Reverse proxy works on domain, but not subdomain

caddylackey · August 16, 2025, 4:03am

1. The problem I’m having:

I have a reverse proxy set up on my domain (elsebody.com), which points to an internal IP address (192.168.8.100) – and it works perfectly.
However, when I try to do the same with a subdomain (o.elsebody.com), the dns challenge fails with a tls.obtain bad request (400).
The API key from Ionos is associated with my customer account, not a specific domain, so should work on subdomains too.
DNS checker shows the A records for both parent and subdomain have propagated, and point to the same IP address.
Any thoughts on how to get reverse proxy working with my subdomain?

2. Error messages and/or full log output:

```
PS D:\Dropbox\JimBin\Caddy> caddy run --watch
2025/08/16 03:58:09.724 ←[34mINFO←[0m   maxprocs: Leaving GOMAXPROCS=8: CPU quota undefined
2025/08/16 03:58:09.725 ←[34mINFO←[0m   GOMEMLIMIT is updated   {"package": "github.com/KimMachineGun/automemlimit/memlimit", "GOMEMLIMIT": 15071322931, "previous": 9223372036854775807}
2025/08/16 03:58:09.725 ←[34mINFO←[0m   using adjacent Caddyfile
2025/08/16 03:58:09.726 ←[34mINFO←[0m   adapted config to JSON  {"adapter": "caddyfile"}
2025/08/16 03:58:09.727 ←[33mWARN←[0m   Caddyfile input is not formatted; run 'caddy fmt --overwrite' to fix inconsistencies    {"adapter": "caddyfile", "file": "Caddyfile", "line": 14}
2025/08/16 03:58:09.736 ←[34mINFO←[0m   admin   admin endpoint started  {"address": "localhost:2019", "enforce_origin": false, "origins": ["//localhost:2019", "//[::1]:2019", "//127.0.0.1:2019"]}
2025/08/16 03:58:09.736 ←[34mINFO←[0m   tls.cache.maintenance   started background certificate maintenance      {"cache": "0xc00051f700"}
2025/08/16 03:58:09.736 ←[34mINFO←[0m   http.auto_https server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS {"server_name": "srv0", "https_port": 443}
2025/08/16 03:58:09.736 ←[34mINFO←[0m   http.auto_https enabling automatic HTTP->HTTPS redirects        {"server_name": "srv0"}
2025/08/16 03:58:09.736 ←[35mDEBUG←[0m  http.auto_https adjusted config {"tls": {"automation":{"policies":[{"subjects":["o.elsebody.com"]},{}]}}, "http": {"servers":{"remaining_auto_https_redirects":{"listen":[":80"],"routes":[{},{}]},"srv0":{"listen":[":443"],"routes":[{"handle":[{"handler":"subroute","routes":[{"handle":[{"handler":"reverse_proxy","transport":{"protocol":"http","tls":{"insecure_skip_verify":true}},"upstreams":[{"dial":"192.168.8.211:443"}]}]}]}],"terminal":true}],"tls_connection_policies":[{}],"automatic_https":{}}}}}
2025/08/16 03:58:09.737 ←[35mDEBUG←[0m  http    starting server loop    {"address": "[::]:443", "tls": true, "http3": false}
2025/08/16 03:58:09.737 ←[34mINFO←[0m   http    enabling HTTP/3 listener        {"addr": ":443"}
2025/08/16 03:58:09.737 ←[34mINFO←[0m   http.log        server running  {"name": "srv0", "protocols": ["h1", "h2", "h3"]}
2025/08/16 03:58:09.737 ←[35mDEBUG←[0m  http    starting server loop    {"address": "[::]:80", "tls": false, "http3": false}
