No certificate created for long domain name

Help
1

1. Caddy version (caddy version): 2.4.1

2. How I run Caddy:

a. System environment:

$ docker-compose version
docker-compose version 1.24.0, build 0aa59064
docker-py version: 3.7.2
CPython version: 3.6.8
OpenSSL version: OpenSSL 1.1.0j  20 Nov 2018

$ docker version
Client:
 Version:           18.09.5
 API version:       1.39
 Go version:        go1.10.8
 Git commit:        e8ff056
 Built:             Thu Apr 11 04:43:57 2019
 OS/Arch:           linux/amd64
 Experimental:      false

Server: Docker Engine - Community
 Engine:
  Version:          18.09.5
  API version:      1.39 (minimum version 1.12)
  Go version:       go1.10.8
  Git commit:       e8ff056
  Built:            Thu Apr 11 04:10:53 2019
  OS/Arch:          linux/amd64
  Experimental:     false

On Ubuntu 18.04

b. Command:

env DOMAIN=adv-shr-this-is-a-very-long-name-with-many-chars.westeurope.cloudapp.azure.com docker-compose -f docker-compose.yml -f docker-compose.azurevm-highperf-caddy.yml

Note: The domain name is NOT fake. It exists for real.

c. Service/unit/compose file:

docker-compose.yml:

version: "2"

services:
  elasticsearch:
    build:
      context: elasticsearch/
    volumes:
      - elasticsearch-data:/usr/share/elasticsearch/data
      - ./elasticsearch/config/elasticsearch.yml:/usr/share/elasticsearch/config/elasticsearch.yml:ro
    environment:
      node.name: elasticsearch
      cluster.initial_master_nodes: elasticsearch
      ES_CLUSTER_NAME: search-cluster
      ES_DATA_DIR: /usr/share/elasticsearch/data
    networks:
      - elk

  kibana:
    build:
      context: kibana/
    volumes:
      - kibana-data:/usr/share/kibana/data
      - ./kibana/config/:/usr/share/kibana/config:ro
    environment:
      KB_DATA_DIR: /usr/share/kibana/data
      KB_ELASTICSEARCH_URL: http://elasticsearch:9200
      KB_SERVER_NAME: kibana
    networks:
      - elk
    depends_on:
      - elasticsearch

volumes:
  elasticsearch-data:
    driver: local
  kibana-data:
    driver: local

networks:
  elk:
    driver: bridge

docker-compose.azurevm-highperf-caddy.yml:

version: "2"

services:
  elasticsearch:
    restart: always
    environment:
      ES_JAVA_OPTS: "-Xmx4000m -Xms4000m"

  kibana:
    restart: always
    environment:
      KB_BASE_PATH: /kibana

  caddy:
    image: caddy:2.4.1
    container_name: caddy
    restart: always
    volumes:
      - caddy-config:/config
      - caddy-data:/data
      - ./caddy:/etc/caddy
    ports:
      - 80:80
      - 443:443
    networks:
      - elk
    depends_on:
      - elasticsearch

volumes:
  caddy-config:
    driver: local
  caddy-data:
    driver: local

d. My complete Caddyfile or JSON config:

{
        email alexander@skwar.me
        debug
}

{$DOMAIN}:443

encode zstd gzip

log {
        level DEBUG
        output file /data/access.log {
                roll_size 10MB
                roll_keep 10
        }
}

handle_path /elasticsearch* {
        basicauth bcrypt Elasticsearch {
                import elasticsearch.auth.*
        }

        reverse_proxy http://elasticsearch:9200
}

handle_path /kibana* {
        basicauth bcrypt kibana {
                import kibana.auth.*
        }

        reverse_proxy http://kibana:5601
}

3. The problem Iā€™m having:

When I try to connect to the system with https and curl (or any browser, for that matter), I get an error:

* Rebuilt URL to: https://adv-shr-this-is-a-very-long-name-with-many-chars.westeurope.cloudapp.azure.com/
*   Trying 20.101.68.227...
* TCP_NODELAY set
* Connected to adv-shr-this-is-a-very-long-name-with-many-chars.westeurope.cloudapp.azure.com (20.101.68.227) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/certs/ca-certificates.crt
  CApath: /etc/ssl/certs
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS alert, Server hello (2):
* error:14094438:SSL routines:ssl3_read_bytes:tlsv1 alert internal error
* stopped the pause stream!
* Closing connection 0
curl: (35) error:14094438:SSL routines:ssl3_read_bytes:tlsv1 alert internal error

I see that thereā€™s no cert in /data/caddy/certificates/acme.zerossl.com-v2-dv90.

Is it because the domain name adv-shr-this-is-a-very-long-name-with-many-chars.westeurope.cloudapp.azure.com is too long for ZeroSSL and/or Letā€™s Encrypt?

