1. The problem I’m having:
Hi guys,
A legitimate user created a CNAME
record for our Caddy server, this worked for quite a while. However, he later deleted this record and this also lasted for a long time. Now he has returned and created the record again.
However, Caddy is not generating the certificate for it, I have already looked at the directories where caddy stores the files and this certificate does not exist (not even old), but I see this alert in systemctl status caddy
.
Please, would anyone know how to “force” the caddy to issue this again without getting “stuck” in this message?
2. Error messages and/or full log output:
● caddy.service - Caddy
Loaded: loaded (/lib/systemd/system/caddy.service; enabled; vendor preset: enabled)
Active: active (running) since Mon 2023-08-14 22:23:03 UTC; 10 months 19 days ago
Docs: https://caddyserver.com/docs/
Main PID: 1029977 (caddy)
Tasks: 10 (limit: 1118)
Memory: 130.7M
CPU: 3d 19h 15min 44.620s
CGroup: /system.slice/caddy.service
└─1029977 /usr/bin/caddy run --environ --config /etc/caddy/Caddyfile
Jul 03 15:18:22 ip-172-31-56-195 caddy[1029977]: {"level":"error","ts":1720019902.4400039,"logger":"http.handlers.reverse_proxy","msg":"aborting with incomplete response","error":"client disconnected"}
Jul 03 15:18:22 ip-172-31-56-195 caddy[1029977]: {"level":"error","ts":1720019902.440099,"logger":"http.handlers.reverse_proxy","msg":"aborting with incomplete response","error":"client disconnected"}
Jul 03 15:18:22 ip-172-31-56-195 caddy[1029977]: {"level":"error","ts":1720019902.4402359,"logger":"http.handlers.reverse_proxy","msg":"aborting with incomplete response","error":"client disconnected"}
Jul 03 15:18:50 ip-172-31-56-195 caddy[1029977]: {"level":"error","ts":1720019930.4034615,"logger":"tls.renew","msg":"will retry","error":"open /var/lib/caddy/.local/share/caddy/certificates/acme.zerossl.com-v2-dv90/subdomain.domain.com/subdomain.domain.com.key: no such file or directory","attempt":2,"retrying_in":120,"elapsed":60.001099288,"max_duration":2592000}
Jul 03 15:19:01 ip-172-31-56-195 caddy[1029977]: {"level":"error","ts":1720019941.1505065,"logger":"http.handlers.reverse_proxy","msg":"aborting with incomplete response","error":"http2: stream closed"}
Jul 03 15:19:01 ip-172-31-56-195 caddy[1029977]: {"level":"error","ts":1720019941.150641,"logger":"http.handlers.reverse_proxy","msg":"aborting with incomplete response","error":"http2: stream closed"}
Jul 03 15:19:20 ip-172-31-56-195 caddy[1029977]: {"level":"info","ts":1720019960.399377,"logger":"tls.renew","msg":"releasing lock","identifier":"subdomain.domain.com"}
Jul 03 15:19:20 ip-172-31-56-195 caddy[1029977]: {"level":"error","ts":1720019960.3995564,"logger":"tls.on_demand","msg":"renewing and reloading certificate","server_name":"subdomain.domain.com","subjects":["subdomain.domain.com"],"expiration":1718702290,"remaining":-1317580.398280404,"revoked":false,"error":"context canceled"}
Jul 03 15:19:20 ip-172-31-56-195 caddy[1029977]: {"level":"error","ts":1720019960.3995757,"logger":"tls.on_demand","msg":"renewing certificate on-demand failed","subjects":["subdomain.domain.com"],"not_after":1718702290,"error":"context canceled"}
Jul 03 15:19:31 ip-172-31-56-195 caddy[1029977]: {"level":"info","ts":1720019971.86871,"logger":"tls.obtain","msg":"releasing lock","identifier":"172.31.56.195"}
3. Caddy version:
v2.6.2 h1:wKoFIxpmOJLGl3QXoo6PNbYvGW4xLEgo32GPBEjWL8o=
4. How I installed and ran Caddy:
a. System environment:
Ubuntu 22.04
b. Command:
https://caddyserver.com/docs/install#debian-ubuntu-raspbian
c. Service/unit/compose file:
N/A
d. My complete Caddy config:
https:// {
tls {
on_demand
}
reverse_proxy {
to http://my.target.com
}
}
*.example.com {
tls {
dns route53 {
access_key_id "AKIAREDACTED"
secret_access_key "a1NRedacted"
max_retries 20
}
}
reverse_proxy {
to http://my.target.com
}
}