2025/08/16 03:58:09.737 ←[33mWARN←[0m   http    HTTP/2 skipped because it requires TLS  {"network": "tcp", "addr": ":80"}
2025/08/16 03:58:09.737 ←[33mWARN←[0m   http    HTTP/3 skipped because it requires TLS  {"network": "tcp", "addr": ":80"}
2025/08/16 03:58:09.737 ←[34mINFO←[0m   http.log        server running  {"name": "remaining_auto_https_redirects", "protocols": ["h1", "h2", "h3"]}
2025/08/16 03:58:09.738 ←[34mINFO←[0m   http    enabling automatic TLS certificate management   {"domains": ["o.elsebody.com"]}
2025/08/16 03:58:09.738 ←[35mDEBUG←[0m  events  event   {"name": "started", "id": "6d10e7bc-8d2d-465e-bc94-9915703829d6", "origin": "", "data": null}
2025/08/16 03:58:09.739 ←[34mINFO←[0m   autosaved config (load with --resume flag)      {"file": "C:\\Users\\Jim\\AppData\\Roaming\\Caddy\\autosave.json"}
2025/08/16 03:58:09.739 ←[34mINFO←[0m   serving initial configuration
2025/08/16 03:58:09.739 ←[34mINFO←[0m   watcher watching config file for changes        {"config_file": "Caddyfile"}
2025/08/16 03:58:09.740 ←[34mINFO←[0m   tls     storage cleaning happened too recently; skipping for now        {"storage": "FileStorage:C:\\Users\\Jim\\AppData\\Roaming\\Caddy", "instance": "b84f29cf-3e27-4800-8496-286b891c4f37", "try_again": "2025/08/17 03:58:09.740", "try_again_in": 86400}
2025/08/16 03:58:09.740 ←[34mINFO←[0m   tls     finished cleaning storage units
2025/08/16 03:58:09.750 ←[34mINFO←[0m   tls.obtain      acquiring lock  {"identifier": "o.elsebody.com"}
2025/08/16 03:58:09.752 ←[34mINFO←[0m   tls.obtain      lock acquired   {"identifier": "o.elsebody.com"}
2025/08/16 03:58:09.752 ←[34mINFO←[0m   tls.obtain      obtaining certificate   {"identifier": "o.elsebody.com"}
2025/08/16 03:58:09.753 ←[35mDEBUG←[0m  events  event   {"name": "cert_obtaining", "id": "0a8cefef-0a00-41cb-b7bf-ffb92de45603", "origin": "tls", "data": {"identifier":"o.elsebody.com"}}
2025/08/16 03:58:09.753 ←[35mDEBUG←[0m  tls     created CSR     {"identifiers": ["o.elsebody.com"], "san_dns_names": ["o.elsebody.com"], "san_emails": [], "common_name": "", "extra_extensions": 0}
2025/08/16 03:58:09.754 ←[35mDEBUG←[0m  tls.obtain      trying issuer 1/1       {"issuer": "acme-v02.api.letsencrypt.org-directory"}
2025/08/16 03:58:09.754 ←[35mDEBUG←[0m  tls.issuance.acme       using existing ACME account because key found in storage associated with email  {"email": "default", "ca": "https://acme-v02.api.letsencrypt.org/directory"}
2025/08/16 03:58:09.754 ←[35mDEBUG←[0m  tls.issuance.acme       using existing ACME account because key found in storage associated with email  {"email": "", "ca": "https://acme-v02.api.letsencrypt.org/directory"}
2025/08/16 03:58:09.755 ←[34mINFO←[0m   tls.issuance.acme       waiting on internal rate limiter        {"identifiers": ["o.elsebody.com"], "ca": "https://acme-v02.api.letsencrypt.org/directory", "account": ""}
2025/08/16 03:58:09.755 ←[34mINFO←[0m   tls.issuance.acme       done waiting on internal rate limiter   {"identifiers": ["o.elsebody.com"], "ca": "https://acme-v02.api.letsencrypt.org/directory", "account": ""}
