Nextcloud in Windows Docker-Desktop error in Caddy

1. Output of caddy version:

Caddy Version v2.6.1

2. How I run Caddy:

i use nssm and the caddy.exe with cloudflare and duckdns plugins.

a. System environment:

Windows 11 Caddy.exe is the runing in NSSM

b. Command:

./caddy run --config Caddyfile

d. My complete Caddy config:

home.movies4you.stream {

root * C:\Tools\OrganizrV2\www\organizr\html

php_fastcgi localhost:9000

rewrite /api/v2/* /api/v2/index.php?{query}

file_server

    tls {
        dns cloudflare (API KEY)
    }
}
requests.movies4you.stream {
    reverse_proxy 127.0.0.1:5055
    tls {
        dns cloudflare (API KEY)
    }
}
accounts.movies4you.stream {
    reverse_proxy 127.0.0.1:8056
    tls {
        dns cloudflare (API KEY)
    }
}
tv.movies4you.stream {
    reverse_proxy 127.0.0.1:8096
    tls {
        dns cloudflare (API KEY)
    }
}
deluge.movies4you.stream {
    reverse_proxy 127.0.0.1:8112
    tls {
        dns cloudflare (API KEY)
    }
}
adg.ittechnut.com {
    reverse_proxy 192.168.1.111:3000
    tls {
        dns cloudflare (API KEY)
    }
}
photos.movies4you.stream {
    reverse_proxy 127.0.0.1:8000
    tls {
        dns cloudflare (API KEY)
    }
}
ha.movies4you.stream {
    reverse_proxy 192.168.1.134:8123
    tls {
        dns cloudflare (API KEY)
    }
}
kitchen.movies4you.stream {
    reverse_proxy 127.0.0.1:9090
    tls {
        dns cloudflare (API KEY)
    }
}
music.movies4you.stream {
    reverse_proxy 127.0.0.1:5050
    tls {
        dns cloudflare (API KEY)
    }
}
rdp.ittechnut.com {
    reverse_proxy 192.168.1.145
    tls {
        dns cloudflare (API KEY)
    }
}
home.ittechnut.com {
    root C:\Tools\wordpress\ittechnut
    php_fastcgi 127.0.0.1:9000
    file_server
    encode gzip
}
files.movies4you.stream {
    reverse_proxy 127.0.0.1:8484
    tls {
        dns cloudflare (API KEY)
    }
}

