Problems with LetsEncrypt on IPv6 only hosts

hevisko · January 30, 2026, 8:21am

1. The problem I’m having:

New deployment, same as previous recipes, but now there seems to be a secondary check that fails from LetsEncrypt (TLS-APN related?) and ZeroSSL not usable (they don’t support IPv6 only hosts…)

2. Error messages and/or full log output:

{“level”:“info”,“ts”:1769521703.414023,“msg”:“maxprocs: Leaving GOMAXPROCS=1: CPU quota undefined”}
{“level”:“info”,“ts”:1769521703.414215,“msg”:“GOMEMLIMIT is updated”,“package”:“github.com/KimMachineGun/automemlimit/memlimit",“GOMEMLIMIT”:121532486860,"previous”:9223372036854775807}
caddy.HomeDir=/root
caddy.AppDataDir=/etc/caddy/ssl/caddy
caddy.AppConfigDir=/root/.config/caddy
caddy.ConfigAutosavePath=/root/.config/caddy/autosave.json
caddy.Version=v2.10.2 h1:g/gTYjGMD0dec+UgMw8SnfmJ3I9+M2TdvoRL/Ovu6U8=
runtime.GOOS=linux
runtime.GOARCH=amd64
runtime.Compiler=gc
runtime.NumCPU=1
runtime.GOMAXPROCS=1
runtime.Version=go1.25.0
os.Getwd=/etc/caddy
SHELL=/bin/bash
SUDO_GID=1001
SUDO_COMMAND=/bin/bash
SUDO_USER=hvisage
PWD=/etc/caddy
LOGNAME=root
HOME=/root
LANG=C
LS_COLORS=rs=0:di=01;34:ln=01;36:mh=00:pi=40;33:so=01;35:do=01;35:bd=40;33;01:cd=40;33;01:or=40;31;01:mi=00:su=37;41:sg=30;43:ca=00:tw=30;42:ow=34;42:st=37;44:ex=01;32:.tar=01;31:.tgz=01;31:.arc=01;31:.arj=01;31:.taz=01;31:.lha=01;31:.lz4=01;31:.lzh=01;31:.lzma=01;31:.tlz=01;31:.txz=01;31:.tzo=01;31:.t7z=01;31:.zip=01;31:.z=01;31:.dz=01;31:.gz=01;31:.lrz=01;31:.lz=01;31:.lzo=01;31:.xz=01;31:.zst=01;31:.tzst=01;31:.bz2=01;31:.bz=01;31:.tbz=01;31:.tbz2=01;31:.tz=01;31:.deb=01;31:.rpm=01;31:.jar=01;31:.war=01;31:.ear=01;31:.sar=01;31:.rar=01;31:.alz=01;31:.ace=01;31:.zoo=01;31:.cpio=01;31:.7z=01;31:.rz=01;31:.cab=01;31:.wim=01;31:.swm=01;31:.dwm=01;31:.esd=01;31:.avif=01;35:.jpg=01;35:.jpeg=01;35:.mjpg=01;35:.mjpeg=01;35:.gif=01;35:.bmp=01;35:.pbm=01;35:.pgm=01;35:.ppm=01;35:.tga=01;35:.xbm=01;35:.xpm=01;35:.tif=01;35:.tiff=01;35:.png=01;35:.svg=01;35:.svgz=01;35:.mng=01;35:.pcx=01;35:.mov=01;35:.mpg=01;35:.mpeg=01;35:.m2v=01;35:.mkv=01;35:.webm=01;35:.webp=01;35:.ogm=01;35:.mp4=01;35:.m4v=01;35:.mp4v=01;35:.vob=01;35:.qt=01;35:.nuv=01;35:.wmv=01;35:.asf=01;35:.rm=01;35:.rmvb=01;35:.flc=01;35:.avi=01;35:.fli=01;35:.flv=01;35:.gl=01;35:.dl=01;35:.xcf=01;35:.xwd=01;35:.yuv=01;35:.cgm=01;35:.emf=01;35:.ogv=01;35:.ogx=01;35:.aac=00;36:.au=00;36:.flac=00;36:.m4a=00;36:.mid=00;36:.midi=00;36:.mka=00;36:.mp3=00;36:.mpc=00;36:.ogg=00;36:.ra=00;36:.wav=00;36:.oga=00;36:.opus=00;36:.spx=00;36:.xspf=00;36:~=00;90:#=00;90:.bak=00;90:.old=00;90:.orig=00;90:.part=00;90:.rej=00;90:.swp=00;90:.tmp=00;90:.dpkg-dist=00;90:.dpkg-old=00;90:.ucf-dist=00;90:.ucf-new=00;90:.ucf-old=00;90:.rpmnew=00;90:.rpmorig=00;90:.rpmsave=00;90:
TERM=xterm-256color
USER=root
SHLVL=1
PATH=/root/.local/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
SUDO_UID=1001
MAIL=/var/mail/root
_=/usr/bin/caddy
OLDPWD=/etc/apt
XDG_DATA_HOME=/etc/caddy/ssl
{“level”:“info”,“ts”:1769521703.4143488,“msg”:“using config from file”,“file”:“/etc/caddy/Caddyfile”}
{“level”:“info”,“ts”:1769521703.415599,“msg”:“adapted config to JSON”,“adapter”:“caddyfile”}
{“level”:“warn”,“ts”:1769521703.4156117,“msg”:“Caddyfile input is not formatted; run ‘caddy fmt --overwrite’ to fix inconsistencies”,“adapter”:“caddyfile”,“file”:“/etc/caddy/Caddyfile”,“line”:2}
{“level”:“info”,“ts”:1769521703.4167397,“logger”:“admin”,“msg”:“admin endpoint started”,“address”:“localhost:2019”,“enforce_origin”:false,“origins”:[“//localhost:2019”,“//[::1]:2019”,“//127.0.0.1:2019”]}
{“level”:“info”,“ts”:1769521703.4169545,“logger”:“http.auto_https”,“msg”:“server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS”,“server_name”:“srv0”,“https_port”:443}
{“level”:“info”,“ts”:1769521703.4169705,“logger”:“http.auto_https”,“msg”:“enabling automatic HTTP->HTTPS redirects”,“server_name”:“srv0”}
{“level”:“debug”,“ts”:1769521703.4170246,“logger”:“http.auto_https”,“msg”:“adjusted config”,“tls”:{“automation”:{“policies”:[{}]}},“http”:{“servers”:{“remaining_auto_https_redirects”:{“listen”:[“:80”],“routes”:[{},{}],“logs”:{“logger_names”:{“pega.gogga.net.za”:[“log0”]}}},“srv0”:{“listen”:[“:443”],“routes”:[{“handle”:[{“handler”:“subroute”,“routes”:[{“handle”:[{“handler”:“reverse_proxy”,“headers”:{“request”:{“set”:{“X-Real-Ip”:[“{http.request.remote.host}”]}}},“transport”:{“protocol”:“http”,“tls”:{“insecure_skip_verify”:true}},“upstreams”:[{“dial”:“127.0.0.1:5000”}]}]}]}],“terminal”:true}],“tls_connection_policies”:[{}],“automatic_https”:{},“logs”:{“logger_names”:{“pega.gogga.net.za”:[“log0”]}}}}}}
{“level”:“debug”,“ts”:1769521703.4177873,“logger”:“http”,“msg”:“starting server loop”,“address”:“[::]:80”,“tls”:false,“http3”:false}
{“level”:“warn”,“ts”:1769521703.4178061,“logger”:“http”,“msg”:“HTTP/2 skipped because it requires TLS”,“network”:“tcp”,“addr”:“:80”}
{“level”:“warn”,“ts”:1769521703.4178104,“logger”:“http”,“msg”:“HTTP/3 skipped because it requires TLS”,“network”:“tcp”,“addr”:“:80”}
{“level”:“info”,“ts”:1769521703.4178138,“logger”:“http.log”,“msg”:“server running”,“name”:“remaining_auto_https_redirects”,“protocols”:[“h1”,“h2”,“h3”]}
{“level”:“debug”,“ts”:1769521703.4178593,“logger”:“http”,“msg”:“starting server loop”,“address”:“[::]:443”,“tls”:true,“http3”:false}
{“level”:“info”,“ts”:1769521703.4178665,“logger”:“http”,“msg”:“enabling HTTP/3 listener”,“addr”:“:443”}
{“level”:“info”,“ts”:1769521703.4179294,“msg”:“failed to sufficiently increase receive buffer size (was: 208 kiB, wanted: 7168 kiB, got: 416 kiB). See https://github.com/quic-go/quic-go/wiki/UDP-Buffer-Sizes for details.”}
{“level”:“info”,“ts”:1769521703.4180255,“logger”:“http.log”,“msg”:“server running”,“name”:“srv0”,“protocols”:[“h1”,“h2”,“h3”]}