2025/08/16 03:58:09.755 ←[34mINFO←[0m   tls.issuance.acme       using ACME account      {"account_id": "https://acme-v02.api.letsencrypt.org/acme/acct/2594289706", "account_contact": []}
2025/08/16 03:58:10.604 ←[35mDEBUG←[0m  http request    {"method": "GET", "url": "https://acme-v02.api.letsencrypt.org/directory", "headers": {"User-Agent":["Caddy/2.10.0 CertMagic acmez (windows; amd64)"]}, "response_headers": {"Cache-Control":["public, max-age=0, no-cache"],"Content-Length":["995"],"Content-Type":["application/json"],"Date":["Sat, 16 Aug 2025 03:58:11 GMT"],"Server":["nginx"],"Strict-Transport-Security":["max-age=604800"],"X-Frame-Options":["DENY"]}, "status_code": 200}
2025/08/16 03:58:10.605 ←[35mDEBUG←[0m  creating order  {"account": "https://acme-v02.api.letsencrypt.org/acme/acct/2594289706", "identifiers": ["o.elsebody.com"]}
2025/08/16 03:58:11.106 ←[35mDEBUG←[0m  http request    {"method": "HEAD", "url": "https://acme-v02.api.letsencrypt.org/acme/new-nonce", "headers": {"User-Agent":["Caddy/2.10.0 CertMagic acmez (windows; amd64)"]}, "response_headers": {"Cache-Control":["public, max-age=0, no-cache"],"Date":["Sat, 16 Aug 2025 03:58:11 GMT"],"Link":["<https://acme-v02.api.letsencrypt.org/directory>;rel=\"index\""],"Replay-Nonce":["9_RDYWV0wZ1Mftqg_nsI9O78u5jlIQOQUvXII2xKv3Ttl1k3v0E"],"Server":["nginx"],"Strict-Transport-Security":["max-age=604800"],"X-Frame-Options":["DENY"]}, "status_code": 200}
2025/08/16 03:58:11.271 ←[35mDEBUG←[0m  http request    {"method": "POST", "url": "https://acme-v02.api.letsencrypt.org/acme/new-order", "headers": {"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.10.0 CertMagic acmez (windows; amd64)"]}, "response_headers": {"Boulder-Requester":["2594289706"],"Cache-Control":["public, max-age=0, no-cache"],"Content-Length":["348"],"Content-Type":["application/json"],"Date":["Sat, 16 Aug 2025 03:58:11 GMT"],"Link":["<https://acme-v02.api.letsencrypt.org/directory>;rel=\"index\""],"Location":["https://acme-v02.api.letsencrypt.org/acme/order/2594289706/418362240357"],"Replay-Nonce":["trI9TC2kWPGJIXZ37maBLuq3Hf8iOTkzQZVpETmFWJz9aqQMaUc"],"Server":["nginx"],"Strict-Transport-Security":["max-age=604800"],"X-Frame-Options":["DENY"]}, "status_code": 201}
2025/08/16 03:58:11.357 ←[35mDEBUG←[0m  http request    {"method": "POST", "url": "https://acme-v02.api.letsencrypt.org/acme/authz/2594289706/569588950837", "headers": {"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.10.0 CertMagic acmez (windows; amd64)"]}, "response_headers": {"Boulder-Requester":["2594289706"],"Cache-Control":["public, max-age=0, no-cache"],"Content-Length":["822"],"Content-Type":["application/json"],"Date":["Sat, 16 Aug 2025 03:58:11 GMT"],"Link":["<https://acme-v02.api.letsencrypt.org/directory>;rel=\"index\""],"Replay-Nonce":["9_RDYWV0wDmpV5IQ3792xVD6hOMpMz9Nx_2kvI8BZJo7WvZxs0w"],"Server":["nginx"],"Strict-Transport-Security":["max-age=604800"],"X-Frame-Options":["DENY"]}, "status_code": 200}
2025/08/16 03:58:11.358 ←[34mINFO←[0m   trying to solve challenge       {"identifier": "o.elsebody.com", "challenge_type": "dns-01", "ca": "https://acme-v02.api.letsencrypt.org/directory"}
```