3. The problem I’m having:

4. Error messages and/or full log output:

2023/01/08 01:26:25.291 INFO    using provided configuration    {"config_file": "Caddyfile", "config_adapter": ""}
2023/01/08 01:26:25.297 INFO    admin   admin endpoint started  {"address": "tcp/localhost:2019", "enforce_origin": false, "origins": ["127.0.0.1:2019", "localhost:2019", "[::1]:2019"]}
2023/01/08 01:26:25.298 INFO    tls.cache.maintenance   started background certificate maintenance      {"cache": "0xc0001cfea0"}
2023/01/08 01:26:25.299 INFO    http    server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS {"server_name": "srv0", "https_port": 443}
2023/01/08 01:26:25.299 INFO    http    enabling automatic HTTP->HTTPS redirects        {"server_name": "srv0"}
2023/01/08 01:26:25.301 INFO    http    enabling automatic TLS certificate management   {"domains": ["adg.ittechnut.com", "rdp.ittechnut.com", "requests.movies4you.stream", "kitchen.movies4you.stream", "photos.movies4you.stream", "home.ittechnut.com", "music.movies4you.stream", "files.movies4you.stream", "home.movies4you.stream", "ha.movies4you.stream", "tv.movies4you.stream", "accounts.movies4you.stream", "deluge.movies4you.stream"]}
2023/01/08 01:26:25.317 INFO    tls.obtain      acquiring lock  {"identifier": "files.movies4you.stream"}
2023/01/08 01:26:25.318 INFO    tls.obtain      lock acquired   {"identifier": "files.movies4you.stream"}
2023/01/08 01:26:25.320 INFO    tls.issuance.acme       waiting on internal rate limiter        {"identifiers": ["files.movies4you.stream"]}
2023/01/08 01:26:25.320 INFO    tls.issuance.acme       done waiting on internal rate limiter   {"identifiers": ["files.movies4you.stream"]}
2023/01/08 01:26:25.321 INFO    autosaved config        {"file": "C:\\Users\\DevilsCoder\\AppData\\Roaming\\Caddy\\autosave.json"}
2023/01/08 01:26:25.321 INFO    serving initial configuration
2023/01/08 01:26:25.323 INFO    tls     cleaned up storage units
2023/01/08 01:26:25.741 INFO    tls.issuance.acme.acme_client   trying to solve challenge       {"identifier": "files.movies4you.stream", "challenge_type": "dns-01", "ca": "https://acme-v02.api.letsencrypt.org/directory"}
2023/01/08 01:26:26.198 ERROR   tls.issuance.acme.acme_client   cleaning up solver      {"identifier": "files.movies4you.stream", "challenge_type": "dns-01", "error": "no memory of presenting a DNS record for files.movies4you.stream (probably OK if presenting failed)"}
2023/01/08 01:26:26.247 ERROR   tls.obtain      will retry      {"error": "[files.movies4you.stream] Obtain: [files.movies4you.stream] solving challenges: presenting for challenge: adding temporary record for zone movies4you.stream.: got error status: HTTP 403: [{Code:9109 Message:Invalid access token}] (order=https://acme-v02.api.letsencrypt.org/acme/order/155458460/157512635307) (ca=https://acme-v02.api.letsencrypt.org/directory)", "attempt": 1, "retrying_in": 60, "elapsed": 0.9284453, "max_duration": 2592000}

5. What I already tried:

I cannot find anyone else who has this error or why it is happening.
Some more information my domain files.movies4you.stream is my nextcloud instance running on docker-compose.yml
I can access nextcloud on 127.0.0.1:8484 on my windows PC.
heres my docker-compose if need be

version: '3.7'

services:
  db:
    container_name: nextcloud-db
    image: mariadb
    command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW
    restart: always
    volumes:
      - db:/var/lib/mysql
    env_file:
      - ./config/db.env
    environment:
      - MYSQL_ROOT_PASSWORD=MYPASSWORD
    networks:
      - db

  app:
    container_name: nextcloud
    image: nextcloud
    ports:
      - 8484:80
    volumes:
      - nextcloud:/var/www/html
    env_file:
      - ./config/db.env
    environment:
      - MYSQL_HOST=db
      - NEXTCLOUD_TRUSTED_DOMAINS="localhost 192.168.1.111 files.movies4you.stream"
    restart: always
    networks:
      - default
      - db
    depends_on:
      - db

volumes:
  db:
  nextcloud:

networks:
  db:

6. Links to relevant resources:

Please upgrade to v2.6.2, there’s some important bug fixes.

Looks like an authentication error from CloudFlare. Are you sure you’re using the right API token? Make sure to read the plugin’s docs:

I will try the upgrade. Yes I’m 100% sure it’s the correct cloudflare API key. It’s the same as the other reverse proxy domains that’s works for those sites. It’s only that 1 nextcloud app.

just updated same error.

