1. The problem I’m having:
I am pretty new to caddy but I somehow had this working previously and now the certificate has expired and I cannot get it to renew. I am using GoDaddy for the DNS and I created the _acme-challenge txt file on GoDaddy but despite having the caddyfile match, caddy keeps trying to send a different challenge. I have redownloaded a custom caddy with the GoDaddy module to make sure something did not get corrupt and I still get the same results. All I am trying to do is get an SSL certificate running to allow access to some programs I have running on my personal system.
2. Error messages and/or full log output:
2024/05/03 00:51:54.949 ←[34mINFO←[0m using adjacent Caddyfile
2024/05/03 00:51:54.950 ←[33mWARN←[0m Caddyfile input is not formatted; run 'caddy fmt --overwrite' to fix inconsistencies {"adapter": "caddyfile", "file": "Caddyfile", "line": 7}
2024/05/03 00:51:54.961 ←[34mINFO←[0m admin admin endpoint started {"address": "localhost:2019", "enforce_origin": false, "origins": ["//localhost:2019", "//[::1]:2019", "//127.0.0.1:2019"]}
2024/05/03 00:51:54.962 ←[34mINFO←[0m tls.cache.maintenance started background certificate maintenance {"cache": "0xc00048dd00"}
2024/05/03 00:51:54.962 ←[34mINFO←[0m http.auto_https server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS {"server_name": "srv0", "https_port": 443}
2024/05/03 00:51:54.962 ←[34mINFO←[0m http.auto_https enabling automatic HTTP->HTTPS redirects {"server_name": "srv0"}
2024/05/03 00:51:54.962 ←[35mDEBUG←[0m http.auto_https adjusted config {"tls": {"automation":{"policies":[{"subjects":["brianandsteph.info"]},{}]}}, "http": {"servers":{"remaining_auto_https_redirects":{"listen":[":80"],"routes":[{},{}]},"srv0":{"listen":[":443"],"routes":[{"handle":[{"handler":"subroute","routes":[{"handle":[{"handler":"reverse_proxy","upstreams":[{"dial":":25600"}]}]}]}],"terminal":true}],"tls_connection_policies":[{}],"automatic_https":{}}}}}
2024/05/03 00:51:54.962 ←[34mINFO←[0m http enabling HTTP/3 listener {"addr": ":443"}
2024/05/03 00:51:54.963 ←[35mDEBUG←[0m http starting server loop {"address": "[::]:443", "tls": true, "http3": true}
2024/05/03 00:51:54.963 ←[34mINFO←[0m http.log server running {"name": "srv0", "protocols": ["h1", "h2", "h3"]}
2024/05/03 00:51:54.963 ←[35mDEBUG←[0m http starting server loop {"address": "[::]:80", "tls": false, "http3": false}
2024/05/03 00:51:54.963 ←[34mINFO←[0m http.log server running {"name": "remaining_auto_https_redirects", "protocols": ["h1", "h2", "h3"]}
2024/05/03 00:51:54.963 ←[34mINFO←[0m http enabling automatic TLS certificate management {"domains": ["brianandsteph.info"]}
2024/05/03 00:51:54.964 ←[34mINFO←[0m autosaved config (load with --resume flag) {"file": "C:\\Users\\tarra\\AppData\\Roaming\\Caddy\\autosave.json"}
2024/05/03 00:51:54.964 ←[34mINFO←[0m serving initial configuration
2024/05/03 00:51:54.964 ←[33mWARN←[0m tls storage cleaning happened too recently; skipping for now {"storage": "FileStorage:C:\\Users\\tarra\\AppData\\Roaming\\Caddy", "instance": "bf4e83ba-fce2-4a05-b434-32201035310d", "try_again": "2024/05/04 00:51:54.964", "try_again_in": 86400}
