Reverse Proxy Local Clients Directly to Local Server Using Same Domain as External Clients

Blizliam · July 11, 2022, 4:37am

1. Caddy version (`caddy version`):

v2.5.1 h1:bAWwslD1jNeCzDa+jDCNwb8M3UJ2tPa8UZFFzPVmGKs=

2. How I run Caddy:

I have an ubuntu-server installation (ip addr: 192.168.1.30) running docker compose which is running Caddy with version v2.5.1 h1:bAWwslD1jNeCzDa+jDCNwb8M3UJ2tPa8UZFFzPVmGKs=.
I will refer to the above Caddy as LocalCaddy.

I also run another Caddy instance on a VPS running a near identical docker-compose. This Caddy I will call CloudCaddy and runs version: v2.5.1 h1:bAWwslD1jNeCzDa+jDCNwb8M3UJ2tPa8UZFFzPVmGKs=.

There is a Wireguard VPN connection between CloudCaddy machine (wg server: 10.0.0.1) and LocalCaddy machine (wg client: 10.0.0.2).

My OPNsense router on the network is set to route all DNS requests to veritablevalor.com

a. System environment:

LocalCaddy
OS (cat /etc/os-release)

NAME="Ubuntu"
VERSION="20.04.1 LTS (Focal Fossa)"

CloudCaddy
OS (cat /etc/os-release)

NAME="Ubuntu"
VERSION="20.04.4 LTS (Focal Fossa)"

b. Command:

sudo docker compose caddy up -d

c. Service/unit/compose file:

LocalCaddy docker-compose.yml

version: '3.7'

services:
  caddy:
    container_name: caddy
    image: caddy
    restart: unless-stopped
    ports:
      - 80:80
      - 443:443
    volumes:
      - ./caddyfile/Caddyfile:/etc/caddy/Caddyfile
      - caddy_data:/data
      - caddy_config:/config

volumes:
   caddy_data:
     driver_opts:
       type: "nfs"
       o: "addr=192.168.1.10,nolock,soft,rw"
       device: "<Path on NAS>"
   caddy_config:
     driver_opts:
       type: "nfs"
       o: "addr=192.168.1.10,nolock,soft,rw"
       device: "<Path on NAS>"

CloudCaddy docker-compose.yml

version: '3.7'

services:
  caddy:
    container_name: caddy
    image: caddy
    restart: unless-stopped
    ports:
      - 80:80
      - 443:443
    volumes:
      - ./html:/var/www/html
      - ./caddy:/etc/caddy

d. My complete Caddyfile or JSON config:

LocalCaddy Caddyfile

veritablevalor.com {
        reverse_proxy 192.168.1.30:80
}

gitea.veritablevalor.com {
        reverse_proxy 192.168.1.30:3003
}

firefly.veritablevalor.com {
        reverse_proxy 192.168.1.30:8080
}

planka.veritablevalor.com {
        reverse_proxy 192.168.1.30:3005
}

nextcloud.veritablevalor.com {
        reverse_proxy 192.168.1.30:444
}

jellyfin.veritablevalor.com {
        reverse_proxy 192.168.1.30:8096
}

CloudCaddy Caddyfile

veritablevalor.com {
    reverse_proxy 10.0.0.2:80
}

gitea.veritablevalor.com {
    reverse_proxy 10.0.0.2:3003
}

3. The problem I’m having:

A little bit more context to my situation
My homelab (from which I am hosting all of the endpoint services) is behind my OPNsense AP which is behind a CGNAT. As such, to get external access to my services without using a VPN I have set up CloudCaddy (with a VPN connection to LocalCaddy) to redirect all relevant requests to LocalCaddy which then handles them appropriately. My A and AAAA records point to CloudCaddy. I have confirmed that this basic setup works by navigating over to https://gitea.veritablevalor.com.

Broader Problem I am trying to solve
There are 2 problems I want to fix with the setup as described above.

When navigating to https://gitea.veritablevalor.com from the local network, my connection will bounce onto the internet and back down to the same network. I would rather redirect local traffic to that domain directly to the relevant server (192.168.1.30 in my case).

I want this because… Many services require a “base url” variable to be set in their configuration (gitea and jellyfin are just two examples) which aid in navigation of the app in the browser. Now in the event where I don’t have internet access, these services will break if I can’t navigate to them using the domain base url specified, which I wouldn’t be able to, because I wouldn’t have internet access. But if I leave the base url set to the IP address of the service, external access through my domain would have limited/broken functionality using my service.

What I have attempted
Luckily I am using OPNsense, so there is some strong control over network traffic available to me. I added a rule in DNS overrides that redirect all outbound LAN traffic that is headed towards veritablevalor.com to my local server at 192.168.1.30 (the eventual endpoint of the domain anyways). Now on the 192.168.1.30 server I override the DNS server to NOT be the gateway (instead something like 1.1.1.1 or 8.8.8.8). This way it can reach the TRUE veritablevalor.com domain if need be.

Current Problem
Navigating to a service gives me a Error code: SSL_ERROR_INTERNAL_ERROR_ALERT.

