomplete response","error":"http2: stream closed"}
Jun 12 11:35:07 threespeak-web caddy[1247373]: {"level":"error","ts":1623497707.2156308,"logger":"http.handlers.reverse_proxy","msg":"aborting with incomplete response","error":"context canceled"}
Jun 12 11:36:56 threespeak-web caddy[1247373]: {"level":"error","ts":1623497816.474063,"logger":"tls.issuance.acme","msg":"looking up info for HTTP challenge","host":"studio.3speak.co","error":"no information found to solve challenge for identifier: studio.3speak.co"}
Jun 12 11:36:56 threespeak-web caddy[1247373]: {"level":"error","ts":1623497816.4745464,"logger":"tls.issuance.acme","msg":"looking up info for HTTP challenge","host":"studio.3speak.co","error":"no information found to solve challenge for identifier: studio.3speak.co"}
Jun 12 11:40:07 threespeak-web caddy[1247373]: {"level":"error","ts":1623498007.242759,"logger":"http.handlers.reverse_proxy","msg":"aborting with incomplete response","error":"context canceled"}
Jun 12 11:40:24 threespeak-web caddy[1247373]: {"level":"error","ts":1623498024.6791818,"logger":"http.log.error","msg":"read tcp 127.0.0.1:35488->127.0.0.1:9400: read: connection reset by peer","request":{"remote_addr":"195.154.122.36:31082","proto":"HTTP/2.0","method":"POST","host":"3speak.tv","uri":"/apiv2/render_comment.html","headers":{"User-Agent":["Mozilla/5.0 (compatible; AhrefsBot/7.0; +http://ahrefs.com/robot/)"],"Accept":["*/*"],"Sec-Fetch-Dest":["empty"],"Accept-Encoding":["gzip, deflate, br"],"Content-Length":["11004"],"Pragma":["no-cache"],"Cache-Control":["no-cache"],"Content-Type":["application/json"],"Origin":["https://3speak.tv"],"Sec-Fetch-Site":["same-origin"],"Sec-Fetch-Mode":["cors"],"Accept-Language":["en-US"],"Cookie":["frontend=s%3AjpOpONQtJzD9VoVUqccd4j0AEDuJ4ap6.63L%2FrD%2BStWVzsxXJ18XPTaYiNm73l2Nyvjtrv0936aU"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"h2","proto_mutual":true,"server_name":"3speak.tv"}},"duration":0.839768704,"status":502,"err_id":"cfzawnc2x","err_trace":"reverseproxy.statusError (reverseproxy.go:861)"}
Jun 12 11:49:12 threespeak-web caddy[1247373]: {"level":"error","ts":1623498552.3070996,"logger":"tls.issuance.acme","msg":"looking up info for HTTP challenge","host":"studio.3speak.co","error":"no information found to solve challenge for identifier: studio.3speak.co"}
Jun 12 11:49:12 threespeak-web caddy[1247373]: {"level":"error","ts":1623498552.3075073,"logger":"tls.issuance.acme","msg":"looking up info for HTTP challenge","host":"studio.3speak.co","error":"no information found to solve challenge for identifier: studio.3speak.co"}
Jun 12 11:52:21 threespeak-web caddy[1247373]: {"level":"error","ts":1623498741.3448482,"logger":"tls.issuance.acme","msg":"looking up info for HTTP challenge","host":"studio.3speak.co","error":"no information found to solve challenge for identifier: studio.3speak.co"}
Jun 12 11:52:21 threespeak-web caddy[1247373]: {"level":"error","ts":1623498741.3451185,"logger":"tls.issuance.acme","msg":"looking up info for HTTP challenge","host":"studio.3speak.co","error":"no information found to solve challenge for identifier: studio.3speak.co"}
Jun 12 11:56:37 threespeak-web caddy[1247373]: {"level":"warn","ts":1623498997.6318817,"logger":"tls.cache.maintenance","msg":"OCSP status for managed certificate is REVOKED; attempting to replace with new certificate","identifiers":["3speak.tv"],"expiration":1627862399}
Jun 12 11:56:37 threespeak-web caddy[1247373]: {"level":"info","ts":1623498997.6330032,"logger":"tls.renew","msg":"acquiring lock","identifier":"3speak.tv"}
Jun 12 11:56:37 threespeak-web caddy[1247373]: {"level":"info","ts":1623498997.6665509,"logger":"tls.renew","msg":"lock acquired","identifier":"3speak.tv"}
