Problem running caddy behind DMZ and port forwarding (Error getting validation data)

Help
1

1. The problem I’m having:

Caddy doesn’t work with my current network configuration. I am pretty sure it is not caddy’s fault neither caddy’s configuration, but I need help in finding/debugging what is causing the issue.

My current network is set up as follows:

  • An ISP provided router (Fastweb) that is connected to the internet through fiber with a public static IP.
  • A secondary router/firewall connected on the WAN side to the primary (ISP provided) router.
  • The primary router is configured with a DMZ + NAT 1:1 so that all the incoming traffic is routed to my secondary router. (this is what the ISP claims, I cannot legally access their router config nor change it)
  • The secondary router has a port forwarding rule for port 80 and 443 to forward traffic to my server on the LAN where caddy is hosted.
  • Every device in my LAN is connected to the secondary router and every device has a static IP in the LAN.

If I use an other ISP (Vodafone) in the same exact configuration, only switching the ISP provided router, everything works fine as long as I update my A DNS records to point to the vodafone public static IP. This is a much simpler router that I can configure myself. I turned on the Public Host (DMZ) option and the Static NAT option, pointing to the static IP of the secondary router.

An other important detail, going back to the problematic ISP (Fastweb), might be that if I open a basic HTTP server on port 80 (for example with sudo python3 -m http.server 80) of the caddy server, with caddy turned off and I visit 37.186.192.102 or a subdomain pointing to this IP, I can reach this server.

Assume my public IP is 37.186.192.102 (changed it for security purposes)

So what I am guessing is that the Fastweb router configuration or some sort of difference I cannot see is the culprit. The ISP says everything is fine, but how can I debug this issue? How can I check if everything is configured correctly? What are some keywords I am missing I could use to better ask questions?

2. Error messages and/or full log output:

You will see some rate limiting because caddy does this when errors arise, but I guess the interesting logs are towards the end where you can see some instances of ACME challenges not working with stuff like Error getting validation data.