2023/01/08 15:22:55.957 INFO    http    enabling automatic TLS certificate management   {"domains": ["adg.ittechnut.com", "requests.movies4you.stream", "deluge.movies4you.stream", "files.movies4you.stream", "tv.movies4you.stream", "home.ittechnut.com", "home.movies4you.stream", "rdp.ittechnut.com", "music.movies4you.stream", "ha.movies4you.stream", "accounts.movies4you.stream", "kitchen.movies4you.stream", "photos.movies4you.stream"]}
2023/01/08 15:22:55.983 INFO    tls     finished cleaning storage units
2023/01/08 15:22:56.040 INFO    tls.obtain      acquiring lock  {"identifier": "files.movies4you.stream"}
2023/01/08 15:22:56.088 INFO    tls.renew       acquiring lock  {"identifier": "music.movies4you.stream"}
2023/01/08 15:22:56.224 INFO    autosaved config (load with --resume flag)      {"file": "C:\\Users\\DevilsCoder\\AppData\\Roaming\\Caddy\\autosave.json"}
2023/01/08 15:22:56.224 INFO    serving initial configuration
2023/01/08 15:22:57.054 INFO    [INFO][FileStorage:C:\Users\DevilsCoder\AppData\Roaming\Caddy] Lock for 'issue_cert_files.movies4you.stream' is stale (created: 2023-01-07 21:12:32.6360824 -0600 CST, last update: 2023-01-08 09:22:46.2058786 -0600 CST); removing then retrying: C:\Users\DevilsCoder\AppData\Roaming\Caddy\locks\issue_cert_files.movies4you.stream.lock
2023/01/08 15:22:57.058 INFO    tls.obtain      lock acquired   {"identifier": "files.movies4you.stream"}
2023/01/08 15:22:57.059 INFO    tls.obtain      obtaining certificate   {"identifier": "files.movies4you.stream"}
2023/01/08 15:22:57.060 INFO    http    waiting on internal rate limiter        {"identifiers": ["files.movies4you.stream"], "ca": "https://acme-v02.api.letsencrypt.org/directory", "account": ""}
2023/01/08 15:22:57.060 INFO    http    done waiting on internal rate limiter   {"identifiers": ["files.movies4you.stream"], "ca": "https://acme-v02.api.letsencrypt.org/directory", "account": ""}
2023/01/08 15:22:57.089 INFO    [INFO][FileStorage:C:\Users\DevilsCoder\AppData\Roaming\Caddy] Lock for 'issue_cert_music.movies4you.stream' is stale (created: 2023-01-07 21:12:32.6365833 -0600 CST, last update: 2023-01-08 09:22:46.2058786 -0600 CST); removing then retrying: C:\Users\DevilsCoder\AppData\Roaming\Caddy\locks\issue_cert_music.movies4you.stream.lock
2023/01/08 15:22:57.090 INFO    tls.renew       lock acquired   {"identifier": "music.movies4you.stream"}
2023/01/08 15:22:57.090 INFO    tls.renew       renewing certificate    {"identifier": "music.movies4you.stream", "remaining": 2547903.9091159}
2023/01/08 15:22:57.091 INFO    http    waiting on internal rate limiter        {"identifiers": ["music.movies4you.stream"], "ca": "https://acme-v02.api.letsencrypt.org/directory", "account": ""}
2023/01/08 15:22:57.091 INFO    http    done waiting on internal rate limiter   {"identifiers": ["music.movies4you.stream"], "ca": "https://acme-v02.api.letsencrypt.org/directory", "account": ""}
2023/01/08 15:22:57.431 INFO    http.acme_client        trying to solve challenge       {"identifier": "music.movies4you.stream", "challenge_type": "dns-01", "ca": "https://acme-v02.api.letsencrypt.org/directory"}
2023/01/08 15:22:57.529 INFO    http.acme_client        trying to solve challenge       {"identifier": "files.movies4you.stream", "challenge_type": "dns-01", "ca": "https://acme-v02.api.letsencrypt.org/directory"}
2023/01/08 15:22:57.870 ERROR   http.acme_client        cleaning up solver      {"identifier": "music.movies4you.stream", "challenge_type": "dns-01", "error": "no memory of presenting a DNS record for \"_acme-challenge.music.movies4you.stream\" (usually OK if presenting also failed)"}
2023/01/08 15:22:57.922 ERROR   tls.renew       could not get certificate from issuer   {"identifier": "music.movies4you.stream", "issuer": "acme-v02.api.letsencrypt.org-directory", "error": "[music.movies4you.stream] solving challenges: presenting for challenge: adding temporary record for zone \"movies4you.stream.\": got error status: HTTP 403: [{Code:9109 Message:Invalid access token}] (order=https://acme-v02.api.letsencrypt.org/acme/order/155458460/157622708217) (ca=https://acme-v02.api.letsencrypt.org/directory)"}
2023/01/08 15:22:57.925 INFO    http    waiting on internal rate limiter        {"identifiers": ["music.movies4you.stream"], "ca": "https://acme.zerossl.com/v2/DV90", "account": "caddy@zerossl.com"}