4. Error messages and/or full log output:

CloudCaddy error logs

{
    "data":
    [
        {"level":"info","ts":1657513555.0060794,"msg":"using provided configuration","config_file":"/etc/caddy/Caddyfile","config_adapter":"caddyfile"},
		{"level":"info","ts":1657513555.0145984,"logger":"admin","msg":"admin endpoint started","address":"tcp/localhost:2019","enforce_origin":false,"origins":["//127.0.0.1:2019","//localhost:2019","//[::1]:2019"]},
		{"level":"info","ts":1657513555.0148351,"logger":"http","msg":"server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS","server_name":"srv0","https_port":443},
		{"level":"info","ts":1657513555.0148873,"logger":"http","msg":"enabling automatic HTTP->HTTPS redirects","server_name":"srv0"},
		{"level":"info","ts":1657513555.017637,"logger":"tls","msg":"cleaning storage unit","description":"FileStorage:/data/caddy"},
		{"level":"info","ts":1657513555.0182605,"logger":"tls","msg":"finished cleaning storage units"},
		{"level":"info","ts":1657513555.0187798,"logger":"tls.cache.maintenance","msg":"started background certificate maintenance","cache":"0xc0001b08c0"},
		{"level":"info","ts":1657513555.0191932,"logger":"http","msg":"enabling automatic TLS certificate management","domains":["gitea.veritablevalor.com","veritablevalor.com"]},
		{"level":"info","ts":1657513555.0203779,"msg":"autosaved config (load with --resume flag)","file":"/config/caddy/autosave.json"},
		{"level":"info","ts":1657513555.0206492,"msg":"serving initial configuration"},
		{"level":"info","ts":1657513555.0236657,"logger":"tls.obtain","msg":"acquiring lock","identifier":"gitea.veritablevalor.com"},
		{"level":"info","ts":1657513555.0281208,"logger":"tls.obtain","msg":"lock acquired","identifier":"gitea.veritablevalor.com"},
		{"level":"info","ts":1657513555.0329814,"logger":"tls.obtain","msg":"acquiring lock","identifier":"veritablevalor.com"},
		{"level":"info","ts":1657513555.0350692,"logger":"tls.obtain","msg":"lock acquired","identifier":"veritablevalor.com"},
		{"level":"info","ts":1657513555.4861112,"logger":"tls.issuance.acme","msg":"waiting on internal rate limiter","identifiers":["gitea.veritablevalor.com"],"ca":"https://acme-v02.api.letsencrypt.org/directory","account":""},
		{"level":"info","ts":1657513555.4868543,"logger":"tls.issuance.acme","msg":"done waiting on internal rate limiter","identifiers":["gitea.veritablevalor.com"],"ca":"https://acme-v02.api.letsencrypt.org/directory","account":""},
		{"level":"info","ts":1657513555.4968984,"logger":"tls.issuance.acme","msg":"waiting on internal rate limiter","identifiers":["veritablevalor.com"],"ca":"https://acme-v02.api.letsencrypt.org/directory","account":""},
		{"level":"info","ts":1657513555.4972441,"logger":"tls.issuance.acme","msg":"done waiting on internal rate limiter","identifiers":["veritablevalor.com"],"ca":"https://acme-v02.api.letsencrypt.org/directory","account":""},
		{"level":"info","ts":1657513555.903911,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"veritablevalor.com","challenge_type":"http-01","ca":"https://acme-v02.api.letsencrypt.org/directory"},
		{"level":"info","ts":1657513555.9956768,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"gitea.veritablevalor.com","challenge_type":"http-01","ca":"https://acme-v02.api.letsencrypt.org/directory"},
		{"level":"info","ts":1657513556.0571225,"logger":"tls.issuance.acme","msg":"served key authentication","identifier":"veritablevalor.com","challenge":"http-01","remote":"3.21.169.57:15264","distributed":false},
		{"level":"info","ts":1657513556.2818708,"logger":"tls.issuance.acme","msg":"served key authentication","identifier":"veritablevalor.com","challenge":"http-01","remote":"64.78.149.164:46690","distributed":false},
		{"level":"info","ts":1657513556.309469,"logger":"tls.issuance.acme","msg":"served key authentication","identifier":"veritablevalor.com","challenge":"http-01","remote":"52.26.120.116:35134","distributed":false},
		{"level":"info","ts":1657513556.4052205,"logger":"tls.issuance.acme","msg":"served key authentication","identifier":"veritablevalor.com","challenge":"http-01","remote":"18.193.108.87:26248","distributed":false},
		{"level":"info","ts":1657513556.4095523,"logger":"tls.issuance.acme","msg":"served key authentication","identifier":"gitea.veritablevalor.com","challenge":"http-01","remote":"3.21.169.57:15268","distributed":false},
		{"level":"error","ts":1657513556.5286098,"logger":"tls.issuance.acme","msg":"looking up info for HTTP challenge","host":"firefly.veritablevalor.com","error":"no information found to solve challenge for identifier: firefly.veritablevalor.com"},
		{"level":"error","ts":1657513556.529114,"logger":"tls.issuance.acme","msg":"looking up info for HTTP challenge","host":"firefly.veritablevalor.com","error":"no information found to solve challenge for identifier: firefly.veritablevalor.com"},
		{"level":"error","ts":1657513556.5456789,"logger":"tls.issuance.acme","msg":"looking up info for HTTP challenge","host":"firefly.veritablevalor.com","error":"no information found to solve challenge for identifier: firefly.veritablevalor.com"},
		{"level":"error","ts":1657513556.546162,"logger":"tls.issuance.acme","msg":"looking up info for HTTP challenge","host":"firefly.veritablevalor.com","error":"no information found to solve challenge for identifier: firefly.veritablevalor.com"},
		{"level":"error","ts":1657513556.6097732,"logger":"tls.issuance.acme","msg":"looking up info for HTTP challenge","host":"firefly.veritablevalor.com","error":"no information found to solve challenge for identifier: firefly.veritablevalor.com"},
		{"level":"error","ts":1657513556.6105597,"logger":"tls.issuance.acme","msg":"looking up info for HTTP challenge","host":"firefly.veritablevalor.com","error":"no information found to solve challenge for identifier: firefly.veritablevalor.com"},
		{"level":"error","ts":1657513556.67968,"logger":"tls.issuance.acme","msg":"looking up info for HTTP challenge","host":"firefly.veritablevalor.com","error":"no information found to solve challenge for identifier: firefly.veritablevalor.com"},
		{"level":"error","ts":1657513556.6807985,"logger":"tls.issuance.acme","msg":"looking up info for HTTP challenge","host":"firefly.veritablevalor.com","error":"no information found to solve challenge for identifier: firefly.veritablevalor.com"},
		{"level":"info","ts":1657513556.6837645,"logger":"tls.issuance.acme.acme_client","msg":"validations succeeded; finalizing order","order":"https://acme-v02.api.letsencrypt.org/acme/order/626596506/105698922416"},
		{"level":"info","ts":1657513557.4753182,"logger":"tls.issuance.acme","msg":"served key authentication","identifier":"gitea.veritablevalor.com","challenge":"http-01","remote":"18.193.108.87:26254","distributed":false},
		{"level":"info","ts":1657513557.75396,"logger":"tls.issuance.acme","msg":"served key authentication","identifier":"gitea.veritablevalor.com","challenge":"http-01","remote":"64.78.149.164:46826","distributed":false},
		{"level":"info","ts":1657513557.797906,"logger":"tls.issuance.acme","msg":"served key authentication","identifier":"gitea.veritablevalor.com","challenge":"http-01","remote":"52.26.120.116:35136","distributed":false},
		{"level":"info","ts":1657513558.0872753,"logger":"tls.issuance.acme.acme_client","msg":"validations succeeded; finalizing order","order":"https://acme-v02.api.letsencrypt.org/acme/order/626596496/105698922546"},
		{"level":"info","ts":1657513558.15614,"logger":"tls.issuance.acme.acme_client","msg":"successfully downloaded available certificate chains","count":2,"first_url":"https://acme-v02.api.letsencrypt.org/acme/cert/04e8640488c8502e1506420ff3256d565863"},
		{"level":"info","ts":1657513558.1576016,"logger":"tls.obtain","msg":"certificate obtained successfully","identifier":"veritablevalor.com"},
		{"level":"info","ts":1657513558.1577506,"logger":"tls.obtain","msg":"releasing lock","identifier":"veritablevalor.com"},
		{"level":"info","ts":1657513559.5788848,"logger":"tls.issuance.acme.acme_client","msg":"successfully downloaded available certificate chains","count":2,"first_url":"https://acme-v02.api.letsencrypt.org/acme/cert/04a3be9a2676ba5541a548bfceb0bf53bca3"},
		{"level":"info","ts":1657513559.5795212,"logger":"tls.obtain","msg":"certificate obtained successfully","identifier":"gitea.veritablevalor.com"},
		{"level":"info","ts":1657513559.5795314,"logger":"tls.obtain","msg":"releasing lock","identifier":"gitea.veritablevalor.com"},
		{"level":"error","ts":1657513853.479024,"logger":"tls","msg":"tls-alpn challenge","server_name":"gitea.veritablevalor.com","error":"no information found to solve challenge for identifier: gitea.veritablevalor.com"},
		{"level":"error","ts":1657513854.4513657,"logger":"tls","msg":"tls-alpn challenge","server_name":"gitea.veritablevalor.com","error":"no information found to solve challenge for identifier: gitea.veritablevalor.com"},
		{"level":"error","ts":1657513854.8445227,"logger":"tls","msg":"tls-alpn challenge","server_name":"gitea.veritablevalor.com","error":"no information found to solve challenge for identifier: gitea.veritablevalor.com"},
		{"level":"error","ts":1657513856.5327828,"logger":"tls.issuance.acme","msg":"looking up info for HTTP challenge","host":"gitea.veritablevalor.com","error":"no information found to solve challenge for identifier: gitea.veritablevalor.com"},
		{"level":"error","ts":1657513856.532892,"logger":"tls.issuance.acme","msg":"looking up info for HTTP challenge","host":"gitea.veritablevalor.com","error":"no information found to solve challenge for identifier: gitea.veritablevalor.com"},
		{"level":"error","ts":1657513856.5658796,"logger":"tls.issuance.acme","msg":"looking up info for HTTP challenge","host":"gitea.veritablevalor.com","error":"no information found to solve challenge for identifier: gitea.veritablevalor.com"},
		{"level":"error","ts":1657513856.5659857,"logger":"tls.issuance.acme","msg":"looking up info for HTTP challenge","host":"gitea.veritablevalor.com","error":"no information found to solve challenge for identifier: gitea.veritablevalor.com"},
		{"level":"error","ts":1657513856.6083639,"logger":"tls.issuance.acme","msg":"looking up info for HTTP challenge","host":"gitea.veritablevalor.com","error":"no information found to solve challenge for identifier: gitea.veritablevalor.com"},
		{"level":"error","ts":1657513856.6085377,"logger":"tls.issuance.acme","msg":"looking up info for HTTP challenge","host":"gitea.veritablevalor.com","error":"no information found to solve challenge for identifier: gitea.veritablevalor.com"},
		{"level":"error","ts":1657513856.719472,"logger":"tls.issuance.acme","msg":"looking up info for HTTP challenge","host":"gitea.veritablevalor.com","error":"no information found to solve challenge for identifier: gitea.veritablevalor.com"},
		{"level":"error","ts":1657513856.7199929,"logger":"tls.issuance.acme","msg":"looking up info for HTTP challenge","host":"gitea.veritablevalor.com","error":"no information found to solve challenge for identifier: gitea.veritablevalor.com"},
		{"level":"error","ts":1657513856.7280574,"logger":"tls.issuance.acme","msg":"looking up info for HTTP challenge","host":"gitea.veritablevalor.com","error":"no information found to solve challenge for identifier: gitea.veritablevalor.com"},
		{"level":"error","ts":1657513856.7284656,"logger":"tls.issuance.acme","msg":"looking up info for HTTP challenge","host":"gitea.veritablevalor.com","error":"no information found to solve challenge for identifier: gitea.veritablevalor.com"},
		{"level":"error","ts":1657513857.0832646,"logger":"tls.issuance.acme","msg":"looking up info for HTTP challenge","host":"gitea.veritablevalor.com","error":"no information found to solve challenge for identifier: gitea.veritablevalor.com"},
		{"level":"error","ts":1657513857.0847573,"logger":"tls.issuance.acme","msg":"looking up info for HTTP challenge","host":"gitea.veritablevalor.com","error":"no information found to solve challenge for identifier: gitea.veritablevalor.com"},
		{"level":"error","ts":1657513857.9762537,"logger":"tls.issuance.acme","msg":"looking up info for HTTP challenge","host":"gitea.veritablevalor.com","error":"no information found to solve challenge for identifier: gitea.veritablevalor.com"},
		{"level":"error","ts":1657513857.976913,"logger":"tls.issuance.acme","msg":"looking up info for HTTP challenge","host":"gitea.veritablevalor.com","error":"no information found to solve challenge for identifier: gitea.veritablevalor.com"},
		{"level":"error","ts":1657513858.0724702,"logger":"tls.issuance.acme","msg":"looking up info for HTTP challenge","host":"gitea.veritablevalor.com","error":"no information found to solve challenge for identifier: gitea.veritablevalor.com"},
		{"level":"error","ts":1657513858.0729134,"logger":"tls.issuance.acme","msg":"looking up info for HTTP challenge","host":"gitea.veritablevalor.com","error":"no information found to solve challenge for identifier: gitea.veritablevalor.com"},
    ]
}

