Getting letsencrypt related errors while trying to reverse proxy

Help
1

1. Caddy version (caddy version):

v2.2.1 h1:Q62GWHMtztnvyRU+KPOpw6fNfeCD3SkwH7SfT1Tgt2c=

2. How I run Caddy:

a. System environment:

Ubuntu 20.04 ( x86_64 )

b. Command:

caddy start

c. My complete Caddyfile or JSON config:

gdutils.xd003.ga {                                          
    reverse_proxy 127.0.0.1:23333
}

3. The problem I’m having:

As the question already specifes i am simply trying to reverse proxy using the Caddyfile , although i keep getting some letsencrypt related errors . I being pretty new to these stuff have no clue on how do i fix this . Hopefully someone can help me out here . Thanks in advance

4. Error messages and/or full log output:

{"level":"info","ts":1603359528.881995,"msg":"using adjacent Caddyfile"}
{"level":"info","ts":1603359528.8849983,"logger":"admin","msg":"admin endpoint started","address":"tcp/localhost:2019","enforce_origin":false,"origins":["localhost:2019","[::1]:2019","127.0.0.1:2019"]}
{"level":"info","ts":1603359528.8854938,"logger":"http","msg":"server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS","server_name":"srv0","https_port":443}
{"level":"info","ts":1603359528.885524,"logger":"http","msg":"enabling automatic HTTP->HTTPS redirects","server_name":"srv0"}
{"level":"info","ts":1603359528.8854976,"logger":"tls.cache.maintenance","msg":"started background certificate maintenance","cache":"0xc0002e45b0"}
{"level":"info","ts":1603359528.8863342,"logger":"http","msg":"enabling automatic TLS certificate management","domains":["gdutils.xd003.ga"]}
{"level":"info","ts":1603359528.8865387,"logger":"tls","msg":"cleaned up storage units"}
{"level":"info","ts":1603359528.886969,"msg":"autosaved config","file":"/home/ubuntu/.config/caddy/autosave.json"}
{"level":"info","ts":1603359528.8869796,"msg":"serving initial configuration"}
Successfully started Caddy (pid=2292) - Caddy is running in the background
{"level":"info","ts":1603359528.898753,"logger":"tls.obtain","msg":"acquiring lock","identifier":"gdutils.xd003.ga"}
{"level":"info","ts":1603359528.8990753,"logger":"tls.obtain","msg":"lock acquired","identifier":"gdutils.xd003.ga"}
{"level":"info","ts":1603359528.8997102,"logger":"tls.issuance.acme","msg":"waiting on internal rate limiter","identifiers":["gdutils.xd003.ga"]}
{"level":"info","ts":1603359528.8997304,"logger":"tls.issuance.acme","msg":"done waiting on internal rate limiter","identifiers":["gdutils.xd003.ga"]}
{"level":"info","ts":1603359530.9683244,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"gdutils.xd003.ga","challenge_type":"tls-alpn-01","ca":"https://acme-v02.api.letsencrypt.org/directory"}
{"level":"error","ts":1603359531.8189845,"logger":"tls.issuance.acme.acme_client","msg":"challenge failed","identifier":"gdutils.xd003.ga","challenge_type":"tls-alpn-01","status_code":403,"problem_type":"urn:ietf:params:acme:error:unauthorized","error":"Cannot negotiate ALPN protocol \"acme-tls/1\" for tls-alpn-01 challenge"}
{"level":"error","ts":1603359531.819044,"logger":"tls.issuance.acme.acme_client","msg":"validating authorization","identifier":"gdutils.xd003.ga","error":"authorization failed: HTTP 403 urn:ietf:params:acme:error:unauthorized - Cannot negotiate ALPN protocol \"acme-tls/1\" for tls-alpn-01 challenge","order":"https://acme-v02.api.letsencrypt.org/acme/order/99982253/5814482628","attempt":1,"max_attempts":3}
{"level":"info","ts":1603359533.5460227,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"gdutils.xd003.ga","challenge_type":"http-01","ca":"https://acme-v02.api.letsencrypt.org/directory"}
{"level":"error","ts":1603359564.954876,"logger":"tls.issuance.acme.acme_client","msg":"challenge failed","identifier":"gdutils.xd003.ga","challenge_type":"http-01","status_code":403,"problem_type":"urn:ietf:params:acme:error:unauthorized","error":"Invalid response from http://gdutils.xd003.ga/.well-known/acme-challenge/zeNFgzybo9mh7GkixYUZHM0yPfk6I8sfcfN4LIIV2js [2606:4700:3031::681c:1a4e]: \"<!DOCTYPE html>\\n<!--[if lt IE 7]> <html class=\\\"no-js ie6 oldie\\\" lang=\\\"en-US\\\"> <![endif]-->\\n<!--[if IE 7]>    <html class=\\\"no-js \""}