2023/01/08 15:22:57.925 INFO    http    done waiting on internal rate limiter   {"identifiers": ["music.movies4you.stream"], "ca": "https://acme.zerossl.com/v2/DV90", "account": "caddy@zerossl.com"}
2023/01/08 15:22:58.025 ERROR   http.acme_client        cleaning up solver      {"identifier": "files.movies4you.stream", "challenge_type": "dns-01", "error": "no memory of presenting a DNS record for \"_acme-challenge.files.movies4you.stream\" (usually OK if presenting also failed)"}
2023/01/08 15:22:58.077 ERROR   tls.obtain      could not get certificate from issuer   {"identifier": "files.movies4you.stream", "issuer": "acme-v02.api.letsencrypt.org-directory", "error": "[files.movies4you.stream] solving challenges: presenting for challenge: adding temporary record for zone \"movies4you.stream.\": got error status: HTTP 403: [{Code:9109 Message:Invalid access token}] (order=https://acme-v02.api.letsencrypt.org/acme/order/155458460/157622708437) (ca=https://acme-v02.api.letsencrypt.org/directory)"}
2023/01/08 15:22:58.077 INFO    http    waiting on internal rate limiter        {"identifiers": ["files.movies4you.stream"], "ca": "https://acme.zerossl.com/v2/DV90", "account": "caddy@zerossl.com"}
2023/01/08 15:22:58.077 INFO    http    done waiting on internal rate limiter   {"identifiers": ["files.movies4you.stream"], "ca": "https://acme.zerossl.com/v2/DV90", "account": "caddy@zerossl.com"}
2023/01/08 15:23:23.518 INFO    http.acme_client        trying to solve challenge       {"identifier": "files.movies4you.stream", "challenge_type": "dns-01", "ca": "https://acme.zerossl.com/v2/DV90"}
2023/01/08 15:23:23.641 INFO    http.acme_client        trying to solve challenge       {"identifier": "music.movies4you.stream", "challenge_type": "dns-01", "ca": "https://acme.zerossl.com/v2/DV90"}
2023/01/08 15:23:23.679 ERROR   http.acme_client        cleaning up solver      {"identifier": "files.movies4you.stream", "challenge_type": "dns-01", "error": "no memory of presenting a DNS record for \"_acme-challenge.files.movies4you.stream\" (usually OK if presenting also failed)"}
2023/01/08 15:23:23.793 ERROR   http.acme_client        cleaning up solver      {"identifier": "music.movies4you.stream", "challenge_type": "dns-01", "error": "no memory of presenting a DNS record for \"_acme-challenge.music.movies4you.stream\" (usually OK if presenting also failed)"}
2023/01/08 15:23:31.338 ERROR   tls.obtain      could not get certificate from issuer   {"identifier": "files.movies4you.stream", "issuer": "acme.zerossl.com-v2-DV90", "error": "[files.movies4you.stream] solving challenges: presenting for challenge: adding temporary record for zone \"movies4you.stream.\": got error status: HTTP 403: [{Code:9109 Message:Invalid access token}] (order=https://acme.zerossl.com/v2/DV90/order/BzHI7C0poCwAyjrmCRbUyg) (ca=https://acme.zerossl.com/v2/DV90)"}
2023/01/08 15:23:31.338 ERROR   tls.obtain      will retry      {"error": "[files.movies4you.stream] Obtain: [files.movies4you.stream] solving challenges: presenting for challenge: adding temporary record for zone \"movies4you.stream.\": got error status: HTTP 403: [{Code:9109 Message:Invalid access token}] (order=https://acme.zerossl.com/v2/DV90/order/BzHI7C0poCwAyjrmCRbUyg) (ca=https://acme.zerossl.com/v2/DV90)", "attempt": 1, "retrying_in": 60, "elapsed": 34.2794777, "max_duration": 2592000}
2023/01/08 15:23:31.705 ERROR   tls.renew       could not get certificate from issuer   {"identifier": "music.movies4you.stream", "issuer": "acme.zerossl.com-v2-DV90", "error": "[music.movies4you.stream] solving challenges: presenting for challenge: adding temporary record for zone \"movies4you.stream.\": got error status: HTTP 403: [{Code:9109 Message:Invalid access token}] (order=https://acme.zerossl.com/v2/DV90/order/m1_zaexmschN2svkUo6DBw) (ca=https://acme.zerossl.com/v2/DV90)"}
2023/01/08 15:23:31.705 ERROR   tls.renew       will retry      {"error": "[music.movies4you.stream] Renew: [music.movies4you.stream] solving challenges: presenting for challenge: adding temporary record for zone \"movies4you.stream.\": got error status: HTTP 403: [{Code:9109 Message:Invalid access token}] (order=https://acme.zerossl.com/v2/DV90/order/m1_zaexmschN2svkUo6DBw) (ca=https://acme.zerossl.com/v2/DV90)", "attempt": 1, "retrying_in": 60, "elapsed": 34.6152024, "max_duration": 2592000}

