1. The problem I’m having:
Using Caddy-Docker-Proxy, I have had no issues at all.
Suddenly Caddy-Docker-Proxy throws errors, mostly for local domains. Now I can’t even access the internet domain.
2. Error messages and/or full log output:
ERR ERR ERR ERR ERR ERR ERR ERR ts=1696091998.9417098 ERR ERR ERR ERR ERR ERR ERR ERR ts=1696091998.9417098 logger=tls.obtain ERR ERR ERR ERR ERR ERR ERR ERR ts=1696091998.9417098 ERR ERR ERR ERR ERR ERR ERR ERR ts=1696091998.9417098 logger=tls.obtain msg=could not get certificate from issuer ERR ERR ERR ERR ERR ERR ERR ERR ts=1696091998.9417098 ERR ERR ERR ERR ERR ERR ERR ERR ts=1696091998.9417098 logger=tls.obtain ERR ERR ERR ERR ERR ERR ERR ERR ts=1696091998.9417098 ERR ERR ERR ERR ERR ERR ERR ERR ts=1696091998.9417098 logger=tls.obtain msg=could not get certificate from issuer identifier=unifi.o ERR ERR ERR ERR ERR ERR ERR ERR ts=1696091998.9417098 ERR ERR ERR ERR ERR ERR ERR ERR ts=1696091998.9417098 logger=tls.obtain ERR ERR ERR ERR ERR ERR ERR ERR ts=1696091998.9417098 ERR ERR ERR ERR ERR ERR ERR ERR ts=1696091998.9417098 logger=tls.obtain msg=could not get certificate from issuer ERR ERR ERR ERR ERR ERR ERR ERR ts=1696091998.9417098 ERR ERR ERR ERR ERR ERR ERR ERR ts=1696091998.9417098 logger=tls.obtain ERR ERR ERR ERR ERR ERR ERR ERR ts=1696091998.9417098 ERR ERR ERR ERR ERR ERR ERR ERR ts=1696091998.9417098 logger=tls.obtain msg=could not get certificate from issuer identifier=unifi.o issuer=acme-v02.api.letsencrypt.org-directory ERR ERR ERR ERR ERR ERR ERR ERR ts=1696091998.9417098 ERR ERR ERR ERR ERR ERR ERR ERR ts=1696091998.9417098 logger=tls.obtain ERR ERR ERR ERR ERR ERR ERR ERR ts=1696091998.9417098 ERR ERR ERR ERR ERR ERR ERR ERR ts=1696091998.9417098 logger=tls.obtain msg=could not get certificate from issuer ERR ERR ERR ERR ERR ERR ERR ERR ts=1696091998.9417098 ERR ERR ERR ERR ERR ERR ERR ERR ts=1696091998.9417098 logger=tls.obtain ERR ERR ERR ERR ERR ERR ERR ERR ts=1696091998.9417098 ERR ERR ERR ERR ERR ERR ERR ERR ts=1696091998.9417098 logger=tls.obtain msg=could not get certificate from issuer identifier=unifi.o ERR ERR ERR ERR ERR ERR ERR ERR ts=1696091998.9417098 ERR ERR ERR ERR ERR ERR ERR ERR ts=1696091998.9417098 logger=tls.obtain ERR ERR ERR ERR ERR ERR ERR ERR ts=1696091998.9417098 ERR ERR ERR ERR ERR ERR ERR ERR ts=1696091998.9417098 logger=tls.obtain msg=could not get certificate from issuer ERR ERR ERR ERR ERR ERR ERR ERR ts=1696091998.9417098 ERR ERR ERR ERR ERR ERR ERR ERR ts=1696091998.9417098 logger=tls.obtain ERR ERR ERR ERR ERR ERR ERR ERR ts=1696091998.9417098 ERR ERR ERR ERR ERR ERR ERR ERR ts=1696091998.9417098
specificallly:
logger=tls.obtain msg=could not get certificate from issuer identifier=unifi.o issuer=acme-v02.api.letsencrypt.org-directory error=HTTP 400 urn:ietf:params:acme:error:rejectedIdentifier - Error creating new order :: Cannot issue for "unifi.o": Domain name does not end with a valid public suffix (TLD)
I had no trouble exposing my docker containers to my local network only: docker.o, adguard.o etc for my local services that I only want to access within my network. Now suddenly there are issues.
3. Caddy version:
I use the latest image from caddy-docker-proxy.
This should use Caddy version 2.7.3.
4. How I installed and ran Caddy:
a. System environment:
Manjaro Gnome running docker and docker compose
b. Command:
docker compose up
c. Service/unit/compose file:
caddy-proxy:
container_name: net-caddy-proxy
image: lucaslorentz/caddy-docker-proxy:ci-alpine
restart: always
networks:
- net-caddy-proxy
environment:
- CADDY_INGRESS_NETWORKS=net-caddy-proxy
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- $DOCKERDIR/networking/caddy-proxy/caddy_data:/data
- $DOCKERDIR/networking/caddy-proxy/config:/config
extra_hosts:
- host.docker.internal:host-gateway
ports:
- 443:443
- 80:80
labels:
caddy.email: $EMAIL
caddy_0: http://adguard.o
caddy_0.reverse_proxy: host.docker.internal:3000
caddy_1: http://vpn.o
caddy_1.reverse_proxy: host.docker.internal:5000
caddy_2: https://unifi.o
caddy_2.reverse_proxy: host.docker.internal:8080
d. My complete Caddy config:
caddyfile={
email notasterix@notasterix.cloud
}
drive.notasterix.cloud {
encode gzip
file_server
header {
Strict-Transport-Security max-age=15768000;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-XSS-Protection "1; mode=block;"
}
reverse_proxy 172.18.0.10:80 {
header_up Host drive.notasterix.cloud
}
}
firefox.notasterix.cloud {
reverse_proxy 172.18.0.8:5000
}
http://adguard.o {
reverse_proxy host.docker.internal:3000
}
http://bazarr.o {
reverse_proxy 172.18.0.16:6767
}
http://docker.o {
reverse_proxy 172.18.0.6:9000
}
http://downloads.o {
reverse_proxy 172.18.0.7:8080
}
http://g.o {
reverse_proxy 172.18.0.9:3000
}
http://jellyfin.o {
reverse_proxy 172.18.0.3:8096
}
http://lidarr.o {
reverse_proxy 172.18.0.14:8686
}
http://radarr.o {
reverse_proxy 172.18.0.13:7878
}
http://sonarr.o {
reverse_proxy 172.18.0.15:8989
}
http://torrents.o {
reverse_proxy 172.18.0.12:9696
}
http://vpn.o {
reverse_proxy host.docker.internal:5000
}
https://unifi.o {
reverse_proxy host.docker.internal:8080
}
office.notasterix.cloud {
encode gzip
reverse_proxy 172.18.0.11:80
}
remote.notasterix.cloud {
reverse_proxy 172.18.0.5:8080
}
vault.notasterix.cloud {
encode gzip
header {
X-Content-Type-Options none
X-Frame-Options DENY
X-XSS-Protection "1; mode=block;"
}
reverse_proxy /notifications/hub 172.18.0.4:3012
reverse_proxy /notifications/hub/negotiate 172.18.0.4:80
reverse_proxy 172.18.0.4:80
}
5. Links to relevant resources:
My actual domain is the other main character of the comic books (not asterix but…)