2024/05/03 00:51:54.965 ←[34mINFO←[0m tls finished cleaning storage units
2024/05/03 00:51:54.965 ←[34mINFO←[0m tls.obtain acquiring lock {"identifier": "brianandsteph.info"}
Successfully started Caddy (pid=14604) - Caddy is running in the background
2024/05/03 00:51:54.967 ←[34mINFO←[0m tls.obtain lock acquired {"identifier": "brianandsteph.info"}
2024/05/03 00:51:54.968 ←[34mINFO←[0m tls.obtain obtaining certificate {"identifier": "brianandsteph.info"}
2024/05/03 00:51:54.968 ←[35mDEBUG←[0m events event {"name": "cert_obtaining", "id": "c9e77110-1944-4dd0-90f1-aef84afcb50e", "origin": "tls", "data": {"identifier":"brianandsteph.info"}}
2024/05/03 00:51:54.968 ←[35mDEBUG←[0m tls.obtain trying issuer 1/2 {"issuer": "acme-v02.api.letsencrypt.org-directory"}
2024/05/03 00:51:54.969 INFO tls.issuance.acme waiting on internal rate limiter {"identifiers": ["brianandsteph.info"], "ca": "https://acme-v02.api.letsencrypt.org/directory", "account": ""}
2024/05/03 00:51:54.969 INFO tls.issuance.acme done waiting on internal rate limiter {"identifiers": ["brianandsteph.info"], "ca": "https://acme-v02.api.letsencrypt.org/directory", "account": ""}
PS C:\Program Files\Caddy> 2024/05/03 00:51:55.314 DEBUG tls.issuance.acme.acme_client http request {"method": "GET", "url": "https://acme-v02.api.letsencrypt.org/directory", "headers": {"User-Agent":["Caddy/2.7.6 CertMagic acmez (windows; amd64)"]}, "response_headers": {"Cache-Control":["public, max-age=0, no-cache"],"Content-Length":["747"],"Content-Type":["application/json"],"Date":["Fri, 03 May 2024 00:51:54 GMT"],"Server":["nginx"],"Strict-Transport-Security":["max-age=604800"],"X-Frame-Options":["DENY"]}, "status_code": 200}
2024/05/03 00:51:55.383 DEBUG tls.issuance.acme.acme_client http request {"method": "HEAD", "url": "https://acme-v02.api.letsencrypt.org/acme/new-nonce", "headers": {"User-Agent":["Caddy/2.7.6 CertMagic acmez (windows; amd64)"]}, "response_headers": {"Cache-Control":["public, max-age=0, no-cache"],"Date":["Fri, 03 May 2024 00:51:54 GMT"],"Link":["<https://acme-v02.api.letsencrypt.org/directory>;rel=\"index\""],"Replay-Nonce":["KBbvukTe_bCsXE69bXKcB2TfKFUiB_LWq0Fl1ixN1DU0cQ6VT8c"],"Server":["nginx"],"Strict-Transport-Security":["max-age=604800"],"X-Frame-Options":["DENY"]}, "status_code": 200}
2024/05/03 00:51:55.648 DEBUG tls.issuance.acme.acme_client http request {"method": "POST", "url": "https://acme-v02.api.letsencrypt.org/acme/new-order", "headers": {"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.7.6 CertMagic acmez (windows; amd64)"]}, "response_headers": {"Boulder-Requester":["1445521426"],"Cache-Control":["public, max-age=0, no-cache"],"Content-Length":["344"],"Content-Type":["application/json"],"Date":["Fri, 03 May 2024 00:51:54 GMT"],"Link":["<https://acme-v02.api.letsencrypt.org/directory>;rel=\"index\""],"Location":["https://acme-v02.api.letsencrypt.org/acme/order/1445521426/266105733447"],"Replay-Nonce":["KBbvukTezTgyKfK9ynN5lHSn3x3IiqAk5C361BKry6o8Qpu9oHw"],"Server":["nginx"],"Strict-Transport-Security":["max-age=604800"],"X-Frame-Options":["DENY"]}, "status_code": 201}
