Issues configuring Caddy with DuckDNS for remote Jellyfin access

1. The problem I’m having: I cannot get my Caddy to run as it fails to communicate with DuckDNS

2. Error messages and/or full log output:

2025/01/13 04:19:07.861 ←[34mINFO←[0m   trying to solve challenge       {"identifier": "netflixkiller.duckdns.org", "challenge_type": "tls-alpn-01", "ca": "https://acme-staging-v02.api.letsencrypt.org/directory"}
2025/01/13 04:19:18.292 ←[31mERROR←[0m  challenge failed        {"identifier": "netflixkiller.duckdns.org", "challenge_type": "tls-alpn-01", "problem": {"type": "urn:ietf:params:acme:error:connection", "title": "", "detail": "IP ADDRESS: Timeout during connect (likely firewall problem)", "instance": "", "subproblems": null}}
github.com/mholt/acmez/v3.(*Client).pollAuthorization
        github.com/mholt/acmez/v3@v3.0.0/client.go:557
github.com/mholt/acmez/v3.(*Client).solveChallenges
        github.com/mholt/acmez/v3@v3.0.0/client.go:378
github.com/mholt/acmez/v3.(*Client).ObtainCertificate
        github.com/mholt/acmez/v3@v3.0.0/client.go:136
github.com/caddyserver/certmagic.(*ACMEIssuer).doIssue
        github.com/caddyserver/certmagic@v0.21.6/acmeissuer.go:477
github.com/caddyserver/certmagic.(*ACMEIssuer).Issue
        github.com/caddyserver/certmagic@v0.21.6/acmeissuer.go:371
github.com/caddyserver/caddy/v2/modules/caddytls.(*ACMEIssuer).Issue
        github.com/caddyserver/caddy/v2@v2.9.1/modules/caddytls/acmeissuer.go:249
github.com/caddyserver/certmagic.(*Config).obtainCert.func2
        github.com/caddyserver/certmagic@v0.21.6/config.go:626
github.com/caddyserver/certmagic.doWithRetry
        github.com/caddyserver/certmagic@v0.21.6/async.go:104
github.com/caddyserver/certmagic.(*Config).obtainCert
        github.com/caddyserver/certmagic@v0.21.6/config.go:700
github.com/caddyserver/certmagic.(*Config).ObtainCertAsync
        github.com/caddyserver/certmagic@v0.21.6/config.go:505
github.com/caddyserver/certmagic.(*Config).manageOne.func1
        github.com/caddyserver/certmagic@v0.21.6/config.go:415
github.com/caddyserver/certmagic.(*jobManager).worker
        github.com/caddyserver/certmagic@v0.21.6/async.go:73
2025/01/13 04:19:18.293 ←[31mERROR←[0m  validating authorization        {"identifier": "netflixkiller.duckdns.org", "problem": {"type": "urn:ietf:params:acme:error:connection", "title": "", "detail": "IP ADDRESS: Timeout during connect (likely firewall problem)", "instance": "", "subproblems": null}, "order": "https://acme-staging-v02.api.letsencrypt.org/acme/order/179867744/21960008534", "attempt": 2, "max_attempts": 3}
github.com/mholt/acmez/v3.(*Client).ObtainCertificate
        github.com/mholt/acmez/v3@v3.0.0/client.go:152
github.com/caddyserver/certmagic.(*ACMEIssuer).doIssue
        github.com/caddyserver/certmagic@v0.21.6/acmeissuer.go:477
github.com/caddyserver/certmagic.(*ACMEIssuer).Issue
        github.com/caddyserver/certmagic@v0.21.6/acmeissuer.go:371
github.com/caddyserver/caddy/v2/modules/caddytls.(*ACMEIssuer).Issue
        github.com/caddyserver/caddy/v2@v2.9.1/modules/caddytls/acmeissuer.go:249
github.com/caddyserver/certmagic.(*Config).obtainCert.func2
        github.com/caddyserver/certmagic@v0.21.6/config.go:626
github.com/caddyserver/certmagic.doWithRetry
        github.com/caddyserver/certmagic@v0.21.6/async.go:104
github.com/caddyserver/certmagic.(*Config).obtainCert
        github.com/caddyserver/certmagic@v0.21.6/config.go:700
github.com/caddyserver/certmagic.(*Config).ObtainCertAsync
        github.com/caddyserver/certmagic@v0.21.6/config.go:505
github.com/caddyserver/certmagic.(*Config).manageOne.func1
        github.com/caddyserver/certmagic@v0.21.6/config.go:415
github.com/caddyserver/certmagic.(*jobManager).worker
        github.com/caddyserver/certmagic@v0.21.6/async.go:73
2025/01/13 04:19:18.298 ←[31mERROR←[0m  tls.obtain      could not get certificate from issuer   {"identifier": "netflixkiller.duckdns.org", "issuer": "acme-v02.api.letsencrypt.org-directory", "error": "HTTP 400 urn:ietf:params:acme:error:connection - IP ADDRESS: Timeout during connect (likely firewall problem)"}
2025/01/13 04:19:18.298 ←[31mERROR←[0m  tls.obtain      will retry      {"error": "[netflixkiller.duckdns.org] Obtain: [netflixkiller.duckdns.org] solving challenge: netflixkiller.duckdns.org: [netflixkiller.duckdns.org] authorization failed: HTTP 400 urn:ietf:params:acme:error:connection - IP ADDRESS: Timeout during connect (likely firewall problem) (ca=https://acme-staging-v02.api.letsencrypt.org/directory)", "attempt": 4, "retrying_in": 300, "elapsed": 368.3353126, "max_duration": 2592000}