mydomain-dns-proxy-mydomain-caddy-1  | {"level":"info","ts":1722549776.521116,"msg":"using config from file","file":"/etc/caddy/Caddyfile"}
mydomain-dns-proxy-mydomain-caddy-1  | {"level":"info","ts":1722549776.5302138,"msg":"adapted config to JSON","adapter":"caddyfile"}
mydomain-dns-proxy-mydomain-caddy-1  | {"level":"warn","ts":1722549776.5302453,"msg":"Caddyfile input is not formatted; run 'caddy fmt --overwrite' to fix inconsistencies","adapter":"caddyfile","file":"/etc/caddy/Caddyfile","line":8}
mydomain-dns-proxy-mydomain-caddy-1  | {"level":"info","ts":1722549776.5349324,"logger":"admin","msg":"admin endpoint started","address":"localhost:2019","enforce_origin":false,"origins":["//localhost:2019","//[::1]:2019","//127.0.0.1:2019"]}
mydomain-dns-proxy-mydomain-caddy-1  | {"level":"info","ts":1722549776.5355725,"logger":"tls.cache.maintenance","msg":"started background certificate maintenance","cache":"0xc00072c100"}
mydomain-dns-proxy-mydomain-caddy-1  | {"level":"info","ts":1722549776.535632,"logger":"http.auto_https","msg":"server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS","server_name":"srv0","https_port":443}
mydomain-dns-proxy-mydomain-caddy-1  | {"level":"info","ts":1722549776.5356996,"logger":"http.auto_https","msg":"enabling automatic HTTP->HTTPS redirects","server_name":"srv0"}
mydomain-dns-proxy-mydomain-caddy-1  | {"level":"info","ts":1722549776.5384016,"logger":"http","msg":"enabling HTTP/3 listener","addr":":443"}
mydomain-dns-proxy-mydomain-caddy-1  | {"level":"info","ts":1722549776.538706,"msg":"failed to sufficiently increase receive buffer size (was: 208 kiB, wanted: 7168 kiB, got: 416 kiB). See https://github.com/quic-go/quic-go/wiki/UDP-Buffer-Sizes for details."}
mydomain-dns-proxy-mydomain-caddy-1  | {"level":"info","ts":1722549776.5390131,"logger":"http.log","msg":"server running","name":"srv0","protocols":["h1","h2","h3"]}
mydomain-dns-proxy-mydomain-caddy-1  | {"level":"info","ts":1722549776.5390787,"logger":"http.log","msg":"server running","name":"remaining_auto_https_redirects","protocols":["h1","h2","h3"]}
mydomain-dns-proxy-mydomain-caddy-1  | {"level":"info","ts":1722549776.5390925,"logger":"http","msg":"enabling automatic TLS certificate management","domains":["pre-production-lm.mydomain.it","suggestion-box.mydomain.it","suggestion-box2.mydomain.it","vault.mydomain.it","tenant2-lab-management.mydomain.it","tenant1-lab-management.mydomain.it","chat2.mydomain.it","chat.mydomain.it","diffusion2.mydomain.it","prometheus-uat.mydomain.it","diffusion.mydomain.it","lab-management.mydomain.it","csf-uat.mydomain.it","vault2.mydomain.it","prometheus.mydomain.it"]}
mydomain-dns-proxy-mydomain-caddy-1  | {"level":"info","ts":1722549776.5395246,"logger":"tls","msg":"storage cleaning happened too recently; skipping for now","storage":"FileStorage:/data/caddy","instance":"fba07141-73fe-450a-ae94-15aba2463df4","try_again":1722636176.5395224,"try_again_in":86399.999998628}
mydomain-dns-proxy-mydomain-caddy-1  | {"level":"info","ts":1722549776.5396106,"logger":"tls","msg":"finished cleaning storage units"}
mydomain-dns-proxy-mydomain-caddy-1  | {"level":"info","ts":1722549776.5398698,"logger":"tls.obtain","msg":"acquiring lock","identifier":"suggestion-box.mydomain.it"}
mydomain-dns-proxy-mydomain-caddy-1  | {"level":"info","ts":1722549776.5398786,"logger":"tls.obtain","msg":"acquiring lock","identifier":"pre-production-lm.mydomain.it"}
mydomain-dns-proxy-mydomain-caddy-1  | {"level":"info","ts":1722549776.5405018,"logger":"tls.obtain","msg":"lock acquired","identifier":"pre-production-lm.mydomain.it"}
mydomain-dns-proxy-mydomain-caddy-1  | {"level":"info","ts":1722549776.5405364,"logger":"tls.obtain","msg":"lock acquired","identifier":"suggestion-box.mydomain.it"}
mydomain-dns-proxy-mydomain-caddy-1  | {"level":"info","ts":1722549776.540666,"logger":"tls.obtain","msg":"acquiring lock","identifier":"vault.mydomain.it"}
mydomain-dns-proxy-mydomain-caddy-1  | {"level":"info","ts":1722549776.5406823,"logger":"tls.obtain","msg":"obtaining certificate","identifier":"suggestion-box.mydomain.it"}
mydomain-dns-proxy-mydomain-caddy-1  | {"level":"info","ts":1722549776.540704,"logger":"tls.obtain","msg":"obtaining certificate","identifier":"pre-production-lm.mydomain.it"}
mydomain-dns-proxy-mydomain-caddy-1  | {"level":"info","ts":1722549776.5409021,"logger":"tls.obtain","msg":"acquiring lock","identifier":"tenant1-lab-management.mydomain.it"}
mydomain-dns-proxy-mydomain-caddy-1  | {"level":"info","ts":1722549776.5411236,"logger":"tls.obtain","msg":"acquiring lock","identifier":"tenant2-lab-management.mydomain.it"}
mydomain-dns-proxy-mydomain-caddy-1  | {"level":"info","ts":1722549776.5412986,"logger":"tls.obtain","msg":"lock acquired","identifier":"vault.mydomain.it"}
mydomain-dns-proxy-mydomain-caddy-1  | {"level":"info","ts":1722549776.5414824,"logger":"tls.obtain","msg":"obtaining certificate","identifier":"vault.mydomain.it"}
mydomain-dns-proxy-mydomain-caddy-1  | {"level":"info","ts":1722549776.541516,"logger":"tls.issuance.acme","msg":"waiting on internal rate limiter","identifiers":["suggestion-box.mydomain.it"],"ca":"https://acme-v02.api.letsencrypt.org/directory","account":"info@mydomain.it"}
mydomain-dns-proxy-mydomain-caddy-1  | {"level":"info","ts":1722549776.541537,"logger":"tls.issuance.acme","msg":"done waiting on internal rate limiter","identifiers":["suggestion-box.mydomain.it"],"ca":"https://acme-v02.api.letsencrypt.org/directory","account":"info@mydomain.it"}
mydomain-dns-proxy-mydomain-caddy-1  | {"level":"info","ts":1722549776.5415561,"logger":"tls.issuance.acme","msg":"using ACME account","account_id":"https://acme-v02.api.letsencrypt.org/acme/acct/1863682478","account_contact":["mailto:info@mydomain.it"]}
mydomain-dns-proxy-mydomain-caddy-1  | {"level":"info","ts":1722549776.541582,"logger":"tls.issuance.acme","msg":"waiting on internal rate limiter","identifiers":["pre-production-lm.mydomain.it"],"ca":"https://acme-v02.api.letsencrypt.org/directory","account":"info@mydomain.it"}
mydomain-dns-proxy-mydomain-caddy-1  | {"level":"info","ts":1722549776.5416262,"logger":"tls.obtain","msg":"lock acquired","identifier":"tenant1-lab-management.mydomain.it"}
mydomain-dns-proxy-mydomain-caddy-1  | {"level":"info","ts":1722549776.5416317,"logger":"tls.obtain","msg":"lock acquired","identifier":"tenant2-lab-management.mydomain.it"}
mydomain-dns-proxy-mydomain-caddy-1  | {"level":"info","ts":1722549776.5416858,"logger":"tls.issuance.acme","msg":"done waiting on internal rate limiter","identifiers":["pre-production-lm.mydomain.it"],"ca":"https://acme-v02.api.letsencrypt.org/directory","account":"info@mydomain.it"}
mydomain-dns-proxy-mydomain-caddy-1  | {"level":"info","ts":1722549776.5421796,"logger":"tls.issuance.acme","msg":"using ACME account","account_id":"https://acme-v02.api.letsencrypt.org/acme/acct/1863682478","account_contact":["mailto:info@mydomain.it"]}
mydomain-dns-proxy-mydomain-caddy-1  | {"level":"info","ts":1722549776.5423603,"logger":"tls.obtain","msg":"acquiring lock","identifier":"chat.mydomain.it"}
mydomain-dns-proxy-mydomain-caddy-1  | {"level":"info","ts":1722549776.5424337,"logger":"tls.obtain","msg":"obtaining certificate","identifier":"tenant2-lab-management.mydomain.it"}
mydomain-dns-proxy-mydomain-caddy-1  | {"level":"info","ts":1722549776.5427177,"logger":"tls.issuance.acme","msg":"waiting on internal rate limiter","identifiers":["vault.mydomain.it"],"ca":"https://acme-v02.api.letsencrypt.org/directory","account":"info@mydomain.it"}
mydomain-dns-proxy-mydomain-caddy-1  | {"level":"info","ts":1722549776.5432067,"logger":"tls.issuance.acme","msg":"done waiting on internal rate limiter","identifiers":["vault.mydomain.it"],"ca":"https://acme-v02.api.letsencrypt.org/directory","account":"info@mydomain.it"}
mydomain-dns-proxy-mydomain-caddy-1  | {"level":"info","ts":1722549776.5432327,"logger":"tls.obtain","msg":"lock acquired","identifier":"chat.mydomain.it"}
mydomain-dns-proxy-mydomain-caddy-1  | {"level":"info","ts":1722549776.5432646,"logger":"tls.issuance.acme","msg":"using ACME account","account_id":"https://acme-v02.api.letsencrypt.org/acme/acct/1863682478","account_contact":["mailto:info@mydomain.it"]}
mydomain-dns-proxy-mydomain-caddy-1  | {"level":"info","ts":1722549776.5434272,"logger":"tls.obtain","msg":"obtaining certificate","identifier":"tenant1-lab-management.mydomain.it"}
mydomain-dns-proxy-mydomain-caddy-1  | {"level":"info","ts":1722549776.5435383,"logger":"tls.obtain","msg":"obtaining certificate","identifier":"chat.mydomain.it"}
mydomain-dns-proxy-mydomain-caddy-1  | {"level":"info","ts":1722549776.543652,"logger":"tls.obtain","msg":"acquiring lock","identifier":"prometheus-uat.mydomain.it"}
mydomain-dns-proxy-mydomain-caddy-1  | {"level":"info","ts":1722549776.5437253,"logger":"tls.issuance.acme","msg":"waiting on internal rate limiter","identifiers":["tenant2-lab-management.mydomain.it"],"ca":"https://acme-v02.api.letsencrypt.org/directory","account":"info@mydomain.it"}
mydomain-dns-proxy-mydomain-caddy-1  | {"level":"info","ts":1722549776.5437634,"logger":"tls.issuance.acme","msg":"done waiting on internal rate limiter","identifiers":["tenant2-lab-management.mydomain.it"],"ca":"https://acme-v02.api.letsencrypt.org/directory","account":"info@mydomain.it"}
mydomain-dns-proxy-mydomain-caddy-1  | {"level":"info","ts":1722549776.5438058,"logger":"tls.issuance.acme","msg":"using ACME account","account_id":"https://acme-v02.api.letsencrypt.org/acme/acct/1863682478","account_contact":["mailto:info@mydomain.it"]}
