1. My Caddy version (caddy -version
):
Caddy v1.0.4 (h1:wwuGSkUHo6RZ3oMpeTt7J09WBB87X5o+IZN4dKehcQE=)
2. How I run Caddy:
Please provide all of the relevant information and DO NOT REDACT anything except passwords/keys. Thank you!
a. System environment:
OS, relevant versions, systemd? docker? etc.
docker, alpine aarch64, raspberry pi 4
b. Command:
ENTRYPOINT ["/usr/bin/caddy"]
CMD ["--conf", "/etc/Caddyfile", "--log", "stdout", "--agree=true"]
c. Service/unit/compose file:
services:
caddy:
container_name: caddy
image: novachat/pi-caddy
restart: unless-stopped
ports:
- "80:80"
- "443:443"
volumes:
- ./caddy/Caddyfile:/etc/Caddyfile:ro
- ./caddy/letsencrypt:/root/.caddy
- /srv/web:/srv
networks:
- default
d. My complete Caddyfile:
anthony.nova.chat {
tls email@gmail.com
proxyprotocol
root /srv
proxy / http://synapse:8008 {
transparent
except /im
}
proxy /hangouts http://mautrix-hangouts:29320 {
transparent
without /hangouts
}
proxy /telegram http://mautrix-telegram:29317/telegram {
transparent
without /telegram
}
proxy /slack http://mx-puppet-slack:8434 {
transparent
without /slack
}
proxy /twitter http://mx-puppet-twitter:4567 {
transparent
without /twitter
}
proxy /facebook http://mautrix-facebook:29319 {
transparent
without /facebook
}
}
3. The problem I’m having:
Please describe the issue thoroughly enough so that anyone can reproduce the exact behavior you’re seeing. Be as specific as possible.
4. Error messages and/or full log output:
Please DO NOT REDACT any information except passwords/keys.
caddy | 2020/01/14 05:35:19 [INFO] Caddy version: v1.0.4
caddy | Activating privacy features...2020/01/14 05:35:19 [INFO][cache:0x40001d2140] Started certificate maintenance routine
caddy | 2020/01/14 05:35:20 [INFO] acme: Registering account for ericmigi@gmail.com
caddy | 2020/01/14 05:35:20 [INFO][anthony.nova.chat] Obtain certificate
caddy | 2020/01/14 05:35:20 [INFO][anthony.nova.chat] Obtain: Waiting on rate limiter...
caddy | 2020/01/14 05:35:20 [INFO][anthony.nova.chat] Obtain: Done waiting
caddy | 2020/01/14 05:35:20 [INFO] [anthony.nova.chat] acme: Obtaining bundled SAN certificate
caddy | 2020/01/14 05:35:20 [INFO] [anthony.nova.chat] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/2277759143
caddy | 2020/01/14 05:35:20 [INFO] [anthony.nova.chat] acme: Could not find solver for: tls-alpn-01
caddy | 2020/01/14 05:35:20 [INFO] [anthony.nova.chat] acme: use http-01 solver
caddy | 2020/01/14 05:35:20 [INFO] [anthony.nova.chat] acme: Trying to solve HTTP-01
caddy | 2020/01/14 05:35:25 [INFO] Deactivating auth: https://acme-v02.api.letsencrypt.org/acme/authz-v3/2277759143
caddy | 2020/01/14 05:35:25 [INFO] Unable to deactivate the authorization: https://acme-v02.api.letsencrypt.org/acme/authz-v3/2277759143
caddy | 2020/01/14 05:35:25 [ERROR][anthony.nova.chat] failed to obtain certificate: acme: Error -> One or more domains had a problem:
caddy | [anthony.nova.chat] acme: error: 403 :: urn:ietf:params:acme:error:unauthorized :: Invalid response from http://anthony.nova.chat/.well-known/acme-challenge/ULmwc5xRNdl-29eEVOv9DyHK8dMn7zWRQh5TiJ9c7K8 [68.183.251.172]: 503, url: (attempt 1/3; challenge=http-01)
caddy | 2020/01/14 05:35:26 [INFO] [anthony.nova.chat] acme: Obtaining bundled SAN certificate
caddy | 2020/01/14 05:35:26 [INFO] [anthony.nova.chat] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/2277760423
caddy | 2020/01/14 05:35:26 [INFO] [anthony.nova.chat] acme: Could not find solver for: tls-alpn-01
caddy | 2020/01/14 05:35:26 [INFO] [anthony.nova.chat] acme: use http-01 solver
caddy | 2020/01/14 05:35:26 [INFO] [anthony.nova.chat] acme: Trying to solve HTTP-01
caddy | 2020/01/14 05:35:30 [INFO] Deactivating auth: https://acme-v02.api.letsencrypt.org/acme/authz-v3/2277760423
caddy | 2020/01/14 05:35:30 [INFO] Unable to deactivate the authorization: https://acme-v02.api.letsencrypt.org/acme/authz-v3/2277760423
caddy | 2020/01/14 05:35:30 [ERROR][anthony.nova.chat] failed to obtain certificate: acme: Error -> One or more domains had a problem:
caddy | [anthony.nova.chat] acme: error: 403 :: urn:ietf:params:acme:error:unauthorized :: Invalid response from http://anthony.nova.chat/.well-known/acme-challenge/6lKiuaX3KHs2N7BYyZsouk000WwUtN9gkxYXTjXD9N0 [68.183.251.172]: 503, url: (attempt 2/3; challenge=http-01)
caddy | 2020/01/14 05:35:31 [INFO] [anthony.nova.chat] acme: Obtaining bundled SAN certificate
caddy | 2020/01/14 05:35:31 [INFO] [anthony.nova.chat] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/2277761639
caddy | 2020/01/14 05:35:31 [INFO] [anthony.nova.chat] acme: Could not find solver for: tls-alpn-01
caddy | 2020/01/14 05:35:31 [INFO] [anthony.nova.chat] acme: use http-01 solver
caddy | 2020/01/14 05:35:31 [INFO] [anthony.nova.chat] acme: Trying to solve HTTP-01
caddy | 2020/01/14 05:35:32 [INFO] Deactivating auth: https://acme-v02.api.letsencrypt.org/acme/authz-v3/2277761639
5. What I already tried:
I am provisioning several raspberry pis per day. Running script from Beeper / pi-matrix · GitLab
This happens almost every time I set up a new Pi. Sometimes waiting an hour resolves it. but this error keeps coming back. Any idea what I’ve got set up wrong?