4. Error messages and/or full log output:

{"level":"info","ts":1623251413.3436744,"msg":"using provided configuration","config_file":"/etc/caddy/Caddyfile","config_adapter":"caddyfile"}
{"level":"warn","ts":1623251413.348185,"msg":"input is not formatted with 'caddy fmt'","adapter":"caddyfile","file":"/etc/caddy/Caddyfile","line":2}
{"level":"warn","ts":1623251413.3529522,"logger":"admin","msg":"admin endpoint disabled"}
{"level":"info","ts":1623251413.3551383,"logger":"http","msg":"server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS","server_name":"srv0","https_port":443}
{"level":"info","ts":1623251413.356343,"logger":"http","msg":"enabling automatic HTTP->HTTPS redirects","server_name":"srv0"}
{"level":"info","ts":1623251413.3653204,"logger":"tls.cache.maintenance","msg":"started background certificate maintenance","cache":"0xc0002da000"}
{"level":"info","ts":1623251417.9922957,"logger":"tls","msg":"cleaning storage unit","description":"FileStorage:/data/caddy"}
{"level":"info","ts":1623251417.9952114,"logger":"tls","msg":"finished cleaning storage units"}
{"level":"debug","ts":1623251418.0029197,"logger":"http","msg":"starting server loop","address":"[::]:443","http3":false,"tls":true}
{"level":"debug","ts":1623251418.0043166,"logger":"http","msg":"starting server loop","address":"[::]:80","http3":false,"tls":false}
{"level":"info","ts":1623251418.004423,"logger":"http","msg":"enabling automatic TLS certificate management","domains":["adv-shr-this-is-a-very-long-name-with-many-chars.westeurope.cloudapp.azure.com"]}
{"level":"info","ts":1623251418.0209818,"logger":"tls.obtain","msg":"acquiring lock","identifier":"adv-shr-this-is-a-very-long-name-with-many-chars.westeurope.cloudapp.azure.com"}
{"level":"info","ts":1623251418.0235019,"msg":"autosaved config (load with --resume flag)","file":"/config/caddy/autosave.json"}
{"level":"info","ts":1623251418.0235305,"msg":"serving initial configuration"}
{"level":"info","ts":1623251418.045598,"logger":"tls.obtain","msg":"lock acquired","identifier":"adv-shr-this-is-a-very-long-name-with-many-chars.westeurope.cloudapp.azure.com"}
{"level":"info","ts":1623251418.0796387,"logger":"tls.issuance.acme","msg":"waiting on internal rate limiter","identifiers":["adv-shr-this-is-a-very-long-name-with-many-chars.westeurope.cloudapp.azure.com"]}
{"level":"info","ts":1623251418.0797331,"logger":"tls.issuance.acme","msg":"done waiting on internal rate limiter","identifiers":["adv-shr-this-is-a-very-long-name-with-many-chars.westeurope.cloudapp.azure.com"]}
{"level":"debug","ts":1623251418.6768203,"logger":"tls.issuance.acme.acme_client","msg":"http request","method":"GET","url":"https://acme.zerossl.com/v2/DV90","headers":{"User-Agent":["Caddy/2.4.1 CertMagic acmez (linux; amd64)"]},"status_code":200,"response_headers":{"Access-Control-Allow-Origin":["*"],"Cache-Control":["max-age=-1"],"Content-Length":["645"],"Content-Type":["application/json"],"Date":["Wed, 09 Jun 2021 15:10:18 GMT"],"Server":["nginx"],"Strict-Transport-Security":["max-age=15552000"]}}
{"level":"debug","ts":1623251419.0241773,"logger":"tls.issuance.acme.acme_client","msg":"http request","method":"HEAD","url":"https://acme.zerossl.com/v2/DV90/newNonce","headers":{"User-Agent":["Caddy/2.4.1 CertMagic acmez (linux; amd64)"]},"status_code":200,"response_headers":{"Access-Control-Allow-Origin":["*"],"Cache-Control":["max-age=-1"],"Content-Type":["application/octet-stream"],"Date":["Wed, 09 Jun 2021 15:10:19 GMT"],"Link":["<https://acme.zerossl.com/v2/DV90>;rel=\"index\""],"Replay-Nonce":["UNtYSeE2UiSqJ6MyMxFCEZ0q0L-2WM9rRoMJxvy4o3o"],"Server":["nginx"],"Strict-Transport-Security":["max-age=15552000"]}}
{"level":"debug","ts":1623251419.4353087,"logger":"tls.issuance.acme.acme_client","msg":"http request","method":"POST","url":"https://acme.zerossl.com/v2/DV90/newOrder","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.4.1 CertMagic acmez (linux; amd64)"]},"status_code":201,"response_headers":{"Access-Control-Allow-Origin":["*"],"Cache-Control":["max-age=0, no-cache, no-store","max-age=-1"],"Content-Length":["340"],"Content-Type":["application/json"],"Date":["Wed, 09 Jun 2021 15:10:19 GMT"],"Location":["https://acme.zerossl.com/v2/DV90/order/vLuglW6wgqbaAY5GMg056A"],"Replay-Nonce":["kyqWJQWXtJAdG3TAEnazrJLSQfPBrP9LUCoNt1bS8UU"],"Server":["nginx"],"Status":[""],"Strict-Transport-Security":["max-age=15552000"]}}
{"level":"debug","ts":1623251419.8020031,"logger":"tls.issuance.acme.acme_client","msg":"http request","method":"POST","url":"https://acme.zerossl.com/v2/DV90/authz/YPJsz7mUhtAO0EcpuOvrlg","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.4.1 CertMagic acmez (linux; amd64)"]},"status_code":200,"response_headers":{"Access-Control-Allow-Origin":["*"],"Cache-Control":["max-age=-1"],"Content-Length":["508"],"Content-Type":["application/json"],"Date":["Wed, 09 Jun 2021 15:10:19 GMT"],"Link":["<https://acme.zerossl.com/v2/DV90>;rel=\"index\""],"Replay-Nonce":["ESLv60XpXGTHcUTpsXgShqcOUSZTlRMTA-RSnFe07xk"],"Retry-After":["5"],"Server":["nginx"],"Strict-Transport-Security":["max-age=15552000"]}}
{"level":"debug","ts":1623251419.8037128,"logger":"tls.issuance.acme.acme_client","msg":"no solver configured","challenge_type":"dns-01"}
{"level":"info","ts":1623251419.8037598,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"adv-shr-this-is-a-very-long-name-with-many-chars.westeurope.cloudapp.azure.com","challenge_type":"http-01","ca":"https://acme.zerossl.com/v2/DV90"}
{"level":"debug","ts":1623251420.1927032,"logger":"tls.issuance.acme.acme_client","msg":"http request","method":"POST","url":"https://acme.zerossl.com/v2/DV90/chall/GcQ7ewfLTWeS6bDKkjTO_Q","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.4.1 CertMagic acmez (linux; amd64)"]},"status_code":200,"response_headers":{"Access-Control-Allow-Origin":["*"],"Cache-Control":["max-age=-1"],"Content-Length":["164"],"Content-Type":["application/json"],"Date":["Wed, 09 Jun 2021 15:10:20 GMT"],"Link":["<https://acme.zerossl.com/v2/DV90>;rel=\"index\"","<https://acme.zerossl.com/v2/DV90/authz/YPJsz7mUhtAO0EcpuOvrlg>;rel=\"up\""],"Replay-Nonce":["f4fAsVfc1MV_4GIg6FVmvLcmmRBu3TBRKcIhHAXryys"],"Retry-After":["10"],"Server":["nginx"],"Strict-Transport-Security":["max-age=15552000"]}}
{"level":"debug","ts":1623251420.1932778,"logger":"tls.issuance.acme.acme_client","msg":"challenge accepted","identifier":"adv-shr-this-is-a-very-long-name-with-many-chars.westeurope.cloudapp.azure.com","challenge_type":"http-01"}
{"level":"info","ts":1623251420.439978,"logger":"tls.issuance.acme","msg":"served key authentication","identifier":"adv-shr-this-is-a-very-long-name-with-many-chars.westeurope.cloudapp.azure.com","challenge":"http-01","remote":"91.199.212.132:51396","distributed":false}
{"level":"debug","ts":1623251420.8062305,"logger":"tls.issuance.acme.acme_client","msg":"http request","method":"POST","url":"https://acme.zerossl.com/v2/DV90/authz/YPJsz7mUhtAO0EcpuOvrlg","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.4.1 CertMagic acmez (linux; amd64)"]},"status_code":200,"response_headers":{"Access-Control-Allow-Origin":["*"],"Cache-Control":["max-age=-1"],"Content-Length":["378"],"Content-Type":["application/json"],"Date":["Wed, 09 Jun 2021 15:10:20 GMT"],"Link":["<https://acme.zerossl.com/v2/DV90>;rel=\"index\""],"Replay-Nonce":["SFqHMxycRmY039PERJZ375A958BbaPPWeRiUAoRCVYQ"],"Retry-After":["5"],"Server":["nginx"],"Strict-Transport-Security":["max-age=15552000"]}}
{"level":"info","ts":1623251420.8078237,"logger":"tls.issuance.acme.acme_client","msg":"validations succeeded; finalizing order","order":"https://acme.zerossl.com/v2/DV90/order/vLuglW6wgqbaAY5GMg056A"}
