1. The problem I’m having:
Hi All!
I have a problem with the correct caddy configuration to generate and renew certificates by itself using Letsencrypt.
After manually pointing to the certs everything works!
The problem is with the default.json file which, after checking, is actually missing inside the container.
2. Error messages and/or full log output:
{"level":"info","ts":1736935657.8581586,"logger":"tls.obtain","msg":"lock acquired","identifier":"keycloak.test.com"}
{"level":"info","ts":1736935657.8593433,"logger":"http","msg":"creating new account because no account for configured email is known to us","email":"","ca":"https://acme-v02.api.letsencrypt.org/directory","error":"open /data/caddy/acme/acme-v02.api.letsencrypt.org-directory/users/default/default.json: no such file or directory"}
{"level":"info","ts":1736935657.8594298,"logger":"http","msg":"ACME account has empty status; registering account with ACME server","contact":[],"location":""}
{"level":"info","ts":1736935657.8595796,"logger":"tls.obtain","msg":"obtaining certificate","identifier":"keycloak.test.com"}
{"level":"info","ts":1736935657.8599384,"logger":"http","msg":"creating new account because no account for configured email is known to us","email":"","ca":"https://acme-v02.api.letsencrypt.org/directory","error":"open /data/caddy/acme/acme-v02.api.letsencrypt.org-directory/users/default/default.json: no such file or directory"}
{"level":"info","ts":1736935657.8599973,"logger":"http","msg":"ACME account has empty status; registering account with ACME server","contact":[],"location":""}
{"level":"info","ts":1736935657.8605828,"logger":"http","msg":"creating new account because no account for configured email is known to us","email":"","ca":"https://acme-v02.api.letsencrypt.org/directory","error":"open /data/caddy/acme/acme-v02.api.letsencrypt.org-directory/users/default/default.json: no such file or directory"}
{"level":"info","ts":1736935657.8610575,"logger":"http","msg":"creating new account because no account for configured email is known to us","email":"","ca":"https://acme-v02.api.letsencrypt.org/directory","error":"open /data/caddy/acme/acme-v02.api.letsencrypt.org-directory/users/default/default.json: no such file or directory"}
{"level":"info","ts":1736935657.8612437,"logger":"http","msg":"ACME account has empty status; registering account with ACME server","contact":[],"location":""}
{"level":"warn","ts":1736935687.8618345,"msg":"HTTP request failed; retrying","url":"https://acme-v02.api.letsencrypt.org/directory","error":"performing request: Get \"https://acme-v02.api.letsencrypt.org/directory\": context deadline exceeded (Client.Timeout exceeded while awaiting headers)"}
3. Caddy version:
2.9.1
4. How I installed and ran Caddy:
Docker-compose.yml:
‘’’
‘’‘’
a. System environment:
b. Command:
docker-compose up -d
c. Service/unit/compose file:
version: '3.7'
networks:
proxy:
name: proxy_net
services:
caddy:
image: caddy:2.9.1
restart: unless-stopped
cap_add:
- NET_ADMIN
ports:
- "80:80"
- "443:443"
- "443:443/udp"
volumes:
- ./conf:/etc/caddy
- ./site:/srv
- ./certs:/certs
- caddy_data:/data
- caddy_config:/config
networks:
- proxy
volumes:
caddy_data:
caddy_config:
d. My complete Caddy config:
{
servers {
protocols h1 h2 h2c
}
}
demo.test.com {
# tls /certs/cert9.pem /certs/privkey9.pem
reverse_proxy point_bipoint_1:55555 {
import Caddyfile_security
}
}
point1.demo.test.comdemo.test.com {
# tls /certs/cert9_point1.pem /certs/privkey9_point1.pem
reverse_proxy point2_bipoint_1:55555 {
import Caddyfile_security
}
}
point2.demo.test.com {
# tls /certs/cert9_point2.pem /certs/privkey9_point2.pem
reverse_proxy point3_bipoint_1:55555 {
import Caddyfile_security
}
}
keycloak.demo.test.com {
# tls /certs/cert9_keycloak.pem /certs/privkey9_keycloak.pem
reverse_proxy keycloak_keycloak_1:8080 {
import Caddyfile_security
}
}
point3.demo.test.com {
# tls /certs/cert9_point3.pem /certs/privkey9_point3.pem
reverse_proxy point4_bipoint_1:55555 {
import Caddyfile_security
}
}