mydomain-dns-proxy-mydomain-caddy-1  | {"level":"info","ts":1722549776.544064,"logger":"tls.obtain","msg":"acquiring lock","identifier":"diffusion.mydomain.it"}
mydomain-dns-proxy-mydomain-caddy-1  | {"level":"info","ts":1722549776.5441034,"logger":"tls.obtain","msg":"acquiring lock","identifier":"lab-management.mydomain.it"}
mydomain-dns-proxy-mydomain-caddy-1  | {"level":"info","ts":1722549776.5441198,"logger":"tls.obtain","msg":"acquiring lock","identifier":"csf-uat.mydomain.it"}
mydomain-dns-proxy-mydomain-caddy-1  | {"level":"info","ts":1722549776.544204,"logger":"tls.obtain","msg":"lock acquired","identifier":"prometheus-uat.mydomain.it"}
mydomain-dns-proxy-mydomain-caddy-1  | {"level":"info","ts":1722549776.5444143,"logger":"tls.issuance.acme","msg":"waiting on internal rate limiter","identifiers":["tenant1-lab-management.mydomain.it"],"ca":"https://acme-v02.api.letsencrypt.org/directory","account":"info@mydomain.it"}
mydomain-dns-proxy-mydomain-caddy-1  | {"level":"info","ts":1722549776.544461,"logger":"tls.issuance.acme","msg":"done waiting on internal rate limiter","identifiers":["tenant1-lab-management.mydomain.it"],"ca":"https://acme-v02.api.letsencrypt.org/directory","account":"info@mydomain.it"}
mydomain-dns-proxy-mydomain-caddy-1  | {"level":"info","ts":1722549776.5444717,"logger":"tls.issuance.acme","msg":"waiting on internal rate limiter","identifiers":["chat.mydomain.it"],"ca":"https://acme-v02.api.letsencrypt.org/directory","account":"info@mydomain.it"}
mydomain-dns-proxy-mydomain-caddy-1  | {"level":"info","ts":1722549776.544499,"logger":"tls.issuance.acme","msg":"using ACME account","account_id":"https://acme-v02.api.letsencrypt.org/acme/acct/1863682478","account_contact":["mailto:info@mydomain.it"]}
mydomain-dns-proxy-mydomain-caddy-1  | {"level":"info","ts":1722549776.544463,"logger":"tls.obtain","msg":"obtaining certificate","identifier":"prometheus-uat.mydomain.it"}
mydomain-dns-proxy-mydomain-caddy-1  | {"level":"info","ts":1722549776.5445135,"logger":"tls.issuance.acme","msg":"done waiting on internal rate limiter","identifiers":["chat.mydomain.it"],"ca":"https://acme-v02.api.letsencrypt.org/directory","account":"info@mydomain.it"}
mydomain-dns-proxy-mydomain-caddy-1  | {"level":"info","ts":1722549776.5445547,"logger":"tls.issuance.acme","msg":"using ACME account","account_id":"https://acme-v02.api.letsencrypt.org/acme/acct/1863682478","account_contact":["mailto:info@mydomain.it"]}
mydomain-dns-proxy-mydomain-caddy-1  | {"level":"info","ts":1722549776.544579,"msg":"autosaved config (load with --resume flag)","file":"/config/caddy/autosave.json"}
mydomain-dns-proxy-mydomain-caddy-1  | {"level":"info","ts":1722549776.5446112,"logger":"tls.obtain","msg":"lock acquired","identifier":"diffusion.mydomain.it"}
mydomain-dns-proxy-mydomain-caddy-1  | {"level":"info","ts":1722549776.5446298,"logger":"tls.obtain","msg":"lock acquired","identifier":"csf-uat.mydomain.it"}
mydomain-dns-proxy-mydomain-caddy-1  | {"level":"info","ts":1722549776.544618,"msg":"serving initial configuration"}
mydomain-dns-proxy-mydomain-caddy-1  | {"level":"info","ts":1722549776.544602,"logger":"tls.obtain","msg":"lock acquired","identifier":"lab-management.mydomain.it"}
mydomain-dns-proxy-mydomain-caddy-1  | {"level":"info","ts":1722549776.5448015,"logger":"tls.obtain","msg":"obtaining certificate","identifier":"csf-uat.mydomain.it"}
mydomain-dns-proxy-mydomain-caddy-1  | {"level":"info","ts":1722549776.5448115,"logger":"tls.obtain","msg":"obtaining certificate","identifier":"diffusion.mydomain.it"}
mydomain-dns-proxy-mydomain-caddy-1  | {"level":"info","ts":1722549776.544824,"logger":"tls.obtain","msg":"acquiring lock","identifier":"prometheus.mydomain.it"}
mydomain-dns-proxy-mydomain-caddy-1  | {"level":"info","ts":1722549776.5448875,"logger":"tls.obtain","msg":"obtaining certificate","identifier":"lab-management.mydomain.it"}
mydomain-dns-proxy-mydomain-caddy-1  | {"level":"info","ts":1722549776.545185,"logger":"tls.issuance.acme","msg":"waiting on internal rate limiter","identifiers":["prometheus-uat.mydomain.it"],"ca":"https://acme-v02.api.letsencrypt.org/directory","account":"info@mydomain.it"}
mydomain-dns-proxy-mydomain-caddy-1  | {"level":"info","ts":1722549776.545228,"logger":"tls.issuance.acme","msg":"done waiting on internal rate limiter","identifiers":["prometheus-uat.mydomain.it"],"ca":"https://acme-v02.api.letsencrypt.org/directory","account":"info@mydomain.it"}
mydomain-dns-proxy-mydomain-caddy-1  | {"level":"info","ts":1722549776.5452592,"logger":"tls.issuance.acme","msg":"using ACME account","account_id":"https://acme-v02.api.letsencrypt.org/acme/acct/1863682478","account_contact":["mailto:info@mydomain.it"]}
mydomain-dns-proxy-mydomain-caddy-1  | {"level":"info","ts":1722549776.5453503,"logger":"tls.obtain","msg":"lock acquired","identifier":"prometheus.mydomain.it"}
mydomain-dns-proxy-mydomain-caddy-1  | {"level":"info","ts":1722549776.5454154,"logger":"tls.issuance.acme","msg":"waiting on internal rate limiter","identifiers":["csf-uat.mydomain.it"],"ca":"https://acme-v02.api.letsencrypt.org/directory","account":"info@mydomain.it"}
mydomain-dns-proxy-mydomain-caddy-1  | {"level":"info","ts":1722549776.5454547,"logger":"tls.issuance.acme","msg":"done waiting on internal rate limiter","identifiers":["csf-uat.mydomain.it"],"ca":"https://acme-v02.api.letsencrypt.org/directory","account":"info@mydomain.it"}
mydomain-dns-proxy-mydomain-caddy-1  | {"level":"info","ts":1722549776.5454774,"logger":"tls.issuance.acme","msg":"using ACME account","account_id":"https://acme-v02.api.letsencrypt.org/acme/acct/1863682478","account_contact":["mailto:info@mydomain.it"]}
mydomain-dns-proxy-mydomain-caddy-1  | {"level":"info","ts":1722549776.5455112,"logger":"tls.issuance.acme","msg":"waiting on internal rate limiter","identifiers":["diffusion.mydomain.it"],"ca":"https://acme-v02.api.letsencrypt.org/directory","account":"info@mydomain.it"}
mydomain-dns-proxy-mydomain-caddy-1  | {"level":"info","ts":1722549776.5455499,"logger":"tls.issuance.acme","msg":"done waiting on internal rate limiter","identifiers":["diffusion.mydomain.it"],"ca":"https://acme-v02.api.letsencrypt.org/directory","account":"info@mydomain.it"}
mydomain-dns-proxy-mydomain-caddy-1  | {"level":"info","ts":1722549776.5455787,"logger":"tls.issuance.acme","msg":"using ACME account","account_id":"https://acme-v02.api.letsencrypt.org/acme/acct/1863682478","account_contact":["mailto:info@mydomain.it"]}
mydomain-dns-proxy-mydomain-caddy-1  | {"level":"info","ts":1722549776.545582,"logger":"tls.obtain","msg":"obtaining certificate","identifier":"prometheus.mydomain.it"}
mydomain-dns-proxy-mydomain-caddy-1  | {"level":"info","ts":1722549776.5456,"logger":"tls.issuance.acme","msg":"waiting on internal rate limiter","identifiers":["lab-management.mydomain.it"],"ca":"https://acme-v02.api.letsencrypt.org/directory","account":"info@mydomain.it"}
mydomain-dns-proxy-mydomain-caddy-1  | {"level":"info","ts":1722549776.545637,"logger":"tls.issuance.acme","msg":"done waiting on internal rate limiter","identifiers":["lab-management.mydomain.it"],"ca":"https://acme-v02.api.letsencrypt.org/directory","account":"info@mydomain.it"}
mydomain-dns-proxy-mydomain-caddy-1  | {"level":"info","ts":1722549776.545671,"logger":"tls.issuance.acme","msg":"using ACME account","account_id":"https://acme-v02.api.letsencrypt.org/acme/acct/1863682478","account_contact":["mailto:info@mydomain.it"]}
mydomain-dns-proxy-mydomain-caddy-1  | {"level":"info","ts":1722549776.5462976,"logger":"tls.issuance.acme","msg":"waiting on internal rate limiter","identifiers":["prometheus.mydomain.it"],"ca":"https://acme-v02.api.letsencrypt.org/directory","account":"info@mydomain.it"}
mydomain-dns-proxy-mydomain-caddy-1  | {"level":"info","ts":1722549777.55754,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"vault.mydomain.it","challenge_type":"http-01","ca":"https://acme-v02.api.letsencrypt.org/directory"}
mydomain-dns-proxy-mydomain-caddy-1  | {"level":"info","ts":1722549777.5945196,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"lab-management.mydomain.it","challenge_type":"http-01","ca":"https://acme-v02.api.letsencrypt.org/directory"}
mydomain-dns-proxy-mydomain-caddy-1  | {"level":"info","ts":1722549777.6076057,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"pre-production-lm.mydomain.it","challenge_type":"http-01","ca":"https://acme-v02.api.letsencrypt.org/directory"}
mydomain-dns-proxy-mydomain-caddy-1  | {"level":"info","ts":1722549777.6240692,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"prometheus-uat.mydomain.it","challenge_type":"http-01","ca":"https://acme-v02.api.letsencrypt.org/directory"}
mydomain-dns-proxy-mydomain-caddy-1  | {"level":"info","ts":1722549777.6293705,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"tenant1-lab-management.mydomain.it","challenge_type":"http-01","ca":"https://acme-v02.api.letsencrypt.org/directory"}
mydomain-dns-proxy-mydomain-caddy-1  | {"level":"error","ts":1722549781.3119173,"logger":"tls.issuance.acme.acme_client","msg":"challenge failed","identifier":"vault.mydomain.it","challenge_type":"http-01","problem":{"type":"urn:ietf:params:acme:error:connection","title":"","detail":"37.186.192.102: Fetching http://vault.mydomain.it/.well-known/acme-challenge/uHM8miJVvZ0vLccSePchL4GHaOtcSEhTQ2ZKZCWtpEs: Error getting validation data","instance":"","subproblems":[]}}