Are you sure that subdomain has the same rules/permissions as the other ones? It’s probably something in your CloudFlare settings preventing it from working.

their all set up the same as cname. I think caddy isnt seeing something on docker but its caddy thats failing to see something with the setup in docker. I dont know if i need to add a transparent to caddy or some kind of permissive code to allow it to see my nextcloud on localhost:8484. I have also tried to allow 8484 port through the windows advanced firewall. No change in status

That _acme-challenge CNAME looks suspicious. Why do you have that? It might be breaking the DNS challenge.

transparent was a Caddy v1 thing. That no longer exists.

This isn’t a problem with your proxy, it’s a problem with TLS issuance.

You can try wiping out Caddy’s storage and have it try issuing certificates with fresh state. In Windows the storage location is %AppData%\Caddy

I have a cname for subdomain and an AName with my external ip. Everything else including changing the ports to issue a new cert for another webapp worked it’s only the nextcloud app.

Please remove the _acme-challenge CNAME, unless you want to use DNS challenge delegation via dns_challenge_override_domain (which you aren’t)

I don’t fully understand what you mean by your statement. I read the documentation linked. Can you explain what you are exactly talking about in the Caddyfile you want me to change. I have been using cloudflare for over 2 years with caddy and never had an issue like this. I think something is not being able to be read by caddy from docker.

In your screenshot, we see a DNS entry for a subdomain called _acme-challenge. We think that’s causing problems. Delete that one.

Your Caddyfile is fine. The problem is with your CloudFlare account.

sorry I didnt fully undestand i remove the acme challenge for my domain and re-ran my command in terminal. ./caddy run --config Caddyfile this was the error