5. What I already tried:

End of section 4.

6. Links to relevant resources:

https://gitea.veritablevalor.com?

Please let me know if there is something obvious I am missing, or if what I am trying to do is just a really bad idea. I am all ears at this point. Thanks!

Blizliam · July 11, 2022, 4:38am

(Wouldn’t fit in the thread body)
LocalCaddy error logs

{
    "data":
    [
        {"level":"error","ts":1657512647.8261812,"logger":"tls.issuance.acme.acme_client","msg":"validating authorization","identifier":"gitea.veritablevalor.com","problem":{"type":"urn:ietf:params:acme:error:unauthorized","title":"","detail":"216.128.142.74: Invalid response from https://gitea.veritablevalor.com/.well-known/acme-challenge/YBUbpVICazq9jn2-7VzVl6xlymgnMDDRohRNfeFcCms: 404","instance":"","subproblems":[]},"order":"https://acme-staging-v02.api.letsencrypt.org/acme/order/53263584/3132382574","attempt":2,"max_attempts":3},
        {"level":"error","ts":1657512647.8262742,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"gitea.veritablevalor.com","issuer":"acme-v02.api.letsencrypt.org-directory","error":"HTTP 403 urn:ietf:params:acme:error:unauthorized - 216.128.142.74: Invalid response from https://gitea.veritablevalor.com/.well-known/acme-challenge/YBUbpVICazq9jn2-7VzVl6xlymgnMDDRohRNfeFcCms: 404"},
        {"level":"warn","ts":1657512647.8265026,"logger":"tls.issuance.zerossl","msg":"missing email address for ZeroSSL; it is strongly recommended to set one for next time"},
        {"level":"info","ts":1657512648.2167113,"logger":"tls.issuance.zerossl","msg":"generated EAB credentials","key_id":"Sni2Nl-Ye5MkzP32MAHMcA"},
        {"level":"warn","ts":1657512675.8688586,"logger":"tls.issuance.acme.acme_client","msg":"HTTP request failed; retrying","url":"https://acme.zerossl.com/v2/DV90","error":"performing request: Get \"https://acme.zerossl.com/v2/DV90\": context deadline exceeded (Client.Timeout exceeded while awaiting headers)"},
        {"level":"warn","ts":1657512706.1210403,"logger":"tls.issuance.acme.acme_client","msg":"HTTP request failed; retrying","url":"https://acme.zerossl.com/v2/DV90","error":"performing request: Get \"https://acme.zerossl.com/v2/DV90\": context deadline exceeded (Client.Timeout exceeded while awaiting headers)"},
        {"level":"warn","ts":1657512736.3728309,"logger":"tls.issuance.acme.acme_client","msg":"HTTP request failed; retrying","url":"https://acme.zerossl.com/v2/DV90","error":"performing request: Get \"https://acme.zerossl.com/v2/DV90\": context deadline exceeded (Client.Timeout exceeded while awaiting headers)"},
        {"level":"error","ts":1657512736.3730435,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"nextcloud.veritablevalor.com","issuer":"acme.zerossl.com-v2-DV90","error":"provisioning client: performing request: Get \"https://acme.zerossl.com/v2/DV90\": context deadline exceeded (Client.Timeout exceeded while awaiting headers)"},
        {"level":"error","ts":1657512736.3730717,"logger":"tls.obtain","msg":"will retry","error":"[nextcloud.veritablevalor.com] Obtain: provisioning client: performing request: Get \"https://acme.zerossl.com/v2/DV90\": context deadline exceeded (Client.Timeout exceeded while awaiting headers)","attempt":5,"retrying_in":600,"elapsed":1929.071225172,"max_duration":2592000},
        {"level":"warn","ts":1657512766.374108,"logger":"tls.issuance.acme.acme_client","msg":"HTTP request failed; retrying","url":"https://acme.zerossl.com/v2/DV90","error":"performing request: Get \"https://acme.zerossl.com/v2/DV90\": context deadline exceeded (Client.Timeout exceeded while awaiting headers)"},
        {"level":"warn","ts":1657512796.6287987,"logger":"tls.issuance.acme.acme_client","msg":"HTTP request failed; retrying","url":"https://acme.zerossl.com/v2/DV90","error":"performing request: Get \"https://acme.zerossl.com/v2/DV90\": context deadline exceeded (Client.Timeout exceeded while awaiting headers)"},
        {"level":"warn","ts":1657512826.8838158,"logger":"tls.issuance.acme.acme_client","msg":"HTTP request failed; retrying","url":"https://acme.zerossl.com/v2/DV90","error":"performing request: Get \"https://acme.zerossl.com/v2/DV90\": context deadline exceeded (Client.Timeout exceeded while awaiting headers)"},
        {"level":"error","ts":1657512826.8839328,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"gitea.veritablevalor.com","issuer":"acme.zerossl.com-v2-DV90","error":"provisioning client: performing request: Get \"https://acme.zerossl.com/v2/DV90\": context deadline exceeded (Client.Timeout exceeded while awaiting headers)"},
        {"level":"error","ts":1657512826.8839824,"logger":"tls.obtain","msg":"will retry","error":"[gitea.veritablevalor.com] Obtain: provisioning client: performing request: Get \"https://acme.zerossl.com/v2/DV90\": context deadline exceeded (Client.Timeout exceeded while awaiting headers)","attempt":4,"retrying_in":300,"elapsed":2019.603038669,"max_duration":2592000},
        {"level":"info","ts":1657512852.3085587,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"firefly.veritablevalor.com","challenge_type":"tls-alpn-01","ca":"https://acme-staging-v02.api.letsencrypt.org/directory"},
        {"level":"error","ts":1657512853.3646975,"logger":"tls.issuance.acme.acme_client","msg":"challenge failed","identifier":"firefly.veritablevalor.com","challenge_type":"tls-alpn-01","problem":{"type":"urn:ietf:params:acme:error:tls","title":"","detail":"216.128.142.74: remote error: tls: internal error","instance":"","subproblems":[]}},
        {"level":"error","ts":1657512853.3647802,"logger":"tls.issuance.acme.acme_client","msg":"validating authorization","identifier":"firefly.veritablevalor.com","problem":{"type":"urn:ietf:params:acme:error:tls","title":"","detail":"216.128.142.74: remote error: tls: internal error","instance":"","subproblems":[]},"order":"https://acme-staging-v02.api.letsencrypt.org/acme/order/53263584/3132431544","attempt":1,"max_attempts":3},
        {"level":"info","ts":1657512854.6134064,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"firefly.veritablevalor.com","challenge_type":"http-01","ca":"https://acme-staging-v02.api.letsencrypt.org/directory"},