2024/05/03 00:51:55.723 DEBUG tls.issuance.acme.acme_client http request {"method": "POST", "url": "https://acme-v02.api.letsencrypt.org/acme/authz-v3/345973527217", "headers": {"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.7.6 CertMagic acmez (windows; amd64)"]}, "response_headers": {"Boulder-Requester":["1445521426"],"Cache-Control":["public, max-age=0, no-cache"],"Content-Length":["802"],"Content-Type":["application/json"],"Date":["Fri, 03 May 2024 00:51:54 GMT"],"Link":["<https://acme-v02.api.letsencrypt.org/directory>;rel=\"index\""],"Replay-Nonce":["RHbEAk-JPQgyM6MAveCAhjxlfojOxXfs7iVWxfc5rYsACeFvOGg"],"Server":["nginx"],"Strict-Transport-Security":["max-age=604800"],"X-Frame-Options":["DENY"]}, "status_code": 200}
2024/05/03 00:51:55.723 INFO tls.issuance.acme.acme_client trying to solve challenge {"identifier": "brianandsteph.info", "challenge_type": "dns-01", "ca": "https://acme-v02.api.letsencrypt.org/directory"}
2024/05/03 00:51:55.865 INFO AppendRecords brianandsteph.info. [{ TXT _acme-challenge Dmz5Bk5Ua4keph2gKEoLrLCk_VqRKImLsXsJsMNeDbY 0s 0}]
2024/05/03 00:51:56.087 ERROR tls.issuance.acme.acme_client cleaning up solver {"identifier": "brianandsteph.info", "challenge_type": "dns-01", "error": "no memory of presenting a DNS record for \"_acme-challenge.brianandsteph.info\" (usually OK if presenting also failed)"}
2024/05/03 00:51:56.199 DEBUG tls.issuance.acme.acme_client http request {"method": "POST", "url": "https://acme-v02.api.letsencrypt.org/acme/authz-v3/345973527217", "headers": {"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.7.6 CertMagic acmez (windows; amd64)"]}, "response_headers": {"Boulder-Requester":["1445521426"],"Cache-Control":["public, max-age=0, no-cache"],"Content-Length":["806"],"Content-Type":["application/json"],"Date":["Fri, 03 May 2024 00:51:55 GMT"],"Link":["<https://acme-v02.api.letsencrypt.org/directory>;rel=\"index\""],"Replay-Nonce":["RHbEAk-JFoWlXmxgDQyqJ0Ze8idNdKIsZm6nsvrS301Y_yBK6A0"],"Server":["nginx"],"Strict-Transport-Security":["max-age=604800"],"X-Frame-Options":["DENY"]}, "status_code": 200}
2024/05/03 00:51:56.199 ERROR tls.obtain could not get certificate from issuer {"identifier": "brianandsteph.info", "issuer": "acme-v02.api.letsencrypt.org-directory", "error": "[brianandsteph.info] solving challenges: presenting for challenge: adding temporary record for zone \"brianandsteph.info.\": could not append records: Domain: brianandsteph.info; Record: _acme-challenge, Status: 403; Body: {\"code\":\"ACCESS_DENIED\",\"message\":\"Authenticated user is not allowed access\"}\n; PUT: [{\"data\":\"Dmz5Bk5Ua4keph2gKEoLrLCk_VqRKImLsXsJsMNeDbY\"}] (order=https://acme-v02.api.letsencrypt.org/acme/order/1445521426/266105733447) (ca=https://acme-v02.api.letsencrypt.org/directory)"}
2024/05/03 00:51:56.199 DEBUG tls.obtain trying issuer 2/2 {"issuer": "acme.zerossl.com-v2-DV90"}
2024/05/03 00:51:56.201 INFO tls.issuance.zerossl waiting on internal rate limiter {"identifiers": ["brianandsteph.info"], "ca": "https://acme.zerossl.com/v2/DV90", "account": "caddy@zerossl.com"}
