I can't seem to get Caddy to work anymore over HTTP01?

alexellisuk · April 3, 2020, 4:01pm

1. My Caddy version (`caddy version`):

./caddy version
2020/04/03 16:58:22 args:2 - Error during parsing: Unknown directive 'version'

It’s the latest 1.x release on GitHub on MacOS

2. How I run Caddy:

I can’t seem to get Caddy to work anymore?

a. System environment:

IP is: 134.122.101.204

DNS A record exists:

ping -c 1 134.122.101.204
PING 134.122.101.204 (134.122.101.204): 56 data bytes
64 bytes from 134.122.101.204: icmp_seq=0 ttl=49 time=17.525 ms

ping -c 1 dashboard.myfaas.club
PING dashboard.myfaas.club (34.122.101.204): 56 data bytes

b. Command:

sudo ./caddy

sudo was required to access port 80 and 443, when I omitted sudo, then it ran with the tls-alpn-01 solver which also didn’t work

c. Service/unit/compose file:

paste full file contents here

d. My complete Caddyfile or JSON config:

dashboard.myfaas.club

proxy / 127.0.0.1:3000 {
  transparent
}

3. The problem I’m having:

I’d like to get a TLS cert over HTTP01

4. Error messages and/or full log output:

space-mini:caddy_v1.0.4_darwin_amd64 alex$ sudo ./caddy
Password:
Activating privacy features... 2020/04/03 16:56:15 [INFO] [dashboard.myfaas.club] acme: Obtaining bundled SAN certificate
2020/04/03 16:56:15 [INFO] [dashboard.myfaas.club] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/3738850036
2020/04/03 16:56:15 [INFO] [dashboard.myfaas.club] acme: Could not find solver for: tls-alpn-01
2020/04/03 16:56:15 [INFO] [dashboard.myfaas.club] acme: use http-01 solver
2020/04/03 16:56:15 [INFO] [dashboard.myfaas.club] acme: Trying to solve HTTP-01
2020/04/03 16:56:30 [INFO] Deactivating auth: https://acme-v02.api.letsencrypt.org/acme/authz-v3/3738850036
2020/04/03 16:56:30 [INFO] Unable to deactivate the authorization: https://acme-v02.api.letsencrypt.org/acme/authz-v3/3738850036
2020/04/03 16:56:31 [INFO] [dashboard.myfaas.club] acme: Obtaining bundled SAN certificate
2020/04/03 16:56:32 [INFO] [dashboard.myfaas.club] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/3738853539
2020/04/03 16:56:32 [INFO] [dashboard.myfaas.club] acme: Could not find solver for: tls-alpn-01
2020/04/03 16:56:32 [INFO] [dashboard.myfaas.club] acme: use http-01 solver
2020/04/03 16:56:32 [INFO] [dashboard.myfaas.club] acme: Trying to solve HTTP-01
2020/04/03 16:56:44 [INFO] Deactivating auth: https://acme-v02.api.letsencrypt.org/acme/authz-v3/3738853539
2020/04/03 16:56:44 [INFO] Unable to deactivate the authorization: https://acme-v02.api.letsencrypt.org/acme/authz-v3/3738853539
2020/04/03 16:56:45 [INFO] [dashboard.myfaas.club] acme: Obtaining bundled SAN certificate
2020/04/03 16:56:47 [INFO] [dashboard.myfaas.club] acme: Obtaining bundled SAN certificate
2020/04/03 16:56:48 [INFO] [dashboard.myfaas.club] acme: Obtaining bundled SAN certificate
2020/04/03 16:56:49 [INFO] [dashboard.myfaas.club] acme: Obtaining bundled SAN certificate
2020/04/03 16:56:50 failed to obtain certificate: acme: error: 429 :: POST :: https://acme-v02.api.letsencrypt.org/acme/new-order :: urn:ietf:params:acme:error:rateLimited :: Error creating new order :: too many failed authorizations recently: see https://letsencrypt.org/docs/rate-limits/, url:

5. What I already tried:

space-mini:caddy_v1.0.4_darwin_amd64 alex$ ./caddy
Activating privacy features... 