        {"level":"error","ts":1657512855.4895954,"logger":"tls.issuance.acme.acme_client","msg":"challenge failed","identifier":"firefly.veritablevalor.com","challenge_type":"http-01","problem":{"type":"urn:ietf:params:acme:error:tls","title":"","detail":"216.128.142.74: Fetching https://firefly.veritablevalor.com/.well-known/acme-challenge/HO-K2hUa9ANheGoQic2fe5oGhBORSOKx8ApHlEQD5G0: remote error: tls: internal error","instance":"","subproblems":[]}},
        {"level":"error","ts":1657512855.4896696,"logger":"tls.issuance.acme.acme_client","msg":"validating authorization","identifier":"firefly.veritablevalor.com","problem":{"type":"urn:ietf:params:acme:error:tls","title":"","detail":"216.128.142.74: Fetching https://firefly.veritablevalor.com/.well-known/acme-challenge/HO-K2hUa9ANheGoQic2fe5oGhBORSOKx8ApHlEQD5G0: remote error: tls: internal error","instance":"","subproblems":[]},"order":"https://acme-staging-v02.api.letsencrypt.org/acme/order/53263584/3132431964","attempt":2,"max_attempts":3},
        {"level":"error","ts":1657512855.4897356,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"firefly.veritablevalor.com","issuer":"acme-v02.api.letsencrypt.org-directory","error":"HTTP 400 urn:ietf:params:acme:error:tls - 216.128.142.74: Fetching https://firefly.veritablevalor.com/.well-known/acme-challenge/HO-K2hUa9ANheGoQic2fe5oGhBORSOKx8ApHlEQD5G0: remote error: tls: internal error"},
        {"level":"warn","ts":1657512855.4910893,"logger":"tls.issuance.zerossl","msg":"missing email address for ZeroSSL; it is strongly recommended to set one for next time"},
        {"level":"info","ts":1657512856.407935,"logger":"tls.issuance.zerossl","msg":"generated EAB credentials","key_id":"zSb7XyYiVvtBnoNRRwJ7Cw"},
        {"level":"warn","ts":1657512886.4097948,"logger":"tls.issuance.acme.acme_client","msg":"HTTP request failed; retrying","url":"https://acme.zerossl.com/v2/DV90","error":"performing request: Get \"https://acme.zerossl.com/v2/DV90\": context deadline exceeded (Client.Timeout exceeded while awaiting headers)"},
        {"level":"warn","ts":1657512916.661462,"logger":"tls.issuance.acme.acme_client","msg":"HTTP request failed; retrying","url":"https://acme.zerossl.com/v2/DV90","error":"performing request: Get \"https://acme.zerossl.com/v2/DV90\": context deadline exceeded (Client.Timeout exceeded while awaiting headers)"},
        {"level":"warn","ts":1657512946.9129946,"logger":"tls.issuance.acme.acme_client","msg":"HTTP request failed; retrying","url":"https://acme.zerossl.com/v2/DV90","error":"performing request: Get \"https://acme.zerossl.com/v2/DV90\": context deadline exceeded (Client.Timeout exceeded while awaiting headers)"},
        {"level":"error","ts":1657512946.91313,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"firefly.veritablevalor.com","issuer":"acme.zerossl.com-v2-DV90","error":"provisioning client: performing request: Get \"https://acme.zerossl.com/v2/DV90\": context deadline exceeded (Client.Timeout exceeded while awaiting headers)"},
        {"level":"error","ts":1657512946.9131963,"logger":"tls.obtain","msg":"will retry","error":"[firefly.veritablevalor.com] Obtain: provisioning client: performing request: Get \"https://acme.zerossl.com/v2/DV90\": context deadline exceeded (Client.Timeout exceeded while awaiting headers)","attempt":5,"retrying_in":600,"elapsed":2139.669844646,"max_duration":2592000},
        {"level":"info","ts":1657512947.3820207,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"jellyfin.veritablevalor.com","challenge_type":"tls-alpn-01","ca":"https://acme-staging-v02.api.letsencrypt.org/directory"},
        {"level":"error","ts":1657512949.1971834,"logger":"tls.issuance.acme.acme_client","msg":"challenge failed","identifier":"jellyfin.veritablevalor.com","challenge_type":"tls-alpn-01","problem":{"type":"urn:ietf:params:acme:error:dns","title":"","detail":"DNS problem: SERVFAIL looking up A for jellyfin.veritablevalor.com - the domain's nameservers may be malfunctioning; DNS problem: SERVFAIL looking up AAAA for jellyfin.veritablevalor.com - the domain's nameservers may be malfunctioning","instance":"","subproblems":[]}},
        {"level":"error","ts":1657512949.1972547,"logger":"tls.issuance.acme.acme_client","msg":"validating authorization","identifier":"jellyfin.veritablevalor.com","problem":{"type":"urn:ietf:params:acme:error:dns","title":"","detail":"DNS problem: SERVFAIL looking up A for jellyfin.veritablevalor.com - the domain's nameservers may be malfunctioning; DNS problem: SERVFAIL looking up AAAA for jellyfin.veritablevalor.com - the domain's nameservers may be malfunctioning","instance":"","subproblems":[]},"order":"https://acme-staging-v02.api.letsencrypt.org/acme/order/53263584/3132449024","attempt":1,"max_attempts":3},
        {"level":"info","ts":1657512950.3898597,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"jellyfin.veritablevalor.com","challenge_type":"http-01","ca":"https://acme-staging-v02.api.letsencrypt.org/directory"},
        {"level":"error","ts":1657512950.872246,"logger":"tls.issuance.acme.acme_client","msg":"challenge failed","identifier":"jellyfin.veritablevalor.com","challenge_type":"http-01","problem":{"type":"urn:ietf:params:acme:error:dns","title":"","detail":"DNS problem: SERVFAIL looking up A for jellyfin.veritablevalor.com - the domain's nameservers may be malfunctioning; DNS problem: SERVFAIL looking up AAAA for jellyfin.veritablevalor.com - the domain's nameservers may be malfunctioning","instance":"","subproblems":[]}},
        {"level":"error","ts":1657512950.8723216,"logger":"tls.issuance.acme.acme_client","msg":"validating authorization","identifier":"jellyfin.veritablevalor.com","problem":{"type":"urn:ietf:params:acme:error:dns","title":"","detail":"DNS problem: SERVFAIL looking up A for jellyfin.veritablevalor.com - the domain's nameservers may be malfunctioning; DNS problem: SERVFAIL looking up AAAA for jellyfin.veritablevalor.com - the domain's nameservers may be malfunctioning","instance":"","subproblems":[]},"order":"https://acme-staging-v02.api.letsencrypt.org/acme/order/53263584/3132449544","attempt":2,"max_attempts":3},
        {"level":"error","ts":1657512950.8724115,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"jellyfin.veritablevalor.com","issuer":"acme-v02.api.letsencrypt.org-directory","error":"HTTP 400 urn:ietf:params:acme:error:dns - DNS problem: SERVFAIL looking up A for jellyfin.veritablevalor.com - the domain's nameservers may be malfunctioning; DNS problem: SERVFAIL looking up AAAA for jellyfin.veritablevalor.com - the domain's nameservers may be malfunctioning"},
