HTTP 400 Timeout Error When Starting Caddy

1. Caddy version (caddy version):

v2.0.3

2. How I run Caddy:

Running Caddy as a systemd service

a. System environment:

PRETTY_NAME="Raspbian GNU/Linux 10 (buster)"
NAME="Raspbian GNU/Linux"
VERSION_ID="10"
VERSION="10 (buster)"
VERSION_CODENAME=buster
ID=raspbian
ID_LIKE=debian

b. Command:

Managing Caddy using standard systemctl commands

sudo systemctl {start|stop} caddy

c. Service/unit/compose file:

None (at least not that I’m aware of)

d. My complete Caddyfile or JSON config:

# This replaces the existing content in /etc/caddy/Caddyfile
# A CONFIG SECTION FOR YOUR HOSTNAME
lordstrahdsfoundry.net {
        # PROXY ALL REQUEST TO PORT 30000
        reverse_proxy localhost:30000
}
# Refer to the Caddy docs for more information:
# https://caddyserver.com/docs/caddyfile

3. The problem I’m having:

I am running an application server (specifically Foundry VTT) on a Rasberry Pi. External users to the application currently connect via a browser pointed at http://lordstrahdsfoundry(dot)net:30000. However, the Foundry community suggests configuring a reverse proxy to handle signed SSL certificates and to obfuscate port numbers.
I’ve attempted to get this working with Caddy, but the logs appear to show that Caddy is reporting error 400 timeouts during what I assume is SSL authentication.