{“level”:“info”,“ts”:1769521703.4180377,“logger”:“http”,“msg”:“enabling automatic TLS certificate management”,“domains”:[“pega.gogga.net.za”]}
{“level”:“debug”,“ts”:1769521703.4181123,“logger”:“events”,“msg”:“event”,“name”:“started”,“id”:“37bbe87c-65f3-4444-aeb6-82e64b45015e”,“origin”:“”,“data”:null}
{“level”:“info”,“ts”:1769521703.4182062,“msg”:“autosaved config (load with --resume flag)”,“file”:“/root/.config/caddy/autosave.json”}
{“level”:“info”,“ts”:1769521703.4182131,“msg”:“serving initial configuration”}
{“level”:“info”,“ts”:1769521703.421214,“logger”:“tls”,“msg”:“storage cleaning happened too recently; skipping for now”,“storage”:“FileStorage:/etc/caddy/ssl/caddy”,“instance”:“421c5c48-860a-4053-a0c9-31ca048feeab”,“try_again”:1769608103.421213,“try_again_in”:86399.999999634}
{“level”:“info”,“ts”:1769521703.4212832,“logger”:“tls”,“msg”:“finished cleaning storage units”}
{“level”:“info”,“ts”:1769521703.4227915,“logger”:“tls.cache.maintenance”,“msg”:“started background certificate maintenance”,“cache”:“0xc0000e0480”}
{“level”:“info”,“ts”:1769521703.4256244,“logger”:“tls.obtain”,“msg”:“acquiring lock”,“identifier”:“pega.gogga.net.za”}
{“level”:“info”,“ts”:1769521703.4280999,“logger”:“tls.obtain”,“msg”:“lock acquired”,“identifier”:“pega.gogga.net.za”}
{“level”:“info”,“ts”:1769521703.428169,“logger”:“tls.obtain”,“msg”:“obtaining certificate”,“identifier”:“pega.gogga.net.za”}
{“level”:“debug”,“ts”:1769521703.4281847,“logger”:“events”,“msg”:“event”,“name”:“cert_obtaining”,“id”:“77a82e3d-cbca-4393-9ea9-eb966ec97039”,“origin”:“tls”,“data”:{“identifier”:“pega.gogga.net.za”}}
{“level”:“debug”,“ts”:1769521703.4283428,“logger”:“tls”,“msg”:“created CSR”,“identifiers”:[“pega.gogga.net.za”],“san_dns_names”:[“pega.gogga.net.za”],“san_emails”:,“common_name”:“”,“extra_extensions”:0}
{“level”:“debug”,“ts”:1769521703.428669,“logger”:“tls.obtain”,“msg”:“trying issuer 1/1”,“issuer”:“acme-staging-v02.api.letsencrypt.org-directory”}
{“level”:“debug”,“ts”:1769521703.4288902,“logger”:“http”,“msg”:“using existing ACME account because key found in storage associated with email”,“email”:“sysadmin@hevis.co.za”,“ca”:“https://acme-staging-v02.api.letsencrypt.org/directory”}
{“level”:“info”,“ts”:1769521703.428914,“logger”:“http”,“msg”:“waiting on internal rate limiter”,“identifiers”:[“pega.gogga.net.za”],“ca”:“https://acme-staging-v02.api.letsencrypt.org/directory",“account”:"sysadmin@hevis.co.za”}
{“level”:“info”,“ts”:1769521703.4289207,“logger”:“http”,“msg”:“done waiting on internal rate limiter”,“identifiers”:[“pega.gogga.net.za”],“ca”:“https://acme-staging-v02.api.letsencrypt.org/directory",“account”:"sysadmin@hevis.co.za”}
{“level”:“info”,“ts”:1769521703.4289384,“logger”:“http”,“msg”:“using ACME account”,“account_id”:“https://acme-staging-v02.api.letsencrypt.org/acme/acct/261135053",“account_contact”:["mailto:sysadmin@hevis.co.za”]}
{“level”:“debug”,“ts”:1769521704.2712352,“msg”:“http request”,“method”:“GET”,“url”:“https://acme-staging-v02.api.letsencrypt.org/directory",“headers”:{“User-Agent”:["Caddy/2.10.2 CertMagic acmez (linux; amd64)”]},“response_headers”:{“Cache-Control”:[“public, max-age=0, no-cache”],“Content-Length”:[“1107”],“Content-Type”:[“application/json”],“Date”:[“Tue, 27 Jan 2026 13:48:24 GMT”],“Server”:[“nginx”],“Strict-Transport-Security”:[“max-age=604800”],“X-Frame-Options”:[“DENY”]},“status_code”:200}
{“level”:“debug”,“ts”:1769521704.2714326,“msg”:“creating order”,“account”:“https://acme-staging-v02.api.letsencrypt.org/acme/acct/261135053",“identifiers”:["pega.gogga.net.za”]}
{“level”:“debug”,“ts”:1769521704.5494366,“msg”:“http request”,“method”:“HEAD”,“url”:“https://acme-staging-v02.api.letsencrypt.org/acme/new-nonce",“headers”:{“User-Agent”:["Caddy/2.10.2 CertMagic acmez (linux; amd64)”]},“response_headers”:{“Cache-Control”:[“public, max-age=0, no-cache”],“Date”:[“Tue, 27 Jan 2026 13:48:24 GMT”],“Link”:[“https://acme-staging-v02.api.letsencrypt.org/directory;rel="index"”],“Replay-Nonce”:[“sXXzwma1BhOMsDLQcfG-e1r_XTA8HocUjqcY5LV7ttUNxMnjrTc”],“Server”:[“nginx”],“Strict-Transport-Security”:[“max-age=604800”],“X-Frame-Options”:[“DENY”]},“status_code”:200}
{“level”:“debug”,“ts”:1769521704.8391647,“msg”:“http request”,“method”:“POST”,“url”:“https://acme-staging-v02.api.letsencrypt.org/acme/new-order",“headers”:{“Content-Type”:[“application/jose+json”],“User-Agent”:["Caddy/2.10.2 CertMagic acmez (linux; amd64)”]},“response_headers”:{“Boulder-Requester”:[“261135053”],“Cache-Control”:[“public, max-age=0, no-cache”],“Content-Length”:[“363”],“Content-Type”:[“application/json”],“Date”:[“Tue, 27 Jan 2026 13:48:24 GMT”],“Link”:[“https://acme-staging-v02.api.letsencrypt.org/directory;rel="index"”],“Location”:[“https://acme-staging-v02.api.letsencrypt.org/acme/order/261135053/31102266723"],“Replay-Nonce”:[“NrRKSEyKg6yd5THOvJtf6F57GlgQw1RKRIbr6T9a8O1Wsc0v_Vk”],“Server”:[“nginx”],“Strict-Transport-Security”:[“max-age=604800”],“X-Frame-Options”:[“DENY”]},"status_code”:201}
{“level”:“debug”,“ts”:1769521705.1196656,“msg”:“http request”,“method”:“POST”,“url”:“https://acme-staging-v02.api.letsencrypt.org/acme/authz/261135053/21385751433",“headers”:{“Content-Type”:[“application/jose+json”],“User-Agent”:["Caddy/2.10.2 CertMagic acmez (linux; amd64)”]},“response_headers”:{“Boulder-Requester”:[“261135053”],“Cache-Control”:[“public, max-age=0, no-cache”],“Content-Length”:[“843”],“Content-Type”:[“application/json”],“Date”:[“Tue, 27 Jan 2026 13:48:24 GMT”],“Link”:[“https://acme-staging-v02.api.letsencrypt.org/directory;rel="index"”],“Replay-Nonce”:[“NrRKSEyKzaFpz0og-NZgruOCYI7M0c-JLGYfifJy0cjeXzyOw3o”],“Server”:[“nginx”],“Strict-Transport-Security”:[“max-age=604800”],“X-Frame-Options”:[“DENY”]},“status_code”:200}