        {"level":"warn","ts":1657512950.873724,"logger":"tls.issuance.zerossl","msg":"missing email address for ZeroSSL; it is strongly recommended to set one for next time"},
        {"level":"info","ts":1657512951.7217536,"logger":"tls.issuance.zerossl","msg":"generated EAB credentials","key_id":"57F2wQ5_z5ageUvTC3nLKg"},
        {"level":"warn","ts":1657512981.7226765,"logger":"tls.issuance.acme.acme_client","msg":"HTTP request failed; retrying","url":"https://acme.zerossl.com/v2/DV90","error":"performing request: Get \"https://acme.zerossl.com/v2/DV90\": context deadline exceeded (Client.Timeout exceeded while awaiting headers)"},
        {"level":"warn","ts":1657513011.9745827,"logger":"tls.issuance.acme.acme_client","msg":"HTTP request failed; retrying","url":"https://acme.zerossl.com/v2/DV90","error":"performing request: Get \"https://acme.zerossl.com/v2/DV90\": context deadline exceeded (Client.Timeout exceeded while awaiting headers)"},
        {"level":"warn","ts":1657513042.22626,"logger":"tls.issuance.acme.acme_client","msg":"HTTP request failed; retrying","url":"https://acme.zerossl.com/v2/DV90","error":"performing request: Get \"https://acme.zerossl.com/v2/DV90\": context deadline exceeded (Client.Timeout exceeded while awaiting headers)"},
        {"level":"error","ts":1657513042.2264144,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"jellyfin.veritablevalor.com","issuer":"acme.zerossl.com-v2-DV90","error":"provisioning client: performing request: Get \"https://acme.zerossl.com/v2/DV90\": context deadline exceeded (Client.Timeout exceeded while awaiting headers)"},
        {"level":"error","ts":1657513042.2264717,"logger":"tls.obtain","msg":"will retry","error":"[jellyfin.veritablevalor.com] Obtain: provisioning client: performing request: Get \"https://acme.zerossl.com/v2/DV90\": context deadline exceeded (Client.Timeout exceeded while awaiting headers)","attempt":5,"retrying_in":600,"elapsed":2234.908036179,"max_duration":2592000},
        {"level":"info","ts":1657513061.6463554,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"planka.veritablevalor.com","challenge_type":"tls-alpn-01","ca":"https://acme-staging-v02.api.letsencrypt.org/directory"},
        {"level":"error","ts":1657513062.203209,"logger":"tls.issuance.acme.acme_client","msg":"challenge failed","identifier":"planka.veritablevalor.com","challenge_type":"tls-alpn-01","problem":{"type":"urn:ietf:params:acme:error:tls","title":"","detail":"216.128.142.74: remote error: tls: internal error","instance":"","subproblems":[]}},
        {"level":"error","ts":1657513062.2033472,"logger":"tls.issuance.acme.acme_client","msg":"validating authorization","identifier":"planka.veritablevalor.com","problem":{"type":"urn:ietf:params:acme:error:tls","title":"","detail":"216.128.142.74: remote error: tls: internal error","instance":"","subproblems":[]},"order":"https://acme-staging-v02.api.letsencrypt.org/acme/order/53263584/3132470314","attempt":1,"max_attempts":3},
        {"level":"info","ts":1657513063.3930302,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"planka.veritablevalor.com","challenge_type":"http-01","ca":"https://acme-staging-v02.api.letsencrypt.org/directory"},
        {"level":"error","ts":1657513063.8589087,"logger":"tls.issuance.acme.acme_client","msg":"challenge failed","identifier":"planka.veritablevalor.com","challenge_type":"http-01","problem":{"type":"urn:ietf:params:acme:error:tls","title":"","detail":"216.128.142.74: Fetching https://planka.veritablevalor.com/.well-known/acme-challenge/uO3YOT8AKU099VdoAR4c4tGtx0exj5tG751PSO5JT9E: remote error: tls: internal error","instance":"","subproblems":[]}},
        {"level":"error","ts":1657513063.858988,"logger":"tls.issuance.acme.acme_client","msg":"validating authorization","identifier":"planka.veritablevalor.com","problem":{"type":"urn:ietf:params:acme:error:tls","title":"","detail":"216.128.142.74: Fetching https://planka.veritablevalor.com/.well-known/acme-challenge/uO3YOT8AKU099VdoAR4c4tGtx0exj5tG751PSO5JT9E: remote error: tls: internal error","instance":"","subproblems":[]},"order":"https://acme-staging-v02.api.letsencrypt.org/acme/order/53263584/3132470564","attempt":2,"max_attempts":3},
        {"level":"error","ts":1657513063.8590539,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"planka.veritablevalor.com","issuer":"acme-v02.api.letsencrypt.org-directory","error":"HTTP 400 urn:ietf:params:acme:error:tls - 216.128.142.74: Fetching https://planka.veritablevalor.com/.well-known/acme-challenge/uO3YOT8AKU099VdoAR4c4tGtx0exj5tG751PSO5JT9E: remote error: tls: internal error"},
        {"level":"warn","ts":1657513063.860282,"logger":"tls.issuance.zerossl","msg":"missing email address for ZeroSSL; it is strongly recommended to set one for next time"},
        {"level":"info","ts":1657513064.8518114,"logger":"tls.issuance.zerossl","msg":"generated EAB credentials","key_id":"XqwSiTB15u9_bbvFVYCUUg"},
        {"level":"warn","ts":1657513094.8532312,"logger":"tls.issuance.acme.acme_client","msg":"HTTP request failed; retrying","url":"https://acme.zerossl.com/v2/DV90","error":"performing request: Get \"https://acme.zerossl.com/v2/DV90\": context deadline exceeded (Client.Timeout exceeded while awaiting headers)"},
        {"level":"warn","ts":1657513125.1047056,"logger":"tls.issuance.acme.acme_client","msg":"HTTP request failed; retrying","url":"https://acme.zerossl.com/v2/DV90","error":"performing request: Get \"https://acme.zerossl.com/v2/DV90\": context deadline exceeded (Client.Timeout exceeded while awaiting headers)"},
        {"level":"warn","ts":1657513155.3576667,"logger":"tls.issuance.acme.acme_client","msg":"HTTP request failed; retrying","url":"https://acme.zerossl.com/v2/DV90","error":"performing request: Get \"https://acme.zerossl.com/v2/DV90\": context deadline exceeded (Client.Timeout exceeded while awaiting headers)"},
        {"level":"error","ts":1657513155.3577802,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"planka.veritablevalor.com","issuer":"acme.zerossl.com-v2-DV90","error":"provisioning client: performing request: Get \"https://acme.zerossl.com/v2/DV90\": context deadline exceeded (Client.Timeout exceeded while awaiting headers)"},