4. Error messages and/or full log output:

Jul  2 15:07:50 rpi-foundryserver caddy[955]: caddy.HomeDir=/var/lib/caddy
Jul  2 15:07:50 rpi-foundryserver caddy[955]: caddy.AppDataDir=/var/lib/caddy/.local/share/caddy
Jul  2 15:07:50 rpi-foundryserver caddy[955]: caddy.AppConfigDir=/var/lib/caddy/.config/caddy
Jul  2 15:07:50 rpi-foundryserver caddy[955]: caddy.ConfigAutosavePath=/var/lib/caddy/.config/caddy/autosave.json
Jul  2 15:07:50 rpi-foundryserver caddy[955]: caddy.Version=v2.3.0
Jul  2 15:07:50 rpi-foundryserver caddy[955]: runtime.GOOS=linux
Jul  2 15:07:50 rpi-foundryserver caddy[955]: runtime.GOARCH=arm
Jul  2 15:07:50 rpi-foundryserver caddy[955]: runtime.Compiler=gc
Jul  2 15:07:50 rpi-foundryserver caddy[955]: runtime.NumCPU=4
Jul  2 15:07:50 rpi-foundryserver caddy[955]: runtime.GOMAXPROCS=4
Jul  2 15:07:50 rpi-foundryserver caddy[955]: runtime.Version=go1.15.6
Jul  2 15:07:50 rpi-foundryserver caddy[955]: os.Getwd=/
Jul  2 15:07:50 rpi-foundryserver caddy[955]: LANG=en_GB.UTF-8
Jul  2 15:07:50 rpi-foundryserver caddy[955]: PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
Jul  2 15:07:50 rpi-foundryserver caddy[955]: HOME=/var/lib/caddy
Jul  2 15:07:50 rpi-foundryserver caddy[955]: LOGNAME=caddy
Jul  2 15:07:50 rpi-foundryserver caddy[955]: USER=caddy
Jul  2 15:07:50 rpi-foundryserver caddy[955]: INVOCATION_ID=051e53ca841f47cb8dfc5069d1882c05
Jul  2 15:07:50 rpi-foundryserver caddy[955]: JOURNAL_STREAM=8:22092
Jul  2 15:07:50 rpi-foundryserver caddy[955]: {"level":"info","ts":1625234870.975428,"msg":"using provided configuration","config_file":"/etc/caddy/Caddyfile","config_adapter":""}
Jul  2 15:07:50 rpi-foundryserver caddy[955]: {"level":"info","ts":1625234870.9793987,"logger":"admin","msg":"admin endpoint started","address":"tcp/localhost:2019","enforce_origin":false,"origins":["localhost:2019","[::1]:2019","127.0.0.1:2019"]}
Jul  2 15:07:50 rpi-foundryserver caddy[955]: {"level":"info","ts":1625234870.9799001,"logger":"tls.cache.maintenance","msg":"started background certificate maintenance","cache":"0x2833310"}
Jul  2 15:07:50 rpi-foundryserver caddy[955]: {"level":"info","ts":1625234870.980047,"logger":"http","msg":"server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS","server_name":"srv0","https_port":443}
Jul  2 15:07:50 rpi-foundryserver caddy[955]: {"level":"info","ts":1625234870.9805312,"logger":"http","msg":"enabling automatic HTTP->HTTPS redirects","server_name":"srv0"}
Jul  2 15:07:50 rpi-foundryserver caddy[955]: {"level":"info","ts":1625234870.9818683,"logger":"http","msg":"enabling automatic TLS certificate management","domains":["lordstrahdsfoundry.net"]}
Jul  2 15:07:50 rpi-foundryserver caddy[955]: {"level":"info","ts":1625234870.9828641,"logger":"tls","msg":"cleaned up storage units"}
Jul  2 15:07:50 rpi-foundryserver caddy[955]: {"level":"info","ts":1625234870.982862,"msg":"autosaved config","file":"/var/lib/caddy/.config/caddy/autosave.json"}
Jul  2 15:07:50 rpi-foundryserver caddy[955]: {"level":"info","ts":1625234870.9829264,"msg":"serving initial configuration"}
Jul  2 15:07:50 rpi-foundryserver caddy[955]: {"level":"info","ts":1625234870.9843843,"logger":"tls.obtain","msg":"acquiring lock","identifier":"lordstrahdsfoundry.net"}
Jul  2 15:07:50 rpi-foundryserver caddy[955]: {"level":"info","ts":1625234870.985165,"logger":"tls.obtain","msg":"lock acquired","identifier":"lordstrahdsfoundry.net"}
Jul  2 15:07:50 rpi-foundryserver caddy[955]: {"level":"info","ts":1625234870.9915876,"logger":"tls.issuance.acme","msg":"waiting on internal rate limiter","identifiers":["lordstrahdsfoundry.net"]}
Jul  2 15:07:50 rpi-foundryserver caddy[955]: {"level":"info","ts":1625234870.991963,"logger":"tls.issuance.acme","msg":"done waiting on internal rate limiter","identifiers":["lordstrahdsfoundry.net"]}