Jun 12 11:56:37 threespeak-web caddy[1247373]: {"level":"info","ts":1623498997.6693707,"logger":"tls.renew","msg":"certificate appears to have been renewed already","identifier":"3speak.tv","remaining":4363401.330633177}
Jun 12 11:56:37 threespeak-web caddy[1247373]: {"level":"info","ts":1623498997.6694489,"logger":"tls.renew","msg":"releasing lock","identifier":"3speak.tv"}
Jun 12 11:56:37 threespeak-web caddy[1247373]: {"level":"info","ts":1623498997.669718,"logger":"tls","msg":"reloading managed certificate","identifiers":["3speak.tv"]}
Jun 12 11:56:37 threespeak-web caddy[1247373]: {"level":"info","ts":1623498997.7083066,"logger":"tls.cache","msg":"replaced certificate in cache","identifiers":["3speak.tv"],"new_expiration":1627862399}
Jun 12 11:56:37 threespeak-web caddy[1247373]: {"level":"warn","ts":1623498997.708395,"logger":"tls.cache.maintenance","msg":"OCSP status for managed certificate is REVOKED; attempting to replace with new certificate","identifiers":["studio.3speak.tv"],"expiration":1627862399}
Jun 12 11:56:37 threespeak-web caddy[1247373]: {"level":"info","ts":1623498997.7090027,"logger":"tls.renew","msg":"acquiring lock","identifier":"studio.3speak.tv"}
Jun 12 11:56:37 threespeak-web caddy[1247373]: {"level":"info","ts":1623498997.7250953,"logger":"tls.renew","msg":"lock acquired","identifier":"studio.3speak.tv"}
Jun 12 11:56:37 threespeak-web caddy[1247373]: {"level":"info","ts":1623498997.7268534,"logger":"tls.renew","msg":"certificate appears to have been renewed already","identifier":"studio.3speak.tv","remaining":4363401.273149954}
Jun 12 11:56:37 threespeak-web caddy[1247373]: {"level":"info","ts":1623498997.7269146,"logger":"tls.renew","msg":"releasing lock","identifier":"studio.3speak.tv"}
Jun 12 11:56:37 threespeak-web caddy[1247373]: {"level":"info","ts":1623498997.727193,"logger":"tls","msg":"reloading managed certificate","identifiers":["studio.3speak.tv"]}
Jun 12 11:56:37 threespeak-web caddy[1247373]: {"level":"info","ts":1623498997.7670608,"logger":"tls.cache","msg":"replaced certificate in cache","identifiers":["studio.3speak.tv"],"new_expiration":1627862399}
Jun 12 11:57:37 threespeak-web caddy[1247373]: {"level":"error","ts":1623499057.1917105,"logger":"http.handlers.reverse_proxy","msg":"aborting with incomplete response","error":"http2: stream closed"}
Jun 12 12:08:14 threespeak-web caddy[1247373]: {"level":"error","ts":1623499694.705463,"logger":"tls.issuance.acme","msg":"looking up info for HTTP challenge","host":"studio.3speak.co","error":"no information found to solve challenge for identifier: studio.3speak.co"}
Jun 12 12:08:14 threespeak-web caddy[1247373]: {"level":"error","ts":1623499694.7091956,"logger":"tls.issuance.acme","msg":"looking up info for HTTP challenge","host":"studio.3speak.co","error":"no information found to solve challenge for identifier: studio.3speak.co"}
Jun 12 12:18:35 threespeak-web caddy[1247373]: {"level":"error","ts":1623500315.6520953,"logger":"http.handlers.reverse_proxy","msg":"aborting with incomplete response","error":"http2: stream closed"}
Jun 12 12:29:15 threespeak-web caddy[1247373]: {"level":"error","ts":1623500955.2597563,"logger":"tls.issuance.acme","msg":"looking up info for HTTP challenge","host":"studio.3speak.co","error":"no information found to solve challenge for identifier: studio.3speak.co"}
Jun 12 12:29:15 threespeak-web caddy[1247373]: {"level":"error","ts":1623500955.2601154,"logger":"tls.issuance.acme","msg":"looking up info for HTTP challenge","host":"studio.3speak.co","error":"no information found to solve challenge for identifier: studio.3speak.co"}
Jun 12 12:32:40 threespeak-web caddy[1247373]: {"level":"error","ts":1623501160.0432353,"logger":"http.handlers.reverse_proxy","msg":"aborting with incomplete response","error":"client disconnected"}