        {"level":"error","ts":1657513155.3578253,"logger":"tls.obtain","msg":"will retry","error":"[planka.veritablevalor.com] Obtain: provisioning client: performing request: Get \"https://acme.zerossl.com/v2/DV90\": context deadline exceeded (Client.Timeout exceeded while awaiting headers)","attempt":6,"retrying_in":1200,"elapsed":2348.0977195,"max_duration":2592000},
        {"level":"info","ts":1657513155.9019444,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"gitea.veritablevalor.com","challenge_type":"tls-alpn-01","ca":"https://acme-staging-v02.api.letsencrypt.org/directory"},
        {"level":"error","ts":1657513157.4955273,"logger":"tls.issuance.acme.acme_client","msg":"challenge failed","identifier":"gitea.veritablevalor.com","challenge_type":"tls-alpn-01","problem":{"type":"urn:ietf:params:acme:error:tls","title":"","detail":"216.128.142.74: remote error: tls: internal error","instance":"","subproblems":[]}},
        {"level":"error","ts":1657513157.4956162,"logger":"tls.issuance.acme.acme_client","msg":"validating authorization","identifier":"gitea.veritablevalor.com","problem":{"type":"urn:ietf:params:acme:error:tls","title":"","detail":"216.128.142.74: remote error: tls: internal error","instance":"","subproblems":[]},"order":"https://acme-staging-v02.api.letsencrypt.org/acme/order/53263584/3132486584","attempt":1,"max_attempts":3},
        {"level":"info","ts":1657513158.7260492,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"gitea.veritablevalor.com","challenge_type":"http-01","ca":"https://acme-staging-v02.api.letsencrypt.org/directory"},
        {"level":"error","ts":1657513160.8253834,"logger":"tls.issuance.acme.acme_client","msg":"challenge failed","identifier":"gitea.veritablevalor.com","challenge_type":"http-01","problem":{"type":"urn:ietf:params:acme:error:unauthorized","title":"","detail":"216.128.142.74: Invalid response from https://gitea.veritablevalor.com/.well-known/acme-challenge/Nm1hIqqmSjeMs-J5hzJslTliSeEDWT0owIuZo-MDl28: 404","instance":"","subproblems":[]}},
        {"level":"error","ts":1657513160.825496,"logger":"tls.issuance.acme.acme_client","msg":"validating authorization","identifier":"gitea.veritablevalor.com","problem":{"type":"urn:ietf:params:acme:error:unauthorized","title":"","detail":"216.128.142.74: Invalid response from https://gitea.veritablevalor.com/.well-known/acme-challenge/Nm1hIqqmSjeMs-J5hzJslTliSeEDWT0owIuZo-MDl28: 404","instance":"","subproblems":[]},"order":"https://acme-staging-v02.api.letsencrypt.org/acme/order/53263584/3132487164","attempt":2,"max_attempts":3},
        {"level":"error","ts":1657513160.8255482,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"gitea.veritablevalor.com","issuer":"acme-v02.api.letsencrypt.org-directory","error":"HTTP 403 urn:ietf:params:acme:error:unauthorized - 216.128.142.74: Invalid response from https://gitea.veritablevalor.com/.well-known/acme-challenge/Nm1hIqqmSjeMs-J5hzJslTliSeEDWT0owIuZo-MDl28: 404"},
        {"level":"warn","ts":1657513160.8267202,"logger":"tls.issuance.zerossl","msg":"missing email address for ZeroSSL; it is strongly recommended to set one for next time"},
        {"level":"info","ts":1657513161.8967583,"logger":"tls.issuance.zerossl","msg":"generated EAB credentials","key_id":"fmm5oE4wyKC66BAJhkC4Lg"},
        {"level":"warn","ts":1657513191.8973138,"logger":"tls.issuance.acme.acme_client","msg":"HTTP request failed; retrying","url":"https://acme.zerossl.com/v2/DV90","error":"performing request: Get \"https://acme.zerossl.com/v2/DV90\": context deadline exceeded (Client.Timeout exceeded while awaiting headers)"},
        {"level":"warn","ts":1657513222.1490235,"logger":"tls.issuance.acme.acme_client","msg":"HTTP request failed; retrying","url":"https://acme.zerossl.com/v2/DV90","error":"performing request: Get \"https://acme.zerossl.com/v2/DV90\": context deadline exceeded (Client.Timeout exceeded while awaiting headers)"},
        {"level":"warn","ts":1657513252.401461,"logger":"tls.issuance.acme.acme_client","msg":"HTTP request failed; retrying","url":"https://acme.zerossl.com/v2/DV90","error":"performing request: Get \"https://acme.zerossl.com/v2/DV90\": context deadline exceeded (Client.Timeout exceeded while awaiting headers)"},
        {"level":"error","ts":1657513252.401622,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"gitea.veritablevalor.com","issuer":"acme.zerossl.com-v2-DV90","error":"provisioning client: performing request: Get \"https://acme.zerossl.com/v2/DV90\": context deadline exceeded (Client.Timeout exceeded while awaiting headers)"},
        {"level":"error","ts":1657513252.4016774,"logger":"tls.obtain","msg":"will retry","error":"[gitea.veritablevalor.com] Obtain: provisioning client: performing request: Get \"https://acme.zerossl.com/v2/DV90\": context deadline exceeded (Client.Timeout exceeded while awaiting headers)","attempt":5,"retrying_in":600,"elapsed":2445.120734193,"max_duration":2592000},
        {"level":"info","ts":1657513336.8245444,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"nextcloud.veritablevalor.com","challenge_type":"tls-alpn-01","ca":"https://acme-staging-v02.api.letsencrypt.org/directory"},
        {"level":"error","ts":1657513337.3313148,"logger":"tls.issuance.acme.acme_client","msg":"challenge failed","identifier":"nextcloud.veritablevalor.com","challenge_type":"tls-alpn-01","problem":{"type":"urn:ietf:params:acme:error:tls","title":"","detail":"216.128.142.74: remote error: tls: internal error","instance":"","subproblems":[]}},
        {"level":"error","ts":1657513337.3313963,"logger":"tls.issuance.acme.acme_client","msg":"validating authorization","identifier":"nextcloud.veritablevalor.com","problem":{"type":"urn:ietf:params:acme:error:tls","title":"","detail":"216.128.142.74: remote error: tls: internal error","instance":"","subproblems":[]},"order":"https://acme-staging-v02.api.letsencrypt.org/acme/order/53263584/3132519754","attempt":1,"max_attempts":3},
        {"level":"info","ts":1657513338.5046906,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"nextcloud.veritablevalor.com","challenge_type":"http-01","ca":"https://acme-staging-v02.api.letsencrypt.org/directory"},