Jul  2 15:07:52 rpi-foundryserver caddy[955]: {"level":"info","ts":1625234872.4436948,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"lordstrahdsfoundry.net","challenge_type":"http-01","ca":"https://acme-v02.api.letsencrypt.org/directory"}
Jul  2 15:08:03 rpi-foundryserver caddy[955]: {"level":"error","ts":1625234883.234457,"logger":"tls.issuance.acme.acme_client","msg":"challenge failed","identifier":"lordstrahdsfoundry.net","challenge_type":"http-01","status_code":400,"problem_type":"urn:ietf:params:acme:error:connection","error":"Fetching http://lordstrahdsfoundry.net/.well-known/acme-challenge/Qn5qYYZWz5gD7SKfFLN6-BVzRCNhWka4faDDLtvk2S0: Timeout during connect (likely firewall problem)"}
Jul  2 15:08:03 rpi-foundryserver caddy[955]: {"level":"error","ts":1625234883.234595,"logger":"tls.issuance.acme.acme_client","msg":"validating authorization","identifier":"lordstrahdsfoundry.net","error":"authorization failed: HTTP 400 urn:ietf:params:acme:error:connection - Fetching http://lordstrahdsfoundry.net/.well-known/acme-challenge/Qn5qYYZWz5gD7SKfFLN6-BVzRCNhWka4faDDLtvk2S0: Timeout during connect (likely firewall problem)","order":"https://acme-v02.api.letsencrypt.org/acme/order/122116871/10798927762","attempt":1,"max_attempts":3}
Jul  2 15:08:04 rpi-foundryserver caddy[955]: {"level":"info","ts":1625234884.7447214,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"lordstrahdsfoundry.net","challenge_type":"tls-alpn-01","ca":"https://acme-v02.api.letsencrypt.org/directory"}
Jul  2 15:08:15 rpi-foundryserver caddy[955]: {"level":"error","ts":1625234895.2371778,"logger":"tls.issuance.acme.acme_client","msg":"challenge failed","identifier":"lordstrahdsfoundry.net","challenge_type":"tls-alpn-01","status_code":400,"problem_type":"urn:ietf:params:acme:error:connection","error":"Timeout during connect (likely firewall problem)"}
Jul  2 15:08:15 rpi-foundryserver caddy[955]: {"level":"error","ts":1625234895.237309,"logger":"tls.issuance.acme.acme_client","msg":"validating authorization","identifier":"lordstrahdsfoundry.net","error":"authorization failed: HTTP 400 urn:ietf:params:acme:error:connection - Timeout during connect (likely firewall problem)","order":"https://acme-v02.api.letsencrypt.org/acme/order/122116871/10798931478","attempt":2,"max_attempts":3}
Jul  2 15:08:17 rpi-foundryserver caddy[955]: {"level":"info","ts":1625234897.0396469,"logger":"tls.issuance.acme","msg":"waiting on internal rate limiter","identifiers":["lordstrahdsfoundry.net"]}
Jul  2 15:08:17 rpi-foundryserver caddy[955]: {"level":"info","ts":1625234897.0397446,"logger":"tls.issuance.acme","msg":"done waiting on internal rate limiter","identifiers":["lordstrahdsfoundry.net"]}
Jul  2 15:08:18 rpi-foundryserver caddy[955]: {"level":"info","ts":1625234898.6998491,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"lordstrahdsfoundry.net","challenge_type":"http-01","ca":"https://acme.zerossl.com/v2/DV90"}
Jul  2 15:13:20 rpi-foundryserver caddy[955]: {"level":"error","ts":1625235200.7861743,"logger":"tls.obtain","msg":"will retry","error":"[lordstrahdsfoundry.net] Obtain: [lordstrahdsfoundry.net] solving challenges: [lordstrahdsfoundry.net] authorization took too long (order=https://acme.zerossl.com/v2/DV90/order/MmGW0CMJZA5v0oLc5CXACQ) (ca=https://acme.zerossl.com/v2/DV90)","attempt":1,"retrying_in":60,"elapsed":329.800676324,"max_duration":2592000}
Jul  2 15:14:22 rpi-foundryserver caddy[955]: {"level":"info","ts":1625235262.927726,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"lordstrahdsfoundry.net","challenge_type":"tls-alpn-01","ca":"https://acme-staging-v02.api.letsencrypt.org/directory"}