francislavoie · June 12, 2021, 1:14pm

Now that the errors are due to OCSP, please read the discussion in the issue:

null · June 12, 2021, 2:02pm

To force a manual renewal, delete the site asset folder in your data directory. If you have a custom storage module, you’ll need to delete its equivalent in that (for example, if a database, then the relevant database rows). By default, certs are stored on the file system in your data directory. Then reload your config or restart Caddy.

I deleted all the files in $HOME/.local/share/caddy and restarted+reloaded, still nothing.

Jun 12 13:05:14 threespeak-web caddy[1247373]: {"level":"error","ts":1623503114.3665066,"logger":"http.handlers.reverse_proxy","msg":"aborting with incomplete response","error":"context canceled"}
Jun 12 13:17:20 threespeak-web caddy[1247373]: {"level":"error","ts":1623503840.4539797,"logger":"tls.issuance.acme","msg":"looking up info for HTTP challenge","host":"studio.3speak.co","error":"no information found to solve challenge for identifier: studio.3speak.co"}
Jun 12 13:17:20 threespeak-web caddy[1247373]: {"level":"error","ts":1623503840.4565282,"logger":"tls.issuance.acme","msg":"looking up info for HTTP challenge","host":"studio.3speak.co","error":"no information found to solve challenge for identifier: studio.3speak.co"}
Jun 12 13:33:05 threespeak-web caddy[1247373]: {"level":"error","ts":1623504785.3939707,"logger":"tls.issuance.acme","msg":"looking up info for HTTP challenge","host":"studio.3speak.co","error":"no information found to solve challenge for identifier: studio.3speak.co"}
Jun 12 13:33:05 threespeak-web caddy[1247373]: {"level":"error","ts":1623504785.3948245,"logger":"tls.issuance.acme","msg":"looking up info for HTTP challenge","host":"studio.3speak.co","error":"no information found to solve challenge for identifier: studio.3speak.co"}
Jun 12 13:35:30 threespeak-web caddy[1247373]: {"level":"error","ts":1623504930.8468552,"logger":"tls.issuance.acme","msg":"looking up info for HTTP challenge","host":"studio.3speak.co","error":"no information found to solve challenge for identifier: studio.3speak.co"}
Jun 12 13:35:30 threespeak-web caddy[1247373]: {"level":"error","ts":1623504930.8472428,"logger":"tls.issuance.acme","msg":"looking up info for HTTP challenge","host":"studio.3speak.co","error":"no information found to solve challenge for identifier: studio.3speak.co"}
Jun 12 13:37:48 threespeak-web caddy[1247373]: {"level":"error","ts":1623505068.1255977,"logger":"http.handlers.reverse_proxy","msg":"aborting with incomplete response","error":"write tcp 185.130.44.185:443->138.59.10.254:38382: write: broken pipe"}
Jun 12 13:39:11 threespeak-web caddy[1247373]: {"level":"error","ts":1623505151.3403325,"logger":"tls.issuance.acme","msg":"looking up info for HTTP challenge","host":"studio.3speak.co","error":"no information found to solve challenge for identifier: studio.3speak.co"}
Jun 12 13:39:11 threespeak-web caddy[1247373]: {"level":"error","ts":1623505151.3406985,"logger":"tls.issuance.acme","msg":"looking up info for HTTP challenge","host":"studio.3speak.co","error":"no information found to solve challenge for identifier: studio.3speak.co"}
