Getting error "no solvers available for remaining challenges" while trying to use wildcard domain with reverse proxy

1. Caddy version (caddy version):

v2.3

2. How I run Caddy:

caddy run --config=caddy.json

a. System environment:

Ubuntu 20.04

b. Command:

caddy run --config=caddy.json

c. Service/unit/compose file:

Paste full file contents here.
Make sure backticks stay on their own lines,
and the post looks nice in the preview pane.

d. My complete Caddyfile or JSON config:

{
	"apps": {
		"http": {
			"servers": {
				"example": {
					"listen": [":443"],
					"routes": [
						{
							"match": [{"host": ["example.com"]}],
							"handle": [
								{
								"handler": "reverse_proxy",
								"upstreams": [
										{"dial":"xxx.xxx.xxx.xxx:5000"}]
							}]
						},
						{
                                                        "match": [{"host": ["*.example111.com"]}],
                                                        "handle": [
                                                                {
                                                                "handler": "reverse_proxy",
                                                                "upstreams": [
                                                                                {"dial":"xxx.xxx.xxx.yyy:80"}]                                              
                                                        }]
                                                }
					]
				}
			}
		}
	}
}

3. The problem I’m having:

I am trying to configure a wildcard domain e.g. - *.example111.com with reverse proxy so that I can easily manage ssl certificate for wildcard domains through caddy server. But in log i am getting error.
I am using cloudflare with caddy. But for now I am having “proxy disabled” in cloudflare. I will also wanna try with cloudflare proxy enabled method later.

4. Error messages and/or full log output:

ERROR tls.obtain will retry {“error”: “[*.example111.com] Obtain: [*.example111.com] solving challenges: *.example111.com: no solvers available for remaining challenges (configured=[http-01 tls-alpn-01] offered=[dns-01] remaining=[dns-01]) (order=https://acme.zerossl.com/v2/DV90/order/LZWIBNhj1BRRngeB-FQKaQ) (ca=https://acme.zerossl.com/v2/DV90)”, “attempt”: 4, “retrying_in”: 300, “elapsed”: 312.236568312, “max_duration”: 2592000}

5. What I already tried:

Found Nothing related to this error

6. Links to relevant resources:

Is that the full log output, as the template asks for? That looks like just one line. How do you expect us to help you with just one line of logs?

Hello Matt,

Thanks for your reply.
Sorry for not posting the full log.