mydomain-dns-proxy-mydomain-caddy-1  | {"level":"error","ts":1722549781.3120089,"logger":"tls.issuance.acme.acme_client","msg":"validating authorization","identifier":"vault.mydomain.it","problem":{"type":"urn:ietf:params:acme:error:connection","title":"","detail":"37.186.192.102: Fetching http://vault.mydomain.it/.well-known/acme-challenge/uHM8miJVvZ0vLccSePchL4GHaOtcSEhTQ2ZKZCWtpEs: Error getting validation data","instance":"","subproblems":[]},"order":"https://acme-v02.api.letsencrypt.org/acme/order/1863682478/292602242837","attempt":1,"max_attempts":3}
mydomain-dns-proxy-mydomain-caddy-1  | {"level":"error","ts":1722549781.3601482,"logger":"tls.issuance.acme.acme_client","msg":"challenge failed","identifier":"diffusion.mydomain.it","challenge_type":"http-01","problem":{"type":"urn:ietf:params:acme:error:connection","title":"","detail":"37.186.192.102: Fetching http://diffusion.mydomain.it/.well-known/acme-challenge/iBo1vWq3m_7Eiz7qgoMirEmmjqgVHyTMH12ncFuDhAo: Error getting validation data","instance":"","subproblems":[]}}
mydomain-dns-proxy-mydomain-caddy-1  | {"level":"error","ts":1722549781.3601997,"logger":"tls.issuance.acme.acme_client","msg":"validating authorization","identifier":"diffusion.mydomain.it","problem":{"type":"urn:ietf:params:acme:error:connection","title":"","detail":"37.186.192.102: Fetching http://diffusion.mydomain.it/.well-known/acme-challenge/iBo1vWq3m_7Eiz7qgoMirEmmjqgVHyTMH12ncFuDhAo: Error getting validation data","instance":"","subproblems":[]},"order":"https://acme-v02.api.letsencrypt.org/acme/order/1863682478/292602242967","attempt":1,"max_attempts":3}
mydomain-dns-proxy-mydomain-caddy-1  | {"level":"error","ts":1722549781.3652627,"logger":"tls.issuance.acme.acme_client","msg":"challenge failed","identifier":"pre-production-lm.mydomain.it","challenge_type":"http-01","problem":{"type":"urn:ietf:params:acme:error:connection","title":"","detail":"37.186.192.102: Fetching http://pre-production-lm.mydomain.it/.well-known/acme-challenge/-5yi0R4csGXf35fJAmH8NllWLnciKmtJLIwsMJI1ZZ8: Error getting validation data","instance":"","subproblems":[]}}
mydomain-dns-proxy-mydomain-caddy-1  | {"level":"error","ts":1722549781.3653033,"logger":"tls.issuance.acme.acme_client","msg":"challenge failed","identifier":"lab-management.mydomain.it","challenge_type":"http-01","problem":{"type":"urn:ietf:params:acme:error:connection","title":"","detail":"37.186.192.102: Fetching http://lab-management.mydomain.it/.well-known/acme-challenge/LCarWZXUuxLRERfdZERgUcKrJanLgyW3R_36FtrnhRM: Error getting validation data","instance":"","subproblems":[]}}
mydomain-dns-proxy-mydomain-caddy-1  | {"level":"error","ts":1722549781.365352,"logger":"tls.issuance.acme.acme_client","msg":"validating authorization","identifier":"lab-management.mydomain.it","problem":{"type":"urn:ietf:params:acme:error:connection","title":"","detail":"37.186.192.102: Fetching http://lab-management.mydomain.it/.well-known/acme-challenge/LCarWZXUuxLRERfdZERgUcKrJanLgyW3R_36FtrnhRM: Error getting validation data","instance":"","subproblems":[]},"order":"https://acme-v02.api.letsencrypt.org/acme/order/1863682478/292602242917","attempt":1,"max_attempts":3}
mydomain-dns-proxy-mydomain-caddy-1  | {"level":"error","ts":1722549781.3653142,"logger":"tls.issuance.acme.acme_client","msg":"validating authorization","identifier":"pre-production-lm.mydomain.it","problem":{"type":"urn:ietf:params:acme:error:connection","title":"","detail":"37.186.192.102: Fetching http://pre-production-lm.mydomain.it/.well-known/acme-challenge/-5yi0R4csGXf35fJAmH8NllWLnciKmtJLIwsMJI1ZZ8: Error getting validation data","instance":"","subproblems":[]},"order":"https://acme-v02.api.letsencrypt.org/acme/order/1863682478/292602242947","attempt":1,"max_attempts":3}
mydomain-dns-proxy-mydomain-caddy-1  | {"level":"error","ts":1722549781.3743072,"logger":"tls.issuance.acme.acme_client","msg":"challenge failed","identifier":"suggestion-box.mydomain.it","challenge_type":"http-01","problem":{"type":"urn:ietf:params:acme:error:connection","title":"","detail":"37.186.192.102: Fetching http://suggestion-box.mydomain.it/.well-known/acme-challenge/nUDahEDQyFhigz6NpKlZ1xorKV2fyJqGMQYkUL48Qro: Error getting validation data","instance":"","subproblems":[]}}
mydomain-dns-proxy-mydomain-caddy-1  | {"level":"error","ts":1722549781.3743563,"logger":"tls.issuance.acme.acme_client","msg":"validating authorization","identifier":"suggestion-box.mydomain.it","problem":{"type":"urn:ietf:params:acme:error:connection","title":"","detail":"37.186.192.102: Fetching http://suggestion-box.mydomain.it/.well-known/acme-challenge/nUDahEDQyFhigz6NpKlZ1xorKV2fyJqGMQYkUL48Qro: Error getting validation data","instance":"","subproblems":[]},"order":"https://acme-v02.api.letsencrypt.org/acme/order/1863682478/292602242957","attempt":1,"max_attempts":3}
mydomain-dns-proxy-mydomain-caddy-1  | {"level":"error","ts":1722549781.3907564,"logger":"tls.issuance.acme.acme_client","msg":"challenge failed","identifier":"tenant1-lab-management.mydomain.it","challenge_type":"http-01","problem":{"type":"urn:ietf:params:acme:error:connection","title":"","detail":"37.186.192.102: Fetching http://tenant1-lab-management.mydomain.it/.well-known/acme-challenge/4GrpyYaRBqd6GeRc6LyuXc3Hv4oai2omws8pkDIj2yw: Error getting validation data","instance":"","subproblems":[]}}
mydomain-dns-proxy-mydomain-caddy-1  | {"level":"error","ts":1722549781.3908134,"logger":"tls.issuance.acme.acme_client","msg":"validating authorization","identifier":"tenant1-lab-management.mydomain.it","problem":{"type":"urn:ietf:params:acme:error:connection","title":"","detail":"37.186.192.102: Fetching http://tenant1-lab-management.mydomain.it/.well-known/acme-challenge/4GrpyYaRBqd6GeRc6LyuXc3Hv4oai2omws8pkDIj2yw: Error getting validation data","instance":"","subproblems":[]},"order":"https://acme-v02.api.letsencrypt.org/acme/order/1863682478/292602243147","attempt":1,"max_attempts":3}
mydomain-dns-proxy-mydomain-caddy-1  | {"level":"error","ts":1722549781.4088345,"logger":"tls.issuance.acme.acme_client","msg":"challenge failed","identifier":"prometheus-uat.mydomain.it","challenge_type":"http-01","problem":{"type":"urn:ietf:params:acme:error:connection","title":"","detail":"37.186.192.102: Fetching http://prometheus-uat.mydomain.it/.well-known/acme-challenge/g5LkrTG2vUHdnoFZ8zcWa4PjOprv8qDXs8IO9iKoluc: Error getting validation data","instance":"","subproblems":[]}}
mydomain-dns-proxy-mydomain-caddy-1  | {"level":"error","ts":1722549781.4088836,"logger":"tls.issuance.acme.acme_client","msg":"validating authorization","identifier":"prometheus-uat.mydomain.it","problem":{"type":"urn:ietf:params:acme:error:connection","title":"","detail":"37.186.192.102: Fetching http://prometheus-uat.mydomain.it/.well-known/acme-challenge/g5LkrTG2vUHdnoFZ8zcWa4PjOprv8qDXs8IO9iKoluc: Error getting validation data","instance":"","subproblems":[]},"order":"https://acme-v02.api.letsencrypt.org/acme/order/1863682478/292602243007","attempt":1,"max_attempts":3}
mydomain-dns-proxy-mydomain-caddy-1  | {"level":"error","ts":1722549781.4682112,"logger":"tls.issuance.acme.acme_client","msg":"challenge failed","identifier":"csf-uat.mydomain.it","challenge_type":"http-01","problem":{"type":"urn:ietf:params:acme:error:connection","title":"","detail":"37.186.192.102: Fetching http://csf-uat.mydomain.it/.well-known/acme-challenge/GwugDbr_GRD5UAbMFVDgq8oD-qTCYHrz6js3IGBlqps: Error getting validation data","instance":"","subproblems":[]}}
mydomain-dns-proxy-mydomain-caddy-1  | {"level":"error","ts":1722549781.4682617,"logger":"tls.issuance.acme.acme_client","msg":"validating authorization","identifier":"csf-uat.mydomain.it","problem":{"type":"urn:ietf:params:acme:error:connection","title":"","detail":"37.186.192.102: Fetching http://csf-uat.mydomain.it/.well-known/acme-challenge/GwugDbr_GRD5UAbMFVDgq8oD-qTCYHrz6js3IGBlqps: Error getting validation data","instance":"","subproblems":[]},"order":"https://acme-v02.api.letsencrypt.org/acme/order/1863682478/292602243237","attempt":1,"max_attempts":3}
mydomain-dns-proxy-mydomain-caddy-1  | {"level":"error","ts":1722549781.4900937,"logger":"tls.issuance.acme.acme_client","msg":"challenge failed","identifier":"tenant2-lab-management.mydomain.it","challenge_type":"http-01","problem":{"type":"urn:ietf:params:acme:error:connection","title":"","detail":"37.186.192.102: Fetching http://tenant2-lab-management.mydomain.it/.well-known/acme-challenge/-xH9VqZEB-XY2lCN4jtR42Obw-Ov98jESpKMsxAIggY: Error getting validation data","instance":"","subproblems":[]}}
mydomain-dns-proxy-mydomain-caddy-1  | {"level":"error","ts":1722549781.490142,"logger":"tls.issuance.acme.acme_client","msg":"validating authorization","identifier":"tenant2-lab-management.mydomain.it","problem":{"type":"urn:ietf:params:acme:error:connection","title":"","detail":"37.186.192.102: Fetching http://tenant2-lab-management.mydomain.it/.well-known/acme-challenge/-xH9VqZEB-XY2lCN4jtR42Obw-Ov98jESpKMsxAIggY: Error getting validation data","instance":"","subproblems":[]},"order":"https://acme-v02.api.letsencrypt.org/acme/order/1863682478/292602243247","attempt":1,"max_attempts":3}
mydomain-dns-proxy-mydomain-caddy-1  | {"level":"error","ts":1722549781.4917173,"logger":"tls.issuance.acme.acme_client","msg":"challenge failed","identifier":"chat.mydomain.it","challenge_type":"http-01","problem":{"type":"urn:ietf:params:acme:error:connection","title":"","detail":"37.186.192.102: Fetching http://chat.mydomain.it/.well-known/acme-challenge/061O2CzMQcvxVV5WA83LBdI1Kn_jwjyjzyGe7XjYSOo: Error getting validation data","instance":"","subproblems":[]}}