{"level":"debug","ts":1623251421.2598224,"logger":"tls.issuance.acme.acme_client","msg":"http request","method":"POST","url":"https://acme.zerossl.com/v2/DV90/order/vLuglW6wgqbaAY5GMg056A/finalize","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.4.1 CertMagic acmez (linux; amd64)"]},"status_code":200,"response_headers":{"Access-Control-Allow-Origin":["*"],"Cache-Control":["max-age=-1"],"Content-Length":["343"],"Content-Type":["application/json"],"Date":["Wed, 09 Jun 2021 15:10:21 GMT"],"Location":["https://acme.zerossl.com/v2/DV90/order/vLuglW6wgqbaAY5GMg056A"],"Replay-Nonce":["xThiYUSIBqrRBI5B3A7_f3UlwmRcohsHiBWbIfQUZG8"],"Retry-After":["15"],"Server":["nginx"],"Status":[""],"Strict-Transport-Security":["max-age=15552000"]}}
{"level":"debug","ts":1623251436.7821586,"logger":"tls.issuance.acme.acme_client","msg":"http request","method":"POST","url":"https://acme.zerossl.com/v2/DV90/order/vLuglW6wgqbaAY5GMg056A","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.4.1 CertMagic acmez (linux; amd64)"]},"status_code":200,"response_headers":{"Access-Control-Allow-Origin":["*"],"Cache-Control":["max-age=-1"],"Content-Length":["340"],"Content-Type":["application/json"],"Date":["Wed, 09 Jun 2021 15:10:36 GMT"],"Location":["https://acme.zerossl.com/v2/DV90/order/vLuglW6wgqbaAY5GMg056A"],"Replay-Nonce":["3GbgAGcSAPAJlU9oyq10JRPUEPq6eHtJiy44zxT9kU8"],"Server":["nginx"],"Status":[""],"Strict-Transport-Security":["max-age=15552000"]}}
{"level":"error","ts":1623251436.7836578,"logger":"tls.obtain","msg":"will retry","error":"[adv-shr-this-is-a-very-long-name-with-many-chars.westeurope.cloudapp.azure.com] Obtain: [adv-shr-this-is-a-very-long-name-with-many-chars.westeurope.cloudapp.azure.com] finalizing order https://acme.zerossl.com/v2/DV90/order/vLuglW6wgqbaAY5GMg056A: final order is invalid: <nil> (ca=https://acme.zerossl.com/v2/DV90)","attempt":1,"retrying_in":60,"elapsed":18.738007623,"max_duration":2592000}
{"level":"debug","ts":1623251497.2347658,"logger":"tls.issuance.acme.acme_client","msg":"http request","method":"HEAD","url":"https://acme.zerossl.com/v2/DV90/newNonce","headers":{"User-Agent":["Caddy/2.4.1 CertMagic acmez (linux; amd64)"]},"status_code":200,"response_headers":{"Access-Control-Allow-Origin":["*"],"Cache-Control":["max-age=-1"],"Content-Type":["application/octet-stream"],"Date":["Wed, 09 Jun 2021 15:11:37 GMT"],"Link":["<https://acme.zerossl.com/v2/DV90>;rel=\"index\""],"Replay-Nonce":["GPO5vssmfrsZb8NsphHaT9sFalVbQyEuvQrWbiIdKQ8"],"Server":["nginx"],"Strict-Transport-Security":["max-age=15552000"]}}
{"level":"debug","ts":1623251497.6922028,"logger":"tls.issuance.acme.acme_client","msg":"http request","method":"POST","url":"https://acme.zerossl.com/v2/DV90/newOrder","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.4.1 CertMagic acmez (linux; amd64)"]},"status_code":201,"response_headers":{"Access-Control-Allow-Origin":["*"],"Cache-Control":["max-age=0, no-cache, no-store","max-age=-1"],"Content-Length":["340"],"Content-Type":["application/json"],"Date":["Wed, 09 Jun 2021 15:11:37 GMT"],"Location":["https://acme.zerossl.com/v2/DV90/order/oIru4wG4GACkgQ4_I3V8pw"],"Replay-Nonce":["p6Wp8uNX5zq9IX7XkVeYT0YcACoyJvwB9rTDF3xJLkE"],"Server":["nginx"],"Status":[""],"Strict-Transport-Security":["max-age=15552000"]}}
{"level":"debug","ts":1623251498.1034775,"logger":"tls.issuance.acme.acme_client","msg":"http request","method":"POST","url":"https://acme.zerossl.com/v2/DV90/authz/G6F1wLcxp43YxFjU0slxJw","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.4.1 CertMagic acmez (linux; amd64)"]},"status_code":200,"response_headers":{"Access-Control-Allow-Origin":["*"],"Cache-Control":["max-age=-1"],"Content-Length":["508"],"Content-Type":["application/json"],"Date":["Wed, 09 Jun 2021 15:11:38 GMT"],"Link":["<https://acme.zerossl.com/v2/DV90>;rel=\"index\""],"Replay-Nonce":["y95Fq-oMO6hF8-HAgDKqpZcLfZrPuWmwl2rjEU0OUFU"],"Retry-After":["5"],"Server":["nginx"],"Strict-Transport-Security":["max-age=15552000"]}}
{"level":"debug","ts":1623251498.103671,"logger":"tls.issuance.acme.acme_client","msg":"no solver configured","challenge_type":"dns-01"}
{"level":"info","ts":1623251498.103697,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"adv-shr-this-is-a-very-long-name-with-many-chars.westeurope.cloudapp.azure.com","challenge_type":"http-01","ca":"https://acme.zerossl.com/v2/DV90"}
{"level":"debug","ts":1623251498.5154495,"logger":"tls.issuance.acme.acme_client","msg":"http request","method":"POST","url":"https://acme.zerossl.com/v2/DV90/chall/0JuFrZ7i6hCBS-PYA8gAiQ","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.4.1 CertMagic acmez (linux; amd64)"]},"status_code":200,"response_headers":{"Access-Control-Allow-Origin":["*"],"Cache-Control":["max-age=-1"],"Content-Length":["164"],"Content-Type":["application/json"],"Date":["Wed, 09 Jun 2021 15:11:38 GMT"],"Link":["<https://acme.zerossl.com/v2/DV90>;rel=\"index\"","<https://acme.zerossl.com/v2/DV90/authz/G6F1wLcxp43YxFjU0slxJw>;rel=\"up\""],"Replay-Nonce":["kvevl5mbu_7xobZ5wLq_s4Wd-E5HI7anlvwmnaT4lSw"],"Retry-After":["10"],"Server":["nginx"],"Strict-Transport-Security":["max-age=15552000"]}}
{"level":"debug","ts":1623251498.515614,"logger":"tls.issuance.acme.acme_client","msg":"challenge accepted","identifier":"adv-shr-this-is-a-very-long-name-with-many-chars.westeurope.cloudapp.azure.com","challenge_type":"http-01"}
{"level":"info","ts":1623251498.6413262,"logger":"tls.issuance.acme","msg":"served key authentication","identifier":"adv-shr-this-is-a-very-long-name-with-many-chars.westeurope.cloudapp.azure.com","challenge":"http-01","remote":"91.199.212.132:46022","distributed":false}
{"level":"debug","ts":1623251499.1502078,"logger":"tls.issuance.acme.acme_client","msg":"http request","method":"POST","url":"https://acme.zerossl.com/v2/DV90/authz/G6F1wLcxp43YxFjU0slxJw","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.4.1 CertMagic acmez (linux; amd64)"]},"status_code":200,"response_headers":{"Access-Control-Allow-Origin":["*"],"Cache-Control":["max-age=-1"],"Content-Length":["378"],"Content-Type":["application/json"],"Date":["Wed, 09 Jun 2021 15:11:39 GMT"],"Link":["<https://acme.zerossl.com/v2/DV90>;rel=\"index\""],"Replay-Nonce":["QT-YAt3LB8zt66JGl3NE7X2SMjjWVtHoqZHMECRfFNk"],"Retry-After":["5"],"Server":["nginx"],"Strict-Transport-Security":["max-age=15552000"]}}
{"level":"info","ts":1623251499.1505473,"logger":"tls.issuance.acme.acme_client","msg":"validations succeeded; finalizing order","order":"https://acme.zerossl.com/v2/DV90/order/oIru4wG4GACkgQ4_I3V8pw"}
{"level":"debug","ts":1623251499.5651095,"logger":"tls.issuance.acme.acme_client","msg":"http request","method":"POST","url":"https://acme.zerossl.com/v2/DV90/order/oIru4wG4GACkgQ4_I3V8pw/finalize","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.4.1 CertMagic acmez (linux; amd64)"]},"status_code":200,"response_headers":{"Access-Control-Allow-Origin":["*"],"Cache-Control":["max-age=-1"],"Content-Length":["343"],"Content-Type":["application/json"],"Date":["Wed, 09 Jun 2021 15:11:39 GMT"],"Location":["https://acme.zerossl.com/v2/DV90/order/oIru4wG4GACkgQ4_I3V8pw"],"Replay-Nonce":["kTZi_0M7xwDQNnJuPtuPQmSs-fLN-OZXpb-U2fAH-eo"],"Retry-After":["15"],"Server":["nginx"],"Status":[""],"Strict-Transport-Security":["max-age=15552000"]}}
{"level":"debug","ts":1623251514.974668,"logger":"tls.issuance.acme.acme_client","msg":"http request","method":"POST","url":"https://acme.zerossl.com/v2/DV90/order/oIru4wG4GACkgQ4_I3V8pw","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.4.1 CertMagic acmez (linux; amd64)"]},"status_code":200,"response_headers":{"Access-Control-Allow-Origin":["*"],"Cache-Control":["max-age=-1"],"Content-Length":["340"],"Content-Type":["application/json"],"Date":["Wed, 09 Jun 2021 15:11:54 GMT"],"Location":["https://acme.zerossl.com/v2/DV90/order/oIru4wG4GACkgQ4_I3V8pw"],"Replay-Nonce":["AQl3duWUCvv5UiqL88WB3noBe1i_Irfn2NW467rT0Yo"],"Server":["nginx"],"Status":[""],"Strict-Transport-Security":["max-age=15552000"]}}
{"level":"error","ts":1623251514.9749296,"logger":"tls.obtain","msg":"will retry","error":"[adv-shr-this-is-a-very-long-name-with-many-chars.westeurope.cloudapp.azure.com] Obtain: [adv-shr-this-is-a-very-long-name-with-many-chars.westeurope.cloudapp.azure.com] finalizing order https://acme.zerossl.com/v2/DV90/order/oIru4wG4GACkgQ4_I3V8pw: final order is invalid: <nil> (ca=https://acme.zerossl.com/v2/DV90)","attempt":2,"retrying_in":120,"elapsed":96.929279498,"max_duration":2592000}