{“level”:“info”,“ts”:1769521705.11995,“msg”:“trying to solve challenge”,“identifier”:“pega.gogga.net.za”,“challenge_type”:“http-01”,“ca”:“https://acme-staging-v02.api.letsencrypt.org/directory”}
{“level”:“debug”,“ts”:1769521705.1233888,“msg”:“waiting for solver before continuing”,“identifier”:“pega.gogga.net.za”,“challenge_type”:“http-01”}
{“level”:“debug”,“ts”:1769521705.1234121,“msg”:“done waiting for solver”,“identifier”:“pega.gogga.net.za”,“challenge_type”:“http-01”}
{“level”:“debug”,“ts”:1769521705.4053311,“msg”:“http request”,“method”:“POST”,“url”:“https://acme-staging-v02.api.letsencrypt.org/acme/chall/261135053/21385751433/9juEqQ",“headers”:{“Content-Type”:[“application/jose+json”],“User-Agent”:["Caddy/2.10.2 CertMagic acmez (linux; amd64)”]},“response_headers”:{“Boulder-Requester”:[“261135053”],“Cache-Control”:[“public, max-age=0, no-cache”],“Content-Length”:[“201”],“Content-Type”:[“application/json”],“Date”:[“Tue, 27 Jan 2026 13:48:25 GMT”],“Link”:[“https://acme-staging-v02.api.letsencrypt.org/directory;rel="index"”,“https://acme-staging-v02.api.letsencrypt.org/acme/authz/261135053/21385751433;rel="up"”],“Location”:[“https://acme-staging-v02.api.letsencrypt.org/acme/chall/261135053/21385751433/9juEqQ"],“Replay-Nonce”:[“NrRKSEyKhadR5KRB6KatXA279E6wbRQvcZTbpf1b2nXbL4c0p6g”],“Server”:[“nginx”],“Strict-Transport-Security”:[“max-age=604800”],“X-Frame-Options”:[“DENY”]},"status_code”:200}
{“level”:“debug”,“ts”:1769521705.4054115,“msg”:“challenge accepted”,“identifier”:“pega.gogga.net.za”,“challenge_type”:“http-01”}
{“level”:“debug”,“ts”:1769521705.935615,“msg”:“http request”,“method”:“POST”,“url”:“https://acme-staging-v02.api.letsencrypt.org/acme/authz/261135053/21385751433",“headers”:{“Content-Type”:[“application/jose+json”],“User-Agent”:["Caddy/2.10.2 CertMagic acmez (linux; amd64)”]},“response_headers”:{“Boulder-Requester”:[“261135053”],“Cache-Control”:[“public, max-age=0, no-cache”],“Content-Length”:[“843”],“Content-Type”:[“application/json”],“Date”:[“Tue, 27 Jan 2026 13:48:25 GMT”],“Link”:[“https://acme-staging-v02.api.letsencrypt.org/directory;rel="index"”],“Replay-Nonce”:[“NrRKSEyKFgRWs9K6Gm_p9gS7iFfRkJAaF-N3aZkCKR305W9hr3A”],“Server”:[“nginx”],“Strict-Transport-Security”:[“max-age=604800”],“X-Frame-Options”:[“DENY”]},“status_code”:200}
{“level”:“info”,“ts”:1769521706.2873595,“logger”:“http”,“msg”:“served key authentication”,“identifier”:“pega.gogga.net.za”,“challenge”:“http-01”,“remote”:“[2600:3000:2710:300::81]:56171”,“distributed”:false}
2026/01/27 13:48:26.287 e[34mINFOe[0m http.log.access.log0 handled request {“request”: {“remote_ip”: “2600:3000:2710:300::81”, “remote_port”: “56171”, “client_ip”: “2600:3000:2710:300::81”, “proto”: “HTTP/1.1”, “method”: “GET”, “host”: “pega.gogga.net.za”, “uri”: “/.well-known/acme-challenge/A5TvMuxk4O8TLtpyfkem3IWWBJqb9A7-UmmsA5VNJ1I”, “headers”: {“User-Agent”: [“Mozilla/5.0 (compatible; Let’s Encrypt validation server; +https://www.letsencrypt.org)”], “Accept”: [“/”], “Accept-Encoding”: [“gzip”], “Connection”: [“close”]}}, “bytes_read”: 0, “user_id”: “”, “duration”: 0.000034925, “size”: 87, “status”: 200, “resp_headers”: {“Server”: [“Caddy”], “Content-Type”: [“text/plain”]}}
{“level”:“debug”,“ts”:1769521706.4666119,“msg”:“http request”,“method”:“POST”,“url”:“https://acme-staging-v02.api.letsencrypt.org/acme/authz/261135053/21385751433",“headers”:{“Content-Type”:[“application/jose+json”],“User-Agent”:["Caddy/2.10.2 CertMagic acmez (linux; amd64)”]},“response_headers”:{“Boulder-Requester”:[“261135053”],“Cache-Control”:[“public, max-age=0, no-cache”],“Content-Length”:[“843”],“Content-Type”:[“application/json”],“Date”:[“Tue, 27 Jan 2026 13:48:26 GMT”],“Link”:[“https://acme-staging-v02.api.letsencrypt.org/directory;rel="index"”],“Replay-Nonce”:[“sXXzwma1kmB_pcJcz-lFUsToJg8SiWTW7-SY5N5-z3wevxdMlFk”],“Server”:[“nginx”],“Strict-Transport-Security”:[“max-age=604800”],“X-Frame-Options”:[“DENY”]},“status_code”:200}
{“level”:“debug”,“ts”:1769521706.9973695,“msg”:“http request”,“method”:“POST”,“url”:“https://acme-staging-v02.api.letsencrypt.org/acme/authz/261135053/21385751433",“headers”:{“Content-Type”:[“application/jose+json”],“User-Agent”:["Caddy/2.10.2 CertMagic acmez (linux; amd64)”]},“response_headers”:{“Boulder-Requester”:[“261135053”],“Cache-Control”:[“public, max-age=0, no-cache”],“Content-Length”:[“843”],“Content-Type”:[“application/json”],“Date”:[“Tue, 27 Jan 2026 13:48:26 GMT”],“Link”:[“https://acme-staging-v02.api.letsencrypt.org/directory;rel="index"”],“Replay-Nonce”:[“sXXzwma1GuxQyDDI0M_DzxciKZ0rUN2rjjsHxrWIICEFVyYszLE”],“Server”:[“nginx”],“Strict-Transport-Security”:[“max-age=604800”],“X-Frame-Options”:[“DENY”]},“status_code”:200}
{“level”:“info”,“ts”:1769521707.229258,“logger”:“http”,“msg”:“served key authentication”,“identifier”:“pega.gogga.net.za”,“challenge”:“http-01”,“remote”:“[2a05:d016:dcc:9101:927a:3d9d:53d0:5358]:57136”,“distributed”:false}
2026/01/27 13:48:27.229 e[34mINFOe[0m http.log.access.log0 handled request {“request”: {“remote_ip”: “2a05:d016:dcc:9101:927a:3d9d:53d0:5358”, “remote_port”: “57136”, “client_ip”: “2a05:d016:dcc:9101:927a:3d9d:53d0:5358”, “proto”: “HTTP/1.1”, “method”: “GET”, “host”: “pega.gogga.net.za”, “uri”: “/.well-known/acme-challenge/A5TvMuxk4O8TLtpyfkem3IWWBJqb9A7-UmmsA5VNJ1I”, “headers”: {“User-Agent”: [“Mozilla/5.0 (compatible; Let’s Encrypt validation server; +https://www.letsencrypt.org)”], “Accept”: [“/”], “Accept-Encoding”: [“gzip”], “Connection”: [“close”]}}, “bytes_read”: 0, “user_id”: “”, “duration”: 0.000029067, “size”: 87, “status”: 200, “resp_headers”: {“Server”: [“Caddy”], “Content-Type”: [“text/plain”]}}