3. Caddy version: 2.9.1.0

4. How I installed and ran Caddy: Installed on Windows from Download Caddy and attempted to run with ./caddy run --config Caddyfile using Powershell

a. System environment: Windows 10, no Docker.

b. Command:

./caddy run --config Caddyfile.

d. My complete Caddy config:

netflixkiller.duckdns.org {
    reverse_proxy 127.0.0.1:8096
}

5. Links to relevant resources: https://www.youtube.com/watch?v=AEyhpuWeiTk | Download Caddy | https://www.duckdns.org/

Your Caddyfile doesn’t seem to include any DuckDNS configuration. Because of that, Caddy is attempting to obtain its certificate via TLS-ALPN-01 challenge, but it’s failing since your Caddy instance isn’t reachable from the Internet to complete the challenge.

Try searching this forum for other DuckDNS posts—you might find something relevant about using the DuckDNS module. For example:

https://caddy.community/t/failure-to-obtain-certificate-from-issuer-with-duckdns/19411

Thank you, it is now connecting to the service, but now I have a new issue where Caddy won’t connect to any ports I’ve opened in my router settings and firewall.

<– PS C:\Users\stuff> cd C:\tools\Caddy
PS C:\tools\Caddy> ./caddy run --config Caddyfile
2025/01/13 08:21:21.759 ←[34mINFO←[0m using config from file {“file”: “Caddyfile”}
2025/01/13 08:21:21.763 ←[34mINFO←[0m adapted config to JSON {“adapter”: “caddyfile”}
2025/01/13 08:21:21.777 ←[34mINFO←[0m admin admin endpoint started {“address”: “localhost:2019”, “enforce_origin”: false, “origins”: [“//127.0.0.1:2019”, “//localhost:2019”, “//[::1]:2019”]}
2025/01/13 08:21:21.777 ←[34mINFO←[0m tls.cache.maintenance started background certificate maintenance {“cache”: “0xc000198380”}
2025/01/13 08:21:21.778 ←[34mINFO←[0m http.auto_https server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS {“server_name”: “srv0”, “https_port”: 443}
2025/01/13 08:21:21.778 ←[34mINFO←[0m http.auto_https enabling automatic HTTP->HTTPS redirects {“server_name”: “srv0”}
2025/01/13 08:21:21.779 ←[34mINFO←[0m http enabling HTTP/3 listener {“addr”: “:443”}
2025/01/13 08:21:21.779 ←[34mINFO←[0m http.log server running {“name”: “srv0”, “protocols”: [“h1”, “h2”, “h3”]}
2025/01/13 08:21:21.780 ←[33mWARN←[0m http HTTP/2 skipped because it requires TLS {“network”: “tcp”, “addr”: “:80”}
2025/01/13 08:21:21.780 ←[33mWARN←[0m http HTTP/3 skipped because it requires TLS {“network”: “tcp”, “addr”: “:80”}
2025/01/13 08:21:21.780 ←[34mINFO←[0m http.log server running {“name”: “remaining_auto_https_redirects”, “protocols”: [“h1”, “h2”, “h3”]}
2025/01/13 08:21:21.780 ←[34mINFO←[0m http enabling automatic TLS certificate management {“domains”: [“netflixkiller.duckdns.org”]}
2025/01/13 08:21:21.782 ←[34mINFO←[0m autosaved config (load with --resume flag) {“file”: “C:\Users\stuff\AppData\Roaming\Caddy\autosave.json”}
2025/01/13 08:21:21.782 ←[34mINFO←[0m serving initial configuration
2025/01/13 08:21:21.789 ←[34mINFO←[0m tls storage cleaning happened too recently; skipping for now {“storage”: “FileStorage:C:\Users\stuff\AppData\Roaming\Caddy”, “instance”: “4dd457a1-b542-40f8-b28b-edac5e2136f2”, “try_again”: “2025/01/14 08:21:21.789”, “try_again_in”: 86400}
2025/01/13 08:21:21.790 ←[34mINFO←[0m tls finished cleaning storage units –
>

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.