Jul  2 15:14:34 rpi-foundryserver caddy[955]: {"level":"error","ts":1625235274.2438662,"logger":"tls.issuance.acme.acme_client","msg":"challenge failed","identifier":"lordstrahdsfoundry.net","challenge_type":"tls-alpn-01","status_code":400,"problem_type":"urn:ietf:params:acme:error:connection","error":"Timeout during connect (likely firewall problem)"}
Jul  2 15:14:34 rpi-foundryserver caddy[955]: {"level":"error","ts":1625235274.2440023,"logger":"tls.issuance.acme.acme_client","msg":"validating authorization","identifier":"lordstrahdsfoundry.net","error":"authorization failed: HTTP 400 urn:ietf:params:acme:error:connection - Timeout during connect (likely firewall problem)","order":"https://acme-staging-v02.api.letsencrypt.org/acme/order/19350626/90961157","attempt":1,"max_attempts":3}
Jul  2 15:14:35 rpi-foundryserver caddy[955]: {"level":"info","ts":1625235275.5808399,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"lordstrahdsfoundry.net","challenge_type":"http-01","ca":"https://acme-staging-v02.api.letsencrypt.org/directory"}
Jul  2 15:14:46 rpi-foundryserver caddy[955]: {"level":"error","ts":1625235286.192138,"logger":"tls.issuance.acme.acme_client","msg":"challenge failed","identifier":"lordstrahdsfoundry.net","challenge_type":"http-01","status_code":400,"problem_type":"urn:ietf:params:acme:error:connection","error":"Fetching http://lordstrahdsfoundry.net/.well-known/acme-challenge/ZaSO0PdQ62NMbo-O8hNZ1M8m3mpZ4BJ2k88Fc5v_ly4: Timeout during connect (likely firewall problem)"}
Jul  2 15:14:46 rpi-foundryserver caddy[955]: {"level":"error","ts":1625235286.1922743,"logger":"tls.issuance.acme.acme_client","msg":"validating authorization","identifier":"lordstrahdsfoundry.net","error":"authorization failed: HTTP 400 urn:ietf:params:acme:error:connection - Fetching http://lordstrahdsfoundry.net/.well-known/acme-challenge/ZaSO0PdQ62NMbo-O8hNZ1M8m3mpZ4BJ2k88Fc5v_ly4: Timeout during connect (likely firewall problem)","order":"https://acme-staging-v02.api.letsencrypt.org/acme/order/19350626/90961314","attempt":2,"max_attempts":3}
Jul  2 15:14:50 rpi-foundryserver caddy[955]: {"level":"info","ts":1625235290.2536964,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"lordstrahdsfoundry.net","challenge_type":"http-01","ca":"https://acme.zerossl.com/v2/DV90"}
Jul  2 15:16:33 rpi-foundryserver caddy[955]: {"level":"warn","ts":1625235393.5877738,"logger":"tls.issuance.acme.acme_client","msg":"HTTP request failed; retrying","url":"https://acme.zerossl.com/v2/DV90/authz/SULzY2FGv71fAQdzIK7pLA","error":"performing request: Post \"https://acme.zerossl.com/v2/DV90/authz/SULzY2FGv71fAQdzIK7pLA\": http2: timeout awaiting response headers"}
Jul  2 15:16:48 rpi-foundryserver caddy[955]: {"level":"warn","ts":1625235408.8390636,"logger":"tls.issuance.acme.acme_client","msg":"HTTP request failed; retrying","url":"https://acme.zerossl.com/v2/DV90/authz/SULzY2FGv71fAQdzIK7pLA","error":"performing request: Post \"https://acme.zerossl.com/v2/DV90/authz/SULzY2FGv71fAQdzIK7pLA\": http2: timeout awaiting response headers"}
Jul  2 15:17:04 rpi-foundryserver caddy[955]: {"level":"warn","ts":1625235424.0903664,"logger":"tls.issuance.acme.acme_client","msg":"HTTP request failed; retrying","url":"https://acme.zerossl.com/v2/DV90/authz/SULzY2FGv71fAQdzIK7pLA","error":"performing request: Post \"https://acme.zerossl.com/v2/DV90/authz/SULzY2FGv71fAQdzIK7pLA\": http2: timeout awaiting response headers"}
Jul  2 15:17:19 rpi-foundryserver caddy[955]: {"level":"warn","ts":1625235439.0957985,"logger":"tls.issuance.acme.acme_client","msg":"HTTP request failed; retrying","url":"https://acme.zerossl.com/v2/DV90/authz/SULzY2FGv71fAQdzIK7pLA","error":"performing request: Post \"https://acme.zerossl.com/v2/DV90/authz/SULzY2FGv71fAQdzIK7pLA\": http2: timeout awaiting response headers"}