{"level":"debug","ts":1623251635.4839494,"logger":"tls.issuance.acme.acme_client","msg":"http request","method":"HEAD","url":"https://acme.zerossl.com/v2/DV90/newNonce","headers":{"User-Agent":["Caddy/2.4.1 CertMagic acmez (linux; amd64)"]},"status_code":200,"response_headers":{"Access-Control-Allow-Origin":["*"],"Cache-Control":["max-age=-1"],"Content-Type":["application/octet-stream"],"Date":["Wed, 09 Jun 2021 15:13:55 GMT"],"Link":["<https://acme.zerossl.com/v2/DV90>;rel=\"index\""],"Replay-Nonce":["QfA9R7e-hu4p7rAzIgiNosQYb81UQyR_2GD26T3s7RE"],"Server":["nginx"],"Strict-Transport-Security":["max-age=15552000"]}}
{"level":"debug","ts":1623251635.9609659,"logger":"tls.issuance.acme.acme_client","msg":"http request","method":"POST","url":"https://acme.zerossl.com/v2/DV90/newOrder","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.4.1 CertMagic acmez (linux; amd64)"]},"status_code":201,"response_headers":{"Access-Control-Allow-Origin":["*"],"Cache-Control":["max-age=0, no-cache, no-store","max-age=-1"],"Content-Length":["340"],"Content-Type":["application/json"],"Date":["Wed, 09 Jun 2021 15:13:55 GMT"],"Location":["https://acme.zerossl.com/v2/DV90/order/C-vf9C90DqIZfxfRUTXwLw"],"Replay-Nonce":["kQg9cHXPMRSiM8FPi2bMtgz6pKNYNk3eRn9I2FHYy-A"],"Server":["nginx"],"Status":[""],"Strict-Transport-Security":["max-age=15552000"]}}
{"level":"debug","ts":1623251636.5822463,"logger":"tls.issuance.acme.acme_client","msg":"http request","method":"POST","url":"https://acme.zerossl.com/v2/DV90/authz/8mFa-ieQRTAE0IpP3M23lg","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.4.1 CertMagic acmez (linux; amd64)"]},"status_code":200,"response_headers":{"Access-Control-Allow-Origin":["*"],"Cache-Control":["max-age=-1"],"Content-Length":["508"],"Content-Type":["application/json"],"Date":["Wed, 09 Jun 2021 15:13:56 GMT"],"Link":["<https://acme.zerossl.com/v2/DV90>;rel=\"index\""],"Replay-Nonce":["NOCpU2M56caLzkVJHti-QDucR2bsFjkQeXIAMoVOlCM"],"Retry-After":["5"],"Server":["nginx"],"Strict-Transport-Security":["max-age=15552000"]}}
{"level":"debug","ts":1623251636.582459,"logger":"tls.issuance.acme.acme_client","msg":"no solver configured","challenge_type":"dns-01"}
{"level":"info","ts":1623251636.582493,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"adv-shr-this-is-a-very-long-name-with-many-chars.westeurope.cloudapp.azure.com","challenge_type":"http-01","ca":"https://acme.zerossl.com/v2/DV90"}
{"level":"debug","ts":1623251637.2832394,"logger":"tls.issuance.acme.acme_client","msg":"http request","method":"POST","url":"https://acme.zerossl.com/v2/DV90/chall/KX3uYKYah4316Cap7_csZQ","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.4.1 CertMagic acmez (linux; amd64)"]},"status_code":200,"response_headers":{"Access-Control-Allow-Origin":["*"],"Cache-Control":["max-age=-1"],"Content-Length":["164"],"Content-Type":["application/json"],"Date":["Wed, 09 Jun 2021 15:13:57 GMT"],"Link":["<https://acme.zerossl.com/v2/DV90>;rel=\"index\"","<https://acme.zerossl.com/v2/DV90/authz/8mFa-ieQRTAE0IpP3M23lg>;rel=\"up\""],"Replay-Nonce":["tBgAnetCokdbp53m8Krz8pLF0UDo0ewEb5PeFhVKD5A"],"Retry-After":["10"],"Server":["nginx"],"Strict-Transport-Security":["max-age=15552000"]}}
{"level":"debug","ts":1623251637.283376,"logger":"tls.issuance.acme.acme_client","msg":"challenge accepted","identifier":"adv-shr-this-is-a-very-long-name-with-many-chars.westeurope.cloudapp.azure.com","challenge_type":"http-01"}
{"level":"info","ts":1623251637.3965962,"logger":"tls.issuance.acme","msg":"served key authentication","identifier":"adv-shr-this-is-a-very-long-name-with-many-chars.westeurope.cloudapp.azure.com","challenge":"http-01","remote":"91.199.212.132:51794","distributed":false}
{"level":"debug","ts":1623251638.4777198,"logger":"tls.issuance.acme.acme_client","msg":"http request","method":"POST","url":"https://acme.zerossl.com/v2/DV90/authz/8mFa-ieQRTAE0IpP3M23lg","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.4.1 CertMagic acmez (linux; amd64)"]},"status_code":200,"response_headers":{"Access-Control-Allow-Origin":["*"],"Cache-Control":["max-age=-1"],"Content-Length":["378"],"Content-Type":["application/json"],"Date":["Wed, 09 Jun 2021 15:13:58 GMT"],"Link":["<https://acme.zerossl.com/v2/DV90>;rel=\"index\""],"Replay-Nonce":["TlekZQMjC_xhRRpRGIBnbFbfen02W-VEn92oYs5CU6g"],"Retry-After":["5"],"Server":["nginx"],"Strict-Transport-Security":["max-age=15552000"]}}
{"level":"info","ts":1623251638.4780781,"logger":"tls.issuance.acme.acme_client","msg":"validations succeeded; finalizing order","order":"https://acme.zerossl.com/v2/DV90/order/C-vf9C90DqIZfxfRUTXwLw"}
{"level":"debug","ts":1623251639.1042376,"logger":"tls.issuance.acme.acme_client","msg":"http request","method":"POST","url":"https://acme.zerossl.com/v2/DV90/order/C-vf9C90DqIZfxfRUTXwLw/finalize","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.4.1 CertMagic acmez (linux; amd64)"]},"status_code":200,"response_headers":{"Access-Control-Allow-Origin":["*"],"Cache-Control":["max-age=-1"],"Content-Length":["343"],"Content-Type":["application/json"],"Date":["Wed, 09 Jun 2021 15:13:59 GMT"],"Location":["https://acme.zerossl.com/v2/DV90/order/C-vf9C90DqIZfxfRUTXwLw"],"Replay-Nonce":["kQf3YfcYdir-R9bQBotemIi-mTy-hgN_W35-NfxLHXA"],"Retry-After":["15"],"Server":["nginx"],"Status":[""],"Strict-Transport-Security":["max-age=15552000"]}}
{"level":"debug","ts":1623251654.50661,"logger":"tls.issuance.acme.acme_client","msg":"http request","method":"POST","url":"https://acme.zerossl.com/v2/DV90/order/C-vf9C90DqIZfxfRUTXwLw","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.4.1 CertMagic acmez (linux; amd64)"]},"status_code":200,"response_headers":{"Access-Control-Allow-Origin":["*"],"Cache-Control":["max-age=-1"],"Content-Length":["340"],"Content-Type":["application/json"],"Date":["Wed, 09 Jun 2021 15:14:14 GMT"],"Location":["https://acme.zerossl.com/v2/DV90/order/C-vf9C90DqIZfxfRUTXwLw"],"Replay-Nonce":["6Q2v1N783g8S-IdF4IieJCOlRKA-M7TJrxUEDUg-_j0"],"Server":["nginx"],"Status":[""],"Strict-Transport-Security":["max-age=15552000"]}}
{"level":"error","ts":1623251654.5068607,"logger":"tls.obtain","msg":"will retry","error":"[adv-shr-this-is-a-very-long-name-with-many-chars.westeurope.cloudapp.azure.com] Obtain: [adv-shr-this-is-a-very-long-name-with-many-chars.westeurope.cloudapp.azure.com] finalizing order https://acme.zerossl.com/v2/DV90/order/C-vf9C90DqIZfxfRUTXwLw: final order is invalid: <nil> (ca=https://acme.zerossl.com/v2/DV90)","attempt":3,"retrying_in":120,"elapsed":236.461209967,"max_duration":2592000}
{"level":"debug","ts":1623251774.9379306,"logger":"tls.issuance.acme.acme_client","msg":"http request","method":"HEAD","url":"https://acme.zerossl.com/v2/DV90/newNonce","headers":{"User-Agent":["Caddy/2.4.1 CertMagic acmez (linux; amd64)"]},"status_code":200,"response_headers":{"Access-Control-Allow-Origin":["*"],"Cache-Control":["max-age=-1"],"Content-Type":["application/octet-stream"],"Date":["Wed, 09 Jun 2021 15:16:14 GMT"],"Link":["<https://acme.zerossl.com/v2/DV90>;rel=\"index\""],"Replay-Nonce":["Gcs_lFpdjyz3yO-VMmSDRyDAADlrfJ-g8jrLlj_pZFE"],"Server":["nginx"],"Strict-Transport-Security":["max-age=15552000"]}}
{"level":"debug","ts":1623251775.3569002,"logger":"tls.issuance.acme.acme_client","msg":"http request","method":"POST","url":"https://acme.zerossl.com/v2/DV90/newOrder","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.4.1 CertMagic acmez (linux; amd64)"]},"status_code":201,"response_headers":{"Access-Control-Allow-Origin":["*"],"Cache-Control":["max-age=0, no-cache, no-store","max-age=-1"],"Content-Length":["340"],"Content-Type":["application/json"],"Date":["Wed, 09 Jun 2021 15:16:15 GMT"],"Location":["https://acme.zerossl.com/v2/DV90/order/QAUpeO__DiyuYFffVu7OlA"],"Replay-Nonce":["7-m_LsDTaTNTjHPCuRD-ck68ZCoq0WPTRqv-BAQ0cIk"],"Server":["nginx"],"Status":[""],"Strict-Transport-Security":["max-age=15552000"]}}