Your sites will be served over HTTPS automatically using Let's Encrypt.
By continuing, you agree to the Let's Encrypt Subscriber Agreement at:
  https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf
Please enter your email address to signify agreement and to be notified
in case of issues. You can leave it blank, but we don't recommend it.
  Email address: web@openfaas.com
2020/04/03 16:46:48 [INFO] acme: Registering account for web@openfaas.com
2020/04/03 16:46:48 [INFO] [dashboard.myfaas.club] acme: Obtaining bundled SAN certificate
2020/04/03 16:46:49 [INFO] [dashboard.myfaas.club] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/3738725881
2020/04/03 16:46:49 [INFO] [dashboard.myfaas.club] acme: use tls-alpn-01 solver
2020/04/03 16:46:49 [INFO] [dashboard.myfaas.club] acme: Trying to solve TLS-ALPN-01
2020/04/03 16:47:05 [INFO] Deactivating auth: https://acme-v02.api.letsencrypt.org/acme/authz-v3/3738725881
2020/04/03 16:47:05 [INFO] Unable to deactivate the authorization: https://acme-v02.api.letsencrypt.org/acme/authz-v3/3738725881
2020/04/03 16:47:06 [INFO] [dashboard.myfaas.club] acme: Obtaining bundled SAN certificate
2020/04/03 16:47:06 [INFO] [dashboard.myfaas.club] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/3738729880
2020/04/03 16:47:06 [INFO] [dashboard.myfaas.club] acme: use tls-alpn-01 solver
2020/04/03 16:47:06 [INFO] [dashboard.myfaas.club] acme: Trying to solve TLS-ALPN-01
2020/04/03 16:47:25 [INFO] Deactivating auth: https://acme-v02.api.letsencrypt.org/acme/authz-v3/3738729880
2020/04/03 16:47:25 [INFO] Unable to deactivate the authorization: https://acme-v02.api.letsencrypt.org/acme/authz-v3/3738729880
2020/04/03 16:47:26 [INFO] [dashboard.myfaas.club] acme: Obtaining bundled SAN certificate
2020/04/03 16:47:26 [INFO] [dashboard.myfaas.club] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/3738734240
2020/04/03 16:47:26 [INFO] [dashboard.myfaas.club] acme: use tls-alpn-01 solver
2020/04/03 16:47:26 [INFO] [dashboard.myfaas.club] acme: Trying to solve TLS-ALPN-01

Also curl to the upstream is working OK

curl 127.0.0.1:3000
<a href="/login">Found</a>.

I also tried using additional ca flags to use staging and to force off the alpn solver:

sudo ./caddy -ca=https://acme-staging-v02.api.letsencrypt.org/directory -disable-tls-alpn-challenge
Activating privacy features... 2020/04/03 17:11:49 [INFO] [dashboard.myfaas.club] acme: Obtaining bundled SAN certificate
2020/04/03 17:11:50 [INFO] [dashboard.myfaas.club] AuthURL: https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/47273662
2020/04/03 17:11:50 [INFO] [dashboard.myfaas.club] acme: Could not find solver for: tls-alpn-01
2020/04/03 17:11:50 [INFO] [dashboard.myfaas.club] acme: use http-01 solver
2020/04/03 17:11:50 [INFO] [dashboard.myfaas.club] acme: Trying to solve HTTP-01
2020/04/03 17:12:06 [INFO] Deactivating auth: https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/47273662
2020/04/03 17:12:07 [INFO] Unable to deactivate the authorization: https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/47273662
2020/04/03 17:12:08 [INFO] [dashboard.myfaas.club] acme: Obtaining bundled SAN certificate
2020/04/03 17:12:08 [INFO] [dashboard.myfaas.club] AuthURL: https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/47273734
2020/04/03 17:12:08 [INFO] [dashboard.myfaas.club] acme: Could not find solver for: tls-alpn-01
2020/04/03 17:12:08 [INFO] [dashboard.myfaas.club] acme: use http-01 solver
2020/04/03 17:12:08 [INFO] [dashboard.myfaas.club] acme: Trying to solve HTTP-01

6. Links to relevant resources:

This is for a tutorial in draft, but I can’t complete it if I can’t get it working, so I need some assistance.

alexellisuk · April 3, 2020, 4:39pm

This doesn’t seem right at all, when the DNS name resolves, but I can’t curl a port (this time without Caddy)

Deleting and re-creating the DNS entry with a different name worked: Expose your private Grafana dashboards with TLS

It would have been nice to have got better debugging messages from Caddy 1 and I couldn’t find out how to do that. Someone suggested -logs but that flag doesn’t seem to exist.

francislavoie · April 3, 2020, 4:49pm

https://caddyserver.com/v1/docs/cli

It’s -log.

You got rate limited by Let’s Encrypt for too many failed attempts.

Glad you figured it out! I recommend you try out Caddy v2, it just got its first release candidate!

system · May 3, 2020, 4:49pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.