1. My Caddy version (caddy -version
):
Caddy v1.0.3
2. How I run Caddy
Caddy is managed by a systemd
unit file, hence it is run by using the systemctl
command.
a. System environment:
Ubuntu (VPS), 18.04 Bionic LTS, running without container.
b. Command:
sudo systemctl restart caddy
sudo systemctl status caddy
c. Service/unit/compose file:
[Unit]
Description=Caddy HTTP/2 Web Server
Documentation=https://caddyserver.com/docs
After=network.target
[Service]
User=www-data
Group=www-data
ExecStart=/usr/local/bin/caddy -agree=true -conf=/etc/caddy/Caddyfile
PIDFile=/var/run/caddy/caddy.pid
Restart=on-abnormal
LimitNOFILE=8192
[Install]
WantedBy=multi-user.target
d. My complete Caddyfile:
undi18.org {
tls [redacted-email-here]
root /var/www/wordpress
gzip
fastcgi / /run/php/php7.2-fpm.sock php
rewrite {
if {path} not_match ^\/wp-admin
to {path} {path}/ /index.php?_url={uri}
}
}
3. The problem Iām having:
During initialization, the directive inside Caddyfile
had an explicit port :80
after domain name (i.e. undi18.org:80
). Just when I was trying with the tls
directive (from off
to having my email there) and removing explicit :80
, then issuing a systemctl restart
, I saw the following error log:
4. Error messages and/or full log output:
ā caddy.service - Caddy HTTP/2 Web Server
Loaded: loaded (/lib/systemd/system/caddy.service; enabled; vendor preset: enabled)
Active: failed (Result: exit-code) since Mon 2019-10-07 02:33:04 UTC; 105ms ago
Docs: https://caddyserver.com/docs
Process: 3349 ExecStart=/usr/local/bin/caddy -agree=true -conf=/etc/caddy/Caddyfile (code=exited, status=1/FAILURE)
Main PID: 3349 (code=exited, status=1/FAILURE)
Oct 07 02:33:02 liberty systemd[1]: Started Caddy HTTP/2 Web Server.
Oct 07 02:33:03 liberty caddy[3349]: Activating privacy features... 2019/10/07 02:33:03 [INFO] acme: Registering account for [redacted-email-here]
Oct 07 02:33:04 liberty caddy[3349]: 2019/10/07 02:33:04 [INFO] acme: Registering account for [redacted-email-here]
Oct 07 02:33:04 liberty caddy[3349]: 2019/10/07 02:33:04 [INFO] acme: Registering account for [redacted-email-here]
Oct 07 02:33:04 liberty caddy[3349]: 2019/10/07 02:33:04 registration error: acme: error: 400 :: POST :: https://acme-v02.api.letsencrypt.org/acme/new-acct :: urn:ietf:params:acme:error:malformed :: No embedded JWK in JWS header, url:
Oct 07 02:33:04 liberty systemd[1]: caddy.service: Main process exited, code=exited, status=1/FAILURE
Oct 07 02:33:04 liberty systemd[1]: caddy.service: Failed with result 'exit-code'.
5. What I already tried:
At first I suspected that having CloudFlare full proxying my website might interfere with the ACME request, hence I turned off full-proxy, letting it to serve DNS only.
I also tried looking for reports mentioning error 400, but I could not find relevant or similar occurrence.
Previously, I had ufw
allowing port 22, 80, and also 443. I also turned ufw
off, but nothing happened.
6. Links to relevant resources:
N/A.