5. What I already tried:

6. Links to relevant resources:

2

Logs part 2:

{"level":"debug","ts":1623251775.7105982,"logger":"tls.issuance.acme.acme_client","msg":"http request","method":"POST","url":"https://acme.zerossl.com/v2/DV90/authz/ye2cafWuLKdx6sbOXkBaCw","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.4.1 CertMagic acmez (linux; amd64)"]},"status_code":200,"response_headers":{"Access-Control-Allow-Origin":["*"],"Cache-Control":["max-age=-1"],"Content-Length":["508"],"Content-Type":["application/json"],"Date":["Wed, 09 Jun 2021 15:16:15 GMT"],"Link":["<https://acme.zerossl.com/v2/DV90>;rel=\"index\""],"Replay-Nonce":["ID_nzU0jl7kulsmh1VQyeGp88YeKnrR9jRBwUOlwQVk"],"Retry-After":["5"],"Server":["nginx"],"Strict-Transport-Security":["max-age=15552000"]}}
{"level":"debug","ts":1623251775.710979,"logger":"tls.issuance.acme.acme_client","msg":"no solver configured","challenge_type":"dns-01"}
{"level":"info","ts":1623251775.7110102,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"adv-shr-this-is-a-very-long-name-with-many-chars.westeurope.cloudapp.azure.com","challenge_type":"http-01","ca":"https://acme.zerossl.com/v2/DV90"}
{"level":"debug","ts":1623251776.075386,"logger":"tls.issuance.acme.acme_client","msg":"http request","method":"POST","url":"https://acme.zerossl.com/v2/DV90/chall/510wEZA8ZQBh2NWzqRdQMg","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.4.1 CertMagic acmez (linux; amd64)"]},"status_code":200,"response_headers":{"Access-Control-Allow-Origin":["*"],"Cache-Control":["max-age=-1"],"Content-Length":["164"],"Content-Type":["application/json"],"Date":["Wed, 09 Jun 2021 15:16:16 GMT"],"Link":["<https://acme.zerossl.com/v2/DV90>;rel=\"index\"","<https://acme.zerossl.com/v2/DV90/authz/ye2cafWuLKdx6sbOXkBaCw>;rel=\"up\""],"Replay-Nonce":["LebNvakBQv2TXPATIVO0DOhi5_aO40ce7aDhFYT4z2U"],"Retry-After":["10"],"Server":["nginx"],"Strict-Transport-Security":["max-age=15552000"]}}
{"level":"debug","ts":1623251776.0755193,"logger":"tls.issuance.acme.acme_client","msg":"challenge accepted","identifier":"adv-shr-this-is-a-very-long-name-with-many-chars.westeurope.cloudapp.azure.com","challenge_type":"http-01"}
{"level":"info","ts":1623251776.2374177,"logger":"tls.issuance.acme","msg":"served key authentication","identifier":"adv-shr-this-is-a-very-long-name-with-many-chars.westeurope.cloudapp.azure.com","challenge":"http-01","remote":"91.199.212.132:60524","distributed":false}
{"level":"debug","ts":1623251776.6981292,"logger":"tls.issuance.acme.acme_client","msg":"http request","method":"POST","url":"https://acme.zerossl.com/v2/DV90/authz/ye2cafWuLKdx6sbOXkBaCw","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.4.1 CertMagic acmez (linux; amd64)"]},"status_code":200,"response_headers":{"Access-Control-Allow-Origin":["*"],"Cache-Control":["max-age=-1"],"Content-Length":["378"],"Content-Type":["application/json"],"Date":["Wed, 09 Jun 2021 15:16:16 GMT"],"Link":["<https://acme.zerossl.com/v2/DV90>;rel=\"index\""],"Replay-Nonce":["ACtQ1unPyA_pMbmw6X_1sbEk6W10WOMYDI0naVgpMsA"],"Retry-After":["5"],"Server":["nginx"],"Strict-Transport-Security":["max-age=15552000"]}}
{"level":"info","ts":1623251776.698543,"logger":"tls.issuance.acme.acme_client","msg":"validations succeeded; finalizing order","order":"https://acme.zerossl.com/v2/DV90/order/QAUpeO__DiyuYFffVu7OlA"}
{"level":"debug","ts":1623251777.0798335,"logger":"tls.issuance.acme.acme_client","msg":"http request","method":"POST","url":"https://acme.zerossl.com/v2/DV90/order/QAUpeO__DiyuYFffVu7OlA/finalize","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.4.1 CertMagic acmez (linux; amd64)"]},"status_code":200,"response_headers":{"Access-Control-Allow-Origin":["*"],"Cache-Control":["max-age=-1"],"Content-Length":["343"],"Content-Type":["application/json"],"Date":["Wed, 09 Jun 2021 15:16:17 GMT"],"Location":["https://acme.zerossl.com/v2/DV90/order/QAUpeO__DiyuYFffVu7OlA"],"Replay-Nonce":["_HwtoHfxbiyb1k0_PGpsNU8liwiBpwxZF-rtfd62Jq4"],"Retry-After":["15"],"Server":["nginx"],"Status":[""],"Strict-Transport-Security":["max-age=15552000"]}}
{"level":"debug","ts":1623251793.1192217,"logger":"tls.issuance.acme.acme_client","msg":"http request","method":"POST","url":"https://acme.zerossl.com/v2/DV90/order/QAUpeO__DiyuYFffVu7OlA","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.4.1 CertMagic acmez (linux; amd64)"]},"status_code":200,"response_headers":{"Access-Control-Allow-Origin":["*"],"Cache-Control":["max-age=-1"],"Content-Length":["340"],"Content-Type":["application/json"],"Date":["Wed, 09 Jun 2021 15:16:33 GMT"],"Location":["https://acme.zerossl.com/v2/DV90/order/QAUpeO__DiyuYFffVu7OlA"],"Replay-Nonce":["eE572a9B3vwOgNc4jI2uV61_hSrt2Gjaig_-frqTXcs"],"Server":["nginx"],"Status":[""],"Strict-Transport-Security":["max-age=15552000"]}}
{"level":"error","ts":1623251793.1194627,"logger":"tls.obtain","msg":"will retry","error":"[adv-shr-this-is-a-very-long-name-with-many-chars.westeurope.cloudapp.azure.com] Obtain: [adv-shr-this-is-a-very-long-name-with-many-chars.westeurope.cloudapp.azure.com] finalizing order https://acme.zerossl.com/v2/DV90/order/QAUpeO__DiyuYFffVu7OlA: final order is invalid: <nil> (ca=https://acme.zerossl.com/v2/DV90)","attempt":4,"retrying_in":300,"elapsed":375.073811141,"max_duration":2592000}
{"level":"debug","ts":1623251973.8867247,"logger":"http.stdlib","msg":"http: TLS handshake error from 159.89.152.193:54350: no certificate available for 'adv-shr-this-is-a-very-long-name-with-many-chars.westeurope.cloudapp.azure.com'"}
{"level":"debug","ts":1623252007.4840112,"logger":"http.stdlib","msg":"http: TLS handshake error from 20.101.68.227:34214: no certificate available for 'adv-shr-this-is-a-very-long-name-with-many-chars.westeurope.cloudapp.azure.com'"}
{"level":"debug","ts":1623252093.7114303,"logger":"tls.issuance.acme.acme_client","msg":"http request","method":"HEAD","url":"https://acme.zerossl.com/v2/DV90/newNonce","headers":{"User-Agent":["Caddy/2.4.1 CertMagic acmez (linux; amd64)"]},"status_code":200,"response_headers":{"Access-Control-Allow-Origin":["*"],"Cache-Control":["max-age=-1"],"Content-Type":["application/octet-stream"],"Date":["Wed, 09 Jun 2021 15:21:33 GMT"],"Link":["<https://acme.zerossl.com/v2/DV90>;rel=\"index\""],"Replay-Nonce":["fijylNGYgZPgb_YlNCU_XJ3k8CxIjXujS-Z8oH3saEg"],"Server":["nginx"],"Strict-Transport-Security":["max-age=15552000"]}}
{"level":"debug","ts":1623252094.2400632,"logger":"tls.issuance.acme.acme_client","msg":"http request","method":"POST","url":"https://acme.zerossl.com/v2/DV90/newOrder","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.4.1 CertMagic acmez (linux; amd64)"]},"status_code":201,"response_headers":{"Access-Control-Allow-Origin":["*"],"Cache-Control":["max-age=0, no-cache, no-store","max-age=-1"],"Content-Length":["340"],"Content-Type":["application/json"],"Date":["Wed, 09 Jun 2021 15:21:34 GMT"],"Location":["https://acme.zerossl.com/v2/DV90/order/LFpA9EEZ_12EGIVk74yBGg"],"Replay-Nonce":["afQhoIIw6NvzR1Ai5JTfjDcpGKjsX-pWqk39krSojro"],"Server":["nginx"],"Status":[""],"Strict-Transport-Security":["max-age=15552000"]}}
{"level":"debug","ts":1623252094.654953,"logger":"tls.issuance.acme.acme_client","msg":"http request","method":"POST","url":"https://acme.zerossl.com/v2/DV90/authz/TtM2VlsQR6lrYVbj1ABQvA","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.4.1 CertMagic acmez (linux; amd64)"]},"status_code":200,"response_headers":{"Access-Control-Allow-Origin":["*"],"Cache-Control":["max-age=-1"],"Content-Length":["508"],"Content-Type":["application/json"],"Date":["Wed, 09 Jun 2021 15:21:34 GMT"],"Link":["<https://acme.zerossl.com/v2/DV90>;rel=\"index\""],"Replay-Nonce":["s06O6qmMGzG9HuCKWnUgrC3KvwOstYz8gT0nGIq5Gao"],"Retry-After":["5"],"Server":["nginx"],"Strict-Transport-Security":["max-age=15552000"]}}
{"level":"debug","ts":1623252094.6552207,"logger":"tls.issuance.acme.acme_client","msg":"no solver configured","challenge_type":"dns-01"}
{"level":"info","ts":1623252094.6552482,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"adv-shr-this-is-a-very-long-name-with-many-chars.westeurope.cloudapp.azure.com","challenge_type":"http-01","ca":"https://acme.zerossl.com/v2/DV90"}
{"level":"debug","ts":1623252095.0252342,"logger":"tls.issuance.acme.acme_client","msg":"http request","method":"POST","url":"https://acme.zerossl.com/v2/DV90/chall/JA0cG69HWUM1fRMNPQP6ew","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.4.1 CertMagic acmez (linux; amd64)"]},"status_code":200,"response_headers":{"Access-Control-Allow-Origin":["*"],"Cache-Control":["max-age=-1"],"Content-Length":["164"],"Content-Type":["application/json"],"Date":["Wed, 09 Jun 2021 15:21:35 GMT"],"Link":["<https://acme.zerossl.com/v2/DV90>;rel=\"index\"","<https://acme.zerossl.com/v2/DV90/authz/TtM2VlsQR6lrYVbj1ABQvA>;rel=\"up\""],"Replay-Nonce":["7gFN69pFOSzAdfxoMA3zbZ8pfMo1SVQuyrLwV3ArOYU"],"Retry-After":["10"],"Server":["nginx"],"Strict-Transport-Security":["max-age=15552000"]}}
{"level":"debug","ts":1623252095.0259476,"logger":"tls.issuance.acme.acme_client","msg":"challenge accepted","identifier":"adv-shr-this-is-a-very-long-name-with-many-chars.westeurope.cloudapp.azure.com","challenge_type":"http-01"}
{"level":"info","ts":1623252095.4391644,"logger":"tls.issuance.acme","msg":"served key authentication","identifier":"adv-shr-this-is-a-very-long-name-with-many-chars.westeurope.cloudapp.azure.com","challenge":"http-01","remote":"91.199.212.132:38010","distributed":false}
{"level":"debug","ts":1623252095.6591296,"logger":"tls.issuance.acme.acme_client","msg":"http request","method":"POST","url":"https://acme.zerossl.com/v2/DV90/authz/TtM2VlsQR6lrYVbj1ABQvA","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.4.1 CertMagic acmez (linux; amd64)"]},"status_code":200,"response_headers":{"Access-Control-Allow-Origin":["*"],"Cache-Control":["max-age=-1"],"Content-Length":["378"],"Content-Type":["application/json"],"Date":["Wed, 09 Jun 2021 15:21:35 GMT"],"Link":["<https://acme.zerossl.com/v2/DV90>;rel=\"index\""],"Replay-Nonce":["4SL1isZvdsj_H40r3uxNx9WVEF740-jWSVxMPpJwD78"],"Retry-After":["5"],"Server":["nginx"],"Strict-Transport-Security":["max-age=15552000"]}}
{"level":"info","ts":1623252095.6595094,"logger":"tls.issuance.acme.acme_client","msg":"validations succeeded; finalizing order","order":"https://acme.zerossl.com/v2/DV90/order/LFpA9EEZ_12EGIVk74yBGg"}
{"level":"debug","ts":1623252096.0508852,"logger":"tls.issuance.acme.acme_client","msg":"http request","method":"POST","url":"https://acme.zerossl.com/v2/DV90/order/LFpA9EEZ_12EGIVk74yBGg/finalize","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.4.1 CertMagic acmez (linux; amd64)"]},"status_code":200,"response_headers":{"Access-Control-Allow-Origin":["*"],"Cache-Control":["max-age=-1"],"Content-Length":["343"],"Content-Type":["application/json"],"Date":["Wed, 09 Jun 2021 15:21:36 GMT"],"Location":["https://acme.zerossl.com/v2/DV90/order/LFpA9EEZ_12EGIVk74yBGg"],"Replay-Nonce":["kvdUpcQv0mAfUbWDrCxDnU2_0lCnIUCXKFc6MZ4oa_U"],"Retry-After":["15"],"Server":["nginx"],"Status":[""],"Strict-Transport-Security":["max-age=15552000"]}}
{"level":"debug","ts":1623252111.4320643,"logger":"tls.issuance.acme.acme_client","msg":"http request","method":"POST","url":"https://acme.zerossl.com/v2/DV90/order/LFpA9EEZ_12EGIVk74yBGg","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.4.1 CertMagic acmez (linux; amd64)"]},"status_code":200,"response_headers":{"Access-Control-Allow-Origin":["*"],"Cache-Control":["max-age=-1"],"Content-Length":["340"],"Content-Type":["application/json"],"Date":["Wed, 09 Jun 2021 15:21:51 GMT"],"Location":["https://acme.zerossl.com/v2/DV90/order/LFpA9EEZ_12EGIVk74yBGg"],"Replay-Nonce":["UhkBTKHgkK6zg_iJPQL46KonuApeEi5Cvo1SDiQClHk"],"Server":["nginx"],"Status":[""],"Strict-Transport-Security":["max-age=15552000"]}}
{"level":"error","ts":1623252111.4323277,"logger":"tls.obtain","msg":"will retry","error":"[adv-shr-this-is-a-very-long-name-with-many-chars.westeurope.cloudapp.azure.com] Obtain: [adv-shr-this-is-a-very-long-name-with-many-chars.westeurope.cloudapp.azure.com] finalizing order https://acme.zerossl.com/v2/DV90/order/LFpA9EEZ_12EGIVk74yBGg: final order is invalid: <nil> (ca=https://acme.zerossl.com/v2/DV90)","attempt":5,"retrying_in":600,"elapsed":693.386677707,"max_duration":2592000}
3

