I can't get a certificate

1. The problem I’m having:

nas.taiwan-homecloud.work.gd
I cant get cert.
I’m sure 80/443 is open.

2. Error messages and/or full log output:

2023/11/20 09:49:38.742	INFO	[INFO][FileStorage:/data/caddy] Lock for 'issue_cert_nas.taiwan-homecloud.work.gd' is stale (created: 2023-11-20 09:34:02.062307784 +0000 UTC, last update: 2023-11-20 09:39:33.944973061 +0000 UTC); removing then retrying: /data/caddy/locks/issue_cert_nas.taiwan-homecloud.work.gd.lock
2023/11/20 09:49:39.443	INFO	tls.obtain	lock acquired	{"identifier": "nas.taiwan-homecloud.work.gd"}
2023/11/20 09:49:39.444	INFO	tls.obtain	obtaining certificate	{"identifier": "nas.taiwan-homecloud.work.gd"}
2023/11/20 09:49:39.446	INFO	http	done waiting on internal rate limiter	{"identifiers": ["nas.taiwan-homecloud.work.gd"], "ca": "https://acme-v02.api.letsencrypt.org/directory", "account": "caddy@zerossl.com"}
2023/11/20 09:49:40.415	INFO	http.acme_client	trying to solve challenge	{"identifier": "nas.taiwan-homecloud.work.gd", "challenge_type": "http-01", "ca": "https://acme-v02.api.letsencrypt.org/directory"}
2023/11/20 09:49:41.046	INFO	http	served key authentication	{"identifier": "nas.taiwan-homecloud.work.gd", "challenge": "http-01", "remote": "3.16.111.66:10980", "distributed": false}
2023/11/20 09:55:13.466	WARN	http.acme_client	HTTP request failed; retrying	{"url": "https://acme.zerossl.com/v2/DV90/newNonce", "error": "performing request: Head \"https://acme.zerossl.com/v2/DV90/newNonce\": http2: timeout awaiting response headers (Client.Timeout exceeded while awaiting headers)"}
2023/11/20 09:56:13.969	ERROR	tls.obtain	could not get certificate from issuer	{"identifier": "nas.taiwan-homecloud.work.gd", "issuer": "acme.zerossl.com-v2-DV90", "error": "[nas.taiwan-homecloud.work.gd] creating new order: fetching new nonce from server: performing request: Head \"https://acme.zerossl.com/v2/DV90/newNonce\": http2: timeout awaiting response headers (Client.Timeout exceeded while awaiting headers) (ca=https://acme.zerossl.com/v2/DV90)"}
2023/11/20 09:56:13.969	ERROR	tls.obtain	will retry	{"error": "[nas.taiwan-homecloud.work.gd] Obtain: [nas.taiwan-homecloud.work.gd] creating new order: fetching new nonce from server: performing request: Head \"https://acme.zerossl.com/v2/DV90/newNonce\": http2: timeout awaiting response headers (Client.Timeout exceeded while awaiting headers) (ca=https://acme.zerossl.com/v2/DV90)", "attempt": 1, "retrying_in": 60, "elapsed": 92.171067261, "max_duration": 2592000}
2023/11/20 10:10:38.057	ERROR	http.acme_client	challenge failed	{"identifier": "nas.taiwan-homecloud.work.gd", "challenge_type": "tls-alpn-01", "problem": {"type": "urn:ietf:params:acme:error:dns", "title": "", "detail": "DNS problem: query timed out looking up CAA for work.gd", "instance": "", "subproblems": []}}
2023/11/20 10:18:21.622	ERROR	tls.obtain	could not get certificate from issuer	{"identifier": "nas.taiwan-homecloud.work.gd", "issuer": "acme.zerossl.com-v2-DV90", "error": "[nas.taiwan-homecloud.work.gd] creating new order: fetching new nonce from server: HTTP 504:  (ca=https://acme.zerossl.com/v2/DV90)"}

2023/11/20 10:38:44.312 ERROR tls.obtain could not get certificate from issuer {"identifier": "nas.taiwan-homecloud.work.gd", "issuer": "acme.zerossl.com-v2-DV90", "error": "[nas.taiwan-homecloud.work.gd] finalizing order https://acme.zerossl.com/v2/DV90/order/yw9MOEfzSyJpjEm8rxd-rA: order took too long (ca=https://acme.zerossl.com/v2/DV90)"}
2023/11/20 10:38:44.312 ERROR tls.obtain will retry {"error": "[nas.taiwan-homecloud.work.gd] Obtain: [nas.taiwan-homecloud.work.gd] finalizing order https://acme.zerossl.com/v2/DV90/order/yw9MOEfzSyJpjEm8rxd-rA: order took too long (ca=https://acme.zerossl.com/v2/DV90)", "attempt": 6, "retrying_in": 1200, "elapsed": 2642.513829166, "max_duration": 2592000}

3. Caddy version:

v2.7.5

4. How I installed and ran Caddy:

a. System environment:

docker

b. Command:

dockerhub download image
docker run

c. Service/unit/compose file:

I build in Synology NAS.

d. My complete Caddy config:

nas.taiwan-homecloud.work.gd {
	log {
    	output file /data/logs/nas.log {
			roll_size 9mb
			roll_keep 3
			roll_keep_for 720h
			roll_local_time
		}
		import log_format
    }
	encode zstd gzip
	reverse_proxy 192.168.10.253:5000 {
		flush_interval -1
	}
}

5. Links to relevant resources:

Looks like Caddy failed to connect to ZeroSSL servers. They might be having downtime.

Did Caddy try to issue with Let’s Encrypt as well? It should be trying both.

Both have been tried. Let’s Encrypt has rate limitations, and ZeroSSL is just left to see when it succeeds.

What do you mean? You didn’t show that in your logs.

I did not attach the Let’s Encrypt logs because I have been using ZeroSSL before, and it is currently functioning properly. The issue earlier might have been related to the ZeroSSL server.

ty for your help.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.