2023/01/09 00:24:13.051 INFO    http.acme_client        trying to solve challenge       {"identifier": "files.movies4you.stream", "challenge_type": "dns-01", "ca": "https://acme.zerossl.com/v2/DV90"}
2023/01/09 00:24:13.175 ERROR   http.acme_client        cleaning up solver      {"identifier": "files.movies4you.stream", "challenge_type": "dns-01", "error": "no memory of presenting a DNS record for \"_acme-challenge.files.movies4you.stream\" (usually OK if presenting also failed)"}
2023/01/09 00:24:19.506 ERROR   tls.renew       could not get certificate from issuer   {"identifier": "music.movies4you.stream", "issuer": "acme.zerossl.com-v2-DV90", "error": "[music.movies4you.stream] solving challenges: presenting for challenge: adding temporary record for zone \"movies4you.stream.\": got error status: HTTP 403: [{Code:9109 Message:Invalid access token}] (order=https://acme.zerossl.com/v2/DV90/order/oH6kiMEEVqnXuaLawHxi7w) (ca=https://acme.zerossl.com/v2/DV90)"}
2023/01/09 00:24:19.506 ERROR   tls.renew       will retry      {"error": "[music.movies4you.stream] Renew: [music.movies4you.stream] solving challenges: presenting for challenge: adding temporary record for zone \"movies4you.stream.\": got error status: HTTP 403: [{Code:9109 Message:Invalid access token}] (order=https://acme.zerossl.com/v2/DV90/order/oH6kiMEEVqnXuaLawHxi7w) (ca=https://acme.zerossl.com/v2/DV90)", "attempt": 1, "retrying_in": 60, "elapsed": 29.6125625, "max_duration": 2592000}
2023/01/09 00:24:19.980 ERROR   tls.obtain      could not get certificate from issuer   {"identifier": "files.movies4you.stream", "issuer": "acme.zerossl.com-v2-DV90", "error": "[files.movies4you.stream] solving challenges: presenting for challenge: adding temporary record for zone \"movies4you.stream.\": got error status: HTTP 403: [{Code:9109 Message:Invalid access token}] (order=https://acme.zerossl.com/v2/DV90/order/dPf3RIjovSV-u3myJjdJPg) (ca=https://acme.zerossl.com/v2/DV90)"}
2023/01/09 00:24:19.980 ERROR   tls.obtain      will retry      {"error": "[files.movies4you.stream] Obtain: [files.movies4you.stream] solving challenges: presenting for challenge: adding temporary record for zone \"movies4you.stream.\": got error status: HTTP 403: [{Code:9109 Message:Invalid access token}] (order=https://acme.zerossl.com/v2/DV90/order/dPf3RIjovSV-u3myJjdJPg) (ca=https://acme.zerossl.com/v2/DV90)", "attempt": 1, "retrying_in": 60, "elapsed": 30.0865563, "max_duration": 2592000}

I typed in 192.168.1.111:8484 on another computer on my network and got an error i think my nextcloud instance wont show on any other computer besides my main rig so i dont think caddy can see it outside that 1 computer

If you are seeing this, your config.php in your NextCloud config, is not set up correctly.

Going backwards to your first post, I can see your NextCloud Env is not set correctly.

NextCloud config file, should be in PHP style format. So if you have more than one, it need to be in an array format.

Example , in config. php, single entry for trusted_domain will be:-
'trusted_domains' => '192.168.1.111',

But if you have more than one site, then it will be:

  'trusted_domains' =>
  array (
    0 => 'localhost',
    1 => '192.168.1.111',
    2 => 'my.website.com',
    3 => 'files.movies4you.stream',
  ),

or in single line
'trusted_domains' => array ( 0 => 'localhost', 1 => '192.168.1.111', 2 => 'my.website.com', 3 => 'files.movies4you.stream', ),

Based on official documents stated here : Docker
You are missing quite a few crucial configuration on your Docker-Compose write up.
I will highlight some as below:

    environment:
      - PUID=1000
      - PGID=1000
      - TZ=Asia/Kuala_Lumpur
    volumes:
      - /path/to/local/config:/config
      - /path/to/local/data:/data

-PUID and -PGID is to set file ownership for php-fpm to execute correctly. If your NextCloud is running, you can skip this for now

if you have set - /path/to/local/config:/config this correctly, you should be able to open up /path/to/local/config/config.php at local host computer to change it. and /data folder so you don’t lose your file when your rebuilt your NextCloud container.

He’s not using that container. You linked to the linuxserver container which is unofficial. He’s using the official NextCloud container, i.e. this one: Docker

I don’t know what to tell you at this point. This is obviously a problem with authenticating with CloudFlare.

Try to make a new API token using the instructions I linked to above, from scratch. Make sure the permissions are set correctly for the token.