mydomain-dns-proxy-mydomain-caddy-1  | {"level":"error","ts":1722549781.491775,"logger":"tls.issuance.acme.acme_client","msg":"validating authorization","identifier":"chat.mydomain.it","problem":{"type":"urn:ietf:params:acme:error:connection","title":"","detail":"37.186.192.102: Fetching http://chat.mydomain.it/.well-known/acme-challenge/061O2CzMQcvxVV5WA83LBdI1Kn_jwjyjzyGe7XjYSOo: Error getting validation data","instance":"","subproblems":[]},"order":"https://acme-v02.api.letsencrypt.org/acme/order/1863682478/292602243257","attempt":1,"max_attempts":3}
mydomain-dns-proxy-mydomain-caddy-1  | {"level":"info","ts":1722549782.8264985,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"pre-production-lm.mydomain.it","challenge_type":"tls-alpn-01","ca":"https://acme-v02.api.letsencrypt.org/directory"}
mydomain-dns-proxy-mydomain-caddy-1  | {"level":"info","ts":1722549782.8275943,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"vault.mydomain.it","challenge_type":"tls-alpn-01","ca":"https://acme-v02.api.letsencrypt.org/directory"}
mydomain-dns-proxy-mydomain-caddy-1  | {"level":"info","ts":1722549782.8296812,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"lab-management.mydomain.it","challenge_type":"tls-alpn-01","ca":"https://acme-v02.api.letsencrypt.org/directory"}
mydomain-dns-proxy-mydomain-caddy-1  | {"level":"info","ts":1722549782.8354585,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"suggestion-box.mydomain.it","challenge_type":"tls-alpn-01","ca":"https://acme-v02.api.letsencrypt.org/directory"}
mydomain-dns-proxy-mydomain-caddy-1  | {"level":"info","ts":1722549782.8394744,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"diffusion.mydomain.it","challenge_type":"tls-alpn-01","ca":"https://acme-v02.api.letsencrypt.org/directory"}
mydomain-dns-proxy-mydomain-caddy-1  | {"level":"info","ts":1722549782.9266124,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"prometheus-uat.mydomain.it","challenge_type":"tls-alpn-01","ca":"https://acme-v02.api.letsencrypt.org/directory"}
mydomain-dns-proxy-mydomain-caddy-1  | {"level":"info","ts":1722549782.931543,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"csf-uat.mydomain.it","challenge_type":"tls-alpn-01","ca":"https://acme-v02.api.letsencrypt.org/directory"}
mydomain-dns-proxy-mydomain-caddy-1  | {"level":"info","ts":1722549782.9405637,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"chat.mydomain.it","challenge_type":"tls-alpn-01","ca":"https://acme-v02.api.letsencrypt.org/directory"}
mydomain-dns-proxy-mydomain-caddy-1  | {"level":"info","ts":1722549782.9432151,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"tenant1-lab-management.mydomain.it","challenge_type":"tls-alpn-01","ca":"https://acme-v02.api.letsencrypt.org/directory"}
mydomain-dns-proxy-mydomain-caddy-1  | {"level":"info","ts":1722549782.9605205,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"tenant2-lab-management.mydomain.it","challenge_type":"tls-alpn-01","ca":"https://acme-v02.api.letsencrypt.org/directory"}
mydomain-dns-proxy-mydomain-caddy-1  | {"level":"error","ts":1722549784.3026,"logger":"tls.issuance.acme.acme_client","msg":"challenge failed","identifier":"prometheus-uat.mydomain.it","challenge_type":"tls-alpn-01","problem":{"type":"urn:ietf:params:acme:error:connection","title":"","detail":"37.186.192.102: Error getting validation data","instance":"","subproblems":[]}}
mydomain-dns-proxy-mydomain-caddy-1  | {"level":"error","ts":1722549784.3026824,"logger":"tls.issuance.acme.acme_client","msg":"validating authorization","identifier":"prometheus-uat.mydomain.it","problem":{"type":"urn:ietf:params:acme:error:connection","title":"","detail":"37.186.192.102: Error getting validation data","instance":"","subproblems":[]},"order":"https://acme-v02.api.letsencrypt.org/acme/order/1863682478/292602262777","attempt":2,"max_attempts":3}
mydomain-dns-proxy-mydomain-caddy-1  | {"level":"error","ts":1722549784.30275,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"prometheus-uat.mydomain.it","issuer":"acme-v02.api.letsencrypt.org-directory","error":"HTTP 400 urn:ietf:params:acme:error:connection - 37.186.192.102: Error getting validation data"}
mydomain-dns-proxy-mydomain-caddy-1  | {"level":"info","ts":1722549784.303348,"logger":"tls.issuance.acme","msg":"waiting on internal rate limiter","identifiers":["prometheus-uat.mydomain.it"],"ca":"https://acme.zerossl.com/v2/DV90","account":"info@mydomain.it"}
mydomain-dns-proxy-mydomain-caddy-1  | {"level":"info","ts":1722549784.3033779,"logger":"tls.issuance.acme","msg":"done waiting on internal rate limiter","identifiers":["prometheus-uat.mydomain.it"],"ca":"https://acme.zerossl.com/v2/DV90","account":"info@mydomain.it"}
mydomain-dns-proxy-mydomain-caddy-1  | {"level":"info","ts":1722549784.303413,"logger":"tls.issuance.acme","msg":"using ACME account","account_id":"https://acme.zerossl.com/v2/DV90/account/KjVCfuBeeC8nzAg1cdX2Yg","account_contact":["mailto:info@mydomain.it"]}
mydomain-dns-proxy-mydomain-caddy-1  | {"level":"error","ts":1722549784.3178847,"logger":"tls.issuance.acme.acme_client","msg":"challenge failed","identifier":"tenant1-lab-management.mydomain.it","challenge_type":"tls-alpn-01","problem":{"type":"urn:ietf:params:acme:error:connection","title":"","detail":"37.186.192.102: Error getting validation data","instance":"","subproblems":[]}}
mydomain-dns-proxy-mydomain-caddy-1  | {"level":"error","ts":1722549784.3179233,"logger":"tls.issuance.acme.acme_client","msg":"challenge failed","identifier":"tenant2-lab-management.mydomain.it","challenge_type":"tls-alpn-01","problem":{"type":"urn:ietf:params:acme:error:connection","title":"","detail":"37.186.192.102: Error getting validation data","instance":"","subproblems":[]}}
mydomain-dns-proxy-mydomain-caddy-1  | {"level":"error","ts":1722549784.3180006,"logger":"tls.issuance.acme.acme_client","msg":"validating authorization","identifier":"tenant2-lab-management.mydomain.it","problem":{"type":"urn:ietf:params:acme:error:connection","title":"","detail":"37.186.192.102: Error getting validation data","instance":"","subproblems":[]},"order":"https://acme-v02.api.letsencrypt.org/acme/order/1863682478/292602263017","attempt":2,"max_attempts":3}
mydomain-dns-proxy-mydomain-caddy-1  | {"level":"error","ts":1722549784.31794,"logger":"tls.issuance.acme.acme_client","msg":"validating authorization","identifier":"tenant1-lab-management.mydomain.it","problem":{"type":"urn:ietf:params:acme:error:connection","title":"","detail":"37.186.192.102: Error getting validation data","instance":"","subproblems":[]},"order":"https://acme-v02.api.letsencrypt.org/acme/order/1863682478/292602262707","attempt":2,"max_attempts":3}
mydomain-dns-proxy-mydomain-caddy-1  | {"level":"error","ts":1722549784.3180547,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"tenant2-lab-management.mydomain.it","issuer":"acme-v02.api.letsencrypt.org-directory","error":"HTTP 400 urn:ietf:params:acme:error:connection - 37.186.192.102: Error getting validation data"}
mydomain-dns-proxy-mydomain-caddy-1  | {"level":"error","ts":1722549784.3180964,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"tenant1-lab-management.mydomain.it","issuer":"acme-v02.api.letsencrypt.org-directory","error":"HTTP 400 urn:ietf:params:acme:error:connection - 37.186.192.102: Error getting validation data"}
mydomain-dns-proxy-mydomain-caddy-1  | {"level":"info","ts":1722549784.3185267,"logger":"tls.issuance.acme","msg":"waiting on internal rate limiter","identifiers":["tenant2-lab-management.mydomain.it"],"ca":"https://acme.zerossl.com/v2/DV90","account":"info@mydomain.it"}
mydomain-dns-proxy-mydomain-caddy-1  | {"level":"info","ts":1722549784.318572,"logger":"tls.issuance.acme","msg":"done waiting on internal rate limiter","identifiers":["tenant2-lab-management.mydomain.it"],"ca":"https://acme.zerossl.com/v2/DV90","account":"info@mydomain.it"}
mydomain-dns-proxy-mydomain-caddy-1  | {"level":"info","ts":1722549784.318606,"logger":"tls.issuance.acme","msg":"using ACME account","account_id":"https://acme.zerossl.com/v2/DV90/account/KjVCfuBeeC8nzAg1cdX2Yg","account_contact":["mailto:info@mydomain.it"]}
mydomain-dns-proxy-mydomain-caddy-1  | {"level":"info","ts":1722549784.3185658,"logger":"tls.issuance.acme","msg":"waiting on internal rate limiter","identifiers":["tenant1-lab-management.mydomain.it"],"ca":"https://acme.zerossl.com/v2/DV90","account":"info@mydomain.it"}
mydomain-dns-proxy-mydomain-caddy-1  | {"level":"info","ts":1722549784.3186386,"logger":"tls.issuance.acme","msg":"done waiting on internal rate limiter","identifiers":["tenant1-lab-management.mydomain.it"],"ca":"https://acme.zerossl.com/v2/DV90","account":"info@mydomain.it"}
mydomain-dns-proxy-mydomain-caddy-1  | {"level":"info","ts":1722549784.3186657,"logger":"tls.issuance.acme","msg":"using ACME account","account_id":"https://acme.zerossl.com/v2/DV90/account/KjVCfuBeeC8nzAg1cdX2Yg","account_contact":["mailto:info@mydomain.it"]}
mydomain-dns-proxy-mydomain-caddy-1  | {"level":"error","ts":1722549784.3223145,"logger":"tls.issuance.acme.acme_client","msg":"challenge failed","identifier":"chat.mydomain.it","challenge_type":"tls-alpn-01","problem":{"type":"urn:ietf:params:acme:error:connection","title":"","detail":"37.186.192.102: Error getting validation data","instance":"","subproblems":[]}}
mydomain-dns-proxy-mydomain-caddy-1  | {"level":"error","ts":1722549784.3223672,"logger":"tls.issuance.acme.acme_client","msg":"validating authorization","identifier":"chat.mydomain.it","problem":{"type":"urn:ietf:params:acme:error:connection","title":"","detail":"37.186.192.102: Error getting validation data","instance":"","subproblems":[]},"order":"https://acme-v02.api.letsencrypt.org/acme/order/1863682478/292602263007","attempt":2,"max_attempts":3}