{"level":"error","ts":1603359564.954917,"logger":"tls.issuance.acme.acme_client","msg":"validating authorization","identifier":"gdutils.xd003.ga","error":"authorization failed: HTTP 403 urn:ietf:params:acme:error:unauthorized - Invalid response from http://gdutils.xd003.ga/.well-known/acme-challenge/zeNFgzybo9mh7GkixYUZHM0yPfk6I8sfcfN4LIIV2js [2606:4700:3031::681c:1a4e]: \"<!DOCTYPE html>\\n<!--[if lt IE 7]> <html class=\\\"no-js ie6 oldie\\\" lang=\\\"en-US\\\"> <![endif]-->\\n<!--[if IE 7]>    <html class=\\\"no-js \"","order":"https://acme-v02.api.letsencrypt.org/acme/order/99982253/5814482978","attempt":2,"max_attempts":3}
{"level":"error","ts":1603359566.9730139,"logger":"tls.obtain","msg":"will retry","error":"[gdutils.xd003.ga] Obtain: [gdutils.xd003.ga] solving challenges: gdutils.xd003.ga: no solvers available for remaining challenges (configured=[http-01 tls-alpn-01] offered=[http-01 dns-01 tls-alpn-01] remaining=[dns-01]) (order=https://acme-v02.api.letsencrypt.org/acme/order/99982253/5814489620) (ca=https://acme-v02.api.letsencrypt.org/directory)","attempt":1,"retrying_in":60,"elapsed":38.073927677,"max_duration":2592000}
{"level":"info","ts":1603359628.8594503,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"gdutils.xd003.ga","challenge_type":"http-01","ca":"https://acme-staging-v02.api.letsencrypt.org/directory"}
{"level":"error","ts":1603359659.6157832,"logger":"tls.issuance.acme.acme_client","msg":"challenge failed","identifier":"gdutils.xd003.ga","challenge_type":"http-01","status_code":403,"problem_type":"urn:ietf:params:acme:error:unauthorized","error":"Invalid response from http://gdutils.xd003.ga/.well-known/acme-challenge/PH7J7g4ivFL36tJlmmV3uZdgn1DCo89ajuzovz3CEaQ [2606:4700:3033::ac43:84e6]: \"<!DOCTYPE html>\\n<!--[if lt IE 7]> <html class=\\\"no-js ie6 oldie\\\" lang=\\\"en-US\\\"> <![endif]-->\\n<!--[if IE 7]>    <html class=\\\"no-js \""}
{"level":"error","ts":1603359659.6158245,"logger":"tls.issuance.acme.acme_client","msg":"validating authorization","identifier":"gdutils.xd003.ga","error":"authorization failed: HTTP 403 urn:ietf:params:acme:error:unauthorized - Invalid response from http://gdutils.xd003.ga/.well-known/acme-challenge/PH7J7g4ivFL36tJlmmV3uZdgn1DCo89ajuzovz3CEaQ [2606:4700:3033::ac43:84e6]: \"<!DOCTYPE html>\\n<!--[if lt IE 7]> <html class=\\\"no-js ie6 oldie\\\" lang=\\\"en-US\\\"> <![endif]-->\\n<!--[if IE 7]>    <html class=\\\"no-js \"","order":"https://acme-staging-v02.api.letsencrypt.org/acme/order/16235537/170963515","attempt":1,"max_attempts":3}
{"level":"info","ts":1603359661.1734576,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"gdutils.xd003.ga","challenge_type":"tls-alpn-01","ca":"https://acme-staging-v02.api.letsencrypt.org/directory"}
{"level":"error","ts":1603359661.9588063,"logger":"tls.issuance.acme.acme_client","msg":"challenge failed","identifier":"gdutils.xd003.ga","challenge_type":"tls-alpn-01","status_code":403,"problem_type":"urn:ietf:params:acme:error:unauthorized","error":"Cannot negotiate ALPN protocol \"acme-tls/1\" for tls-alpn-01 challenge"}
{"level":"error","ts":1603359661.9588826,"logger":"tls.issuance.acme.acme_client","msg":"validating authorization","identifier":"gdutils.xd003.ga","error":"authorization failed: HTTP 403 urn:ietf:params:acme:error:unauthorized - Cannot negotiate ALPN protocol \"acme-tls/1\" for tls-alpn-01 challenge","order":"https://acme-staging-v02.api.letsencrypt.org/acme/order/16235537/170963748","attempt":2,"max_attempts":3}
{"level":"error","ts":1603359663.7981665,"logger":"tls.obtain","msg":"will retry","error":"[gdutils.xd003.ga] Obtain: [gdutils.xd003.ga] solving challenges: gdutils.xd003.ga: no solvers available for remaining challenges (configured=[http-01 tls-alpn-01] offered=[http-01 dns-01 tls-alpn-01] remaining=[dns-01]) (order=https://acme-staging-v02.api.letsencrypt.org/acme/order/16235537/170963766) (ca=https://acme-staging-v02.api.letsencrypt.org/directory)","attempt":2,"retrying_in":120,"elapsed":134.899080397,"max_duration":2592000}