Hi Alexander,

I just asked ZeroSSL about this, and apparently itā€™s a known issue theyā€™re working on fixing for long domain names.

In the meantime you can probably get a cert from Letā€™s Encrypt.

It is a bit peculiar that it goes straight to ZeroSSL though, I think it should still be trying LE first. :thinking:

1 Like
4

I forced it to use ZeroSSL, by setting the acme_ca domain.

Regarding Letā€™s Encrypt: just 3 years ago, it didnā€™t work there, according to A certificate for a 63-character domain - Help - Let's Encrypt Community Support

Going to give it a try now. Maybe things have changed since then.

5

Really? Where? I must be blind because I donā€™t see that in your config.

6

Oh.
Copy and paste mistake.

Caddyfile:

{
        acme_ca https://acme.zerossl.com/v2/DV90
        email alexander@skwar.me
        admin off
        debug
}

{$DOMAIN}:443

encode zstd gzip

log {
        level INFO
        output file /data/access.log {
                roll_size 10MB
                roll_keep 10
        }
}

handle_path /elasticsearch* {
        basicauth bcrypt Elasticsearch {
                import elasticsearch.auth.*
        }

        reverse_proxy http://elasticsearch:9200
}

handle_path /kibana* {
        basicauth bcrypt kibana {
                import kibana.auth.*
        }

        reverse_proxy http://kibana:5601
}

It also fails with Letā€™s Encrypt - I now really have removed the acme_ca line, so that Caddy tries both CAs:

{"level":"info","ts":1623253668.8010874,"msg":"using provided configuration","config_file":"/etc/caddy/Caddyfile","config_adapter":"caddyfile"}
{"level":"warn","ts":1623253668.8098752,"msg":"input is not formatted with 'caddy fmt'","adapter":"caddyfile","file":"/etc/caddy/Caddyfile","line":2}
{"level":"warn","ts":1623253668.8117285,"logger":"admin","msg":"admin endpoint disabled"}
{"level":"info","ts":1623253668.8131232,"logger":"http","msg":"server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS","server_name":"srv0","https_port":443}
{"level":"info","ts":1623253668.8131697,"logger":"http","msg":"enabling automatic HTTP->HTTPS redirects","server_name":"srv0"}
{"level":"info","ts":1623253668.828571,"logger":"tls.cache.maintenance","msg":"started background certificate maintenance","cache":"0xc000334310"}
{"level":"debug","ts":1623253673.4997709,"logger":"http","msg":"starting server loop","address":"[::]:443","http3":false,"tls":true}
{"level":"debug","ts":1623253673.5049827,"logger":"http","msg":"starting server loop","address":"[::]:80","http3":false,"tls":false}
{"level":"info","ts":1623253673.505014,"logger":"http","msg":"enabling automatic TLS certificate management","domains":["adv-shr-this-is-a-very-long-name-with-many-chars.westeurope.cloudapp.azure.com"]}
{"level":"info","ts":1623253673.5059257,"msg":"autosaved config (load with --resume flag)","file":"/config/caddy/autosave.json"}
{"level":"info","ts":1623253673.5059454,"msg":"serving initial configuration"}
{"level":"info","ts":1623253673.5060015,"logger":"tls","msg":"cleaning storage unit","description":"FileStorage:/data/caddy"}
{"level":"info","ts":1623253673.5197163,"logger":"tls.obtain","msg":"acquiring lock","identifier":"adv-shr-this-is-a-very-long-name-with-many-chars.westeurope.cloudapp.azure.com"}
{"level":"info","ts":1623253673.521489,"logger":"tls","msg":"finished cleaning storage units"}
{"level":"info","ts":1623253673.5372322,"logger":"tls.obtain","msg":"lock acquired","identifier":"adv-shr-this-is-a-very-long-name-with-many-chars.westeurope.cloudapp.azure.com"}
{"level":"debug","ts":1623253674.3535638,"logger":"tls.issuance.acme.acme_client","msg":"http request","method":"GET","url":"https://acme-v02.api.letsencrypt.org/directory","headers":{"User-Agent":["Caddy/2.4.1 CertMagic acmez (linux; amd64)"]},"status_code":200,"response_headers":{"Cache-Control":["public, max-age=0, no-cache"],"Content-Length":["658"],"Content-Type":["application/json"],"Date":["Wed, 09 Jun 2021 15:47:54 GMT"],"Server":["nginx"],"Strict-Transport-Security":["max-age=604800"],"X-Frame-Options":["DENY"]}}
{"level":"debug","ts":1623253674.489307,"logger":"tls.issuance.acme.acme_client","msg":"http request","method":"HEAD","url":"https://acme-v02.api.letsencrypt.org/acme/new-nonce","headers":{"User-Agent":["Caddy/2.4.1 CertMagic acmez (linux; amd64)"]},"status_code":200,"response_headers":{"Cache-Control":["public, max-age=0, no-cache"],"Date":["Wed, 09 Jun 2021 15:47:54 GMT"],"Link":["<https://acme-v02.api.letsencrypt.org/directory>;rel=\"index\""],"Replay-Nonce":["0004K-YgLVu9sC4niZIc8-HSQyQ7QYp24ZV4FDYPKgMWXY0"],"Server":["nginx"],"Strict-Transport-Security":["max-age=604800"],"X-Frame-Options":["DENY"]}}
{"level":"debug","ts":1623253674.704439,"logger":"tls.issuance.acme.acme_client","msg":"http request","method":"POST","url":"https://acme-v02.api.letsencrypt.org/acme/new-acct","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.4.1 CertMagic acmez (linux; amd64)"]},"status_code":201,"response_headers":{"Boulder-Requester":["126527652"],"Cache-Control":["public, max-age=0, no-cache"],"Content-Length":["315"],"Content-Type":["application/json"],"Date":["Wed, 09 Jun 2021 15:47:54 GMT"],"Link":["<https://acme-v02.api.letsencrypt.org/directory>;rel=\"index\"","<https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf>;rel=\"terms-of-service\""],"Location":["https://acme-v02.api.letsencrypt.org/acme/acct/126527652"],"Replay-Nonce":["0003HphF0pYQRtd7uS0-ancJy-p8LQcLGs8nLNvrakfx5JU"],"Server":["nginx"],"Strict-Transport-Security":["max-age=604800"],"X-Frame-Options":["DENY"]}}
{"level":"info","ts":1623253674.705236,"logger":"tls.issuance.acme","msg":"waiting on internal rate limiter","identifiers":["adv-shr-this-is-a-very-long-name-with-many-chars.westeurope.cloudapp.azure.com"]}
{"level":"info","ts":1623253674.7052631,"logger":"tls.issuance.acme","msg":"done waiting on internal rate limiter","identifiers":["adv-shr-this-is-a-very-long-name-with-many-chars.westeurope.cloudapp.azure.com"]}
{"level":"debug","ts":1623253674.854176,"logger":"tls.issuance.acme.acme_client","msg":"http request","method":"POST","url":"https://acme-v02.api.letsencrypt.org/acme/new-order","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.4.1 CertMagic acmez (linux; amd64)"]},"status_code":400,"response_headers":{"Boulder-Requester":["126527652"],"Cache-Control":["public, max-age=0, no-cache"],"Content-Length":["158"],"Content-Type":["application/problem+json"],"Date":["Wed, 09 Jun 2021 15:47:54 GMT"],"Link":["<https://acme-v02.api.letsencrypt.org/directory>;rel=\"index\""],"Replay-Nonce":["0003wcSmbzUxD0_JI-CPLWJt-dXD8FYjT7P3Pz4ncbK2p_0"],"Server":["nginx"]}}
{"level":"info","ts":1623253674.8565454,"logger":"tls.issuance.acme","msg":"waiting on internal rate limiter","identifiers":["adv-shr-this-is-a-very-long-name-with-many-chars.westeurope.cloudapp.azure.com"]}
{"level":"info","ts":1623253674.856609,"logger":"tls.issuance.acme","msg":"done waiting on internal rate limiter","identifiers":["adv-shr-this-is-a-very-long-name-with-many-chars.westeurope.cloudapp.azure.com"]}
{"level":"debug","ts":1623253675.3146286,"logger":"tls.issuance.acme.acme_client","msg":"http request","method":"GET","url":"https://acme.zerossl.com/v2/DV90","headers":{"User-Agent":["Caddy/2.4.1 CertMagic acmez (linux; amd64)"]},"status_code":200,"response_headers":{"Access-Control-Allow-Origin":["*"],"Cache-Control":["max-age=-1"],"Content-Length":["645"],"Content-Type":["application/json"],"Date":["Wed, 09 Jun 2021 15:47:55 GMT"],"Server":["nginx"],"Strict-Transport-Security":["max-age=15552000"]}}
{"level":"debug","ts":1623253675.6621923,"logger":"tls.issuance.acme.acme_client","msg":"http request","method":"HEAD","url":"https://acme.zerossl.com/v2/DV90/newNonce","headers":{"User-Agent":["Caddy/2.4.1 CertMagic acmez (linux; amd64)"]},"status_code":200,"response_headers":{"Access-Control-Allow-Origin":["*"],"Cache-Control":["max-age=-1"],"Content-Type":["application/octet-stream"],"Date":["Wed, 09 Jun 2021 15:47:55 GMT"],"Link":["<https://acme.zerossl.com/v2/DV90>;rel=\"index\""],"Replay-Nonce":["ERuqBNO-YIwTk8gbXXmU6gWTtz0o_eRRNYvel1YtiME"],"Server":["nginx"],"Strict-Transport-Security":["max-age=15552000"]}}
{"level":"debug","ts":1623253676.0828393,"logger":"tls.issuance.acme.acme_client","msg":"http request","method":"POST","url":"https://acme.zerossl.com/v2/DV90/newOrder","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.4.1 CertMagic acmez (linux; amd64)"]},"status_code":201,"response_headers":{"Access-Control-Allow-Origin":["*"],"Cache-Control":["max-age=0, no-cache, no-store","max-age=-1"],"Content-Length":["340"],"Content-Type":["application/json"],"Date":["Wed, 09 Jun 2021 15:47:56 GMT"],"Location":["https://acme.zerossl.com/v2/DV90/order/0uPS-q6gGrBVghd-7QLXKw"],"Replay-Nonce":["RGtg6f4OHqszt9H9kHvqVKX37Ewo3tRP8_jk5Xmk9Og"],"Server":["nginx"],"Status":[""],"Strict-Transport-Security":["max-age=15552000"]}}
{"level":"debug","ts":1623253676.443431,"logger":"tls.issuance.acme.acme_client","msg":"http request","method":"POST","url":"https://acme.zerossl.com/v2/DV90/authz/Ng7v8lMNiQatZsQblaUxZg","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.4.1 CertMagic acmez (linux; amd64)"]},"status_code":200,"response_headers":{"Access-Control-Allow-Origin":["*"],"Cache-Control":["max-age=-1"],"Content-Length":["508"],"Content-Type":["application/json"],"Date":["Wed, 09 Jun 2021 15:47:56 GMT"],"Link":["<https://acme.zerossl.com/v2/DV90>;rel=\"index\""],"Replay-Nonce":["IhcRRg459geY6BymQvo_vLH6Iduh6OmLqzLOsvMQ8eU"],"Retry-After":["5"],"Server":["nginx"],"Strict-Transport-Security":["max-age=15552000"]}}
{"level":"debug","ts":1623253676.4447467,"logger":"tls.issuance.acme.acme_client","msg":"no solver configured","challenge_type":"dns-01"}
{"level":"info","ts":1623253676.4454005,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"adv-shr-this-is-a-very-long-name-with-many-chars.westeurope.cloudapp.azure.com","challenge_type":"http-01","ca":"https://acme.zerossl.com/v2/DV90"}
{"level":"debug","ts":1623253676.8152056,"logger":"tls.issuance.acme.acme_client","msg":"http request","method":"POST","url":"https://acme.zerossl.com/v2/DV90/chall/HiPBJ7HLTFqOdjDVHOkK-g","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.4.1 CertMagic acmez (linux; amd64)"]},"status_code":200,"response_headers":{"Access-Control-Allow-Origin":["*"],"Cache-Control":["max-age=-1"],"Content-Length":["164"],"Content-Type":["application/json"],"Date":["Wed, 09 Jun 2021 15:47:56 GMT"],"Link":["<https://acme.zerossl.com/v2/DV90>;rel=\"index\"","<https://acme.zerossl.com/v2/DV90/authz/Ng7v8lMNiQatZsQblaUxZg>;rel=\"up\""],"Replay-Nonce":["FuuH0Xr8C0pvTB600p2KlExOPcXPfuTqQbyJgQQFxQY"],"Retry-After":["10"],"Server":["nginx"],"Strict-Transport-Security":["max-age=15552000"]}}
{"level":"debug","ts":1623253676.8165672,"logger":"tls.issuance.acme.acme_client","msg":"challenge accepted","identifier":"adv-shr-this-is-a-very-long-name-with-many-chars.westeurope.cloudapp.azure.com","challenge_type":"http-01"}
{"level":"info","ts":1623253676.9626443,"logger":"tls.issuance.acme","msg":"served key authentication","identifier":"adv-shr-this-is-a-very-long-name-with-many-chars.westeurope.cloudapp.azure.com","challenge":"http-01","remote":"91.199.212.132:35666","distributed":false}
{"level":"debug","ts":1623253677.449481,"logger":"tls.issuance.acme.acme_client","msg":"http request","method":"POST","url":"https://acme.zerossl.com/v2/DV90/authz/Ng7v8lMNiQatZsQblaUxZg","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.4.1 CertMagic acmez (linux; amd64)"]},"status_code":200,"response_headers":{"Access-Control-Allow-Origin":["*"],"Cache-Control":["max-age=-1"],"Content-Length":["378"],"Content-Type":["application/json"],"Date":["Wed, 09 Jun 2021 15:47:57 GMT"],"Link":["<https://acme.zerossl.com/v2/DV90>;rel=\"index\""],"Replay-Nonce":["WAcY_CXFZu3GRMgfCzwygLFct_tvRn7w7Q6VWGFWyWs"],"Retry-After":["5"],"Server":["nginx"],"Strict-Transport-Security":["max-age=15552000"]}}
{"level":"info","ts":1623253677.4508212,"logger":"tls.issuance.acme.acme_client","msg":"validations succeeded; finalizing order","order":"https://acme.zerossl.com/v2/DV90/order/0uPS-q6gGrBVghd-7QLXKw"}
{"level":"debug","ts":1623253677.8380468,"logger":"tls.issuance.acme.acme_client","msg":"http request","method":"POST","url":"https://acme.zerossl.com/v2/DV90/order/0uPS-q6gGrBVghd-7QLXKw/finalize","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.4.1 CertMagic acmez (linux; amd64)"]},"status_code":200,"response_headers":{"Access-Control-Allow-Origin":["*"],"Cache-Control":["max-age=-1"],"Content-Length":["343"],"Content-Type":["application/json"],"Date":["Wed, 09 Jun 2021 15:47:57 GMT"],"Location":["https://acme.zerossl.com/v2/DV90/order/0uPS-q6gGrBVghd-7QLXKw"],"Replay-Nonce":["1ZXzr3_T-PuPhMNcjF6DNP3O9kpe9LqgoJ7VgUhyBgE"],"Retry-After":["15"],"Server":["nginx"],"Status":[""],"Strict-Transport-Security":["max-age=15552000"]}}
{"level":"debug","ts":1623253693.2315218,"logger":"tls.issuance.acme.acme_client","msg":"http request","method":"POST","url":"https://acme.zerossl.com/v2/DV90/order/0uPS-q6gGrBVghd-7QLXKw","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.4.1 CertMagic acmez (linux; amd64)"]},"status_code":200,"response_headers":{"Access-Control-Allow-Origin":["*"],"Cache-Control":["max-age=-1"],"Content-Length":["340"],"Content-Type":["application/json"],"Date":["Wed, 09 Jun 2021 15:48:13 GMT"],"Location":["https://acme.zerossl.com/v2/DV90/order/0uPS-q6gGrBVghd-7QLXKw"],"Replay-Nonce":["SSKtOKuMMrQ_UPwRjiFsw9CPszhPwF14_H_1fykuLbE"],"Server":["nginx"],"Status":[""],"Strict-Transport-Security":["max-age=15552000"]}}
{"level":"error","ts":1623253693.2326405,"logger":"tls.obtain","msg":"will retry","error":"[adv-shr-this-is-a-very-long-name-with-many-chars.westeurope.cloudapp.azure.com] Obtain: [adv-shr-this-is-a-very-long-name-with-many-chars.westeurope.cloudapp.azure.com] finalizing order https://acme.zerossl.com/v2/DV90/order/0uPS-q6gGrBVghd-7QLXKw: final order is invalid: <nil> (ca=https://acme.zerossl.com/v2/DV90)","attempt"
7