Jun 12 13:40:33 threespeak-web caddy[1247373]: {"level":"error","ts":1623505233.3712988,"logger":"tls.issuance.acme","msg":"looking up info for HTTP challenge","host":"studio.3speak.co","error":"no information found to solve challenge for identifier: studio.3speak.co"}
Jun 12 13:40:33 threespeak-web caddy[1247373]: {"level":"error","ts":1623505233.371721,"logger":"tls.issuance.acme","msg":"looking up info for HTTP challenge","host":"studio.3speak.co","error":"no information found to solve challenge for identifier: studio.3speak.co"}
Jun 12 13:41:08 threespeak-web caddy[1247373]: {"level":"error","ts":1623505268.3920336,"logger":"http.handlers.reverse_proxy","msg":"aborting with incomplete response","error":"write tcp 185.130.44.185:443->138.59.10.254:38388: write: broken pipe"}
Jun 12 13:41:10 threespeak-web caddy[1247373]: {"level":"error","ts":1623505270.3271341,"logger":"http.handlers.reverse_proxy","msg":"aborting with incomplete response","error":"write tcp 185.130.44.185:443->138.59.10.254:38389: write: broken pipe"}
Jun 12 13:44:59 threespeak-web caddy[1247373]: {"level":"info","ts":1623505499.5493898,"logger":"admin.api","msg":"received request","method":"POST","host":"localhost:2019","uri":"/load","remote_addr":"127.0.0.1:52708","headers":{"Accept-Encoding":["gzip"],"Content-Length":["690"],"Content-Type":["application/json"],"Origin":["localhost:2019"],"User-Agent":["Go-http-client/1.1"]}}
Jun 12 13:44:59 threespeak-web caddy[1247373]: {"level":"info","ts":1623505499.550216,"logger":"admin.api","msg":"config is unchanged"}
Jun 12 13:44:59 threespeak-web caddy[1247373]: {"level":"info","ts":1623505499.5503242,"logger":"admin.api","msg":"load complete"}
Jun 12 13:52:15 threespeak-web caddy[1247373]: {"level":"info","ts":1623505935.744086,"logger":"admin.api","msg":"received request","method":"POST","host":"localhost:2019","uri":"/load","remote_addr":"127.0.0.1:53764","headers":{"Accept-Encoding":["gzip"],"Content-Length":["690"],"Content-Type":["application/json"],"Origin":["localhost:2019"],"User-Agent":["Go-http-client/1.1"]}}
Jun 12 13:52:15 threespeak-web caddy[1247373]: {"level":"info","ts":1623505935.745044,"logger":"admin.api","msg":"config is unchanged"}
Jun 12 13:52:15 threespeak-web caddy[1247373]: {"level":"info","ts":1623505935.7451706,"logger":"admin.api","msg":"load complete"}
Jun 12 13:53:09 threespeak-web caddy[1247373]: {"level":"info","ts":1623505989.7146127,"logger":"admin.api","msg":"received request","method":"POST","host":"localhost:2019","uri":"/load","remote_addr":"127.0.0.1:53860","headers":{"Accept-Encoding":["gzip"],"Content-Length":["690"],"Content-Type":["application/json"],"Origin":["localhost:2019"],"User-Agent":["Go-http-client/1.1"]}}
Jun 12 13:53:09 threespeak-web caddy[1247373]: {"level":"info","ts":1623505989.7155104,"logger":"admin.api","msg":"config is unchanged"}
Jun 12 13:53:09 threespeak-web caddy[1247373]: {"level":"info","ts":1623505989.7156181,"logger":"admin.api","msg":"load complete"}
Jun 12 13:55:14 threespeak-web systemd[1]: Stopping Caddy...