{“level”:“debug”,“ts”:1769521707.5269861,“msg”:“http request”,“method”:“POST”,“url”:“https://acme-staging-v02.api.letsencrypt.org/acme/authz/261135053/21385751433",“headers”:{“Content-Type”:[“application/jose+json”],“User-Agent”:["Caddy/2.10.2 CertMagic acmez (linux; amd64)”]},“response_headers”:{“Boulder-Requester”:[“261135053”],“Cache-Control”:[“public, max-age=0, no-cache”],“Content-Length”:[“843”],“Content-Type”:[“application/json”],“Date”:[“Tue, 27 Jan 2026 13:48:27 GMT”],“Link”:[“https://acme-staging-v02.api.letsencrypt.org/directory;rel="index"”],“Replay-Nonce”:[“sXXzwma1VzoJiu0ffBMcv3g7MbAsbY1SzYpFe-DgXDSCBtzGgMk”],“Server”:[“nginx”],“Strict-Transport-Security”:[“max-age=604800”],“X-Frame-Options”:[“DENY”]},“status_code”:200}
{“level”:“debug”,“ts”:1769521708.0578198,“msg”:“http request”,“method”:“POST”,“url”:“https://acme-staging-v02.api.letsencrypt.org/acme/authz/261135053/21385751433",“headers”:{“Content-Type”:[“application/jose+json”],“User-Agent”:["Caddy/2.10.2 CertMagic acmez (linux; amd64)”]},“response_headers”:{“Boulder-Requester”:[“261135053”],“Cache-Control”:[“public, max-age=0, no-cache”],“Content-Length”:[“1135”],“Content-Type”:[“application/json”],“Date”:[“Tue, 27 Jan 2026 13:48:27 GMT”],“Link”:[“https://acme-staging-v02.api.letsencrypt.org/directory;rel="index"”],“Replay-Nonce”:[“NrRKSEyKkkrgiak7bCiJJ7esbL11tW7BARrXtttMmKPQHmknNX4”],“Server”:[“nginx”],“Strict-Transport-Security”:[“max-age=604800”],“X-Frame-Options”:[“DENY”]},“status_code”:200}
{“level”:“error”,“ts”:1769521708.0580535,“msg”:“challenge failed”,“identifier”:“pega.gogga.net.za”,“challenge_type”:“http-01”,“problem”:{“type”:“urn:ietf:params:acme:error:connection”,“title”:“”,“detail”:“During secondary validation: 2c0f:fc78:feef:e000:1:2:3:31: Fetching http://pega.gogga.net.za/.well-known/acme-challenge/A5TvMuxk4O8TLtpyfkem3IWWBJqb9A7-UmmsA5VNJ1I: Error getting validation data”,“instance”:“”,“subproblems”:null},“stacktrace”:“github.com/mholt/acmez/v3.(*Client).pollAuthorization\n\tgithub.com/mholt/acmez/v3@v3.1.2/client.go:557\ngithub.com/mholt/acmez/v3.(*Client).solveChallenges\n\tgithub.com/mholt/acmez/v3@v3.1.2/client.go:378\ngithub.com/mholt/acmez/v3.(*Client).ObtainCertificate\n\tgithub.com/mholt/acmez/v3@v3.1.2/client.go:136\ngithub.com/caddyserver/certmagic.(*ACMEIssuer).doIssue\n\tgithub.com/caddyserver/certmagic@v0.24.0/acmeissuer.go:489\ngithub.com/caddyserver/certmagic.(*ACMEIssuer).Issue\n\tgithub.com/caddyserver/certmagic@v0.24.0/acmeissuer.go:382\ngithub.com/caddyserver/caddy/v2/modules/caddytls.(*ACMEIssuer).Issue\n\tgithub.com/caddyserver/caddy/v2@v2.10.2/modules/caddytls/acmeissuer.go:288\ngithub.com/caddyserver/certmagic.(*Config).obtainCert.func2\n\tgithub.com/caddyserver/certmagic@v0.24.0/config.go:626\ngithub.com/caddyserver/certmagic.doWithRetry\n\tgithub.com/caddyserver/certmagic@v0.24.0/async.go:104\ngithub.com/caddyserver/certmagic.(*Config).obtainCert\n\tgithub.com/caddyserver/certmagic@v0.24.0/config.go:700\ngithub.com/caddyserver/certmagic.(*Config).ObtainCertAsync\n\tgithub.com/caddyserver/certmagic@v0.24.0/config.go:505\ngithub.com/caddyserver/certmagic.(*Config).manageOne.func1\n\tgithub.com/caddyserver/certmagic@v0.24.0/config.go:415\ngithub.com/caddyserver/certmagic.(jobManager).worker\n\tgithub.com/caddyserver/certmagic@v0.24.0/async.go:73"}
{“level”:“error”,“ts”:1769521708.0581295,“msg”:“validating authorization”,“identifier”:“pega.gogga.net.za”,“problem”:{“type”:“urn:ietf:params:acme:error:connection”,“title”:“”,“detail”:“During secondary validation: 2c0f:fc78:feef:e000:1:2:3:31: Fetching http://pega.gogga.net.za/.well-known/acme-challenge/A5TvMuxk4O8TLtpyfkem3IWWBJqb9A7-UmmsA5VNJ1I: Error getting validation data”,“instance”:“”,“subproblems”:null},“order”:“https://acme-staging-v02.api.letsencrypt.org/acme/order/261135053/31102266723",“attempt”:1,“max_attempts”:3,“stacktrace”:"github.com/mholt/acmez/v3.(*Client).ObtainCertificate\n\tgithub.com/mholt/acmez/v3@v3.1.2/client.go:152\ngithub.com/caddyserver/certmagic.(*ACMEIssuer).doIssue\n\tgithub.com/caddyserver/certmagic@v0.24.0/acmeissuer.go:489\ngithub.com/caddyserver/certmagic.(*ACMEIssuer).Issue\n\tgithub.com/caddyserver/certmagic@v0.24.0/acmeissuer.go:382\ngithub.com/caddyserver/caddy/v2/modules/caddytls.(*ACMEIssuer).Issue\n\tgithub.com/caddyserver/caddy/v2@v2.10.2/modules/caddytls/acmeissuer.go:288\ngithub.com/caddyserver/certmagic.(*Config).obtainCert.func2\n\tgithub.com/caddyserver/certmagic@v0.24.0/config.go:626\ngithub.com/caddyserver/certmagic.doWithRetry\n\tgithub.com/caddyserver/certmagic@v0.24.0/async.go:104\ngithub.com/caddyserver/certmagic.(*Config).obtainCert\n\tgithub.com/caddyserver/certmagic@v0.24.0/config.go:700\ngithub.com/caddyserver/certmagic.(*Config).ObtainCertAsync\n\tgithub.com/caddyserver/certmagic@v0.24.0/config.go:505\ngithub.com/caddyserver/certmagic.(*Config).manageOne.func1\n\tgithub.com/caddyserver/certmagic@v0.24.0/config.go:415\ngithub.com/caddyserver/certmagic.(*jobManager).worker\n\tgithub.com/caddyserver/certmagic@v0.24.0/async.go:73”}
{“level”:“debug”,“ts”:1769521709.0583398,“msg”:“creating order”,“account”:“https://acme-staging-v02.api.letsencrypt.org/acme/acct/261135053",“identifiers”:["pega.gogga.net.za”]}
{“level”:“debug”,“ts”:1769521709.3437827,“msg”:“http request”,“method”:“POST”,“url”:“https://acme-staging-v02.api.letsencrypt.org/acme/new-order",“headers”:{“Content-Type”:[“application/jose+json”],“User-Agent”:["Caddy/2.10.2 CertMagic acmez (linux; amd64)”]},“response_headers”:{“Boulder-Requester”:[“261135053”],“Cache-Control”:[“public, max-age=0, no-cache”],“Content-Length”:[“363”],“Content-Type”:[“application/json”],“Date”:[“Tue, 27 Jan 2026 13:48:29 GMT”],“Link”:[“https://acme-staging-v02.api.letsencrypt.org/directory;rel="index"”],“Location”:[“https://acme-staging-v02.api.letsencrypt.org/acme/order/261135053/31102268373"],“Replay-Nonce”:[“sXXzwma1LTdMraIV2ak4sG5lS7HGgRdsbfITe5H7CKd7FmQ-T74”],“Server”:[“nginx”],“Strict-Transport-Security”:[“max-age=604800”],“X-Frame-Options”:[“DENY”]},"status_code”:201}