Jul  2 15:17:24 rpi-foundryserver caddy[955]: {"level":"warn","ts":1625235444.3936858,"logger":"tls.issuance.acme.acme_client","msg":"HTTP request failed; retrying","url":"https://acme.zerossl.com/v2/DV90/authz/SULzY2FGv71fAQdzIK7pLA","error":"performing request: Post \"https://acme.zerossl.com/v2/DV90/authz/SULzY2FGv71fAQdzIK7pLA\": read tcp 192.168.1.127:58182->91.199.212.80:443: read: connection reset by peer"}
Jul  2 15:17:25 rpi-foundryserver caddy[955]: {"level":"error","ts":1625235445.870941,"logger":"tls.obtain","msg":"will retry","error":"[lordstrahdsfoundry.net] Obtain: [lordstrahdsfoundry.net] solving challenges: [lordstrahdsfoundry.net] checking authorization status: request to https://acme.zerossl.com/v2/DV90/authz/SULzY2FGv71fAQdzIK7pLA failed after 1 attempts: performing request: Post \"https://acme.zerossl.com/v2/DV90/authz/SULzY2FGv71fAQdzIK7pLA\": http2: timeout awaiting response headers (order=https://acme.zerossl.com/v2/DV90/order/5vZi36ToPJFKjbcXlevxUQ) (ca=https://acme.zerossl.com/v2/DV90)","attempt":2,"retrying_in":120,"elapsed":574.885443454,"max_duration":2592000}
Jul  2 15:19:27 rpi-foundryserver caddy[955]: {"level":"info","ts":1625235567.0213702,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"lordstrahdsfoundry.net","challenge_type":"tls-alpn-01","ca":"https://acme-staging-v02.api.letsencrypt.org/directory"}
Jul  2 15:19:37 rpi-foundryserver caddy[955]: {"level":"error","ts":1625235577.7955604,"logger":"tls.issuance.acme.acme_client","msg":"challenge failed","identifier":"lordstrahdsfoundry.net","challenge_type":"tls-alpn-01","status_code":400,"problem_type":"urn:ietf:params:acme:error:connection","error":"Timeout during connect (likely firewall problem)"}
Jul  2 15:19:37 rpi-foundryserver caddy[955]: {"level":"error","ts":1625235577.7956796,"logger":"tls.issuance.acme.acme_client","msg":"validating authorization","identifier":"lordstrahdsfoundry.net","error":"authorization failed: HTTP 400 urn:ietf:params:acme:error:connection - Timeout during connect (likely firewall problem)","order":"https://acme-staging-v02.api.letsencrypt.org/acme/order/19350626/90964464","attempt":1,"max_attempts":3}
Jul  2 15:19:39 rpi-foundryserver caddy[955]: {"level":"info","ts":1625235579.1244073,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"lordstrahdsfoundry.net","challenge_type":"http-01","ca":"https://acme-staging-v02.api.letsencrypt.org/directory"}
Jul  2 15:19:49 rpi-foundryserver caddy[955]: {"level":"error","ts":1625235589.6050484,"logger":"tls.issuance.acme.acme_client","msg":"challenge failed","identifier":"lordstrahdsfoundry.net","challenge_type":"http-01","status_code":400,"problem_type":"urn:ietf:params:acme:error:connection","error":"Fetching http://lordstrahdsfoundry.net/.well-known/acme-challenge/NUGvCzD7_veAZM1QPXn-eVkFH0CN3ytnuz2sQuCkiBI: Timeout during connect (likely firewall problem)"}
Jul  2 15:19:49 rpi-foundryserver caddy[955]: {"level":"error","ts":1625235589.6051855,"logger":"tls.issuance.acme.acme_client","msg":"validating authorization","identifier":"lordstrahdsfoundry.net","error":"authorization failed: HTTP 400 urn:ietf:params:acme:error:connection - Fetching http://lordstrahdsfoundry.net/.well-known/acme-challenge/NUGvCzD7_veAZM1QPXn-eVkFH0CN3ytnuz2sQuCkiBI: Timeout during connect (likely firewall problem)","order":"https://acme-staging-v02.api.letsencrypt.org/acme/order/19350626/90964622","attempt":2,"max_attempts":3}
Jul  2 15:19:54 rpi-foundryserver caddy[955]: {"level":"info","ts":1625235594.2273943,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"lordstrahdsfoundry.net","challenge_type":"http-01","ca":"https://acme.zerossl.com/v2/DV90"}