mydomain-dns-proxy-mydomain-caddy-1  | {"level":"error","ts":1722549784.3224182,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"chat.mydomain.it","issuer":"acme-v02.api.letsencrypt.org-directory","error":"HTTP 400 urn:ietf:params:acme:error:connection - 37.186.192.102: Error getting validation data"}
mydomain-dns-proxy-mydomain-caddy-1  | {"level":"error","ts":1722549784.3306818,"logger":"tls.issuance.acme.acme_client","msg":"challenge failed","identifier":"csf-uat.mydomain.it","challenge_type":"tls-alpn-01","problem":{"type":"urn:ietf:params:acme:error:connection","title":"","detail":"37.186.192.102: Error getting validation data","instance":"","subproblems":[]}}
mydomain-dns-proxy-mydomain-caddy-1  | {"level":"error","ts":1722549784.3307395,"logger":"tls.issuance.acme.acme_client","msg":"validating authorization","identifier":"csf-uat.mydomain.it","problem":{"type":"urn:ietf:params:acme:error:connection","title":"","detail":"37.186.192.102: Error getting validation data","instance":"","subproblems":[]},"order":"https://acme-v02.api.letsencrypt.org/acme/order/1863682478/292602262827","attempt":2,"max_attempts":3}
mydomain-dns-proxy-mydomain-caddy-1  | {"level":"error","ts":1722549784.3307965,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"csf-uat.mydomain.it","issuer":"acme-v02.api.letsencrypt.org-directory","error":"HTTP 400 urn:ietf:params:acme:error:connection - 37.186.192.102: Error getting validation data"}
mydomain-dns-proxy-mydomain-caddy-1  | {"level":"info","ts":1722549784.331298,"logger":"tls.issuance.acme","msg":"waiting on internal rate limiter","identifiers":["csf-uat.mydomain.it"],"ca":"https://acme.zerossl.com/v2/DV90","account":"info@mydomain.it"}
mydomain-dns-proxy-mydomain-caddy-1  | {"level":"info","ts":1722549784.3313475,"logger":"tls.issuance.acme","msg":"done waiting on internal rate limiter","identifiers":["csf-uat.mydomain.it"],"ca":"https://acme.zerossl.com/v2/DV90","account":"info@mydomain.it"}
mydomain-dns-proxy-mydomain-caddy-1  | {"level":"info","ts":1722549784.3313801,"logger":"tls.issuance.acme","msg":"using ACME account","account_id":"https://acme.zerossl.com/v2/DV90/account/KjVCfuBeeC8nzAg1cdX2Yg","account_contact":["mailto:info@mydomain.it"]}
mydomain-dns-proxy-mydomain-caddy-1  | {"level":"error","ts":1722549784.535276,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"chat.mydomain.it","issuer":"acme.zerossl.com-v2-DV90","error":"[chat.mydomain.it] creating new order: fetching new nonce from server: HTTP 429:  (ca=https://acme.zerossl.com/v2/DV90)"}
mydomain-dns-proxy-mydomain-caddy-1  | {"level":"error","ts":1722549784.5354903,"logger":"tls.obtain","msg":"will retry","error":"[chat.mydomain.it] Obtain: [chat.mydomain.it] creating new order: fetching new nonce from server: HTTP 429:  (ca=https://acme.zerossl.com/v2/DV90)","attempt":1,"retrying_in":60,"elapsed":7.992225153,"max_duration":2592000}
mydomain-dns-proxy-mydomain-caddy-1  | {"level":"error","ts":1722549784.535562,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"csf-uat.mydomain.it","issuer":"acme.zerossl.com-v2-DV90","error":"[csf-uat.mydomain.it] creating new order: fetching new nonce from server: HTTP 429:  (ca=https://acme.zerossl.com/v2/DV90)"}
mydomain-dns-proxy-mydomain-caddy-1  | {"level":"error","ts":1722549784.5356858,"logger":"tls.obtain","msg":"will retry","error":"[csf-uat.mydomain.it] Obtain: [csf-uat.mydomain.it] creating new order: fetching new nonce from server: HTTP 429:  (ca=https://acme.zerossl.com/v2/DV90)","attempt":1,"retrying_in":60,"elapsed":7.991038473,"max_duration":2592000}
mydomain-dns-proxy-mydomain-caddy-1  | {"level":"error","ts":1722549784.5808568,"logger":"tls.issuance.acme.acme_client","msg":"challenge failed","identifier":"pre-production-lm.mydomain.it","challenge_type":"tls-alpn-01","problem":{"type":"urn:ietf:params:acme:error:connection","title":"","detail":"37.186.192.102: Error getting validation data","instance":"","subproblems":[]}}
mydomain-dns-proxy-mydomain-caddy-1  | {"level":"error","ts":1722549784.5809116,"logger":"tls.issuance.acme.acme_client","msg":"validating authorization","identifier":"pre-production-lm.mydomain.it","problem":{"type":"urn:ietf:params:acme:error:connection","title":"","detail":"37.186.192.102: Error getting validation data","instance":"","subproblems":[]},"order":"https://acme-v02.api.letsencrypt.org/acme/order/1863682478/292602262107","attempt":2,"max_attempts":3}
mydomain-dns-proxy-mydomain-caddy-1  | {"level":"error","ts":1722549784.580968,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"pre-production-lm.mydomain.it","issuer":"acme-v02.api.letsencrypt.org-directory","error":"HTTP 400 urn:ietf:params:acme:error:connection - 37.186.192.102: Error getting validation data"}
mydomain-dns-proxy-mydomain-caddy-1  | {"level":"error","ts":1722549784.581404,"logger":"tls.issuance.acme.acme_client","msg":"challenge failed","identifier":"lab-management.mydomain.it","challenge_type":"tls-alpn-01","problem":{"type":"urn:ietf:params:acme:error:connection","title":"","detail":"37.186.192.102: Error getting validation data","instance":"","subproblems":[]}}
mydomain-dns-proxy-mydomain-caddy-1  | {"level":"error","ts":1722549784.5814626,"logger":"tls.issuance.acme.acme_client","msg":"validating authorization","identifier":"lab-management.mydomain.it","problem":{"type":"urn:ietf:params:acme:error:connection","title":"","detail":"37.186.192.102: Error getting validation data","instance":"","subproblems":[]},"order":"https://acme-v02.api.letsencrypt.org/acme/order/1863682478/292602262207","attempt":2,"max_attempts":3}
mydomain-dns-proxy-mydomain-caddy-1  | {"level":"error","ts":1722549784.5815105,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"lab-management.mydomain.it","issuer":"acme-v02.api.letsencrypt.org-directory","error":"HTTP 400 urn:ietf:params:acme:error:connection - 37.186.192.102: Error getting validation data"}
mydomain-dns-proxy-mydomain-caddy-1  | {"level":"info","ts":1722549784.5815287,"logger":"tls.issuance.acme","msg":"waiting on internal rate limiter","identifiers":["pre-production-lm.mydomain.it"],"ca":"https://acme.zerossl.com/v2/DV90","account":"info@mydomain.it"}
mydomain-dns-proxy-mydomain-caddy-1  | {"level":"info","ts":1722549784.5820193,"logger":"tls.issuance.acme","msg":"done waiting on internal rate limiter","identifiers":["lab-management.mydomain.it"],"ca":"https://acme.zerossl.com/v2/DV90","account":"info@mydomain.it"}
mydomain-dns-proxy-mydomain-caddy-1  | {"level":"info","ts":1722549784.5820518,"logger":"tls.issuance.acme","msg":"using ACME account","account_id":"https://acme.zerossl.com/v2/DV90/account/KjVCfuBeeC8nzAg1cdX2Yg","account_contact":["mailto:info@mydomain.it"]}
mydomain-dns-proxy-mydomain-caddy-1  | {"level":"error","ts":1722549784.59423,"logger":"tls.issuance.acme.acme_client","msg":"challenge failed","identifier":"diffusion.mydomain.it","challenge_type":"tls-alpn-01","problem":{"type":"urn:ietf:params:acme:error:connection","title":"","detail":"37.186.192.102: Error getting validation data","instance":"","subproblems":[]}}
mydomain-dns-proxy-mydomain-caddy-1  | {"level":"error","ts":1722549784.594284,"logger":"tls.issuance.acme.acme_client","msg":"validating authorization","identifier":"diffusion.mydomain.it","problem":{"type":"urn:ietf:params:acme:error:connection","title":"","detail":"37.186.192.102: Error getting validation data","instance":"","subproblems":[]},"order":"https://acme-v02.api.letsencrypt.org/acme/order/1863682478/292602262297","attempt":2,"max_attempts":3}
mydomain-dns-proxy-mydomain-caddy-1  | {"level":"error","ts":1722549784.5943384,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"diffusion.mydomain.it","issuer":"acme-v02.api.letsencrypt.org-directory","error":"HTTP 400 urn:ietf:params:acme:error:connection - 37.186.192.102: Error getting validation data"}
mydomain-dns-proxy-mydomain-caddy-1  | {"level":"info","ts":1722549784.5949605,"logger":"tls.issuance.acme","msg":"waiting on internal rate limiter","identifiers":["diffusion.mydomain.it"],"ca":"https://acme.zerossl.com/v2/DV90","account":"info@mydomain.it"}
mydomain-dns-proxy-mydomain-caddy-1  | {"level":"info","ts":1722549784.595012,"logger":"tls.issuance.acme","msg":"done waiting on internal rate limiter","identifiers":["diffusion.mydomain.it"],"ca":"https://acme.zerossl.com/v2/DV90","account":"info@mydomain.it"}
mydomain-dns-proxy-mydomain-caddy-1  | {"level":"info","ts":1722549784.5950484,"logger":"tls.issuance.acme","msg":"using ACME account","account_id":"https://acme.zerossl.com/v2/DV90/account/KjVCfuBeeC8nzAg1cdX2Yg","account_contact":["mailto:info@mydomain.it"]}
mydomain-dns-proxy-mydomain-caddy-1  | {"level":"error","ts":1722549784.607166,"logger":"tls.issuance.acme.acme_client","msg":"challenge failed","identifier":"vault.mydomain.it","challenge_type":"tls-alpn-01","problem":{"type":"urn:ietf:params:acme:error:connection","title":"","detail":"37.186.192.102: Error getting validation data","instance":"","subproblems":[]}}
mydomain-dns-proxy-mydomain-caddy-1  | {"level":"error","ts":1722549784.6072233,"logger":"tls.issuance.acme.acme_client","msg":"validating authorization","identifier":"vault.mydomain.it","problem":{"type":"urn:ietf:params:acme:error:connection","title":"","detail":"37.186.192.102: Error getting validation data","instance":"","subproblems":[]},"order":"https://acme-v02.api.letsencrypt.org/acme/order/1863682478/292602261937","attempt":2,"max_attempts":3}