I don’t use CloudFlare myself so I don’t know what else to suggest.

sorry, my bad. I wasn’t paying attention on the details.

try out with something really simple

{
    tls dns cloudflare (API KEY)
}

home.movies4you.stream  work-on.local {
    root * C:\Tools\OrganizrV2\www\organizr\html
    php_fastcgi localhost:9000

    respond "Hello World"
}

Before you go all out with many lines, and tons of reverse_proxy , just make sure you can get Hello World form both LAN and WAN. Then only bring in other part , like NextCloud, reverse_proxy, rewrite and so forth

All of my reverse proxies work accept nextcloud. Why am I doing this. Not criticing but everything else in my Caddyfile works.

i fixed the 192.168.1.111:8484 for the local network now i can access it on my other pcs inside the network now we need to tackle Caddy not being able to write a cert to it. I rolled the api key and still the other domains still work accept nextcloud.
to fix the local domains for reference i went to the nextcloud docker-desktop click on console inside docker-desktop and ran apt install nano
cd config
nano config.php and installed the two domains files.movies4you.stream and 192.168.1.111:8484 in php form as stated a couple of comments above

im getting a rate limiter error now

PS C:\Users\DevilsCoder> cd C:\Tools\Caddy
PS C:\Tools\Caddy> ./caddy run --config Caddyfile
2023/01/10 00:49:52.088 INFO    using provided configuration    {"config_file": "Caddyfile", "config_adapter": ""}
2023/01/10 00:49:52.091 WARN    Caddyfile input is not formatted; run the 'caddy fmt' command to fix inconsistencies   {"adapter": "caddyfile", "file": "Caddyfile", "line": 2}
2023/01/10 00:49:52.096 INFO    admin   admin endpoint started  {"address": "localhost:2019", "enforce_origin": false, "origins": ["//localhost:2019", "//[::1]:2019", "//127.0.0.1:2019"]}
2023/01/10 00:49:52.096 INFO    tls.cache.maintenance   started background certificate maintenance      {"cache": "0xc0003e3dc0"}
2023/01/10 00:49:52.096 INFO    http    server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS {"server_name": "srv0", "https_port": 443}
2023/01/10 00:49:52.096 INFO    http    enabling automatic HTTP->HTTPS redirects        {"server_name": "srv0"}
2023/01/10 00:49:52.097 INFO    tls     cleaning storage unit   {"description": "FileStorage:C:\\Users\\DevilsCoder\\AppData\\Roaming\\Caddy"}
2023/01/10 00:49:52.097 INFO    http.log        server running  {"name": "remaining_auto_https_redirects", "protocols": ["h1", "h2", "h3"]}
2023/01/10 00:49:52.097 INFO    http    enabling HTTP/3 listener        {"addr": ":443"}
2023/01/10 00:49:52.098 INFO    http.log        server running  {"name": "srv0", "protocols": ["h1", "h2", "h3"]}
2023/01/10 00:49:52.098 INFO    http    enabling automatic TLS certificate management   {"domains": ["music.movies4you.stream", "home.ittechnut.com", "requests.movies4you.stream", "tv.movies4you.stream", "ha.movies4you.stream", "files.movies4you.stream", "home.movies4you.stream", "rdp.ittechnut.com", "photos.movies4you.stream", "adg.ittechnut.com", "accounts.movies4you.stream", "kitchen.movies4you.stream", "deluge.movies4you.stream"]}
2023/01/10 00:49:52.099 INFO    tls.renew       acquiring lock  {"identifier": "music.movies4you.stream"}
2023/01/10 00:49:52.101 INFO    tls.renew       lock acquired   {"identifier": "music.movies4you.stream"}
2023/01/10 00:49:52.101 INFO    tls.renew       renewing certificate    {"identifier": "music.movies4you.stream", "remaining": 2427488.8981416}
2023/01/10 00:49:52.103 INFO    http    waiting on internal rate limiter        {"identifiers": ["music.movies4you.stream"], "ca": "https://acme-v02.api.letsencrypt.org/directory", "account": ""}