{"level":"info","ts":1603359785.379247,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"gdutils.xd003.ga","challenge_type":"http-01","ca":"https://acme-staging-v02.api.letsencrypt.org/directory"}
{"level":"error","ts":1603359817.2249234,"logger":"tls.issuance.acme.acme_client","msg":"challenge failed","identifier":"gdutils.xd003.ga","challenge_type":"http-01","status_code":403,"problem_type":"urn:ietf:params:acme:error:unauthorized","error":"Invalid response from http://gdutils.xd003.ga/.well-known/acme-challenge/saFVqOYVVy76-I9b2PC6FiCU8QQp_92P47e2FEuLnAI [2606:4700:3031::681c:1a4e]: \"<!DOCTYPE html>\\n<!--[if lt IE 7]> <html class=\\\"no-js ie6 oldie\\\" lang=\\\"en-US\\\"> <![endif]-->\\n<!--[if IE 7]>    <html class=\\\"no-js \""}
{"level":"error","ts":1603359817.2250228,"logger":"tls.issuance.acme.acme_client","msg":"validating authorization","identifier":"gdutils.xd003.ga","error":"authorization failed: HTTP 403 urn:ietf:params:acme:error:unauthorized - Invalid response from http://gdutils.xd003.ga/.well-known/acme-challenge/saFVqOYVVy76-I9b2PC6FiCU8QQp_92P47e2FEuLnAI [2606:4700:3031::681c:1a4e]: \"<!DOCTYPE html>\\n<!--[if lt IE 7]> <html class=\\\"no-js ie6 oldie\\\" lang=\\\"en-US\\\"> <![endif]-->\\n<!--[if IE 7]>    <html class=\\\"no-js \"","order":"https://acme-staging-v02.api.letsencrypt.org/acme/order/16235537/170964466","attempt":1,"max_attempts":3}
{"level":"info","ts":1603359818.7657864,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"gdutils.xd003.ga","challenge_type":"tls-alpn-01","ca":"https://acme-staging-v02.api.letsencrypt.org/directory"}
{"level":"error","ts":1603359819.542183,"logger":"tls.issuance.acme.acme_client","msg":"challenge failed","identifier":"gdutils.xd003.ga","challenge_type":"tls-alpn-01","status_code":403,"problem_type":"urn:ietf:params:acme:error:unauthorized","error":"Cannot negotiate ALPN protocol \"acme-tls/1\" for tls-alpn-01 challenge"}
{"level":"error","ts":1603359819.542255,"logger":"tls.issuance.acme.acme_client","msg":"validating authorization","identifier":"gdutils.xd003.ga","error":"authorization failed: HTTP 403 urn:ietf:params:acme:error:unauthorized - Cannot negotiate ALPN protocol \"acme-tls/1\" for tls-alpn-01 challenge","order":"https://acme-staging-v02.api.letsencrypt.org/acme/order/16235537/170964633","attempt":2,"max_attempts":3}
{"level":"error","ts":1603359821.3471859,"logger":"tls.obtain","msg":"will retry","error":"[gdutils.xd003.ga] Obtain: [gdutils.xd003.ga] solving challenges: gdutils.xd003.ga: no solvers available for remaining challenges (configured=[tls-alpn-01 http-01] offered=[http-01 dns-01 tls-alpn-01] remaining=[dns-01]) (order=https://acme-staging-v02.api.letsencrypt.org/acme/order/16235537/170964639) (ca=https://acme-staging-v02.api.letsencrypt.org/directory)","attempt":3,"retrying_in":120,"elapsed":292.448099811,"max_duration":2592000}

Edit - i wanted to update that i have generated a wildcard ssl certificate of my domain from let’s encrypt on my ubuntu vps . Not sure if that could help to fix this issue though . Waiting for further suggestions

2

Do you have ports 80 and 443 open? Are you using a service like Cloudflare in front of your server?

3

Yes i am using cloudfare in front of my server . I have added a DNS A Record ( name = subdomain , ipv4 address = external ip of my vps )

I don’t know if there’s a better way to check if but when i entered my vps’s external ip and check port through this website - Open Port Check Tool - Test Port Forwarding on Your Router it told me both 80 and 443 are closed
Looks like i gotta contact my vps providers to get this done , once these ports are opened . The error mentioned in my post will automatically get solved or i do need to follow some further steps

I have opened port 80 and 443 and now the errors are solved so i am will closing this one . Hopefully someone getting similar errors landing up here would benefit off it

1 Like
4

This topic was automatically closed after 30 days. New replies are no longer allowed.