Problem with auto generate certs (default.json: no such file)

1. The problem I’m having:

Hi All!
I have a problem with the correct caddy configuration to generate and renew certificates by itself using Letsencrypt.
After manually pointing to the certs everything works!
The problem is with the default.json file which, after checking, is actually missing inside the container.

2. Error messages and/or full log output:

{"level":"info","ts":1736935657.8581586,"logger":"tls.obtain","msg":"lock acquired","identifier":"keycloak.test.com"}
{"level":"info","ts":1736935657.8593433,"logger":"http","msg":"creating new account because no account for configured email is known to us","email":"","ca":"https://acme-v02.api.letsencrypt.org/directory","error":"open /data/caddy/acme/acme-v02.api.letsencrypt.org-directory/users/default/default.json: no such file or directory"}
{"level":"info","ts":1736935657.8594298,"logger":"http","msg":"ACME account has empty status; registering account with ACME server","contact":[],"location":""}
{"level":"info","ts":1736935657.8595796,"logger":"tls.obtain","msg":"obtaining certificate","identifier":"keycloak.test.com"}
{"level":"info","ts":1736935657.8599384,"logger":"http","msg":"creating new account because no account for configured email is known to us","email":"","ca":"https://acme-v02.api.letsencrypt.org/directory","error":"open /data/caddy/acme/acme-v02.api.letsencrypt.org-directory/users/default/default.json: no such file or directory"}
{"level":"info","ts":1736935657.8599973,"logger":"http","msg":"ACME account has empty status; registering account with ACME server","contact":[],"location":""}
{"level":"info","ts":1736935657.8605828,"logger":"http","msg":"creating new account because no account for configured email is known to us","email":"","ca":"https://acme-v02.api.letsencrypt.org/directory","error":"open /data/caddy/acme/acme-v02.api.letsencrypt.org-directory/users/default/default.json: no such file or directory"}
{"level":"info","ts":1736935657.8610575,"logger":"http","msg":"creating new account because no account for configured email is known to us","email":"","ca":"https://acme-v02.api.letsencrypt.org/directory","error":"open /data/caddy/acme/acme-v02.api.letsencrypt.org-directory/users/default/default.json: no such file or directory"}
{"level":"info","ts":1736935657.8612437,"logger":"http","msg":"ACME account has empty status; registering account with ACME server","contact":[],"location":""}
{"level":"warn","ts":1736935687.8618345,"msg":"HTTP request failed; retrying","url":"https://acme-v02.api.letsencrypt.org/directory","error":"performing request: Get \"https://acme-v02.api.letsencrypt.org/directory\": context deadline exceeded (Client.Timeout exceeded while awaiting headers)"}

3. Caddy version:

2.9.1

4. How I installed and ran Caddy:

Docker-compose.yml:

‘’’
‘’‘’

a. System environment:

b. Command:

docker-compose up -d

c. Service/unit/compose file:

version: '3.7'

networks:
    proxy:
        name: proxy_net
services:
  caddy:
    image: caddy:2.9.1
    restart: unless-stopped
    cap_add:
      - NET_ADMIN
    ports:
      - "80:80"
      - "443:443"
      - "443:443/udp"
    volumes:
      - ./conf:/etc/caddy
      - ./site:/srv
      - ./certs:/certs
      - caddy_data:/data
      - caddy_config:/config
    networks:
      - proxy
volumes:
  caddy_data:
  caddy_config:

d. My complete Caddy config:

{
servers {
		protocols h1 h2 h2c
	}
}

demo.test.com {
#    tls /certs/cert9.pem /certs/privkey9.pem
    reverse_proxy point_bipoint_1:55555 {
	import Caddyfile_security
}
}

point1.demo.test.comdemo.test.com {
#    tls /certs/cert9_point1.pem /certs/privkey9_point1.pem
    reverse_proxy point2_bipoint_1:55555 {
	import Caddyfile_security
}
}

point2.demo.test.com {
#    tls /certs/cert9_point2.pem /certs/privkey9_point2.pem
    reverse_proxy point3_bipoint_1:55555 {
	import Caddyfile_security
}
}

keycloak.demo.test.com {
#    tls /certs/cert9_keycloak.pem /certs/privkey9_keycloak.pem
    reverse_proxy keycloak_keycloak_1:8080 {
	import Caddyfile_security
}
}

point3.demo.test.com {
#    tls /certs/cert9_point3.pem /certs/privkey9_point3.pem
    reverse_proxy point4_bipoint_1:55555 {
	import Caddyfile_security
}
}

5. Links to relevant resources:

The default.json file missing is not your real issue, it will automatically get created if only the rest proceeded correctly.

The important failure is in the last line,

"error":"performing request:
Get \"https://acme-v02.api.letsencrypt.org/directory\":
(Client.Timeout exceeded while awaiting headers)"}

It would seem the system running inside the container is unable to access the Internet.

1 Like

Thanks for your answear!
I could be caused by bad Docker networking configuration and/or some fw rule.
My server is in DMZ, and use proxy to download some updates etc from Internet.

I’ve checked and from host I’m able to connect with curl to https://acme-v02.api.letsencrypt.org/directory

{
  "gl_fGgcVT_w": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",
  "keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change",
  "meta": {
    "caaIdentities": [
      "letsencrypt.org"
    ],
    "profiles": {
      "classic": "The same profile you're accustomed to"
    },
    "termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.4-April-3-2024.pdf",
    "website": "https://letsencrypt.org"
  },
  "newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct",
  "newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce",
  "newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order",
  "renewalInfo": "https://acme-v02.api.letsencrypt.org/draft-ietf-acme-ari-03/renewalInfo",
  "revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert"

Im using internal network to connect caddy and other apps I’m trying to expose by reverse proxy.
It’s possible to use host network with internal network and port bingings?

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.