Jun 12 13:55:14 threespeak-web caddy[1247373]: {"level":"info","ts":1623506114.2823107,"msg":"shutting down apps, then terminating","signal":"SIGTERM"}
Jun 12 13:55:14 threespeak-web caddy[1247373]: {"level":"warn","ts":1623506114.2825394,"msg":"exiting; byeee!! 👋","signal":"SIGTERM"}
Jun 12 13:55:19 threespeak-web systemd[1]: caddy.service: State 'stop-sigterm' timed out. Killing.
Jun 12 13:55:19 threespeak-web systemd[1]: caddy.service: Killing process 1247373 (caddy) with signal SIGKILL.
Jun 12 13:55:19 threespeak-web systemd[1]: caddy.service: Killing process 1247384 (caddy) with signal SIGKILL.
Jun 12 13:55:19 threespeak-web systemd[1]: caddy.service: Killing process 1247385 (caddy) with signal SIGKILL.
Jun 12 13:55:19 threespeak-web systemd[1]: caddy.service: Killing process 1247386 (caddy) with signal SIGKILL.
Jun 12 13:55:19 threespeak-web systemd[1]: caddy.service: Killing process 1247390 (n/a) with signal SIGKILL.
Jun 12 13:55:19 threespeak-web systemd[1]: caddy.service: Killing process 1247393 (n/a) with signal SIGKILL.
Jun 12 13:55:19 threespeak-web systemd[1]: caddy.service: Killing process 1247501 (n/a) with signal SIGKILL.
Jun 12 13:55:19 threespeak-web systemd[1]: caddy.service: Killing process 1247781 (n/a) with signal SIGKILL.
Jun 12 13:55:19 threespeak-web systemd[1]: caddy.service: Main process exited, code=killed, status=9/KILL
Jun 12 13:55:19 threespeak-web systemd[1]: caddy.service: Failed with result 'timeout'.
Jun 12 13:55:19 threespeak-web systemd[1]: Stopped Caddy.
Jun 12 13:55:19 threespeak-web systemd[1]: Starting Caddy...
Jun 12 13:55:19 threespeak-web caddy[1273680]: caddy.HomeDir=/var/lib/caddy
Jun 12 13:55:19 threespeak-web caddy[1273680]: caddy.AppDataDir=/var/lib/caddy/.local/share/caddy
Jun 12 13:55:19 threespeak-web caddy[1273680]: caddy.AppConfigDir=/var/lib/caddy/.config/caddy
Jun 12 13:55:19 threespeak-web caddy[1273680]: caddy.ConfigAutosavePath=/var/lib/caddy/.config/caddy/autosave.json
Jun 12 13:55:19 threespeak-web caddy[1273680]: caddy.Version=v2.4.1 h1:kAJ0JB5Xk5gPdTH/27S5cyoMGqD5lBAe9yZ8zTjVJa0=
Jun 12 13:55:19 threespeak-web caddy[1273680]: runtime.GOOS=linux
Jun 12 13:55:19 threespeak-web caddy[1273680]: runtime.GOARCH=amd64
Jun 12 13:55:19 threespeak-web caddy[1273680]: runtime.Compiler=gc
Jun 12 13:55:19 threespeak-web caddy[1273680]: runtime.NumCPU=4
Jun 12 13:55:19 threespeak-web caddy[1273680]: runtime.GOMAXPROCS=4
Jun 12 13:55:19 threespeak-web caddy[1273680]: runtime.Version=go1.16.4
Jun 12 13:55:19 threespeak-web caddy[1273680]: os.Getwd=/
Jun 12 13:55:19 threespeak-web caddy[1273680]: LANG=en_US.UTF-8
Jun 12 13:55:19 threespeak-web caddy[1273680]: LANGUAGE=en_US.UTF-8
Jun 12 13:55:19 threespeak-web caddy[1273680]: LC_CTYPE=en_US.UTF-8
Jun 12 13:55:19 threespeak-web caddy[1273680]: PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin
Jun 12 13:55:19 threespeak-web caddy[1273680]: NOTIFY_SOCKET=/run/systemd/notify
Jun 12 13:55:19 threespeak-web caddy[1273680]: HOME=/var/lib/caddy
Jun 12 13:55:19 threespeak-web caddy[1273680]: LOGNAME=caddy
Jun 12 13:55:19 threespeak-web caddy[1273680]: USER=caddy
Jun 12 13:55:19 threespeak-web caddy[1273680]: INVOCATION_ID=7aa35261731841c2b4583fca1661c046