{“level”:“debug”,“ts”:1769521709.6234012,“msg”:“http request”,“method”:“POST”,“url”:“https://acme-staging-v02.api.letsencrypt.org/acme/authz/261135053/21385752023",“headers”:{“Content-Type”:[“application/jose+json”],“User-Agent”:["Caddy/2.10.2 CertMagic acmez (linux; amd64)”]},“response_headers”:{“Boulder-Requester”:[“261135053”],“Cache-Control”:[“public, max-age=0, no-cache”],“Content-Length”:[“843”],“Content-Type”:[“application/json”],“Date”:[“Tue, 27 Jan 2026 13:48:29 GMT”],“Link”:[“https://acme-staging-v02.api.letsencrypt.org/directory;rel="index"”],“Replay-Nonce”:[“sXXzwma1sMR5X0rUe7tPtPcUh2wv85_KGZsmD_WffFUx02Oui8k”],“Server”:[“nginx”],“Strict-Transport-Security”:[“max-age=604800”],“X-Frame-Options”:[“DENY”]},“status_code”:200}
{“level”:“debug”,“ts”:1769521709.6235096,“msg”:“no solver configured”,“challenge_type”:“dns-01”}
{“level”:“info”,“ts”:1769521709.6235244,“msg”:“trying to solve challenge”,“identifier”:“pega.gogga.net.za”,“challenge_type”:“tls-alpn-01”,“ca”:“https://acme-staging-v02.api.letsencrypt.org/directory”}
{“level”:“debug”,“ts”:1769521709.6275342,“msg”:“waiting for solver before continuing”,“identifier”:“pega.gogga.net.za”,“challenge_type”:“tls-alpn-01”}
{“level”:“debug”,“ts”:1769521709.6275663,“msg”:“done waiting for solver”,“identifier”:“pega.gogga.net.za”,“challenge_type”:“tls-alpn-01”}
{“level”:“debug”,“ts”:1769521709.6279507,“logger”:“http.stdlib”,“msg”:“http: TLS handshake error from 127.0.0.1:52206: EOF”}
{“level”:“debug”,“ts”:1769521709.907824,“msg”:“http request”,“method”:“POST”,“url”:“https://acme-staging-v02.api.letsencrypt.org/acme/chall/261135053/21385752023/NaPd8g",“headers”:{“Content-Type”:[“application/jose+json”],“User-Agent”:["Caddy/2.10.2 CertMagic acmez (linux; amd64)”]},“response_headers”:{“Boulder-Requester”:[“261135053”],“Cache-Control”:[“public, max-age=0, no-cache”],“Content-Length”:[“205”],“Content-Type”:[“application/json”],“Date”:[“Tue, 27 Jan 2026 13:48:29 GMT”],“Link”:[“https://acme-staging-v02.api.letsencrypt.org/directory;rel="index"”,“https://acme-staging-v02.api.letsencrypt.org/acme/authz/261135053/21385752023;rel="up"”],“Location”:[“https://acme-staging-v02.api.letsencrypt.org/acme/chall/261135053/21385752023/NaPd8g"],“Replay-Nonce”:[“sXXzwma1uhRKCxFGYlU6bzjwUwTRSzs0Y3fcNDBviEpAyMU56H4”],“Server”:[“nginx”],“Strict-Transport-Security”:[“max-age=604800”],“X-Frame-Options”:[“DENY”]},"status_code”:200}
{“level”:“debug”,“ts”:1769521709.907942,“msg”:“challenge accepted”,“identifier”:“pega.gogga.net.za”,“challenge_type”:“tls-alpn-01”}
{“level”:“debug”,“ts”:1769521710.4390347,“msg”:“http request”,“method”:“POST”,“url”:“https://acme-staging-v02.api.letsencrypt.org/acme/authz/261135053/21385752023",“headers”:{“Content-Type”:[“application/jose+json”],“User-Agent”:["Caddy/2.10.2 CertMagic acmez (linux; amd64)”]},“response_headers”:{“Boulder-Requester”:[“261135053”],“Cache-Control”:[“public, max-age=0, no-cache”],“Content-Length”:[“843”],“Content-Type”:[“application/json”],“Date”:[“Tue, 27 Jan 2026 13:48:30 GMT”],“Link”:[“https://acme-staging-v02.api.letsencrypt.org/directory;rel="index"”],“Replay-Nonce”:[“sXXzwma1nY9A8P8KEu-qkEa5cYIMLQPfiF0jrlkDvUbF-fAzY3A”],“Server”:[“nginx”],“Strict-Transport-Security”:[“max-age=604800”],“X-Frame-Options”:[“DENY”]},“status_code”:200}
{“level”:“debug”,“ts”:1769521710.9692361,“msg”:“http request”,“method”:“POST”,“url”:“https://acme-staging-v02.api.letsencrypt.org/acme/authz/261135053/21385752023",“headers”:{“Content-Type”:[“application/jose+json”],“User-Agent”:["Caddy/2.10.2 CertMagic acmez (linux; amd64)”]},“response_headers”:{“Boulder-Requester”:[“261135053”],“Cache-Control”:[“public, max-age=0, no-cache”],“Content-Length”:[“843”],“Content-Type”:[“application/json”],“Date”:[“Tue, 27 Jan 2026 13:48:30 GMT”],“Link”:[“https://acme-staging-v02.api.letsencrypt.org/directory;rel="index"”],“Replay-Nonce”:[“sXXzwma1QMvBspZN4OHh5O4mX-NkPNYIdM3zh5__aa3mhUr1XJM”],“Server”:[“nginx”],“Strict-Transport-Security”:[“max-age=604800”],“X-Frame-Options”:[“DENY”]},“status_code”:200}
{“level”:“debug”,“ts”:1769521711.262059,“logger”:“events”,“msg”:“event”,“name”:“tls_get_certificate”,“id”:“46342de4-2167-4b68-a7f1-cf8689d494ee”,“origin”:“tls”,“data”:{“client_hello”:{“CipherSuites”:[49195,49199,49196,49200,52393,52392,49161,49171,49162,49172,4865,4866,4867],“ServerName”:“pega.gogga.net.za”,“SupportedCurves”:[4588,29,23,24,25],“SupportedPoints”:“AA==”,“SignatureSchemes”:[2052,1027,2055,2053,2054,1025,1281,1537,1283,1539],“SupportedProtos”:[“acme-tls/1”],“SupportedVersions”:[772,771],“RemoteAddr”:{“IP”:“2600:3000:2710:300::83”,“Port”:58325,“Zone”:“”},“LocalAddr”:{“IP”:“2c0f:fc78:feef:e000:1:2:3:31”,“Port”:443,“Zone”:“”}}}}
{“level”:“info”,“ts”:1769521711.2621958,“logger”:“tls”,“msg”:“served key authentication certificate”,“server_name”:“pega.gogga.net.za”,“challenge”:“tls-alpn-01”,“remote”:“[2600:3000:2710:300::83]:58325”,“distributed”:false}
{“level”:“debug”,“ts”:1769521711.49932,“msg”:“http request”,“method”:“POST”,“url”:“https://acme-staging-v02.api.letsencrypt.org/acme/authz/261135053/21385752023",“headers”:{“Content-Type”:[“application/jose+json”],“User-Agent”:["Caddy/2.10.2 CertMagic acmez (linux; amd64)”]},“response_headers”:{“Boulder-Requester”:[“261135053”],“Cache-Control”:[“public, max-age=0, no-cache”],“Content-Length”:[“843”],“Content-Type”:[“application/json”],“Date”:[“Tue, 27 Jan 2026 13:48:31 GMT”],“Link”:[“https://acme-staging-v02.api.letsencrypt.org/directory;rel="index"”],“Replay-Nonce”:[“NrRKSEyKycZQk3uQhJYLuBKDC-sIuVNwYM522OWvUd0H6WPLbdE”],“Server”:[“nginx”],“Strict-Transport-Security”:[“max-age=604800”],“X-Frame-Options”:[“DENY”]},“status_code”:200}
