How to solve the "shutting down admin server: context deadline exceeded" error when using Caddy's API?

I didn’t include the form because none of it is relevant to my question, but you can reference the form info in the first post here if you wish.

I am making http requests from server A to the Caddy API on server B to make configuration changes.

The problem is, as described by Matt here, and here, that there is a circular dependency, because Caddy uses itself to proxy its own API, and I’m getting a shutting down admin server: context deadline exceeded error, and so requests are processed extremely slowly.

What is the proper way to configure Caddy so that I can send requests from server A to the Caddy API on server B and avoid this error?

Access the admin endpoint directly instead of proxying to it.

You can do this securely over TLS with mutual auth using the remote admin configuration (on server B): JSON Config Structure - Caddy Documentation

	"listen": "",
	"access_control": [{
		"public_keys": [""],
		"permissions": [{
			"paths": [""],
			"methods": [""]

If you enable this, you will also need to enable identity management so that Caddy (server B) has a certificate it can server to clients (like server A): JSON Config Structure - Caddy Documentation

	"identifiers": [""],
	"issuers": [{•••}]

All you need to fill out for this is an identifier, like so: identifiers: [""] and Caddy will use the default issuers (CAs) as usual (Let’s Encrypt and ZeroSSL).

AppMasker’s blog has a good tutorial for this (but ignore step 1, as your client is also a Caddy instance which can manage its own certificates, so don’t use openssl to generate one):

Thanks for the speedy reply!

If we don’t need admin endpoint security (because server B is behind a firewall that only permits a few IP addresses to access port 2019), can we omit the access control, and do something simple like:

"admin": {
   "identity": {
     "identifiers": [
   "remote": {
     "listen": ":2019"


UPDATE: tried this, sent a request to

and got

======== HTTP ERROR ========
  "message": "connect ECONNREFUSED",
1 Like

If you don’t need authentication, then you don’t need remote at all.

Just configure listen at the top-level of admin to :2019 instead.


This topic was automatically closed after 30 days. New replies are no longer allowed.