I made a mistake while setting up my DNS records and I want to restart the process of issuing a certificate for that domain. How can I do that? Where is caddy storing the certificate files/keys?
Also, I am running caddy in ubuntu linux, is journalctl -e -u caddy the recommended way to see what caddy is doing? Regarding logs, since caddy uses json logs, the output can be difficult to read. What do you use to make sense of the logs directly in the console? I was thinking using jq but I thought I’d ask what other users are using.
See the docs here, including the recommended command to see your logs:
If Caddy failed to issue them, then it will just try again after some delay.
If you killed Caddy while it had an active lock file written to disk, then it might take longer for it to retry. You can wipe out Caddy’s storage (see the Keep Caddy Running doc which explains where the storage location is as well).
As you mentioned, Caddy tried again and setup the certificates correctly after my dns record fixes.
I thought Caddy was using letsencrypt but it is using zerossl for the certs. I am fine with that. It seems zerossl has no rate limit. That is probably why you switched to use them by default instead of LE (?).
Thank you for sending that doc. What is you preferred way to quickly inspect/read the Caddy logs? Do you just read the json directly or you use some other tools (jq ?) to make json more readable?
Caddy uses both, but will try LE first. If LE fails then it’ll try ZeroSSL. And you’re right, it generally doesn’t matter which is used, browsers only care that it’s signed by a trusted CA.
I generally just read it directly, maybe grep if I’m looking for something specific. With less you can use / then type a search query immediately after and hit enter to find a match. Use ? to search backwards the same way. Don’t forget to use your pgup/pgdn keys to go faster.
You can use jq though, but it depends what you want to do.