Jul  2 15:24:56 rpi-foundryserver caddy[955]: {"level":"error","ts":1625235896.4177003,"logger":"tls.obtain","msg":"will retry","error":"[lordstrahdsfoundry.net] Obtain: [lordstrahdsfoundry.net] solving challenges: [lordstrahdsfoundry.net] authorization took too long (order=https://acme.zerossl.com/v2/DV90/order/ld7Cq8lD_1z9tRe5oFPlAQ) (ca=https://acme.zerossl.com/v2/DV90)","attempt":3,"retrying_in":120,"elapsed":1025.432202691,"max_duration":2592000}
Jul  2 15:26:58 rpi-foundryserver caddy[955]: {"level":"info","ts":1625236018.1556735,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"lordstrahdsfoundry.net","challenge_type":"tls-alpn-01","ca":"https://acme-staging-v02.api.letsencrypt.org/directory"}
Jul  2 15:27:08 rpi-foundryserver caddy[955]: {"level":"error","ts":1625236028.7245724,"logger":"tls.issuance.acme.acme_client","msg":"challenge failed","identifier":"lordstrahdsfoundry.net","challenge_type":"tls-alpn-01","status_code":400,"problem_type":"urn:ietf:params:acme:error:connection","error":"Timeout during connect (likely firewall problem)"}
Jul  2 15:27:08 rpi-foundryserver caddy[955]: {"level":"error","ts":1625236028.7272997,"logger":"tls.issuance.acme.acme_client","msg":"validating authorization","identifier":"lordstrahdsfoundry.net","error":"authorization failed: HTTP 400 urn:ietf:params:acme:error:connection - Timeout during connect (likely firewall problem)","order":"https://acme-staging-v02.api.letsencrypt.org/acme/order/19350626/90969435","attempt":1,"max_attempts":3}
Jul  2 15:27:10 rpi-foundryserver caddy[955]: {"level":"info","ts":1625236030.065087,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"lordstrahdsfoundry.net","challenge_type":"http-01","ca":"https://acme-staging-v02.api.letsencrypt.org/directory"}
Jul  2 15:27:20 rpi-foundryserver caddy[955]: {"level":"error","ts":1625236040.4316623,"logger":"tls.issuance.acme.acme_client","msg":"challenge failed","identifier":"lordstrahdsfoundry.net","challenge_type":"http-01","status_code":400,"problem_type":"urn:ietf:params:acme:error:connection","error":"Fetching http://lordstrahdsfoundry.net/.well-known/acme-challenge/nBhR0i64LXlMiztUb7K7RdIigi4b6mP6Yh0spG8VQiA: Timeout during connect (likely firewall problem)"}
Jul  2 15:27:20 rpi-foundryserver caddy[955]: {"level":"error","ts":1625236040.4341824,"logger":"tls.issuance.acme.acme_client","msg":"validating authorization","identifier":"lordstrahdsfoundry.net","error":"authorization failed: HTTP 400 urn:ietf:params:acme:error:connection - Fetching http://lordstrahdsfoundry.net/.well-known/acme-challenge/nBhR0i64LXlMiztUb7K7RdIigi4b6mP6Yh0spG8VQiA: Timeout during connect (likely firewall problem)","order":"https://acme-staging-v02.api.letsencrypt.org/acme/order/19350626/90969604","attempt":2,"max_attempts":3}
Jul  2 15:27:24 rpi-foundryserver caddy[955]: {"level":"info","ts":1625236044.2682493,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"lordstrahdsfoundry.net","challenge_type":"http-01","ca":"https://acme.zerossl.com/v2/DV90"}
Jul  2 15:31:08 rpi-foundryserver caddy[955]: {"level":"error","ts":1625236268.2882736,"logger":"tls.issuance.acme.acme_client","msg":"deactivating authorization","identifier":"lordstrahdsfoundry.net","authz":"https://acme.zerossl.com/v2/DV90/authz/M4l03TAhdVBCh4ykpC_LpA","error":"fetching new nonce from server: HTTP 504: "}
Jul  2 15:31:08 rpi-foundryserver caddy[955]: {"level":"error","ts":1625236268.2884767,"logger":"tls.obtain","msg":"will retry","error":"[lordstrahdsfoundry.net] Obtain: [lordstrahdsfoundry.net] solving challenges: [lordstrahdsfoundry.net] checking authorization status: fetching new nonce from server: HTTP 504:  (order=https://acme.zerossl.com/v2/DV90/order/2Dwdve69IZmehlPs2Nc9GQ) (ca=https://acme.zerossl.com/v2/DV90)","attempt":4,"retrying_in":300,"elapsed":1397.302979135,"max_duration":2592000}

