Registration Error (ACME Error 400)

1. My Caddy version (caddy -version):

Caddy v1.0.3

2. How I run Caddy

Caddy is managed by a systemd unit file, hence it is run by using the systemctl command.

a. System environment:

Ubuntu (VPS), 18.04 Bionic LTS, running without container.

b. Command:

sudo systemctl restart caddy
sudo systemctl status caddy

c. Service/unit/compose file:

[Unit]
Description=Caddy HTTP/2 Web Server
Documentation=https://caddyserver.com/docs
After=network.target

[Service]
User=www-data
Group=www-data
ExecStart=/usr/local/bin/caddy -agree=true -conf=/etc/caddy/Caddyfile
PIDFile=/var/run/caddy/caddy.pid
Restart=on-abnormal
LimitNOFILE=8192

[Install]
WantedBy=multi-user.target

d. My complete Caddyfile:

undi18.org {
    tls [redacted-email-here]
    root /var/www/wordpress
    gzip
    fastcgi / /run/php/php7.2-fpm.sock php

    rewrite {
        if {path} not_match ^\/wp-admin
        to {path} {path}/ /index.php?_url={uri}
    }
}

3. The problem Iā€™m having:

During initialization, the directive inside Caddyfile had an explicit port :80 after domain name (i.e. undi18.org:80). Just when I was trying with the tls directive (from off to having my email there) and removing explicit :80, then issuing a systemctl restart, I saw the following error log:

4. Error messages and/or full log output:

ā— caddy.service - Caddy HTTP/2 Web Server
   Loaded: loaded (/lib/systemd/system/caddy.service; enabled; vendor preset: enabled)
   Active: failed (Result: exit-code) since Mon 2019-10-07 02:33:04 UTC; 105ms ago
     Docs: https://caddyserver.com/docs
  Process: 3349 ExecStart=/usr/local/bin/caddy -agree=true -conf=/etc/caddy/Caddyfile (code=exited, status=1/FAILURE)
 Main PID: 3349 (code=exited, status=1/FAILURE)

Oct 07 02:33:02 liberty systemd[1]: Started Caddy HTTP/2 Web Server.
Oct 07 02:33:03 liberty caddy[3349]: Activating privacy features... 2019/10/07 02:33:03 [INFO] acme: Registering account for [redacted-email-here]
Oct 07 02:33:04 liberty caddy[3349]: 2019/10/07 02:33:04 [INFO] acme: Registering account for [redacted-email-here]
Oct 07 02:33:04 liberty caddy[3349]: 2019/10/07 02:33:04 [INFO] acme: Registering account for [redacted-email-here]
Oct 07 02:33:04 liberty caddy[3349]: 2019/10/07 02:33:04 registration error: acme: error: 400 :: POST :: https://acme-v02.api.letsencrypt.org/acme/new-acct :: urn:ietf:params:acme:error:malformed :: No embedded JWK in JWS header, url:
Oct 07 02:33:04 liberty systemd[1]: caddy.service: Main process exited, code=exited, status=1/FAILURE
Oct 07 02:33:04 liberty systemd[1]: caddy.service: Failed with result 'exit-code'.

5. What I already tried:

At first I suspected that having CloudFlare full proxying my website might interfere with the ACME request, hence I turned off full-proxy, letting it to serve DNS only.

I also tried looking for reports mentioning error 400, but I could not find relevant or similar occurrence.

Previously, I had ufw allowing port 22, 80, and also 443. I also turned ufw off, but nothing happened.

6. Links to relevant resources:

N/A.

Hi @aixnr, welcome to the Caddy community!

I have never seen this error before! :joy:

Moonshot here, but where are your TLS assets being saved, and does the www-data user / group have read/write access?

Does this error occur if you run Caddy outside of systemd (i.e. from command line?)

Ah, I believe you are not far off. I did suspect something wrong with permission regarding the www-data user here, but I did not probe deeper into that. To answer your question, I did not try running Caddy outside systemd, but I think that would help me to debug the situation.

Since a few hours ago, I tried the combination of nginx and certbot, and I got them both to work. Thus, I believe this thread can be closed now.

1 Like