1. The problem I’m having:
I’m just trying to set up a simple web server for a website that has frontend and backend reverse proxy and a certificate obtain/renewing. Also I double checked the cPanel of my domain provider, everything is properly configured and I created an A record pointing to public IP of my EC2 instance
2. Error messages and/or full log output:
caddy | {"level":"error","ts":1684234642.087624,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"parkovins.rs","issuer":"acme-v02.api.letsencrypt.org-directory","error":"HTTP 403 urn:ietf:params:acme:error:unauthorized - Cannot negotiate ALPN protocol \"acme-tls/1\" for tls-alpn-01 challenge"}
caddy | {"level":"info","ts":1684234642.8903217,"logger":"tls.issuance.zerossl","msg":"generated EAB credentials","key_id":"NzGCWJjJU8XXbK037n9FpA"}
caddy | {"level":"info","ts":1684234643.624006,"logger":"http","msg":"waiting on internal rate limiter","identifiers":["parkovins.rs"],"ca":"https://acme.zerossl.com/v2/DV90","account":"office@datadrill.io"}
caddy | {"level":"info","ts":1684234643.6240368,"logger":"http","msg":"done waiting on internal rate limiter","identifiers":["parkovins.rs"],"ca":"https://acme.zerossl.com/v2/DV90","account":"office@datadrill.io"}
caddy | {"level":"info","ts":1684234644.146425,"logger":"http.acme_client","msg":"trying to solve challenge","identifier":"parkovins.rs","challenge_type":"http-01","ca":"https://acme.zerossl.com/v2/DV90"}
caddy | {"level":"error","ts":1684234649.780045,"logger":"http.acme_client","msg":"challenge failed","identifier":"parkovins.rs","challenge_type":"http-01","problem":{"type":"","title":"","detail":"","instance":"","subproblems":[]}}
caddy | {"level":"error","ts":1684234649.7800872,"logger":"http.acme_client","msg":"validating authorization","identifier":"parkovins.rs","problem":{"type":"","title":"","detail":"","instance":"","subproblems":[]},"order":"https://acme.zerossl.com/v2/DV90/order/74SZaGau22bHakgHcRZWOw","attempt":1,"max_attempts":3}
caddy | {"level":"error","ts":1684234649.7801142,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"parkovins.rs","issuer":"acme.zerossl.com-v2-DV90","error":"HTTP 0 - "}
caddy | {"level":"error","ts":1684234649.7801986,"logger":"tls.obtain","msg":"will retry","error":"[parkovins.rs] Obtain: [parkovins.rs] solving challenge: parkovins.rs: [parkovins.rs] authorization failed: HTTP 0 - (ca=https://acme.zerossl.com/v2/DV90)","attempt":1,"retrying_in":60,"elapsed":12.01381492,"max_duration":2592000}
caddy | {"level":"info","ts":1684234709.7810264,"logger":"tls.obtain","msg":"obtaining certificate","identifier":"parkovins.rs"}
caddy | {"level":"info","ts":1684234710.874321,"logger":"http.acme_client","msg":"trying to solve challenge","identifier":"parkovins.rs","challenge_type":"tls-alpn-01","ca":"https://acme-staging-v02.api.letsencrypt.org/directory"}
caddy | {"level":"error","ts":1684234711.835971,"logger":"http.acme_client","msg":"challenge failed","identifier":"parkovins.rs","challenge_type":"tls-alpn-01","problem":{"type":"urn:ietf:params:acme:error:unauthorized","title":"","detail":"Cannot negotiate ALPN protocol \"acme-tls/1\" for tls-alpn-01 challenge","instance":"","subproblems":[]}}
caddy | {"level":"error","ts":1684234711.8366144,"logger":"http.acme_client","msg":"validating authorization","identifier":"parkovins.rs","problem":{"type":"urn:ietf:params:acme:error:unauthorized","title":"","detail":"Cannot negotiate ALPN protocol \"acme-tls/1\" for tls-alpn-01 challenge","instance":"","subproblems":[]},"order":"https://acme-staging-v02.api.letsencrypt.org/acme/order/102374194/8773327814","attempt":1,"max_attempts":3}
caddy | {"level":"info","ts":1684234713.1591616,"logger":"http.acme_client","msg":"trying to solve challenge","identifier":"parkovins.rs","challenge_type":"http-01","ca":"https://acme-staging-v02.api.letsencrypt.org/directory"}
caddy | {"level":"error","ts":1684234714.9210389,"logger":"http.acme_client","msg":"challenge failed","identifier":"parkovins.rs","challenge_type":"http-01","problem":{"type":"urn:ietf:params:acme:error:unauthorized","title":"","detail":"2a01:4f8:252:601f::2: Invalid response from http://parkovins.rs/.well-known/acme-challenge/8c6tMGfYJaJuRN0LkvDIS9HDFxk4j7lhiesFCNybAkU: 404","instance":"","subproblems":[]}}
