Something strange happened with my caddy deployment. Caddy tried to renew certificates, and failed. According to the logs it appears that it was trying to bind to port 5033. It continued to fail and later the certificates expired.
Aug 06 04:23:27 web-n02 caddy[1097]: 2018/08/06 04:23:27 [INFO] Certificate for [texaslinuxfest.com] expires in 718h49m16.702478463s; attempting renewal
Aug 06 04:23:27 web-n02 caddy[1097]: 2018/08/06 04:23:27 [INFO][texaslinuxfest.com] acme: Trying renewal with 718 hours remaining
Aug 06 04:23:27 web-n02 caddy[1097]: 2018/08/06 04:23:27 [INFO][texaslinuxfest.com] acme: Obtaining bundled SAN certificate
Aug 06 04:23:27 web-n02 caddy[1097]: 2018/08/06 04:23:27 [INFO][texaslinuxfest.com] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz/7qOORROX_fwNT-hDG89LbQRnmItB2Fly0rsXU1haFFI
Aug 06 04:23:27 web-n02 caddy[1097]: 2018/08/06 04:23:27 [INFO][texaslinuxfest.com] acme: Could not find solver for: dns-01
Aug 06 04:23:27 web-n02 caddy[1097]: 2018/08/06 04:23:27 [INFO][texaslinuxfest.com] acme: Could not find solver for: tls-sni-01
Aug 06 04:23:27 web-n02 caddy[1097]: 2018/08/06 04:23:27 [INFO][texaslinuxfest.com] acme: Trying to solve HTTP-01
Aug 06 04:23:27 web-n02 caddy[1097]: 2018/08/06 04:23:27 [ERROR] Renewing [texaslinuxfest.com]: acme: Error -> One or more domains had a problem:
Aug 06 04:23:27 web-n02 caddy[1097]: [texaslinuxfest.com] [texaslinuxfest.com] error presenting token: presenting with standard HTTP provider server: Could not start HTTP server for challenge -> listen tcp :5033: bind: permission denied
Aug 06 04:23:27 web-n02 caddy[1097]: ; trying again in 10s
I restarted the service and it renewed the certificates without issue. Anyone else seen this behavior before or know of a fix?
/usr/lib/systemd/system/caddy.service
:
[Unit]
Description=Caddy HTTP/2 web server
Documentation=https://caddyserver.com/docs
After=network.target
[Service]
User=caddy
Group=caddy
Environment=CADDYPATH=/var/lib/caddy
EnvironmentFile=-/etc/caddy/envfile
ExecStartPre=/usr/bin/caddy -conf /etc/caddy/caddy.conf -validate
ExecStart=/usr/bin/caddy -conf /etc/caddy/caddy.conf -log stdout -root /tmp -agree
ExecReload=/usr/bin/kill -USR1 $MAINPID
KillMode=mixed
KillSignal=SIGQUIT
TimeoutStopSec=5s
LimitNOFILE=1048576
LimitNPROC=512
PrivateTmp=true
ProtectHome=true
ProtectSystem=full
ReadWriteDirectories=/var/lib/caddy
AmbientCapabilities=CAP_NET_BIND_SERVICE
[Install]
WantedBy=multi-user.target
/etc/caddy/caddy.conf
:
import conf.d/*.conf
/etc/caddy/conf.d/2018.texaslinuxfest.org.conf
:
texaslinuxfest.org, www.texaslinuxfest.org, texaslinuxfest.com, www.texaslinuxfest.com, texaslinuxfest.net, www.texaslinuxfest.net, 2016.texaslinuxfest.org {
redir https://2018.texaslinuxfest.org
}
2018.texaslinuxfest.org {
root /srv/www/txlf2018
proxy / http://127.0.0.1:8000 {
transparent
except /static
}
gzip
errors stderr
log stdout
}
# rpm -q caddy
caddy-0.11.0-1.el7.x86_64
# caddy --version
Caddy 0.11.0 (unofficial)