2024/05/03 00:51:56.201 INFO tls.issuance.zerossl done waiting on internal rate limiter {"identifiers": ["brianandsteph.info"], "ca": "https://acme.zerossl.com/v2/DV90", "account": "caddy@zerossl.com"}
2024/05/03 00:51:56.520 DEBUG tls.issuance.zerossl.acme_client http request {"method": "GET", "url": "https://acme.zerossl.com/v2/DV90", "headers": {"User-Agent":["Caddy/2.7.6 CertMagic acmez (windows; amd64)"]}, "response_headers": {"Access-Control-Allow-Origin":["*"],"Content-Length":["645"],"Content-Type":["application/json"],"Date":["Fri, 03 May 2024 00:51:55 GMT"],"Server":["nginx"],"Strict-Transport-Security":["max-age=15724800; includeSubDomains"]}, "status_code": 200}
2024/05/03 00:52:03.785 DEBUG tls.issuance.zerossl.acme_client http request {"method": "HEAD", "url": "https://acme.zerossl.com/v2/DV90/newNonce", "headers": {"User-Agent":["Caddy/2.7.6 CertMagic acmez (windows; amd64)"]}, "response_headers": {"Access-Control-Allow-Origin":["*"],"Cache-Control":["max-age=0, no-cache, no-store"],"Content-Type":["application/octet-stream"],"Date":["Fri, 03 May 2024 00:52:02 GMT"],"Link":["<https://acme.zerossl.com/v2/DV90>;rel=\"index\""],"Replay-Nonce":["o1ImKJqc7fwS_H3rdODQeq27QKdbaDAiVaMxi4kPfks"],"Server":["nginx"],"Strict-Transport-Security":["max-age=15724800; includeSubDomains"]}, "status_code": 200}
2024/05/03 00:52:17.357 DEBUG tls.issuance.zerossl.acme_client http request {"method": "POST", "url": "https://acme.zerossl.com/v2/DV90/newOrder", "headers": {"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.7.6 CertMagic acmez (windows; amd64)"]}, "response_headers": {"Access-Control-Allow-Origin":["*"],"Cache-Control":["max-age=0, no-cache, no-store"],"Content-Length":["280"],"Content-Type":["application/json"],"Date":["Fri, 03 May 2024 00:52:16 GMT"],"Location":["https://acme.zerossl.com/v2/DV90/order/Ak-mn6bUIfa_bOpPDDPVtw"],"Replay-Nonce":["cDvZ3NKBADm-0CQF_aj3Mm6Est-sXcPzDnoxuYAt4RY"],"Server":["nginx"],"Strict-Transport-Security":["max-age=15724800; includeSubDomains"]}, "status_code": 201}
2024/05/03 00:52:24.456 DEBUG tls.issuance.zerossl.acme_client http request {"method": "POST", "url": "https://acme.zerossl.com/v2/DV90/authz/KWi_QK6rvpKubxhU37mRzw", "headers": {"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.7.6 CertMagic acmez (windows; amd64)"]}, "response_headers": {"Access-Control-Allow-Origin":["*"],"Cache-Control":["max-age=0, no-cache, no-store"],"Content-Length":["448"],"Content-Type":["application/json"],"Date":["Fri, 03 May 2024 00:52:23 GMT"],"Link":["<https://acme.zerossl.com/v2/DV90>;rel=\"index\""],"Replay-Nonce":["VKsuHPfCkZPYehAoAu9d_dv-i29RRRcOYaaLDFCkDsM"],"Retry-After":["5"],"Server":["nginx"],"Strict-Transport-Security":["max-age=15724800; includeSubDomains"]}, "status_code": 200}
2024/05/03 00:52:24.456 INFO tls.issuance.zerossl.acme_client trying to solve challenge {"identifier": "brianandsteph.info", "challenge_type": "dns-01", "ca": "https://acme.zerossl.com/v2/DV90"}
2024/05/03 00:52:24.459 INFO AppendRecords brianandsteph.info. [{ TXT _acme-challenge _g2gPKvLPWpRzjARdHv6C-Gm-Z26y1kGnMe2HE8_ifM 0s 0}]