Ok, so I did confirm that Letā€™s Encrypt also wonā€™t issue certificates for such long DNS names, because they are too long for the CN field (which is deprecated, Iā€™m not sure why they still fill that out):

HTTP 400 urn:ietf:params:acme:error:rejectedIdentifier - NewOrder request did not include a SAN short enough to fit in CN

That is the same reason ZeroSSL fails, but ZeroSSL doesnā€™t return an error until finalizing the order, whereas Letā€™s Encrypt returns an error while creating the order.

Due to an oversight in error handling, the error message from the first CA tried was not printed out.

Looks like youā€™ll have to use a shorter domain name ā€“ you can file bugs with the CAs to have that fixed ā€“ and in the meantime Iā€™ll improve the error logging in this weird edge case.

Edit: Error logging is fixed in Log errors between issuer attempts Ā· caddyserver/certmagic@388f3ed Ā· GitHub.

2 Likes
8

This is a rare case, so we may be able to report it to ZeroSSL. However, due to bad timing, ZeroSSL is currently having problems with the API response for a few days, so it is possible that it is not returning a reply. We will be able to confirm this issue when we encounter the same issue.
https://status.zerossl.com/8200003/2021/06

1 Like
9

Just as supporting reference to Mattā€™s statement, this is pointed out in public CA documentation, such as here:

https://docs.digicert.com/manage-certificates/public-certificates-data-entries-that/#64character-maximum-limit-violation

2 Likes
10

Just as a bit more context to understand (for the CN at least) its not a bug.
Its RFC, as discussed here: https://www.freeipa.org/page/V4/RFC_2818_certificate_compliance#Overview

" RFC 5280 defines the maximum length of the CN to be 64 characters "

(although not directly, its buried in the discussion)

2 Likes
11

Thanks for clarifying and linking this.

Since CommonName is deprecated, I imagine the solution (for the CAs to implement) will be to leave it empty when the subject names are longā€¦

12

All I can find is what looks a modification to the RFC in discussion on cabforum.org, with the proposal being that it should be unlimited for the dns value entry:

Probably clarifying non definition previously? Its attached to this dated conversation (correction - I forgot to add the convo link) . I have no idea where it ended up as far as ratification/publication. However, from the doc to the discussion, as far as limitation on subjectAlternative Name dns values, its already ā€œnoneā€. There might be implementation specific variance as historically its not well definedā€¦ So yeah nuke CN evaluation/presentation/generation and limit to subjectAlternativeName handling within the request/CA extensions.
ā€œhowā€ at the code implementation level against the underlying libsā€¦ Not sure.

13

This topic was automatically closed after 30 days. New replies are no longer allowed.