3. Caddy version:

PS D:\Dropbox\JimBin\Caddy> caddy version
v2.10.0 h1:fonubSaQKF1YANl8TXqGcn4IbIRUDdfAkpcsfI/vX5U=

4. How I installed and ran Caddy:

Downloaded Caddy v2.10.0 plus Ionos module v1.2.0 from downloads page

a. System environment:

Windows 11 (no Docker, VM etc.)

b. Command:

```
PS D:\Dropbox\JimBin\Caddy> caddy run --watch
```

c. Service/unit/compose file:

n/a

d. My complete Caddy config:

```
{
	# Use Ionos API key for DNS challenges
	acme_dns ionos {redacted.redacted}
	debug
}

o.elsebody.com {
	reverse_proxy 192.168.8.211:443 {
		transport http {
			tls_insecure_skip_verify
		}
	}
}
```

5. Links to relevant resources:

caddylackey · August 18, 2025, 8:55pm

This works fine with the parent domain.

Log file:

PS D:\Dropbox\JimBin\Caddy> caddy run --watch
2025/08/18 20:44:42.879 ←[34mINFO←[0m   maxprocs: Leaving GOMAXPROCS=8: CPU quota undefined
2025/08/18 20:44:42.879 ←[34mINFO←[0m   GOMEMLIMIT is updated   {"package": "github.com/KimMachineGun/automemlimit/memlimit", "GOMEMLIMIT": 15071322931, "previous": 9223372036854775807}
2025/08/18 20:44:42.879 ←[34mINFO←[0m   using adjacent Caddyfile
2025/08/18 20:44:42.883 ←[34mINFO←[0m   adapted config to JSON  {"adapter": "caddyfile"}
2025/08/18 20:44:42.883 ←[33mWARN←[0m   Caddyfile input is not formatted; run 'caddy fmt --overwrite' to fix inconsistencies    {"adapter": "caddyfile", "file": "Caddyfile", "line": 14}
2025/08/18 20:44:42.894 ←[34mINFO←[0m   admin   admin endpoint started  {"address": "localhost:2019", "enforce_origin": false, "origins": ["//localhost:2019", "//[::1]:2019", "//127.0.0.1:2019"]}
2025/08/18 20:44:42.895 ←[34mINFO←[0m   tls.cache.maintenance   started background certificate maintenance      {"cache": "0xc00010ce00"}
2025/08/18 20:44:42.895 ←[34mINFO←[0m   http.auto_https server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS {"server_name": "srv0", "https_port": 443}
2025/08/18 20:44:42.895 ←[34mINFO←[0m   http.auto_https enabling automatic HTTP->HTTPS redirects        {"server_name": "srv0"}
2025/08/18 20:44:42.895 ←[35mDEBUG←[0m  http.auto_https adjusted config {"tls": {"automation":{"policies":[{"subjects":["elsebody.com"]},{}]}}, "http": {"servers":{"remaining_auto_https_redirects":{"listen":[":80"],"routes":[{},{}]},"srv0":{"listen":[":443"],"routes":[{"handle":[{"handler":"subroute","routes":[{"handle":[{"handler":"reverse_proxy","transport":{"protocol":"http","tls":{"insecure_skip_verify":true}},"upstreams":[{"dial":"192.168.8.211:443"}]}]}]}],"terminal":true}],"tls_connection_policies":[{}],"automatic_https":{}}}}}
2025/08/18 20:44:42.895 ←[35mDEBUG←[0m  http    starting server loop    {"address": "[::]:443", "tls": true, "http3": false}
2025/08/18 20:44:42.899 ←[34mINFO←[0m   http    enabling HTTP/3 listener        {"addr": ":443"}
2025/08/18 20:44:42.900 ←[34mINFO←[0m   http.log        server running  {"name": "srv0", "protocols": ["h1", "h2", "h3"]}
2025/08/18 20:44:42.900 ←[35mDEBUG←[0m  http    starting server loop    {"address": "[::]:80", "tls": false, "http3": false}
2025/08/18 20:44:42.900 ←[33mWARN←[0m   http    HTTP/2 skipped because it requires TLS  {"network": "tcp", "addr": ":80"}
2025/08/18 20:44:42.900 ←[33mWARN←[0m   http    HTTP/3 skipped because it requires TLS  {"network": "tcp", "addr": ":80"}
2025/08/18 20:44:42.900 ←[34mINFO←[0m   http.log        server running  {"name": "remaining_auto_https_redirects", "protocols": ["h1", "h2", "h3"]}