{“level”:“debug”,“ts”:1769521711.7422347,“logger”:“events”,“msg”:“event”,“name”:“tls_get_certificate”,“id”:“4bf7c2d6-7f11-4567-9bd7-ea3a60adb6b7”,“origin”:“tls”,“data”:{“client_hello”:{“CipherSuites”:[49195,49199,49196,49200,52393,52392,49161,49171,49162,49172,4865,4866,4867],“ServerName”:“pega.gogga.net.za”,“SupportedCurves”:[4588,29,23,24,25],“SupportedPoints”:“AA==”,“SignatureSchemes”:[2052,1027,2055,2053,2054,1025,1281,1537,1283,1539],“SupportedProtos”:[“acme-tls/1”],“SupportedVersions”:[772,771],“RemoteAddr”:{“IP”:“2a05:d016:dcc:9101:927a:3d9d:53d0:5358”,“Port”:43214,“Zone”:“”},“LocalAddr”:{“IP”:“2c0f:fc78:feef:e000:1:2:3:31”,“Port”:443,“Zone”:“”}}}}
{“level”:“info”,“ts”:1769521711.7422867,“logger”:“tls”,“msg”:“served key authentication certificate”,“server_name”:“pega.gogga.net.za”,“challenge”:“tls-alpn-01”,“remote”:“[2a05:d016:dcc:9101:927a:3d9d:53d0:5358]:43214”,“distributed”:false}
{“level”:“debug”,“ts”:1769521712.029742,“msg”:“http request”,“method”:“POST”,“url”:“https://acme-staging-v02.api.letsencrypt.org/acme/authz/261135053/21385752023",“headers”:{“Content-Type”:[“application/jose+json”],“User-Agent”:["Caddy/2.10.2 CertMagic acmez (linux; amd64)”]},“response_headers”:{“Boulder-Requester”:[“261135053”],“Cache-Control”:[“public, max-age=0, no-cache”],“Content-Length”:[“843”],“Content-Type”:[“application/json”],“Date”:[“Tue, 27 Jan 2026 13:48:31 GMT”],“Link”:[“https://acme-staging-v02.api.letsencrypt.org/directory;rel="index"”],“Replay-Nonce”:[“sXXzwma1HV2Jkb63m9HFybK3L-Vay__hd1SIiy_jVOs6Lbts1hA”],“Server”:[“nginx”],“Strict-Transport-Security”:[“max-age=604800”],“X-Frame-Options”:[“DENY”]},“status_code”:200}
{“level”:“debug”,“ts”:1769521712.5614524,“msg”:“http request”,“method”:“POST”,“url”:“https://acme-staging-v02.api.letsencrypt.org/acme/authz/261135053/21385752023",“headers”:{“Content-Type”:[“application/jose+json”],“User-Agent”:["Caddy/2.10.2 CertMagic acmez (linux; amd64)”]},“response_headers”:{“Boulder-Requester”:[“261135053”],“Cache-Control”:[“public, max-age=0, no-cache”],“Content-Length”:[“843”],“Content-Type”:[“application/json”],“Date”:[“Tue, 27 Jan 2026 13:48:32 GMT”],“Link”:[“https://acme-staging-v02.api.letsencrypt.org/directory;rel="index"”],“Replay-Nonce”:[“NrRKSEyKH2SHmNEonR51i3kpur_58_8-2FA0nlSy2RhTCzp0QTI”],“Server”:[“nginx”],“Strict-Transport-Security”:[“max-age=604800”],“X-Frame-Options”:[“DENY”]},“status_code”:200}
{“level”:“debug”,“ts”:1769521713.091792,“msg”:“http request”,“method”:“POST”,“url”:“https://acme-staging-v02.api.letsencrypt.org/acme/authz/261135053/21385752023",“headers”:{“Content-Type”:[“application/jose+json”],“User-Agent”:["Caddy/2.10.2 CertMagic acmez (linux; amd64)”]},“response_headers”:{“Boulder-Requester”:[“261135053”],“Cache-Control”:[“public, max-age=0, no-cache”],“Content-Length”:[“971”],“Content-Type”:[“application/json”],“Date”:[“Tue, 27 Jan 2026 13:48:32 GMT”],“Link”:[“https://acme-staging-v02.api.letsencrypt.org/directory;rel="index"”],“Replay-Nonce”:[“NrRKSEyKVxuoDCNoMDRV9EEi0h970_my9pTbb9125G-6E8yise8”],“Server”:[“nginx”],“Strict-Transport-Security”:[“max-age=604800”],“X-Frame-Options”:[“DENY”]},“status_code”:200}
{“level”:“error”,“ts”:1769521713.0919888,“msg”:“challenge failed”,“identifier”:“pega.gogga.net.za”,“challenge_type”:“tls-alpn-01”,“problem”:{“type”:“urn:ietf:params:acme:error:malformed”,“title”:“”,“detail”:“During secondary validation: Unable to contact "pega.gogga.net.za" at "2c0f:fc78:feef:e000:1:2:3:31", no IPv4 addresses to try as fallback”,“instance”:“”,“subproblems”:null},“stacktrace”:"github.com/mholt/acmez/v3.(Client).pollAuthorization\n\tgithub.com/mholt/acmez/v3@v3.1.2/client.go:557\ngithub.com/mholt/acmez/v3.(Client).solveChallenges\n\tgithub.com/mholt/acmez/v3@v3.1.2/client.go:378\ngithub.com/mholt/acmez/v3.(Client).ObtainCertificate\n\tgithub.com/mholt/acmez/v3@v3.1.2/client.go:136\ngithub.com/caddyserver/certmagic.(ACMEIssuer).doIssue\n\tgithub.com/caddyserver/certmagic@v0.24.0/acmeissuer.go:489\ngithub.com/caddyserver/certmagic.(ACMEIssuer).Issue\n\tgithub.com/caddyserver/certmagic@v0.24.0/acmeissuer.go:382\ngithub.com/caddyserver/caddy/v2/modules/caddytls.(ACMEIssuer).Issue\n\tgithub.com/caddyserver/caddy/v2@v2.10.2/modules/caddytls/acmeissuer.go:288\ngithub.com/caddyserver/certmagic.(Config).obtainCert.func2\n\tgithub.com/caddyserver/certmagic@v0.24.0/config.go:626\ngithub.com/caddyserver/certmagic.doWithRetry\n\tgithub.com/caddyserver/certmagic@v0.24.0/async.go:104\ngithub.com/caddyserver/certmagic.(Config).obtainCert\n\tgithub.com/caddyserver/certmagic@v0.24.0/config.go:700\ngithub.com/caddyserver/certmagic.(Config).ObtainCertAsync\n\tgithub.com/caddyserver/certmagic@v0.24.0/config.go:505\ngithub.com/caddyserver/certmagic.(Config).manageOne.func1\n\tgithub.com/caddyserver/certmagic@v0.24.0/config.go:415\ngithub.com/caddyserver/certmagic.(jobManager).worker\n\tgithub.com/caddyserver/certmagic@v0.24.0/async.go:73"}