mydomain-dns-proxy-mydomain-caddy-1  | {"level":"error","ts":1722549784.6072764,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"vault.mydomain.it","issuer":"acme-v02.api.letsencrypt.org-directory","error":"HTTP 400 urn:ietf:params:acme:error:connection - 37.186.192.102: Error getting validation data"}
mydomain-dns-proxy-mydomain-caddy-1  | {"level":"info","ts":1722549784.6077342,"logger":"tls.issuance.acme","msg":"waiting on internal rate limiter","identifiers":["vault.mydomain.it"],"ca":"https://acme.zerossl.com/v2/DV90","account":"info@mydomain.it"}
mydomain-dns-proxy-mydomain-caddy-1  | {"level":"info","ts":1722549784.6077783,"logger":"tls.issuance.acme","msg":"done waiting on internal rate limiter","identifiers":["vault.mydomain.it"],"ca":"https://acme.zerossl.com/v2/DV90","account":"info@mydomain.it"}
mydomain-dns-proxy-mydomain-caddy-1  | {"level":"info","ts":1722549784.6078103,"logger":"tls.issuance.acme","msg":"using ACME account","account_id":"https://acme.zerossl.com/v2/DV90/account/KjVCfuBeeC8nzAg1cdX2Yg","account_contact":["mailto:info@mydomain.it"]}
mydomain-dns-proxy-mydomain-caddy-1  | {"level":"error","ts":1722549784.6232023,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"pre-production-lm.mydomain.it","issuer":"acme.zerossl.com-v2-DV90","error":"[pre-production-lm.mydomain.it] creating new order: fetching new nonce from server: HTTP 429:  (ca=https://acme.zerossl.com/v2/DV90)"}
mydomain-dns-proxy-mydomain-caddy-1  | {"level":"error","ts":1722549784.6233118,"logger":"tls.obtain","msg":"will retry","error":"[pre-production-lm.mydomain.it] Obtain: [pre-production-lm.mydomain.it] creating new order: fetching new nonce from server: HTTP 429:  (ca=https://acme.zerossl.com/v2/DV90)","attempt":1,"retrying_in":60,"elapsed":8.082789606,"max_duration":2592000}
mydomain-dns-proxy-mydomain-caddy-1  | {"level":"error","ts":1722549784.624268,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"lab-management.mydomain.it","issuer":"acme.zerossl.com-v2-DV90","error":"[lab-management.mydomain.it] creating new order: fetching new nonce from server: HTTP 429:  (ca=https://acme.zerossl.com/v2/DV90)"}
mydomain-dns-proxy-mydomain-caddy-1  | {"level":"error","ts":1722549784.6243768,"logger":"tls.obtain","msg":"will retry","error":"[lab-management.mydomain.it] Obtain: [lab-management.mydomain.it] creating new order: fetching new nonce from server: HTTP 429:  (ca=https://acme.zerossl.com/v2/DV90)","attempt":1,"retrying_in":60,"elapsed":8.079704656,"max_duration":2592000}
mydomain-dns-proxy-mydomain-caddy-1  | {"level":"error","ts":1722549784.6491878,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"vault.mydomain.it","issuer":"acme.zerossl.com-v2-DV90","error":"[vault.mydomain.it] creating new order: fetching new nonce from server: HTTP 429:  (ca=https://acme.zerossl.com/v2/DV90)"}
mydomain-dns-proxy-mydomain-caddy-1  | {"level":"error","ts":1722549784.649303,"logger":"tls.obtain","msg":"will retry","error":"[vault.mydomain.it] Obtain: [vault.mydomain.it] creating new order: fetching new nonce from server: HTTP 429:  (ca=https://acme.zerossl.com/v2/DV90)","attempt":1,"retrying_in":60,"elapsed":8.107969686,"max_duration":2592000}
mydomain-dns-proxy-mydomain-caddy-1  | {"level":"error","ts":1722549784.864073,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"prometheus-uat.mydomain.it","issuer":"acme.zerossl.com-v2-DV90","error":"[prometheus-uat.mydomain.it] creating new order: attempt 1: https://acme.zerossl.com/v2/DV90/newOrder: HTTP 429: <html>\r\n<head><title>429 Too Many Requests</title></head>\r\n<body>\r\n<center><h1>429 Too Many Requests</h1></center>\r\n<hr><center>nginx</center>\r\n</body>\r\n</html>\r\n (ca=https://acme.zerossl.com/v2/DV90)"}
mydomain-dns-proxy-mydomain-caddy-1  | {"level":"error","ts":1722549784.8642082,"logger":"tls.obtain","msg":"will retry","error":"[prometheus-uat.mydomain.it] Obtain: [prometheus-uat.mydomain.it] creating new order: attempt 1: https://acme.zerossl.com/v2/DV90/newOrder: HTTP 429: <html>\r\n<head><title>429 Too Many Requests</title></head>\r\n<body>\r\n<center><h1>429 Too Many Requests</h1></center>\r\n<hr><center>nginx</center>\r\n</body>\r\n</html>\r\n (ca=https://acme.zerossl.com/v2/DV90)","attempt":1,"retrying_in":60,"elapsed":8.319980802,"max_duration":2592000}
mydomain-dns-proxy-mydomain-caddy-1  | {"level":"error","ts":1722549784.8778565,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"tenant1-lab-management.mydomain.it","issuer":"acme.zerossl.com-v2-DV90","error":"[tenant1-lab-management.mydomain.it] creating new order: attempt 1: https://acme.zerossl.com/v2/DV90/newOrder: HTTP 429: <html>\r\n<head><title>429 Too Many Requests</title></head>\r\n<body>\r\n<center><h1>429 Too Many Requests</h1></center>\r\n<hr><center>nginx</center>\r\n</body>\r\n</html>\r\n (ca=https://acme.zerossl.com/v2/DV90)"}
mydomain-dns-proxy-mydomain-caddy-1  | {"level":"error","ts":1722549784.8779705,"logger":"tls.obtain","msg":"will retry","error":"[tenant1-lab-management.mydomain.it] Obtain: [tenant1-lab-management.mydomain.it] creating new order: attempt 1: https://acme.zerossl.com/v2/DV90/newOrder: HTTP 429: <html>\r\n<head><title>429 Too Many Requests</title></head>\r\n<body>\r\n<center><h1>429 Too Many Requests</h1></center>\r\n<hr><center>nginx</center>\r\n</body>\r\n</html>\r\n (ca=https://acme.zerossl.com/v2/DV90)","attempt":1,"retrying_in":60,"elapsed":8.336327103,"max_duration":2592000}
mydomain-dns-proxy-mydomain-caddy-1  | {"level":"info","ts":1722549787.1596012,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"prometheus.mydomain.it","challenge_type":"tls-alpn-01","ca":"https://acme-v02.api.letsencrypt.org/directory"}
mydomain-dns-proxy-mydomain-caddy-1  | {"level":"error","ts":1722549787.4325936,"logger":"tls.issuance.acme.acme_client","msg":"challenge failed","identifier":"suggestion-box.mydomain.it","challenge_type":"tls-alpn-01","problem":{"type":"urn:ietf:params:acme:error:connection","title":"","detail":"37.186.192.102: Error getting validation data","instance":"","subproblems":[]}}
mydomain-dns-proxy-mydomain-caddy-1  | {"level":"error","ts":1722549787.432652,"logger":"tls.issuance.acme.acme_client","msg":"validating authorization","identifier":"suggestion-box.mydomain.it","problem":{"type":"urn:ietf:params:acme:error:connection","title":"","detail":"37.186.192.102: Error getting validation data","instance":"","subproblems":[]},"order":"https://acme-v02.api.letsencrypt.org/acme/order/1863682478/292602262237","attempt":2,"max_attempts":3}
mydomain-dns-proxy-mydomain-caddy-1  | {"level":"error","ts":1722549787.4327176,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"suggestion-box.mydomain.it","issuer":"acme-v02.api.letsencrypt.org-directory","error":"HTTP 400 urn:ietf:params:acme:error:connection - 37.186.192.102: Error getting validation data"}
mydomain-dns-proxy-mydomain-caddy-1  | {"level":"info","ts":1722549787.433211,"logger":"tls.issuance.acme","msg":"waiting on internal rate limiter","identifiers":["suggestion-box.mydomain.it"],"ca":"https://acme.zerossl.com/v2/DV90","account":"info@mydomain.it"}
mydomain-dns-proxy-mydomain-caddy-1  | {"level":"error","ts":1722549791.3272011,"logger":"tls.issuance.acme.acme_client","msg":"challenge failed","identifier":"prometheus.mydomain.it","challenge_type":"tls-alpn-01","problem":{"type":"urn:ietf:params:acme:error:connection","title":"","detail":"37.186.192.102: Error getting validation data","instance":"","subproblems":[]}}
mydomain-dns-proxy-mydomain-caddy-1  | {"level":"error","ts":1722549791.32728,"logger":"tls.issuance.acme.acme_client","msg":"validating authorization","identifier":"prometheus.mydomain.it","problem":{"type":"urn:ietf:params:acme:error:connection","title":"","detail":"37.186.192.102: Error getting validation data","instance":"","subproblems":[]},"order":"https://acme-v02.api.letsencrypt.org/acme/order/1863682478/292602288947","attempt":1,"max_attempts":3}
mydomain-dns-proxy-mydomain-caddy-1  | {"level":"info","ts":1722549792.9448447,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"prometheus.mydomain.it","challenge_type":"http-01","ca":"https://acme-v02.api.letsencrypt.org/directory"}
mydomain-dns-proxy-mydomain-caddy-1  | {"level":"error","ts":1722549794.3019657,"logger":"tls.issuance.acme.acme_client","msg":"challenge failed","identifier":"prometheus.mydomain.it","challenge_type":"http-01","problem":{"type":"urn:ietf:params:acme:error:connection","title":"","detail":"37.186.192.102: Fetching http://prometheus.mydomain.it/.well-known/acme-challenge/F_U5taaCR--buf4S85h42NbmNdjpydtJcd9Hx8mozMQ: Error getting validation data","instance":"","subproblems":[]}}
mydomain-dns-proxy-mydomain-caddy-1  | {"level":"error","ts":1722549794.3020325,"logger":"tls.issuance.acme.acme_client","msg":"validating authorization","identifier":"prometheus.mydomain.it","problem":{"type":"urn:ietf:params:acme:error:connection","title":"","detail":"37.186.192.102: Fetching http://prometheus.mydomain.it/.well-known/acme-challenge/F_U5taaCR--buf4S85h42NbmNdjpydtJcd9Hx8mozMQ: Error getting validation data","instance":"","subproblems":[]},"order":"https://acme-v02.api.letsencrypt.org/acme/order/1863682478/292602313087","attempt":2,"max_attempts":3}
mydomain-dns-proxy-mydomain-caddy-1  | {"level":"error","ts":1722549794.3020902,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"prometheus.mydomain.it","issuer":"acme-v02.api.letsencrypt.org-directory","error":"HTTP 400 urn:ietf:params:acme:error:connection - 37.186.192.102: Fetching http://prometheus.mydomain.it/.well-known/acme-challenge/F_U5taaCR--buf4S85h42NbmNdjpydtJcd9Hx8mozMQ: Error getting validation data"}