2025/08/18 20:44:42.900 ←[34mINFO←[0m   http    enabling automatic TLS certificate management   {"domains": ["elsebody.com"]}
2025/08/18 20:44:42.948 ←[33mWARN←[0m   tls     stapling OCSP   {"error": "no OCSP stapling for [elsebody.com]: no OCSP server specified in certificate", "identifiers": ["elsebody.com"]}
2025/08/18 20:44:42.949 ←[35mDEBUG←[0m  tls.cache       added certificate to cache      {"subjects": ["elsebody.com"], "expiration": "2025/11/12 08:55:24.000", "managed": true, "issuer_key": "acme-v02.api.letsencrypt.org-directory", "hash": "617348c0e1cfad92d8e319b0757ff84cd5ec8687f16cc195c3f76d3fe2f5b71c", "cache_size": 1, "cache_capacity": 10000}
2025/08/18 20:44:42.949 ←[35mDEBUG←[0m  events  event   {"name": "cached_managed_cert", "id": "cf751dbe-9973-4776-9e0d-ef068b03d962", "origin": "tls", "data": {"sans":["elsebody.com"]}}
2025/08/18 20:44:42.949 ←[35mDEBUG←[0m  events  event   {"name": "started", "id": "b3ba0e6b-d252-4a0c-b5d5-05106e68dd7c", "origin": "", "data": null}
2025/08/18 20:44:42.950 ←[34mINFO←[0m   autosaved config (load with --resume flag)      {"file": "C:\\Users\\Jim\\AppData\\Roaming\\Caddy\\autosave.json"}
2025/08/18 20:44:42.950 ←[34mINFO←[0m   serving initial configuration
2025/08/18 20:44:42.951 ←[34mINFO←[0m   watcher watching config file for changes        {"config_file": "Caddyfile"}
2025/08/18 20:44:42.984 ←[34mINFO←[0m   tls     cleaning storage unit   {"storage": "FileStorage:C:\\Users\\Jim\\AppData\\Roaming\\Caddy"}
2025/08/18 20:44:43.137 ←[34mINFO←[0m   tls     finished cleaning storage units
2025/08/18 20:44:44.064 ←[35mDEBUG←[0m  http request    {"method": "GET", "url": "https://acme-v02.api.letsencrypt.org/directory", "headers": {"User-Agent":["Caddy/2.10.0 CertMagic acmez (windows; amd64)"]}, "response_headers": {"Cache-Control":["public, max-age=0, no-cache"],"Content-Length":["995"],"Content-Type":["application/json"],"Date":["Mon, 18 Aug 2025 20:44:44 GMT"],"Server":["nginx"],"Strict-Transport-Security":["max-age=604800"],"X-Frame-Options":["DENY"]}, "status_code": 200}
2025/08/18 20:44:44.066 ←[35mDEBUG←[0m  getting renewal info    {"names": ["elsebody.com"]}
2025/08/18 20:44:44.308 ←[35mDEBUG←[0m  http request    {"method": "GET", "url": "https://acme-v02.api.letsencrypt.org/acme/renewal-info/nytfzzwhT50Et-0rLMTGcIvS1w0.BXArYA7mG0ET9odWvXeao3YL", "headers": {"User-Agent":["Caddy/2.10.0 CertMagic acmez (windows; amd64)"]}, "response_headers": {"Cache-Control":["public, max-age=0, no-cache"],"Content-Length":["101"],"Content-Type":["application/json"],"Date":["Mon, 18 Aug 2025 20:44:44 GMT"],"Link":["<https://acme-v02.api.letsencrypt.org/directory>;rel=\"index\""],"Retry-After":["21600"],"Server":["nginx"],"Strict-Transport-Security":["max-age=604800"],"X-Frame-Options":["DENY"]}, "status_code": 200}
2025/08/18 20:44:44.309 ←[34mINFO←[0m   got renewal info        {"names": ["elsebody.com"], "window_start": "2025/10/12 11:39:28.000", "window_end": "2025/10/14 06:50:17.000", "selected_time": "2025/10/13 08:21:47.000", "recheck_after": "2025/08/19 02:44:44.309", "explanation_url": ""}
2025/08/18 20:44:44.314 ←[34mINFO←[0m   tls     updated and stored ACME renewal information     {"identifiers": ["elsebody.com"], "cert_hash": "617348c0e1cfad92d8e319b0757ff84cd5ec8687f16cc195c3f76d3fe2f5b71c", "ari_unique_id": "nytfzzwhT50Et-0rLMTGcIvS1w0.BXArYA7mG0ET9odWvXeao3YL", "cert_expiry": "2025/11/12 08:55:23.000", "selected_time": "2025/10/13 13:53:56.000", "next_update": "2025/08/19 02:44:44.309", "explanation_url": ""}