Jun 12 13:55:19 threespeak-web caddy[1273680]: JOURNAL_STREAM=9:112635088
Jun 12 13:55:19 threespeak-web caddy[1273680]: {"level":"info","ts":1623506119.5943503,"msg":"using provided configuration","config_file":"/etc/caddy/Caddyfile","config_adapter":""}
Jun 12 13:55:19 threespeak-web caddy[1273680]: {"level":"warn","ts":1623506119.6046302,"msg":"input is not formatted with 'caddy fmt'","adapter":"caddyfile","file":"/etc/caddy/Caddyfile","line":2}
Jun 12 13:55:19 threespeak-web caddy[1273680]: {"level":"info","ts":1623506119.607872,"logger":"admin","msg":"admin endpoint started","address":"tcp/localhost:2019","enforce_origin":false,"origins":["127.0.0.1:2019","localhost:2019","[::1]:2019"]}
Jun 12 13:55:19 threespeak-web caddy[1273680]: {"level":"info","ts":1623506119.6086192,"logger":"http","msg":"server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS","server_name":"srv0","https_port":443}
Jun 12 13:55:19 threespeak-web caddy[1273680]: {"level":"info","ts":1623506119.6089022,"logger":"tls.cache.maintenance","msg":"started background certificate maintenance","cache":"0xc000442620"}
Jun 12 13:55:19 threespeak-web caddy[1273680]: {"level":"info","ts":1623506119.609005,"logger":"http","msg":"enabling automatic HTTP->HTTPS redirects","server_name":"srv0"}
Jun 12 13:55:19 threespeak-web caddy[1273680]: {"level":"info","ts":1623506119.6109014,"logger":"tls","msg":"cleaning storage unit","description":"FileStorage:/var/lib/caddy/.local/share/caddy"}
Jun 12 13:55:19 threespeak-web caddy[1273680]: {"level":"info","ts":1623506119.6112156,"logger":"http","msg":"enabling automatic TLS certificate management","domains":["studio.3speak.tv","spk.network","3speak.tv"]}
Jun 12 13:55:19 threespeak-web caddy[1273680]: {"level":"info","ts":1623506119.6190653,"logger":"tls","msg":"finished cleaning storage units"}
Jun 12 13:55:19 threespeak-web caddy[1273680]: {"level":"info","ts":1623506119.8294055,"msg":"autosaved config (load with --resume flag)","file":"/var/lib/caddy/.config/caddy/autosave.json"}
Jun 12 13:55:19 threespeak-web systemd[1]: Started Caddy.
Jun 12 13:55:19 threespeak-web caddy[1273680]: {"level":"info","ts":1623506119.8314025,"msg":"serving initial configuration"}

francislavoie · June 12, 2021, 2:15pm

$HOME needs to be the home of the user under which you’re running Caddy. That might be /var/lib/caddy if you’re running with our official systemd service file.

null · June 12, 2021, 2:53pm

/var/lib/caddy is empty, we’re running caddy as root so /root/.local/share/caddy is where I deleted the files from.

balloon · June 12, 2021, 10:52pm

Caddy v.2.4.2 has been released to support revoked certificate renewals. If you are encountering the same issue, try it and include a report. They have published this without being able to test it.

matt · June 13, 2021, 12:40am

Well, I did test it by simulations. It’s just not practical to test out in a production environment.

balloon · June 13, 2021, 12:55am

My Caddy worked. However, it will take some time for the certificate to be renewed.
That is the intended work.

system · July 11, 2021, 3:45pm

This topic was automatically closed after 30 days. New replies are no longer allowed.