Here is the full log -

2021/06/28 04:09:35.842	INFO	admin	admin endpoint started	{"address": "tcp/localhost:2019", "enforce_origin": false, "origins": ["localhost:2019", "[::1]:2019", "127.0.0.1:2019"]}
2021/06/28 04:09:35.842	INFO	serving initial configuration
2021/06/28 04:09:52.429	INFO	admin.api	received request	{"method": "POST", "host": "localhost:2019", "uri": "/load", "remote_addr": "127.0.0.1:47684", "headers": {"Accept-Encoding":["gzip"],"Content-Length":["2333"],"Content-Type":["application/json"],"Origin":["localhost:2019"],"User-Agent":["Go-http-client/1.1"]}}
2021/06/28 04:09:52.430	INFO	admin	admin endpoint started	{"address": "tcp/localhost:2019", "enforce_origin": false, "origins": ["localhost:2019", "[::1]:2019", "127.0.0.1:2019"]}
2021/06/28 04:09:52.431	INFO	http	server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS{"server_name": "example", "https_port": 443}
2021/06/28 04:09:52.431	INFO	http	enabling automatic HTTP->HTTPS redirects	{"server_name": "example"}
2021/06/28 04:09:52.432	DEBUG	http	starting server loop	{"address": "[::]:443", "http3": false, "tls": true}
2021/06/28 04:09:52.433	DEBUG	http	starting server loop	{"address": "[::]:80", "http3": false, "tls": false}
2021/06/28 04:09:52.434	INFO	http	enabling automatic TLS certificate management	{"domains": ["example.com", "*.example111.com"]}
2021/06/28 04:09:52.434	DEBUG	tls	loading managed certificate	{"domain": "example.com", "expiration": "2021/08/02 07:57:55.000", "issuer_key": "acme-v02.api.letsencrypt.org-directory", "storage": "FileStorage:/root/.local/share/caddy"}
2021/06/28 04:09:52.444	INFO	autosaved config	{"file": "/root/.config/caddy/autosave.json"}
2021/06/28 04:09:52.444	INFO	admin.api	load complete
2021/06/28 04:09:52.433	INFO	tls	cleaned up storage units
2021/06/28 04:09:52.431	INFO	tls.cache.maintenance	started background certificate maintenance	{"cache": "0xc00022a9a0"}
2021/06/28 04:09:52.451	INFO	tls.obtain	acquiring lock	{"identifier": "*.example111.com"}
2021/06/28 04:09:52.452	INFO	tls.obtain	lock acquired	{"identifier": "*.example111.com"}
2021/06/28 04:09:52.453	INFO	tls.issuance.acme	waiting on internal rate limiter	{"identifiers": ["*.example111.com"]}
2021/06/28 04:09:52.453	INFO	tls.issuance.acme	done waiting on internal rate limiter	{"identifiers": ["*.example111.com"]}
2021/06/28 04:09:52.932	INFO	admin	stopped previous server
2021/06/28 04:09:53.063	DEBUG	tls.issuance.acme.acme_client	http request	{"method": "GET", "url": "https://acme-v02.api.letsencrypt.org/directory", "headers": {"User-Agent":["Caddy/2.3.0 CertMagic acmez (linux; amd64)"]}, "status_code": 200, "response_headers": {"Cache-Control":["public, max-age=0, no-cache"],"Content-Length":["658"],"Content-Type":["application/json"],"Date":["Mon, 28 Jun 2021 04:09:52 GMT"],"Server":["nginx"],"Strict-Transport-Security":["max-age=604800"],"X-Frame-Options":["DENY"]}}
2021/06/28 04:09:53.204	DEBUG	tls.issuance.acme.acme_client	http request	{"method": "HEAD", "url": "https://acme-v02.api.letsencrypt.org/acme/new-nonce", "headers": {"User-Agent":["Caddy/2.3.0 CertMagic acmez (linux; amd64)"]}, "status_code": 200, "response_headers": {"Cache-Control":["public, max-age=0, no-cache"],"Date":["Mon, 28 Jun 2021 04:09:53 GMT"],"Link":["<https://acme-v02.api.letsencrypt.org/directory>;rel=\"index\""],"Replay-Nonce":["000417ZjLb770B8hBEZan73z82Fyfy6ACFHln4tUnoozd00"],"Server":["nginx"],"Strict-Transport-Security":["max-age=604800"],"X-Frame-Options":["DENY"]}}
2021/06/28 04:09:53.374	DEBUG	tls.issuance.acme.acme_client	http request	{"method": "POST", "url": "https://acme-v02.api.letsencrypt.org/acme/new-order", "headers": {"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.3.0 CertMagic acmez (linux; amd64)"]}, "status_code": 201, "response_headers": {"Boulder-Requester":["118231829"],"Cache-Control":["public, max-age=0, no-cache"],"Content-Length":["336"],"Content-Type":["application/json"],"Date":["Mon, 28 Jun 2021 04:09:53 GMT"],"Link":["<https://acme-v02.api.letsencrypt.org/directory>;rel=\"index\""],"Location":["https://acme-v02.api.letsencrypt.org/acme/order/118231829/10697296104"],"Replay-Nonce":["0003-M4GitSQLt0OB9lLQQYOxri-_NdoMW4TtIO6wEY1OQo"],"Server":["nginx"],"Strict-Transport-Security":["max-age=604800"],"X-Frame-Options":["DENY"]}}
2021/06/28 04:09:53.519	DEBUG	tls.issuance.acme.acme_client	http request	{"method": "POST", "url": "https://acme-v02.api.letsencrypt.org/acme/authz-v3/14352458491", "headers": {"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.3.0 CertMagic acmez (linux; amd64)"]}, "status_code": 200, "response_headers": {"Boulder-Requester":["118231829"],"Cache-Control":["public, max-age=0, no-cache"],"Content-Length":["384"],"Content-Type":["application/json"],"Date":["Mon, 28 Jun 2021 04:09:53 GMT"],"Link":["<https://acme-v02.api.letsencrypt.org/directory>;rel=\"index\""],"Replay-Nonce":["0003KJmcsve1jwNawhLghttcYSn6s86JuA0Wvdu_NpEirhk"],"Server":["nginx"],"Strict-Transport-Security":["max-age=604800"],"X-Frame-Options":["DENY"]}}