{“level”:“error”,“ts”:1769521713.0920777,“msg”:“validating authorization”,“identifier”:“pega.gogga.net.za”,“problem”:{“type”:“urn:ietf:params:acme:error:malformed”,“title”:“”,“detail”:“During secondary validation: Unable to contact "pega.gogga.net.za" at "2c0f:fc78:feef:e000:1:2:3:31", no IPv4 addresses to try as fallback”,“instance”:“”,“subproblems”:null},“order”:“https://acme-staging-v02.api.letsencrypt.org/acme/order/261135053/31102268373",“attempt”:2,“max_attempts”:3,“stacktrace”:"github.com/mholt/acmez/v3.(*Client).ObtainCertificate\n\tgithub.com/mholt/acmez/v3@v3.1.2/client.go:152\ngithub.com/caddyserver/certmagic.(*ACMEIssuer).doIssue\n\tgithub.com/caddyserver/certmagic@v0.24.0/acmeissuer.go:489\ngithub.com/caddyserver/certmagic.(*ACMEIssuer).Issue\n\tgithub.com/caddyserver/certmagic@v0.24.0/acmeissuer.go:382\ngithub.com/caddyserver/caddy/v2/modules/caddytls.(*ACMEIssuer).Issue\n\tgithub.com/caddyserver/caddy/v2@v2.10.2/modules/caddytls/acmeissuer.go:288\ngithub.com/caddyserver/certmagic.(*Config).obtainCert.func2\n\tgithub.com/caddyserver/certmagic@v0.24.0/config.go:626\ngithub.com/caddyserver/certmagic.doWithRetry\n\tgithub.com/caddyserver/certmagic@v0.24.0/async.go:104\ngithub.com/caddyserver/certmagic.(*Config).obtainCert\n\tgithub.com/caddyserver/certmagic@v0.24.0/config.go:700\ngithub.com/caddyserver/certmagic.(*Config).ObtainCertAsync\n\tgithub.com/caddyserver/certmagic@v0.24.0/config.go:505\ngithub.com/caddyserver/certmagic.(*Config).manageOne.func1\n\tgithub.com/caddyserver/certmagic@v0.24.0/config.go:415\ngithub.com/caddyserver/certmagic.(*jobManager).worker\n\tgithub.com/caddyserver/certmagic@v0.24.0/async.go:73”}
{“level”:“error”,“ts”:1769521713.092134,“logger”:“tls.obtain”,“msg”:“could not get certificate from issuer”,“identifier”:“pega.gogga.net.za”,“issuer”:“acme-staging-v02.api.letsencrypt.org-directory”,“error”:“HTTP 400 urn:ietf:params:acme:error:malformed - During secondary validation: Unable to contact "pega.gogga.net.za" at "2c0f:fc78:feef:e000:1:2:3:31", no IPv4 addresses to try as fallback”}
{“level”:“debug”,“ts”:1769521713.0921538,“logger”:“events”,“msg”:“event”,“name”:“cert_failed”,“id”:“f28f5c03-190b-4685-ae1c-31a4ebe3240f”,“origin”:“tls”,“data”:{“error”:{},“identifier”:“pega.gogga.net.za”,“issuers”:[“acme-staging-v02.api.letsencrypt.org-directory”],“renewal”:false}}
{“level”:“error”,“ts”:1769521713.0921798,“logger”:“tls.obtain”,“msg”:“will retry”,“error”:“[pega.gogga.net.za] Obtain: [pega.gogga.net.za] solving challenge: pega.gogga.net.za: [pega.gogga.net.za] authorization failed: HTTP 400 urn:ietf:params:acme:error:malformed - During secondary validation: Unable to contact "pega.gogga.net.za" at "2c0f:fc78:feef:e000:1:2:3:31", no IPv4 addresses to try as fallback (ca=https://acme-staging-v02.api.letsencrypt.org/directory)”,“attempt”:1,“retrying_in”:60,“elapsed”:9.664062605,“max_duration”:2592000}
2026/01/27 13:48:38.979 e[34mINFOe[0m http.log.access.log0 handled request {“request”: {“remote_ip”: “2a01:4f8:c17:706d::1”, “remote_port”: “33382”, “client_ip”: “2a01:4f8:c17:706d::1”, “proto”: “HTTP/1.1”, “method”: “GET”, “host”: “pega.gogga.net.za”, “uri”: “/”, “headers”: {“Accept”: ["/“], “User-Agent”: [“curl/7.88.1”]}}, “bytes_read”: 0, “user_id”: “”, “duration”: 0.000023033, “size”: 0, “status”: 308, “resp_headers”: {“Location”: [“https://pega.gogga.net.za/”], “Content-Type”: [], “Server”: [“Caddy”], “Connection”: [“close”]}}
{“level”:“debug”,“ts”:1769521731.385932,“logger”:“events”,“msg”:“event”,“name”:“tls_get_certificate”,“id”:“b435e817-1540-4bab-9cc1-73628e2e84bc”,“origin”:“tls”,“data”:{“client_hello”:{“CipherSuites”:[4866,4867,4865,49196,49200,159,52393,52392,52394,49195,49199,158,49188,49192,107,49187,49191,103,49162,49172,57,49161,49171,51,157,156,61,60,53,47,255],“ServerName”:“pega.gogga.net.za”,“SupportedCurves”:[29,23,30,25,24,256,257,258,259,260],“SupportedPoints”:“AAEC”,“SignatureSchemes”:[1027,1283,1539,2055,2056,2057,2058,2059,2052,2053,2054,1025,1281,1537,771,769,770,1026,1282,1538],“SupportedProtos”:[“h2”,“http/1.1”],“SupportedVersions”:[772,771,770,769],“RemoteAddr”:{“IP”:“2a01:4f8:c17:706d::1”,“Port”:57112,“Zone”:”“},“LocalAddr”:{“IP”:“2c0f:fc78:feef:e000:1:2:3:31”,“Port”:443,“Zone”:”“}}}}
{“level”:“debug”,“ts”:1769521731.3860252,“logger”:“tls.handshake”,“msg”:“no matching certificates and no custom selection logic”,“identifier”:“pega.gogga.net.za”}
{“level”:“debug”,“ts”:1769521731.386035,“logger”:“tls.handshake”,“msg”:“no matching certificates and no custom selection logic”,“identifier”:”.gogga.net.za"}
{“level”:“debug”,“ts”:1769521731.3860397,“logger”:“tls.handshake”,“msg”:“no matching certificates and no custom selection logic”,“identifier”:"..net.za"}
{“level”:“debug”,“ts”:1769521731.3860447,“logger”:“tls.handshake”,“msg”:“no matching certificates and no custom selection logic”,“identifier”:"...za"}
{“level”:“debug”,“ts”:1769521731.386049,“logger”:“tls.handshake”,“msg”:“no matching certificates and no custom selection logic”,“identifier”:"...”}
{“level”:“debug”,“ts”:1769521731.386078,“logger”:“tls.handshake”,“msg”:“no certificate matching TLS ClientHello”,“remote_ip”:“2a01:4f8:c17:706d::1”,“remote_port”:“57112”,“server_name”:“pega.gogga.net.za”,“remote”:“[2a01:4f8:c17:706d::1]:57112”,“identifier”:“pega.gogga.net.za”,“cipher_suites”:[4866,4867,4865,49196,49200,159,52393,52392,52394,49195,49199,158,49188,49192,107,49187,49191,103,49162,49172,57,49161,49171,51,157,156,61,60,53,47,255],“cert_cache_fill”:0,“load_or_obtain_if_necessary”:true,“on_demand”:false}
{“level”:“debug”,“ts”:1769521731.3861625,“logger”:“http.stdlib”,“msg”:“http: TLS handshake error from [2a01:4f8:c17:706d::1]:57112: no certificate available for ‘pega.gogga.net.za’”}
{“level”:“info”,“ts”:1769521745.3395119,“msg”:“shutting down”,“signal”:“SIGINT”}
{“level”:“warn”,“ts”:1769521745.339591,“msg”:“exiting; byeee!! :waving_hand:”,“signal”:“SIGINT”}
{“level”:“debug”,“ts”:1769521745.3396337,“logger”:“events”,“msg”:“event”,“name”:“stopping”,“id”:“5107b05c-cd81-4609-adc9-25f70e06beec”,“origin”:“”,“data”:null}
{“level”:“info”,“ts”:1769521745.339677,“logger”:“http”,“msg”:“servers shutting down with eternal grace period”}
{“level”:“info”,“ts”:1769521745.3401008,“logger”:“admin”,“msg”:“stopped previous server”,“address”:“localhost:2019”}
{“level”:“info”,“ts”:1769521745.34012,“msg”:“shutdown complete”,“signal”:“SIGINT”,“exit_code”:0}