3. Caddy version:

Caddy v2.8.4

4. How I installed and ran Caddy:

I am running caddy inside a Docker.

a. System environment:

The official caddy docker caddy:2 in an Ubuntu 20.04 server.

b. Command:

No special command. The default for the caddy docker.

c. Service/unit/compose file:

version: "3"

services:
  company-caddy:
    image: caddy:2
    restart: always
    # ports:
    #   - 80:80 # Needed for the ACME HTTP-01 challenge.
    #   - 443:443
    network_mode: host
    volumes:
      - ./Caddyfile:/etc/caddy/Caddyfile:ro
      - ./data/caddy-config:/config
      - ./data/caddy-data:/data
    environment:
      - EMAIL=info@mydomain.it # The email address to use for ACME registration.
      - LOG_FILE=/data/access.log

I am using network_mode: host so that I can easily reverse_proxy to other servers in the LAN.

d. My complete Caddy config:

https://vault.mydomain.it {
  log {
    level INFO
    output file {$LOG_FILE} {
      roll_size 10MB
      roll_keep 10
    }
  }

  # Use the ACME HTTP-01 challenge to get a cert for the configured domain.
  tls {$EMAIL}

  # This setting may have compatibility issues with some browsers
  # (e.g., attachment downloading on Firefox). Try disabling this
  # if you encounter issues.
  #   encode gzip

  # Proxy everything
  reverse_proxy :8081 {
       # Send the true remote IP to Rocket, so that vaultwarden can put this in the
       # log, so that fail2ban can ban the correct IP.
       header_up X-Real-IP {remote_host}
  }
}

https://diffusion.mydomain.it {
  log {
    level INFO
    output file {$LOG_FILE} {
      roll_size 10MB
      roll_keep 10
    }
  }

  # Use the ACME HTTP-01 challenge to get a cert for the configured domain.
  tls {$EMAIL}

  # This setting may have compatibility issues with some browsers
  # (e.g., attachment downloading on Firefox). Try disabling this
  # if you encounter issues.
  #   encode gzip

  # Proxy everything
  reverse_proxy http://192.168.69.60:7860 {
       # Send the true remote IP to Rocket, so that vaultwarden can put this in the
       # log, so that fail2ban can ban the correct IP.
       header_up X-Real-IP {remote_host}
  }
}

https://chat.mydomain.it {
  log {
    level INFO
    output file {$LOG_FILE} {
      roll_size 10MB
      roll_keep 10
    }
  }

  # Use the ACME HTTP-01 challenge to get a cert for the configured domain.
  tls {$EMAIL}

  # This setting may have compatibility issues with some browsers
  # (e.g., attachment downloading on Firefox). Try disabling this
  # if you encounter issues.
  #   encode gzip

  # Proxy everything
  reverse_proxy http://192.168.69.150:8044 {
       # Send the true remote IP to Rocket, so that vaultwarden can put this in the
       # log, so that fail2ban can ban the correct IP.
       header_up X-Real-IP {remote_host}
  }
}

...more...

5. Links to relevant resources:

No links.

2

Sorry for the delay, had a vacation.

That is weird.

Can you try a simple Caddyfile like this?

:80 {
	respond "You found me!"
}
1 Like
3

No problem. I hope you had a great vacation!

I think I managed to solve the problem making the ISP try a few different configurations on their router yesterday. I was about to write a followup to my post even though I still do not fully understand.

To answer your question, yes a simple Caddyfile like that was working. The problem arises when I use https in the Caddyfile. Caddy tries to get certificates, it gets errors and since we do not have certificates then it doesn’t work.

I still do not know what the problem was but I will lay out here the details and steps I uncovered:

  1. The main difference between the Fastweb and the Vodafone ISP contracts and connection is that the Vodafone contractually provided 1 static public IP address, while the Fastweb ISP contractually provided 8 static public IPs.
    a. The Vodafone router was directly connected to the internet with the static public IP provided, even before I installed the secondary router, and when I installed it, I just configured the DMZ host and static NAT on their router and in my router/firewall I just set the WAN IP as static (it was a LAN IP in the Vodafone router LAN).
    b. The Fastweb router was connected to the internet with a dynamic public IP and they configured somehow the router to point one of those 8 public IPs to my secondary router. The secondary router WAN side was configured directly with the static public IP address and not with a LAN IP in the Fastweb LAN. In fact if I tried and changed my router/firewall configuration using DHCP on the WAN side, I obtained an IP on the LAN of the Fastweb router and I was connected to the internet through the dynamic public IP. (checking with my ip tools on the web)
  2. I asked the Fastweb ISP to just let go of the 7 extra IPs I don’t need and just make it so that the Fastweb router just uses that static public IP and I configured everything like in the Vodafone network. So my router has a static LAN IP in the Fastweb router network and a DMZ and static NAT is configured. That’s it! It works.

Now I am ok with this solution and I think I will not invest too much time in trying to understand the issue, but I am very curious…

Let me know if you have a better understanding of the situation and let me know if I wasn’t clear.

4

I find it weird that you were given 8 IPs for a residential connection :thinking:

Generally yes, you do need a single static IP to receive traffic from the public internet, since DNS has to resolve to something. You could have more than one and use DNS Round-robin, but that’s advanced.

1 Like
5

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.