And Caddyfile:

{
	# Use Ionos API key for DNS challenges
	acme_dns ionos {redacted.redacted}
	debug
}

elsebody.com {
	reverse_proxy 192.168.8.211:443 {
		transport http {
			tls_insecure_skip_verify
		}
	}
}

hmoffatt · August 19, 2025, 12:36am

Is this all of the log? It ends with “trying to solve challenge” - there should be more. There’s no errors in there that I could see.

caddylackey · August 19, 2025, 4:45am

Sorry, thought I had it all. Here’s the full log, for the failing o.elsebody.com

PS D:\Dropbox\JimBin\Caddy> caddy run --watch
2025/08/19 04:43:57.453 ←[34mINFO←[0m   maxprocs: Leaving GOMAXPROCS=8: CPU quota undefined
2025/08/19 04:43:57.453 ←[34mINFO←[0m   GOMEMLIMIT is updated   {"package": "github.com/KimMachineGun/automemlimit/memlimit", "GOMEMLIMIT": 15071322931, "previous": 9223372036854775807}
2025/08/19 04:43:57.454 ←[34mINFO←[0m   using adjacent Caddyfile
2025/08/19 04:43:57.456 ←[34mINFO←[0m   adapted config to JSON  {"adapter": "caddyfile"}
2025/08/19 04:43:57.456 ←[33mWARN←[0m   Caddyfile input is not formatted; run 'caddy fmt --overwrite' to fix inconsistencies    {"adapter": "caddyfile", "file": "Caddyfile", "line": 14}
2025/08/19 04:43:57.469 ←[34mINFO←[0m   admin   admin endpoint started  {"address": "localhost:2019", "enforce_origin": false, "origins": ["//localhost:2019", "//[::1]:2019", "//127.0.0.1:2019"]}
2025/08/19 04:43:57.470 ←[34mINFO←[0m   tls.cache.maintenance   started background certificate maintenance      {"cache": "0xc000617300"}
2025/08/19 04:43:57.470 ←[34mINFO←[0m   http.auto_https server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS {"server_name": "srv0", "https_port": 443}
2025/08/19 04:43:57.470 ←[34mINFO←[0m   http.auto_https enabling automatic HTTP->HTTPS redirects        {"server_name": "srv0"}
2025/08/19 04:43:57.470 ←[35mDEBUG←[0m  http.auto_https adjusted config {"tls": {"automation":{"policies":[{"subjects":["o.elsebody.com"]},{}]}}, "http": {"servers":{"remaining_auto_https_redirects":{"listen":[":80"],"routes":[{},{}]},"srv0":{"listen":[":443"],"routes":[{"handle":[{"handler":"subroute","routes":[{"handle":[{"handler":"reverse_proxy","transport":{"protocol":"http","tls":{"insecure_skip_verify":true}},"upstreams":[{"dial":"192.168.8.211:443"}]}]}]}],"terminal":true}],"tls_connection_policies":[{}],"automatic_https":{}}}}}
2025/08/19 04:43:57.471 ←[35mDEBUG←[0m  http    starting server loop    {"address": "[::]:443", "tls": true, "http3": false}
2025/08/19 04:43:57.471 ←[34mINFO←[0m   http    enabling HTTP/3 listener        {"addr": ":443"}
2025/08/19 04:43:57.472 ←[34mINFO←[0m   http.log        server running  {"name": "srv0", "protocols": ["h1", "h2", "h3"]}
2025/08/19 04:43:57.472 ←[35mDEBUG←[0m  http    starting server loop    {"address": "[::]:80", "tls": false, "http3": false}
2025/08/19 04:43:57.473 ←[33mWARN←[0m   http    HTTP/2 skipped because it requires TLS  {"network": "tcp", "addr": ":80"}
2025/08/19 04:43:57.473 ←[33mWARN←[0m   http    HTTP/3 skipped because it requires TLS  {"network": "tcp", "addr": ":80"}
2025/08/19 04:43:57.473 ←[34mINFO←[0m   http.log        server running  {"name": "remaining_auto_https_redirects", "protocols": ["h1", "h2", "h3"]}
2025/08/19 04:43:57.473 ←[34mINFO←[0m   http    enabling automatic TLS certificate management   {"domains": ["o.elsebody.com"]}