2023/01/10 00:49:52.103 INFO    http    done waiting on internal rate limiter   {"identifiers": ["music.movies4you.stream"], "ca": "https://acme-v02.api.letsencrypt.org/directory", "account": ""}
2023/01/10 00:49:52.103 INFO    tls.obtain      acquiring lock  {"identifier": "files.movies4you.stream"}
2023/01/10 00:49:52.104 INFO    tls.obtain      lock acquired   {"identifier": "files.movies4you.stream"}
2023/01/10 00:49:52.104 INFO    tls.obtain      obtaining certificate   {"identifier": "files.movies4you.stream"}
2023/01/10 00:49:52.105 INFO    http    waiting on internal rate limiter        {"identifiers": ["files.movies4you.stream"], "ca": "https://acme-v02.api.letsencrypt.org/directory", "account": ""}
2023/01/10 00:49:52.105 INFO    http    done waiting on internal rate limiter   {"identifiers": ["files.movies4you.stream"], "ca": "https://acme-v02.api.letsencrypt.org/directory", "account": ""}
2023/01/10 00:49:52.107 INFO    autosaved config (load with --resume flag)      {"file": "C:\\Users\\DevilsCoder\\AppData\\Roaming\\Caddy\\autosave.json"}
2023/01/10 00:49:52.108 INFO    serving initial configuration
2023/01/10 00:49:52.111 INFO    tls     finished cleaning storage units
2023/01/10 00:49:52.453 INFO    http.acme_client        trying to solve challenge       {"identifier": "music.movies4you.stream", "challenge_type": "dns-01", "ca": "https://acme-v02.api.letsencrypt.org/directory"}
2023/01/10 00:49:52.474 INFO    http.acme_client        trying to solve challenge       {"identifier": "files.movies4you.stream", "challenge_type": "dns-01", "ca": "https://acme-v02.api.letsencrypt.org/directory"}
2023/01/10 00:49:52.908 ERROR   http.acme_client        cleaning up solver      {"identifier": "music.movies4you.stream", "challenge_type": "dns-01", "error": "no memory of presenting a DNS record for \"_acme-challenge.music.movies4you.stream\" (usually OK if presenting also failed)"}
2023/01/10 00:49:52.959 ERROR   tls.renew       could not get certificate from issuer   {"identifier": "music.movies4you.stream", "issuer": "acme-v02.api.letsencrypt.org-directory", "error": "[music.movies4you.stream] solving challenges: presenting for challenge: adding temporary record for zone \"movies4you.stream.\": got error status: HTTP 403: [{Code:9109 Message:Invalid access token}] (order=https://acme-v02.api.letsencrypt.org/acme/order/155458460/157894081947) (ca=https://acme-v02.api.letsencrypt.org/directory)"}
2023/01/10 00:49:52.961 INFO    http    waiting on internal rate limiter        {"identifiers": ["music.movies4you.stream"], "ca": "https://acme.zerossl.com/v2/DV90", "account": "caddy@zerossl.com"}
2023/01/10 00:49:52.961 INFO    http    done waiting on internal rate limiter   {"identifiers": ["music.movies4you.stream"], "ca": "https://acme.zerossl.com/v2/DV90", "account": "caddy@zerossl.com"}
2023/01/10 00:49:53.139 ERROR   http.acme_client        cleaning up solver      {"identifier": "files.movies4you.stream", "challenge_type": "dns-01", "error": "no memory of presenting a DNS record for \"_acme-challenge.files.movies4you.stream\" (usually OK if presenting also failed)"}

The rate limiter isn’t an error, it’s just info letting you know that Caddy is waiting a while between challenges so it doesn’t flood the APIs with requests. Caddy is just being fair.

Cloudflare is telling your Caddy server that the access token you’ve supplied is not valid e.g. revoked, mistyped, incorrectly scoped etc.

If you’ve double checked the token scope and it’s correctly typed - I see you’ve rolled it and updated it - you might need to contact Cloudflare about a possible issue on their end since their API isn’t accepting it. There is no configuration change you can implement on Caddy’s end to fix this issue if Cloudflare just doesn’t accept the token.

1 Like