5. What I already tried:

Honestly, not much. WAN networking isn’t really my area of expertise so I’m not sure what I should be looking at here to fix this.
I’ve checked ports 80 and 443 are both open in ufw on the rpi, but not much else.

6. Links to relevant resources:

Foundry VTT KB article on Caddy incase it’s needed.

That version doesn’t exist. Did you mean v2.3.0? In any case, please upgrade to the latest, v2.4.3.

This would be your systemd service config. Did you install with the APT package? In which case it would be in /lib/systemd/system/caddy.service. If you didn’t edit it then we know that’s the default, and that’s fine.

Are you sure that ports 80 and 443 for your server at that domain are properly exposed to the internet? Is there a firewall between your server and the web? Are you using some kind of CDN service in front of it? Let’s Encrypt and ZeroSSL look to be unable to reach your server, which is necessary to validate that you own that domain, to get a certificate.

Yeah, my bad. That was a typo. I’ve upgraded to 2.4.3 now though. Errors are still present.

I did install via apt and don’t remember changing anything in caddy.service so for the moment, it’s probably safe to assume it’s default.

There is a firewall, specifically ufw. sudo ufw status returns:

80/tcp                     ALLOW IN    Anywhere
443/tcp                    ALLOW IN    Anywhere
80/tcp (v6)                ALLOW IN    Anywhere (v6)
443/tcp (v6)               ALLOW IN    Anywhere (v6)

The ports appear open on the way in, and there are no rules blocking outwards connections on these ports.

No, I’m not using a CDN.

Is there a Let’s Encrypt or ZeroSSL server I can try pinging to test a connection is actually possible?

It’s not the connection from your server to LE/ZeroSSL that’s the issue, it’s incoming requests from them to your server.

Make sure your VPS provider isn’t blocking connections on ports 80/443, if you’re hosting this externally. If you’re running this at home, make sure your ISP allows connections on those ports (some don’t).

Ultimately this isn’t an issue with Caddy, but with some aspect of the networking between the ACME providers and your server. You’ll need to take a look at every link in the chain to make sure they aren’t blocking the connection.

1 Like

So, as @francislavoie states that the issue wasn’t Caddy, I tried disabling ufw. This didn’t resolve the problem so I moved onto my router as the next link. This didn’t have any firewall settings that would block ports 80 or 443 either, so that was out of the question.

However, just for the sake of it I went ahead and set up port forwarding for both of these ports to the RPi. It turns out this resolved everything and Caddy is now communicating with the ACME providers.

2 Likes

This topic was automatically closed after 30 days. New replies are no longer allowed.