2024/05/03 00:52:24.691 ERROR tls.issuance.zerossl.acme_client cleaning up solver {"identifier": "brianandsteph.info", "challenge_type": "dns-01", "error": "no memory of presenting a DNS record for \"_acme-challenge.brianandsteph.info\" (usually OK if presenting also failed)"}
2024/05/03 00:52:24.848 DEBUG tls.issuance.zerossl.acme_client http request {"method": "POST", "url": "https://acme.zerossl.com/v2/DV90/authz/KWi_QK6rvpKubxhU37mRzw", "headers": {"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.7.6 CertMagic acmez (windows; amd64)"]}, "response_headers": {"Access-Control-Allow-Origin":["*"],"Cache-Control":["max-age=0, no-cache, no-store"],"Content-Length":["130"],"Content-Type":["application/json"],"Date":["Fri, 03 May 2024 00:52:23 GMT"],"Link":["<https://acme.zerossl.com/v2/DV90>;rel=\"index\""],"Replay-Nonce":["xPqw9Pz4zimGgvg8othcu7VAtKi2PE6sercSjmhDCJ0"],"Server":["nginx"],"Strict-Transport-Security":["max-age=15724800; includeSubDomains"]}, "status_code": 200}
2024/05/03 00:52:24.848 ERROR tls.obtain could not get certificate from issuer {"identifier": "brianandsteph.info", "issuer": "acme.zerossl.com-v2-DV90", "error": "[brianandsteph.info] solving challenges: presenting for challenge: adding temporary record for zone \"brianandsteph.info.\": could not append records: Domain: brianandsteph.info; Record: _acme-challenge, Status: 403; Body: {\"code\":\"ACCESS_DENIED\",\"message\":\"Authenticated user is not allowed access\"}\n; PUT: [{\"data\":\"_g2gPKvLPWpRzjARdHv6C-Gm-Z26y1kGnMe2HE8_ifM\"}] (order=https://acme.zerossl.com/v2/DV90/order/Ak-mn6bUIfa_bOpPDDPVtw) (ca=https://acme.zerossl.com/v2/DV90)"}
2024/05/03 00:52:24.849 DEBUG events event {"name": "cert_failed", "id": "07ba3a32-0913-4f85-b091-11e777759f62", "origin": "tls", "data": {"error":{},"identifier":"brianandsteph.info","issuers":["acme-v02.api.letsencrypt.org-directory","acme.zerossl.com-v2-DV90"],"renewal":false}}
2024/05/03 00:52:24.849 ERROR tls.obtain will retry {"error": "[brianandsteph.info] Obtain: [brianandsteph.info] solving challenges: presenting for challenge: adding temporary record for zone \"brianandsteph.info.\": could not append records: Domain: brianandsteph.info; Record: _acme-challenge, Status: 403; Body: {\"code\":\"ACCESS_DENIED\",\"message\":\"Authenticated user is not allowed access\"}\n; PUT: [{\"data\":\"_g2gPKvLPWpRzjARdHv6C-Gm-Z26y1kGnMe2HE8_ifM\"}] (order=https://acme.zerossl.com/v2/DV90/order/Ak-mn6bUIfa_bOpPDDPVtw) (ca=https://acme.zerossl.com/v2/DV90)", "attempt": 1, "retrying_in": 60, "elapsed": 29.8824397, "max_duration": 2592000}
3. Caddy version:
v2.7.6 h1:w0NymbG2m9PcvKWsrXO6EEkY9Ru4FJK8uQbYcev1p3A=
4. How I installed and ran Caddy:
a. System environment:
Windows 11
b. Command:
.\caddy_windows_amd64_custom.exe
c. Service/unit/compose file:
d. My complete Caddy config:
{
acme_dns godaddy 3Amt8ZbSre_4giKn8RfTrXJF4GftuKWbP:RSPpXJkScnSnp6DpoU1mW3
debug
}
brianandsteph.info
reverse_proxy :25600
5. Links to relevant resources:
Downloaded the package from Download Caddy