2025/08/19 04:43:57.474 ←[35mDEBUG←[0m  events  event   {"name": "started", "id": "45a45150-4c1b-4a1e-aa20-42e5bdfef85c", "origin": "", "data": null}
2025/08/19 04:43:57.475 ←[34mINFO←[0m   autosaved config (load with --resume flag)      {"file": "C:\\Users\\Jim\\AppData\\Roaming\\Caddy\\autosave.json"}
2025/08/19 04:43:57.475 ←[34mINFO←[0m   serving initial configuration
2025/08/19 04:43:57.476 ←[34mINFO←[0m   watcher watching config file for changes        {"config_file": "Caddyfile"}
2025/08/19 04:43:57.480 ←[34mINFO←[0m   tls     storage cleaning happened too recently; skipping for now        {"storage": "FileStorage:C:\\Users\\Jim\\AppData\\Roaming\\Caddy", "instance": "b84f29cf-3e27-4800-8496-286b891c4f37", "try_again": "2025/08/20 04:43:57.480", "try_again_in": 86400}
2025/08/19 04:43:57.481 ←[34mINFO←[0m   tls     finished cleaning storage units
2025/08/19 04:43:57.495 ←[34mINFO←[0m   tls.obtain      acquiring lock  {"identifier": "o.elsebody.com"}
2025/08/19 04:43:57.501 ←[34mINFO←[0m   tls.obtain      lock acquired   {"identifier": "o.elsebody.com"}
2025/08/19 04:43:57.501 ←[34mINFO←[0m   tls.obtain      obtaining certificate   {"identifier": "o.elsebody.com"}
2025/08/19 04:43:57.502 ←[35mDEBUG←[0m  events  event   {"name": "cert_obtaining", "id": "cf5f2d9a-9f02-4a93-8a30-7db9d7a91641", "origin": "tls", "data": {"identifier":"o.elsebody.com"}}
2025/08/19 04:43:57.502 ←[35mDEBUG←[0m  tls     created CSR     {"identifiers": ["o.elsebody.com"], "san_dns_names": ["o.elsebody.com"], "san_emails": [], "common_name": "", "extra_extensions": 0}
2025/08/19 04:43:57.502 ←[35mDEBUG←[0m  tls.obtain      trying issuer 1/1       {"issuer": "acme-v02.api.letsencrypt.org-directory"}
2025/08/19 04:43:57.503 ←[35mDEBUG←[0m  tls.issuance.acme       using existing ACME account because key found in storage associated with email  {"email": "default", "ca": "https://acme-v02.api.letsencrypt.org/directory"}
2025/08/19 04:43:57.504 ←[35mDEBUG←[0m  tls.issuance.acme       using existing ACME account because key found in storage associated with email  {"email": "", "ca": "https://acme-v02.api.letsencrypt.org/directory"}
2025/08/19 04:43:57.504 ←[34mINFO←[0m   tls.issuance.acme       waiting on internal rate limiter        {"identifiers": ["o.elsebody.com"], "ca": "https://acme-v02.api.letsencrypt.org/directory", "account": ""}
2025/08/19 04:43:57.504 ←[34mINFO←[0m   tls.issuance.acme       done waiting on internal rate limiter   {"identifiers": ["o.elsebody.com"], "ca": "https://acme-v02.api.letsencrypt.org/directory", "account": ""}
2025/08/19 04:43:57.504 ←[34mINFO←[0m   tls.issuance.acme       using ACME account      {"account_id": "https://acme-v02.api.letsencrypt.org/acme/acct/2594289706", "account_contact": []}
2025/08/19 04:43:57.921 ←[35mDEBUG←[0m  http request    {"method": "GET", "url": "https://acme-v02.api.letsencrypt.org/directory", "headers": {"User-Agent":["Caddy/2.10.0 CertMagic acmez (windows; amd64)"]}, "response_headers": {"Cache-Control":["public, max-age=0, no-cache"],"Content-Length":["995"],"Content-Type":["application/json"],"Date":["Tue, 19 Aug 2025 04:43:58 GMT"],"Server":["nginx"],"Strict-Transport-Security":["max-age=604800"],"X-Frame-Options":["DENY"]}, "status_code": 200}
2025/08/19 04:43:57.921 ←[35mDEBUG←[0m  creating order  {"account": "https://acme-v02.api.letsencrypt.org/acme/acct/2594289706", "identifiers": ["o.elsebody.com"]}