2021/06/28 04:09:53.520	DEBUG	tls.issuance.acme.acme_client	no solver configured	{"challenge_type": "dns-01"}
2021/06/28 04:09:53.666	DEBUG	tls.issuance.acme.acme_client	http request	{"method": "POST", "url": "https://acme-v02.api.letsencrypt.org/acme/authz-v3/14352458491", "headers": {"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.3.0 CertMagic acmez (linux; amd64)"]}, "status_code": 200, "response_headers": {"Boulder-Requester":["118231829"],"Cache-Control":["public, max-age=0, no-cache"],"Content-Length":["388"],"Content-Type":["application/json"],"Date":["Mon, 28 Jun 2021 04:09:53 GMT"],"Link":["<https://acme-v02.api.letsencrypt.org/directory>;rel=\"index\""],"Replay-Nonce":["0003sE6Sk6Bjq14Hy3ha895n-AypdpK3syTKFIpEKhfJ0Ao"],"Server":["nginx"],"Strict-Transport-Security":["max-age=604800"],"X-Frame-Options":["DENY"]}}
2021/06/28 04:09:53.667	INFO	tls.issuance.acme	waiting on internal rate limiter	{"identifiers": ["*.example111.com"]}
2021/06/28 04:09:53.668	INFO	tls.issuance.acme	done waiting on internal rate limiter	{"identifiers": ["*.example111.com"]}
2021/06/28 04:09:54.313	DEBUG	tls.issuance.acme.acme_client	http request	{"method": "GET", "url": "https://acme.zerossl.com/v2/DV90", "headers": {"User-Agent":["Caddy/2.3.0 CertMagic acmez (linux; amd64)"]}, "status_code": 200, "response_headers": {"Access-Control-Allow-Origin":["*"],"Cache-Control":["max-age=-1"],"Content-Length":["645"],"Content-Type":["application/json"],"Date":["Mon, 28 Jun 2021 04:09:54 GMT"],"Server":["nginx"],"Strict-Transport-Security":["max-age=15552000"]}}
2021/06/28 04:09:55.061	DEBUG	tls.issuance.acme.acme_client	http request	{"method": "HEAD", "url": "https://acme.zerossl.com/v2/DV90/newNonce", "headers": {"User-Agent":["Caddy/2.3.0 CertMagic acmez (linux; amd64)"]}, "status_code": 200, "response_headers": {"Access-Control-Allow-Origin":["*"],"Cache-Control":["max-age=-1"],"Content-Type":["application/octet-stream"],"Date":["Mon, 28 Jun 2021 04:09:55 GMT"],"Link":["<https://acme.zerossl.com/v2/DV90>;rel=\"index\""],"Replay-Nonce":["fBndGqG1__IV-MbxhDJqu5Y7gAd8CMtd32CMs_HdCH0"],"Server":["nginx"],"Strict-Transport-Security":["max-age=15552000"]}}
2021/06/28 04:09:56.123	DEBUG	tls.issuance.acme.acme_client	http request	{"method": "POST", "url": "https://acme.zerossl.com/v2/DV90/newOrder", "headers": {"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.3.0 CertMagic acmez (linux; amd64)"]}, "status_code": 201, "response_headers": {"Access-Control-Allow-Origin":["*"],"Cache-Control":["max-age=0, no-cache, no-store","max-age=-1"],"Content-Length":["275"],"Content-Type":["application/json"],"Date":["Mon, 28 Jun 2021 04:09:56 GMT"],"Location":["https://acme.zerossl.com/v2/DV90/order/M7qer6yszLQB5ZeDNhLlaw"],"Replay-Nonce":["IlI_kFWZYrhfEwNfaF2eiD2sMbYyqMD6rKXGswKnWm4"],"Server":["nginx"],"Status":[""],"Strict-Transport-Security":["max-age=15552000"]}}
2021/06/28 04:09:56.823	DEBUG	tls.issuance.acme.acme_client	http request	{"method": "POST", "url": "https://acme.zerossl.com/v2/DV90/authz/-I4D0eSwnTFCP0l1tuSYAA", "headers": {"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.3.0 CertMagic acmez (linux; amd64)"]}, "status_code": 200, "response_headers": {"Access-Control-Allow-Origin":["*"],"Cache-Control":["max-age=-1"],"Content-Length":["295"],"Content-Type":["application/json"],"Date":["Mon, 28 Jun 2021 04:09:56 GMT"],"Link":["<https://acme.zerossl.com/v2/DV90>;rel=\"index\""],"Replay-Nonce":["tT-N4s1_UMGdw6udyGrGTChqgbFlI0DGEFeuJBiz_7c"],"Retry-After":["5"],"Server":["nginx"],"Strict-Transport-Security":["max-age=15552000"]}}
2021/06/28 04:09:56.823	DEBUG	tls.issuance.acme.acme_client	no solver configured	{"challenge_type": "dns-01"}
2021/06/28 04:09:57.328	DEBUG	tls.issuance.acme.acme_client	http request	{"method": "POST", "url": "https://acme.zerossl.com/v2/DV90/authz/-I4D0eSwnTFCP0l1tuSYAA", "headers": {"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.3.0 CertMagic acmez (linux; amd64)"]}, "status_code": 200, "response_headers": {"Access-Control-Allow-Origin":["*"],"Cache-Control":["max-age=-1"],"Content-Length":["139"],"Content-Type":["application/json"],"Date":["Mon, 28 Jun 2021 04:09:57 GMT"],"Link":["<https://acme.zerossl.com/v2/DV90>;rel=\"index\""],"Replay-Nonce":["A_YgvXC1HnaSy99x4UtTBcJtC5DFmeY8Nqwkya1QA4Q"],"Retry-After":["5"],"Server":["nginx"],"Strict-Transport-Security":["max-age=15552000"]}}
2021/06/28 04:09:57.329	ERROR	tls.obtain	will retry	{"error": "[*.example111.com] Obtain: [*.example111.com] solving challenges: *.example111.com: no solvers available for remaining challenges (configured=[http-01 tls-alpn-01] offered=[dns-01] remaining=[dns-01]) (order=https://acme.zerossl.com/v2/DV90/order/M7qer6yszLQB5ZeDNhLlaw) (ca=https://acme.zerossl.com/v2/DV90)", "attempt": 1, "retrying_in": 60, "elapsed": 4.876815429, "max_duration": 2592000}

