Getting error about authorization took too long

1. Caddy version (caddy version): v2.4.1 h1:kAJ0JB5Xk5gPdTH/27S5cyoMGqD5lBAe9yZ8zTjVJa0=

2. How I run Caddy:

I have a droplet on docker where I am trying to run this laravel repo.
When I am trying to run on :80, it works fine

:80 {
    root * /srv/public

    log
    encode gzip

    php_fastcgi 127.0.0.1:9000

    file_server
}

But when I am trying to run with domain name I can go to the website because browser cannot establish a secure connection. You can visit this website

a. System environment:

Docker version : 20.10.6
OS: Ubuntu hirsute (21.04)

b. Command:

I am using docker so this doesn’t apply;

c. Service/unit/compose file:

version: "3"
services:
  caddy:
    image: caddy
    restart: unless-stopped
    volumes:
      - ./Caddyfile:/etc/caddy/Caddyfile
      - .:/srv
      - ./caddy_data:/data
      - ./caddy_config:/config
    ports:
      - 80:80
      - 443:443

  php:
    build: ./docker
    restart: unless-stopped
    working_dir: /srv
    volumes:
      - .:/srv
  postgres:
    image: postgres:12-alpine
    volumes: 
      - ./database:/var/lib/postgresql/data
    environment:
      POSTGRES_DB: app
      POSTGRES_USER: app
      POSTGRES_PASSWORD: app
      PGDATA: /var/lib/postgresql/data/pgdata
    ports:
      - 54321:5432

d. My complete Caddyfile or JSON config:

snippet.dokan.app {
    root * /srv/public

    log
    encode gzip

    php_fastcgi 127.0.0.1:9000

    file_server
}

3. The problem I’m having:

root@snippet:~/snippet_api# curl -L snippet.dokan.app
curl: (7) Failed to connect to snippet.dokan.app port 80: Connection refused

4. Error messages and/or full log output:

2021/05/27 04:43:53.191	INFO	using adjacent Caddyfile
2021/05/27 04:43:53.194	INFO	admin	admin endpoint started	{"address": "tcp/localhost:2019", "enforce_origin": false, "origins": ["localhost:2019", "[::1]:2019", "127.0.0.1:2019"]}
2021/05/27 04:43:53.194	INFO	http	server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS	{"server_name": "srv0", "https_port": 443}
2021/05/27 04:43:53.194	INFO	http	enabling automatic HTTP->HTTPS redirects	{"server_name": "srv0"}
2021/05/27 04:43:53.195	INFO	http	enabling automatic TLS certificate management	{"domains": ["snippet.dokan.app"]}
2021/05/27 04:43:53.196	INFO	autosaved config (load with --resume flag)	{"file": "/root/.config/caddy/autosave.json"}
2021/05/27 04:43:53.196	INFO	serving initial configuration
2021/05/27 04:43:53.196	INFO	tls.obtain	acquiring lock	{"identifier": "snippet.dokan.app"}
2021/05/27 04:43:53.199	INFO	tls.obtain	lock acquired	{"identifier": "snippet.dokan.app"}
2021/05/27 04:43:53.208	INFO	tls.cache.maintenance	started background certificate maintenance	{"cache": "0xc0002552d0"}
2021/05/27 04:43:53.208	INFO	tls	cleaning storage unit	{"description": "FileStorage:/root/.local/share/caddy"}
2021/05/27 04:43:53.208	INFO	tls	finished cleaning storage units
2021/05/27 04:43:53.211	INFO	tls.issuance.acme	waiting on internal rate limiter	{"identifiers": ["snippet.dokan.app"]}
2021/05/27 04:43:53.211	INFO	tls.issuance.acme	done waiting on internal rate limiter	{"identifiers": ["snippet.dokan.app"]}
2021/05/27 04:43:53.561	WARN	tls.issuance.zerossl	missing email address for ZeroSSL; it is strongly recommended to set one for next time
2021/05/27 04:43:53.777	INFO	tls.issuance.zerossl	generated EAB credentials	{"key_id": "uD-5yWLSdq4pcTzMlBo5hw"}
2021/05/27 04:43:54.330	INFO	tls.issuance.acme	waiting on internal rate limiter	{"identifiers": ["snippet.dokan.app"]}
2021/05/27 04:43:54.330	INFO	tls.issuance.acme	done waiting on internal rate limiter	{"identifiers": ["snippet.dokan.app"]}
2021/05/27 04:43:54.622	INFO	tls.issuance.acme.acme_client	trying to solve challenge	{"identifier": "snippet.dokan.app", "challenge_type": "http-01", "ca": "https://acme.zerossl.com/v2/DV90"}
2021/05/27 04:43:55.248	INFO	tls.issuance.acme	served key authentication	{"identifier": "snippet.dokan.app", "challenge": "http-01", "remote": "91.199.212.132:57406", "distributed": false}
2021/05/27 04:44:00.037	INFO	tls.issuance.acme.acme_client	validations succeeded; finalizing order	{"order": "https://acme.zerossl.com/v2/DV90/order/4UDYKHDpDYZtPgBeoP7srA"}
2021/05/27 04:49:02.451	ERROR	tls.obtain	will retry	{"error": "[snippet.dokan.app] Obtain: [snippet.dokan.app] finalizing order https://acme.zerossl.com/v2/DV90/order/4UDYKHDpDYZtPgBeoP7srA: order took too long (ca=https://acme.zerossl.com/v2/DV90)", "attempt": 1, "retrying_in": 60, "elapsed": 309.251859771, "max_duration": 2592000}
2021/05/27 04:50:03.924	INFO	tls.issuance.acme.acme_client	trying to solve challenge	{"identifier": "snippet.dokan.app", "challenge_type": "http-01", "ca": "https://acme-staging-v02.api.letsencrypt.org/directory"}

5. What I already tried:

It worked on my first try. I have checked and it was Let’s Encrypt SSL. I had to shut down the application multiple times and that’s when I wasn’t able to get into the website.

6. Links to relevant resources:

Could be a hiccup with ZeroSSL. They might have been doing some maintenance or something.

I think so. I was quite frustrated why it was not working. Is there anyway I can force to use Let’s Encrypt instead of using ZeroSSL?

Caddy automatically cycles between the two. If one doesn’t work, it tries the other. It tries Let’s Encrypt first. You shouldn’t need to do anything.

To expand on this correct answer, Caddy will retry with the same CA as any previous certificate that has a private key for that name.

But for some reason, it didn’t work that way. I never see the log trying to SSL with Let’s Encrypt. It tried the very first time when I boot my application. After that, everytime I start the docker it tries with ZeroSSL. I deleted the docker image and tried again, it didn’t try to SSL with Let’s Encrypt. Then, I deleted docker image and manually installed command line but it didn’t work either. Last, I deleted my digitalocean droplet and tried with a fresh digitalocean droplet with docker image, and didn’t help either. Am I missing something?

Can you move them to use Let’s Encrypt instead. Is there anyway to do that?

I have this bookmarked to return to it soon, I just need to get a few other things taken care of first. :+1:

I’m having a similar issue and I think my problem is with Cloudflare.

ZeroSSL had a problem for a few days, but the cause and details have been clarified.
I report separately. Be careful if you are using ZeroSSL with Caddy.

This is a different issue. Occurs when going through Cloudflare.
Recently we have touched on this issue:

1 Like

This topic was automatically closed after 30 days. New replies are no longer allowed.