        {"level":"error","ts":1657513339.0193188,"logger":"tls.issuance.acme.acme_client","msg":"challenge failed","identifier":"nextcloud.veritablevalor.com","challenge_type":"http-01","problem":{"type":"urn:ietf:params:acme:error:tls","title":"","detail":"216.128.142.74: Fetching https://nextcloud.veritablevalor.com/.well-known/acme-challenge/t1eayUQc33j5pATxkyMw3Dg_Svytlp7JKa3RTyT9Zqw: remote error: tls: internal error","instance":"","subproblems":[]}},
        {"level":"error","ts":1657513339.0194955,"logger":"tls.issuance.acme.acme_client","msg":"validating authorization","identifier":"nextcloud.veritablevalor.com","problem":{"type":"urn:ietf:params:acme:error:tls","title":"","detail":"216.128.142.74: Fetching https://nextcloud.veritablevalor.com/.well-known/acme-challenge/t1eayUQc33j5pATxkyMw3Dg_Svytlp7JKa3RTyT9Zqw: remote error: tls: internal error","instance":"","subproblems":[]},"order":"https://acme-staging-v02.api.letsencrypt.org/acme/order/53263584/3132519964","attempt":2,"max_attempts":3},
        {"level":"error","ts":1657513339.0196111,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"nextcloud.veritablevalor.com","issuer":"acme-v02.api.letsencrypt.org-directory","error":"HTTP 400 urn:ietf:params:acme:error:tls - 216.128.142.74: Fetching https://nextcloud.veritablevalor.com/.well-known/acme-challenge/t1eayUQc33j5pATxkyMw3Dg_Svytlp7JKa3RTyT9Zqw: remote error: tls: internal error"},
        {"level":"warn","ts":1657513339.0205936,"logger":"tls.issuance.zerossl","msg":"missing email address for ZeroSSL; it is strongly recommended to set one for next time"},
        {"level":"info","ts":1657513340.320724,"logger":"tls.issuance.zerossl","msg":"generated EAB credentials","key_id":"f8imwnikbKFHIQym7jVGqQ"},
        {"level":"warn","ts":1657513370.3251877,"logger":"tls.issuance.acme.acme_client","msg":"HTTP request failed; retrying","url":"https://acme.zerossl.com/v2/DV90","error":"performing request: Get \"https://acme.zerossl.com/v2/DV90\": context deadline exceeded (Client.Timeout exceeded while awaiting headers)"},
        {"level":"warn","ts":1657513400.5760536,"logger":"tls.issuance.acme.acme_client","msg":"HTTP request failed; retrying","url":"https://acme.zerossl.com/v2/DV90","error":"performing request: Get \"https://acme.zerossl.com/v2/DV90\": context deadline exceeded (Client.Timeout exceeded while awaiting headers)"},
        {"level":"warn","ts":1657513430.8290517,"logger":"tls.issuance.acme.acme_client","msg":"HTTP request failed; retrying","url":"https://acme.zerossl.com/v2/DV90","error":"performing request: Get \"https://acme.zerossl.com/v2/DV90\": context deadline exceeded (Client.Timeout exceeded while awaiting headers)"},
        {"level":"error","ts":1657513430.8291998,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"nextcloud.veritablevalor.com","issuer":"acme.zerossl.com-v2-DV90","error":"provisioning client: performing request: Get \"https://acme.zerossl.com/v2/DV90\": context deadline exceeded (Client.Timeout exceeded while awaiting headers)"},
        {"level":"error","ts":1657513430.8292608,"logger":"tls.obtain","msg":"will retry","error":"[nextcloud.veritablevalor.com] Obtain: provisioning client: performing request: Get \"https://acme.zerossl.com/v2/DV90\": context deadline exceeded (Client.Timeout exceeded while awaiting headers)","attempt":6,"retrying_in":1200,"elapsed":2623.527402213,"max_duration":2592000},
        {"level":"info","ts":1657513547.3703742,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"firefly.veritablevalor.com","challenge_type":"tls-alpn-01","ca":"https://acme-staging-v02.api.letsencrypt.org/directory"},
        {"level":"error","ts":1657513555.1534488,"logger":"tls.issuance.acme.acme_client","msg":"challenge failed","identifier":"firefly.veritablevalor.com","challenge_type":"tls-alpn-01","problem":{"type":"urn:ietf:params:acme:error:connection","title":"","detail":"216.128.142.74: Connection refused","instance":"","subproblems":[]}},
        {"level":"error","ts":1657513555.1535778,"logger":"tls.issuance.acme.acme_client","msg":"validating authorization","identifier":"firefly.veritablevalor.com","problem":{"type":"urn:ietf:params:acme:error:connection","title":"","detail":"216.128.142.74: Connection refused","instance":"","subproblems":[]},"order":"https://acme-staging-v02.api.letsencrypt.org/acme/order/53263584/3132552294","attempt":1,"max_attempts":3},
        {"level":"info","ts":1657513556.3501854,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"firefly.veritablevalor.com","challenge_type":"http-01","ca":"https://acme-staging-v02.api.letsencrypt.org/directory"},
        {"level":"error","ts":1657513556.820397,"logger":"tls.issuance.acme.acme_client","msg":"challenge failed","identifier":"firefly.veritablevalor.com","challenge_type":"http-01","problem":{"type":"urn:ietf:params:acme:error:tls","title":"","detail":"216.128.142.74: Fetching https://firefly.veritablevalor.com/.well-known/acme-challenge/DgtsGUGHglsosWQT6vUQ3PLDtrkgLFXzrMgLzqa3hQM: remote error: tls: internal error","instance":"","subproblems":[]}},
        {"level":"error","ts":1657513556.8204844,"logger":"tls.issuance.acme.acme_client","msg":"validating authorization","identifier":"firefly.veritablevalor.com","problem":{"type":"urn:ietf:params:acme:error:tls","title":"","detail":"216.128.142.74: Fetching https://firefly.veritablevalor.com/.well-known/acme-challenge/DgtsGUGHglsosWQT6vUQ3PLDtrkgLFXzrMgLzqa3hQM: remote error: tls: internal error","instance":"","subproblems":[]},"order":"https://acme-staging-v02.api.letsencrypt.org/acme/order/53263584/3132553534","attempt":2,"max_attempts":3},
        {"level":"error","ts":1657513556.820552,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"firefly.veritablevalor.com","issuer":"acme-v02.api.letsencrypt.org-directory","error":"HTTP 400 urn:ietf:params:acme:error:tls - 216.128.142.74: Fetching https://firefly.veritablevalor.com/.well-known/acme-challenge/DgtsGUGHglsosWQT6vUQ3PLDtrkgLFXzrMgLzqa3hQM: remote error: tls: internal error"},
        {"level":"warn","ts":1657513556.8215468,"logger":"tls.issuance.zerossl","msg":"missing email address for ZeroSSL; it is strongly recommended to set one for next time"},
        {"level":"info","ts":1657513558.0899267,"logger":"tls.issuance.zerossl","msg":"generated EAB credentials","key_id":"L9nmwkzwnJKuhGztcltHpQ"},
    ]
}