Thanks.

You need to configure the DNS challenge to get a wildcard certificate: see Automatic HTTPS — Caddy Documentation.

Also I highly recommend upgrading to Caddy v2.4.3.

Thanks Matt for your reply.
I will try to configure DNS challenge and let you know if still face any problem.

I have upgraded caddy to 2.4.3 and downloaded the custom caddy with cloudflare module. Now I have both caddy.default and caddy.custom. I have followed this - Build from source — Caddy Documentation

Now I added the below config to my existing caddy.json file -

{
	"module": "acme",
	"challenges": {
        "dns": {
            "provider": {
                "name": "cloudflare",
                "api_token": "YOUR_CLOUDFLARE_API_TOKEN"
            }
        }
    }
}

But I am getting this error when trying to reload config -

using provided configuration {“config_file”: “/var/www/html/caddy.json”, “config_adapter”: “”}
reload: sending configuration to instance: caddy responded with error: HTTP 400: {“error”:“loading config: loading new config: loading http app module: provision http: getting tls app: loading tls app module: provision tls: provisioning automation policy 0: loading TLS automation management module: position 0: loading module ‘acme’: provision tls.issuance.acme: loading DNS provider module: loading module ‘cloudflare’: unknown module: dns.providers.cloudflare”}

Make sure you plug in the Cloudflare module: Modules - Caddy Documentation

(The yellow box has info about how to do this)

I have already followed the yellow box details and this is how I made the custom build.
And generated api_token in cloudflare account and used it in my caddy.json file.
Is there anything else I have missed?

Make sure you’re actually running the custom build you downloaded.

What do you see when you run caddy version and caddy list-modules?

Ok…

update-alternatives --config caddy

Is this the right command to use custom build?

If you were following the instructions here: Build from source — Caddy Documentation then yes.

As I asked, what’s the output when you run when you run caddy version and caddy list-modules? That will prove that you did it correctly.

I have checked the output of both caddy version and caddy list-modules commands in both default and custom build.
Version in both the cases -
v2.4.3 h1:Y1FaV2N4WO3rBqxSYA8UZsZTQdN+PwcoOcAiZTM8C0I=

And if I select custom then I am getting dns.providers.cloudflare in Non-standard modules list.

But still I am getting the same error after using custom caddy.

using provided configuration	{"config_file": "/var/www/html/caddy.json", "config_adapter": ""}
reload: sending configuration to instance: caddy responded with error: HTTP 400: {"error":"loading config: loading new config: loading http app module: provision http: getting tls app: loading tls app module: provision tls: provisioning automation policy 0: loading TLS automation management module: position 0: loading module 'acme': provision tls.issuance.acme: loading DNS provider module: loading module 'cloudflare': unknown module: dns.providers.cloudflare"}

21366×768 181 KB

11366×768 115 KB

If you’re using reload, this will send a message to the instance of Caddy you still have running. Reloads are done by sending HTTP requests to the admin endpoint (by default localhost:2019).

When changing the binary, you need to restart Caddy, for the new code to run.

It worked. After restarting caddy, the error has gone and wildcard certificates started working.
Thank you so much for your help.

This topic was automatically closed after 30 days. New replies are no longer allowed.