Thanks for the idea, I added on-demand certificates like this:
tls {
on_demand
}
It seems to be working, but Chrome gives me the “the connection is not private” screen and I’m not being redirected.
client_1 | {"level":"info","ts":1663432210.1971653,"logger":"tls.on_demand","msg":"obtaining new certificate","server_name":"xyz.example.com"}
client_1 | {"level":"info","ts":1663432210.1988943,"logger":"tls.obtain","msg":"acquiring lock","identifier":"xyz.example.com"}
client_1 | {"level":"info","ts":1663432210.2036602,"logger":"tls.obtain","msg":"lock acquired","identifier":"xyz.example.com"}
client_1 | {"level":"info","ts":1663432210.2059684,"logger":"tls.issuance.acme","msg":"waiting on internal rate limiter","identifiers":["xyz.example.com"],"ca":"https://acme-v02.api.letsencrypt.org/directory","account":"email@gmail.com"}
client_1 | {"level":"info","ts":1663432210.2067494,"logger":"tls.issuance.acme","msg":"done waiting on internal rate limiter","identifiers":["xyz.example.com"],"ca":"https://acme-v02.api.letsencrypt.org/directory","account":"email@gmail.com"}
client_1 | {"level":"info","ts":1663432210.899205,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"xyz.example.com","challenge_type":"tls-alpn-01","ca":"https://acme-v02.api.letsencrypt.org/directory"}
client_1 | {"level":"info","ts":1663432211.313457,"logger":"tls","msg":"served key authentication certificate","server_name":"xyz.example.com","challenge":"tls-alpn-01","remote":"3.125.50.156:40102","distributed":false}
client_1 | {"level":"info","ts":1663432211.342081,"logger":"tls","msg":"served key authentication certificate","server_name":"xyz.example.com","challenge":"tls-alpn-01","remote":"3.16.81.252:12244","distributed":false}
client_1 | {"level":"info","ts":1663432211.452645,"logger":"tls","msg":"served key authentication certificate","server_name":"xyz.example.com","challenge":"tls-alpn-01","remote":"54.189.198.223:42978","distributed":false}
client_1 | {"level":"info","ts":1663432211.4558823,"logger":"tls","msg":"served key authentication certificate","server_name":"xyz.example.com","challenge":"tls-alpn-01","remote":"23.178.112.107:63026","distributed":false}
client_1 | {"level":"info","ts":1663432211.898402,"logger":"tls.issuance.acme.acme_client","msg":"validations succeeded; finalizing order","order":"https://acme-v02.api.letsencrypt.org/acme/order/735757851/126375986891"}
client_1 | {"level":"info","ts":1663432213.1983168,"logger":"tls.issuance.acme.acme_client","msg":"successfully downloaded available certificate chains","count":2,"first_url":"https://acme-v02.api.letsencrypt.org/acme/cert/03aa07a1cda836718b79488ac6124f9f654f"}
client_1 | {"level":"info","ts":1663432213.1999633,"logger":"tls.obtain","msg":"certificate obtained successfully","identifier":"xyz.example.com"}
client_1 | {"level":"info","ts":1663432213.2011125,"logger":"tls.obtain","msg":"releasing lock","identifier":"xyz.example.com"}