francislavoie · July 11, 2022, 5:17am

If your local Caddy instance isn’t publicly accessible, then ACME issuance with the HTTP or TLS-ALPN challenges can’t complete.

You’ll probably need to use the DNS challenge instead in this case, which will let you local instance issue certs even without being publicly accessible, because it involves you proving that you control the DNS for your domain, instead of proving that you control the server that the domain points to. But you’ll need to build Caddy with the DNS plugin for your provider, and set it up with the API keys to authenticate with your provider.

Blizliam · July 11, 2022, 7:23pm

@francislavoie Thank you! Your reply seemed a little daunting at first, but I followed through by switching my domains name server to Cloudflare and using caddy-dns / cloudflare and it all worked wonderfully. Biggest hiccup is that I run my caddy inside of docker, so I will need to find a way to run some commands on startup, or build a docker image with the package included.

Much appreciated!

francislavoie · July 11, 2022, 7:51pm

Follow the instructions on Docker Hub, i.e.
the “Adding custom Caddy modules” section, which explains how to write a Dockerfile which builds Caddy with the plugins you need.

Blizliam · July 19, 2022, 12:39pm

@francislavoie I finally got around to building the custom Docker image. Thanks again! All my woes are gone.

system · August 10, 2022, 4:37am

This topic was automatically closed after 30 days. New replies are no longer allowed.