3. Caddy version:

First noticed today with 2.6.2 (from Devuan daedalus) upgraded to Excalibur and the latest 2.10.2 from cloudsmith

4. How I installed and ran Caddy:

cloudsmith version run from CLI

a. System environment:

Devuan 4 (daedalus) & Devuan 5 (Excalibur) in a LXC
IPv6 only public network → ZeroSSL doesn’t work in this case (know api endpoint issue)

b. Command:

# cat /etc/caddy/CaddyEnv 
XDG_DATA_HOME=/etc/caddy/ssl
USER=www-data

# /usr/bin/caddy run --config /etc/caddy/Caddyfile --envfile

c. Service/unit/compose file:

CLI none of that to show the issue

d. My complete Caddy config:


{
debug
email sysadmin@hevis.co.za
acme_ca https://acme-staging-v02.api.letsencrypt.org/directory
}
#Main Web UI & API
pega.gogga.net.za {
reverse_proxy https://127.0.0.1:5000 {
header_up X-Real-IP {remote_host}
transport http {
tls_insecure_skip_verify
}
}
log {
output stdout
format console
level DEBUG
}
}

5. Links to relevant resources:

hvisage@w1:~|⇒ curl -kv http://pega.gogga.net.za

Trying [2c0f:fc78:feef:e000:1:2:3:31]:80…
Connected to pega.gogga.net.za (2c0f:fc78:feef:e000:1:2:3:31) port 80 (#0)
GET / HTTP/1.1
Host: pega.gogga.net.za
User-Agent: curl/7.88.1
Accept: /

< HTTP/1.1 308 Permanent Redirect
< Connection: close
< Location: https://pega.gogga.net.za/
< Server: Caddy
< Date: Tue, 27 Jan 2026 13:48:38 GMT
< Content-Length: 0
<

Closing connection 0
hvisage@w1:~|⇒ curl -kv https://pega.gogga.net.za
Trying [2c0f:fc78:feef:e000:1:2:3:31]:443…
Connected to pega.gogga.net.za (2c0f:fc78:feef:e000:1:2:3:31) port 443 (#0)
ALPN: offers h2,http/1.1
TLSv1.3 (OUT), TLS handshake, Client hello (1):
TLSv1.3 (IN), TLS alert, internal error (592):
OpenSSL/3.0.15: error:0A000438:SSL routines::tlsv1 alert internal error
Closing connection 0
curl: (35) OpenSSL/3.0.15: error:0A000438:SSL routines::tlsv1 alert internal error

Thus the Secondary check tries to get to HTTPS, that fails when there aren’t any Caddy loaded certificate. Not a problem for renewals, but a fresh deploy there aren’t any