New web server on Vultr - HTTPS challenge failed

1. The problem I’m having:

I just started using Vultr hosting for my website. I have a domain on google domains, eauclaireweb.dev, that I pointed to Vultr. Fairly certain that is all set up correctly. MXToolbox DNS check looks good. Now on Vultr I have a Ubuntu 22.10 VM installed. For the life of me, I can’t get anything to come up when I hit eauclaireweb.dev. The logs looks like it is failing the challenge for some reason.

2. Error messages and/or full log output:

Apr 05 02:03:34 md-ubuntu caddy[3992]: {"level":"error","ts":1680660214.0531497,"logger":"http.acme_client","msg":"challenge failed","identifier":"eauclaireweb.dev","challenge_type":"http-01","problem":{"type":"urn:ietf:params:acme:error:connection","title":"","detail":"45.63.67.116: Fetching http://eauclaireweb.dev/.well-known/acme-challenge/Xix7kn-I9hPl5VBnjzgvB4oNi1uSS4bjNwRjRZaaK_E: Timeout during connect (likely firewall problem)","instance":"","subproblems":[]}}
Apr 05 02:03:34 md-ubuntu caddy[3992]: {"level":"error","ts":1680660214.0544891,"logger":"http.acme_client","msg":"validating authorization","identifier":"eauclaireweb.dev","problem":{"type":"urn:ietf:params:acme:error:connection","title":"","detail":"45.63.67.116: Fetching http://eauclaireweb.dev/.well-known/acme-challenge/Xix7kn-I9hPl5VBnjzgvB4oNi1uSS4bjNwRjRZaaK_E: Timeout during connect (likely firewall problem)","instance":"","subproblems":[]},"order":"https://acme-staging-v02.api.letsencrypt.org/acme/order/96524604/8113916024","attempt":1,"max_attempts":3}
Apr 05 02:03:35 md-ubuntu caddy[3992]: {"level":"info","ts":1680660215.159995,"logger":"http.acme_client","msg":"trying to solve challenge","identifier":"eauclaireweb.dev","challenge_type":"tls-alpn-01","ca":"https://acme-staging-v02.api.letsencrypt.org/directory"}
Apr 05 02:03:45 md-ubuntu caddy[3992]: {"level":"error","ts":1680660225.375339,"logger":"http.acme_client","msg":"challenge failed","identifier":"eauclaireweb.dev","challenge_type":"tls-alpn-01","problem":{"type":"urn:ietf:params:acme:error:connection","title":"","detail":"2001:19f0:5c00:27b8:5400:4ff:fe5e:ce43: Timeout during connect (likely firewall problem)","instance":"","subproblems":[]}}
Apr 05 02:03:45 md-ubuntu caddy[3992]: {"level":"error","ts":1680660225.3764284,"logger":"http.acme_client","msg":"validating authorization","identifier":"eauclaireweb.dev","problem":{"type":"urn:ietf:params:acme:error:connection","title":"","detail":"2001:19f0:5c00:27b8:5400:4ff:fe5e:ce43: Timeout during connect (likely firewall problem)","instance":"","subproblems":[]},"order":"https://acme-staging-v02.api.letsencrypt.org/acme/order/96524604/8113921404","attempt":2,"max_attempts":3}
Apr 05 02:03:45 md-ubuntu caddy[3992]: {"level":"error","ts":1680660225.3768764,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"eauclaireweb.dev","issuer":"acme-v02.api.letsencrypt.org-directory","error":"HTTP 400 urn:ietf:params:acme:error:connection - 2001:19f0:5c00:27b8:5400:4ff:fe5e:ce43: Timeout during connect (likely firewall problem)"}
Apr 05 02:03:47 md-ubuntu caddy[3992]: {"level":"info","ts":1680660227.069046,"logger":"http.acme_client","msg":"trying to solve challenge","identifier":"eauclaireweb.dev","challenge_type":"http-01","ca":"https://acme.zerossl.com/v2/DV90"}
Apr 05 02:03:59 md-ubuntu caddy[3992]: {"level":"error","ts":1680660239.3237815,"logger":"http.acme_client","msg":"challenge failed","identifier":"eauclaireweb.dev","challenge_type":"http-01","problem":{"type":"","title":"","detail":"","instance":"","subproblems":[]}}
Apr 05 02:03:59 md-ubuntu caddy[3992]: {"level":"error","ts":1680660239.3245914,"logger":"http.acme_client","msg":"validating authorization","identifier":"eauclaireweb.dev","problem":{"type":"","title":"","detail":"","instance":"","subproblems":[]},"order":"https://acme.zerossl.com/v2/DV90/order/7DpWftnhj0vIhCtneVPDEw","attempt":1,"max_attempts":3}
Apr 05 02:03:59 md-ubuntu caddy[3992]: {"level":"error","ts":1680660239.3248453,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"eauclaireweb.dev","issuer":"acme.zerossl.com-v2-DV90","error":"HTTP 0  - "}
Apr 05 02:03:59 md-ubuntu caddy[3992]: {"level":"error","ts":1680660239.325165,"logger":"tls.obtain","msg":"will retry","error":"[eauclaireweb.dev] Obtain: [eauclaireweb.dev] solving challenge: eauclaireweb.dev: [eauclaireweb.dev] authorization failed: HTTP 0  -  (ca=https://acme.zerossl.com/v2/DV90)","attempt":10,"retrying_in":3600,"elapsed":7668.104325078,"max_duration":2592000}

3. Caddy version:

Caddy v2.6.4 h1:2hwYqiRwk1tf3VruhMpLcYTg+11fCdr8S3jhNAdnPy8=

4. How I installed and ran Caddy:

a. System environment:

Ubuntu 22.10 x64, running caddy as a service with systemd

b. Command:

sudo systemctl restart caddy
sudo systemctl stop caddy
sudo systemctl reload caddy
etc

c. Service/unit/compose file:

n/a

d. My complete Caddy config:

eauclaireweb.dev {
        respond "Hello, world!"
}

5. Links to relevant resources:

Your logs are truncated, so we can’t see the full details. Notice the > at the end of each line.

Please see the docs, they explain how to correctly get the logs from the systemd service:

Thank you. I have modified my original post with some of the full length logs.

The error message is pretty clear, the ACME issuers are not able to connect to your server on port 80. Make sure your firewall and port forwarding is properly configured to allow the traffic, and make sure your DNS A record is correct.

Hmm, that is odd. I thought I did all that correct.

My firewall is blocking everything first. And then I have these three rules accepting traffic from anywhere.

And then I have my A record at Vultr pointing back to the IP of my VM at Vultr.

image783×47 1.91 KB

Check if there’s something like ufw running on that machine. Triple check that your IP address is indeed correct.

I’m not sure what else to tell you, this isn’t a problem with Caddy in particular, it’s a problem in networking somewhere between the outside world and Caddy.

That was it!! I figured out UFW was running and I disabled it and now I got a “Hello, world!” !!

Thank you so much!!

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.