caddy | {"level":"error","ts":1684234714.9217007,"logger":"http.acme_client","msg":"validating authorization","identifier":"parkovins.rs","problem":{"type":"urn:ietf:params:acme:error:unauthorized","title":"","detail":"2a01:4f8:252:601f::2: Invalid response from http://parkovins.rs/.well-known/acme-challenge/8c6tMGfYJaJuRN0LkvDIS9HDFxk4j7lhiesFCNybAkU: 404","instance":"","subproblems":[]},"order":"https://acme-staging-v02.api.letsencrypt.org/acme/order/102374194/8773328104","attempt":2,"max_attempts":3}
caddy | {"level":"error","ts":1684234714.9221172,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"parkovins.rs","issuer":"acme-v02.api.letsencrypt.org-directory","error":"HTTP 403 urn:ietf:params:acme:error:unauthorized - 2a01:4f8:252:601f::2: Invalid response from http://parkovins.rs/.well-known/acme-challenge/8c6tMGfYJaJuRN0LkvDIS9HDFxk4j7lhiesFCNybAkU: 404"}
caddy | {"level":"info","ts":1684234715.5698996,"logger":"http.acme_client","msg":"trying to solve challenge","identifier":"parkovins.rs","challenge_type":"http-01","ca":"https://acme.zerossl.com/v2/DV90"}
caddy | {"level":"error","ts":1684234721.1209114,"logger":"http.acme_client","msg":"challenge failed","identifier":"parkovins.rs","challenge_type":"http-01","problem":{"type":"","title":"","detail":"","instance":"","subproblems":[]}}
caddy | {"level":"error","ts":1684234721.120953,"logger":"http.acme_client","msg":"validating authorization","identifier":"parkovins.rs","problem":{"type":"","title":"","detail":"","instance":"","subproblems":[]},"order":"https://acme.zerossl.com/v2/DV90/order/4z2ubEf8GELYZm0n1CQj-w","attempt":1,"max_attempts":3}
caddy | {"level":"error","ts":1684234721.1209805,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"parkovins.rs","issuer":"acme.zerossl.com-v2-DV90","error":"HTTP 0 - "}
caddy | {"level":"error","ts":1684234721.121013,"logger":"tls.obtain","msg":"will retry","error":"[parkovins.rs] Obtain: [parkovins.rs] solving challenge: parkovins.rs: [parkovins.rs] authorization failed: HTTP 0 - (ca=https://acme.zerossl.com/v2/DV90)","attempt":2,"retrying_in":120,"elapsed":83.354629337,"max_duration":2592000}
3. Caddy version:
4. How I installed and ran Caddy:
Running it dockerized with docker compose
a. System environment:
OS is Ubuntu 22.04 (EC2 Instance on AWS)
b. Command:
PASTE OVER THIS, BETWEEN THE ``` LINES.
Please use the preview pane to ensure it looks nice.
c. Service/unit/compose file:
version: "3.8"
services:
caddy:
image: caddy:latest
container_name: caddy
restart: unless-stopped
ports:
- "80:80"
- "443:443"
volumes:
- ./Caddyfile:/etc/caddy/Caddyfile
- /data/caddy/data:/data # Optional
- /data/caddy/config:/config # Optional
networks:
- net
parkovi_backend:
container_name: parkovi_backend
image: datadrill/parkovi-backend:latest
environment:
ACCESS_TOKEN_SECRET: ${ACCESS_TOKEN_SECRET}
AWS_S3_ACCESS_KEY_ID: ${AWS_S3_ACCESS_KEY_ID}
AWS_S3_BUCKET_NAME: ${AWS_S3_BUCKET_NAME}
AWS_S3_REGION: ${AWS_S3_REGION}
AWS_S3_SECRET_KEY: ${AWS_S3_SECRET_KEY}
DB_HOST: ${DB_HOST}
DB_NAME: ${DB_NAME}
DB_PASSWORD: ${DB_PASSWORD}
DB_PORT: ${DB_PORT}
DB_USER: ${DB_USER}
GOOGLE_API_KEY: ${GOOGLE_API_KEY}
HOST: ${HOST}
PORT: ${PORT}
REFRESH_TOKEN_SECRET: ${REFRESH_TOKEN_SECRET}
command:
- /bin/bash
- -c
- |
npx sequelize-cli db:migrate
npm start
networks:
- net
volumes:
- ".:/parkovi_backend_vol"
- /parkovi_backend_vol/node_modules
ports:
- "8000:8000"
parkovi_frontend:
container_name: parkovi_frontend
image: datadrill/parkovi-frontend:latest
environment:
NEXT_PUBLIC_API_URL: ${NEXT_PUBLIC_API_URL}
NEXT_PUBLIC_GOOGLE_API_KEY: ${NEXT_PUBLIC_GOOGLE_API_KEY}
# NEXT_PUBLIC_S3_DOMAIN: ${NEXT_PUBLIC_S3_DOMAIN}
NEXT_PUBLIC_S3_URL: ${NEXT_PUBLIC_S3_URL}
volumes:
- ".:/parkovi_frontend_vol"
- /parkovi_frontend_vol/node_modules
ports:
- "3000:3000"
networks:
- net
networks:
net:
d. My complete Caddy config:
{
email office@datadrill.io
}
parkovins.rs {
reverse_proxy parkovi_frontend:3000
handle_path /api* {
reverse_proxy parkovi_backend:8000
}
}