Lxc with certbot behind caddy

1. Caddy version (caddy version):

2. How I run Caddy:

a. System environment:


b. Command:

systemctl start caddy

c. Service/unit/compose file:

After=network.target network-online.target

ExecStart=/usr/bin/caddy run --environ --config /etc/caddy/Caddyfile
ExecReload=/usr/bin/caddy reload --config /etc/caddy/Caddyfile


d. My complete Caddyfile or JSON config:

hvgh.de {
	reverse_proxy bbb

3. The problem I’m having:

I run caddy on the proxmox host. On this host I have an lxc container (hostname bbb) with ubuntu_18.04 on which I try to install bigbluebutton. The bbb install tries to use certbot for a certificate, I get the following error:

4. Error messages and/or full log output:

Saving debug log to /var/log/letsencrypt/letsencrypt.log

How would you like to authenticate with the ACME CA?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: Spin up a temporary webserver (standalone)
2: Place files in webroot directory (webroot)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 1
Plugins selected: Authenticator standalone, Installer None
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for hvgh.de
Waiting for verification...
Cleaning up challenges
Failed authorization procedure. hvgh.de (http-01): urn:ietf:params:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching https://hvgh.de/.well-known/acme-challenge/llWQ4CgibS8GnNWDplcq5gJDAEt23U_6b2O59rFFCbM: Redirect loop detected

 - The following errors were reported by the server:

   Domain: hvgh.de
   Type:   connection
   Detail: Fetching
   Redirect loop detected

   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A/AAAA record(s) for that domain
   contain(s) the right IP address. Additionally, please check that
   your computer has a publicly routable IP address and that no
   firewalls are preventing the server from communicating with the
   client. If you're using the webroot plugin, you should also verify
   that you are serving files from the webroot path you provided.

5. What I already tried:

6. Links to relevant resources:

Why are you using certbot if you’re using Caddy?

Caddy’s headlining feature is Automatic HTTPS, which includes fetching certificates from ACME issuers automatically. What’s happening here is Caddy is intercepting /.well-known/acme-challenge requests because that’s how Caddy can solve ACME challenges.

You don’t need to run certbot, since Caddy will secure the connection to the client. Just proxy to your upstream service over HTTP.

Yes, I know I don’t need certbot in this case. Problem is, that the bbb configuration script simply does this.

You’ll need to find a way to turn that off. This isn’t really an issue with Caddy, but with that software.

This topic was automatically closed after 30 days. New replies are no longer allowed.