Ould not get certificate from issuer

Darwin_Legend · November 14, 2022, 10:44pm

1. Output of `caddy version`:

v2.6.2

2. How I run Caddy:

systemctl start caddy

a. System environment:

Ubuntu 22.04

b. Command:

version: "3.7"services:
  caddy:
    image: lucaslorentz/caddy-docker-proxy:ci-alpine
    ports:
      - 80:80
      - 443:443
    environment:
      - CADDY_INGRESS_NETWORKS=caddy
    networks:
      - caddy
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - caddy_data:/data
    restart: unless-stopped
 
networks:
  caddy:
    external: true

volumes:
  caddy_data: {}

c. Service/unit/compose file:

d. My complete Caddy config:

3. The problem I’m having:

4. Error messages and/or full log output:

{"level":"warn","ts":1668465310.3188334,"logger":"http.acme_client","msg":"HTTP request failed; retrying","url":"https://acme-v02.api.letsencrypt.org/directory","error":"performing request: Get \"https://acme-v02.api.letsencrypt.org/directory\": dial tcp: lookup acme-v02.api.letsencrypt.org on 127.0.0.11:53: read udp 127.0.0.1:58775->127.0.0.11:53: i/o timeout"}
{"level":"error","ts":1668465310.3189132,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"portainer.darwinlegend.com","issuer":"acme-v02.api.letsencrypt.org-directory","error":"registering account [] with server: provisioning client: performing request: Get \"https://acme-v02.api.letsencrypt.org/directory\": dial tcp: lookup acme-v02.api.letsencrypt.org on 127.0.0.11:53: read udp 127.0.0.1:58775->127.0.0.11:53: i/o timeout"}
{"level":"warn","ts":1668465310.3192294,"logger":"http","msg":"missing email address for ZeroSSL; it is strongly recommended to set one for next time"}
{"level":"error","ts":1668465311.3203595,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"portainer.darwinlegend.com","issuer":"acme.zerossl.com-v2-DV90","error":"account pre-registration callback: performing EAB credentials request: Post \"https://api.zerossl.com/acme/eab-credentials-email\": dial tcp: lookup api.zerossl.com on 127.0.0.11:53: read udp 127.0.0.1:42648->127.0.0.11:53: i/o timeout"}
{"level":"error","ts":1668465311.3204167,"logger":"tls.obtain","msg":"will retry","error":"[portainer.darwinlegend.com] Obtain: account pre-registration callback: performing EAB credentials request: Post \"https://api.zerossl.com/acme/eab-credentials-email\": dial tcp: lookup api.zerossl.com on 127.0.0.11:53: read udp 127.0.0.1:42648->127.0.0.11:53: i/o timeout","attempt":1,"retrying_in":60,"elapsed":4.506157007,"max_duration":2592000}

5. What I already tried:

I follow the example from this link :

but I have an error

6. Links to relevant resources:

matt · November 15, 2022, 2:53pm

It looks like your DNS resolver is misconfigured. Caddy isn’t able to look up the CA endpoint because of an IO error

francislavoie · November 15, 2022, 3:35pm

That’s Docker’s own DNS resolver. Something’s broken with your Docker setup (or your system’s resolver, that it calls out to) that would cause it to not be able to resolve DNS queries.

Darwin_Legend · November 19, 2022, 4:30pm

thanks for your help.
I found the problem.
With the dns, this options was activate in /etc/resolv.conf :
“timeout : 1 attemps:1”
I removed this parameter. Caddy works fine!!

system · December 14, 2022, 10:45pm

This topic was automatically closed after 30 days. New replies are no longer allowed.