2025/08/19 04:43:58.041 ←[35mDEBUG←[0m  http request    {"method": "HEAD", "url": "https://acme-v02.api.letsencrypt.org/acme/new-nonce", "headers": {"User-Agent":["Caddy/2.10.0 CertMagic acmez (windows; amd64)"]}, "response_headers": {"Cache-Control":["public, max-age=0, no-cache"],"Date":["Tue, 19 Aug 2025 04:43:58 GMT"],"Link":["<https://acme-v02.api.letsencrypt.org/directory>;rel=\"index\""],"Replay-Nonce":["9_RDYWV0KdAa_ZIMt2MvUV1HeQRvPLs5PytuU9ilYDGqk10-0bI"],"Server":["nginx"],"Strict-Transport-Security":["max-age=604800"],"X-Frame-Options":["DENY"]}, "status_code": 200}
2025/08/19 04:43:58.190 ←[35mDEBUG←[0m  http request    {"method": "POST", "url": "https://acme-v02.api.letsencrypt.org/acme/new-order", "headers": {"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.10.0 CertMagic acmez (windows; amd64)"]}, "response_headers": {"Boulder-Requester":["2594289706"],"Cache-Control":["public, max-age=0, no-cache"],"Content-Length":["348"],"Content-Type":["application/json"],"Date":["Tue, 19 Aug 2025 04:43:58 GMT"],"Link":["<https://acme-v02.api.letsencrypt.org/directory>;rel=\"index\""],"Location":["https://acme-v02.api.letsencrypt.org/acme/order/2594289706/419371985697"],"Replay-Nonce":["9_RDYWV0EoZVqEuRzXt88y_YDunHeaKr7jO2EH5Ppla0W8m4sug"],"Server":["nginx"],"Strict-Transport-Security":["max-age=604800"],"X-Frame-Options":["DENY"]}, "status_code": 201}
2025/08/19 04:43:58.320 ←[35mDEBUG←[0m  http request    {"method": "POST", "url": "https://acme-v02.api.letsencrypt.org/acme/authz/2594289706/571051566907", "headers": {"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.10.0 CertMagic acmez (windows; amd64)"]}, "response_headers": {"Boulder-Requester":["2594289706"],"Cache-Control":["public, max-age=0, no-cache"],"Content-Length":["822"],"Content-Type":["application/json"],"Date":["Tue, 19 Aug 2025 04:43:58 GMT"],"Link":["<https://acme-v02.api.letsencrypt.org/directory>;rel=\"index\""],"Replay-Nonce":["trI9TC2kGro3ny1V5JjrNJ8xCc6rk_Ee_4q_7FXhz7LxK2j7xOo"],"Server":["nginx"],"Strict-Transport-Security":["max-age=604800"],"X-Frame-Options":["DENY"]}, "status_code": 200}
2025/08/19 04:43:58.320 ←[34mINFO←[0m   trying to solve challenge       {"identifier": "o.elsebody.com", "challenge_type": "dns-01", "ca": "https://acme-v02.api.letsencrypt.org/directory"}
2025/08/19 04:44:00.578 ←[31mERROR←[0m  cleaning up solver      {"identifier": "o.elsebody.com", "challenge_type": "dns-01", "error": "no memory of presenting a DNS record for \"_acme-challenge.o.elsebody.com\" (usually OK if presenting also failed)"}
github.com/mholt/acmez/v3.(*Client).solveChallenges.func1
        github.com/mholt/acmez/v3@v3.1.2/client.go:318
github.com/mholt/acmez/v3.(*Client).solveChallenges
        github.com/mholt/acmez/v3@v3.1.2/client.go:363
github.com/mholt/acmez/v3.(*Client).ObtainCertificate
        github.com/mholt/acmez/v3@v3.1.2/client.go:136
github.com/caddyserver/certmagic.(*ACMEIssuer).doIssue
        github.com/caddyserver/certmagic@v0.23.0/acmeissuer.go:489
github.com/caddyserver/certmagic.(*ACMEIssuer).Issue
        github.com/caddyserver/certmagic@v0.23.0/acmeissuer.go:382
github.com/caddyserver/caddy/v2/modules/caddytls.(*ACMEIssuer).Issue
        github.com/caddyserver/caddy/v2@v2.10.0/modules/caddytls/acmeissuer.go:288
github.com/caddyserver/certmagic.(*Config).obtainCert.func2
        github.com/caddyserver/certmagic@v0.23.0/config.go:626
github.com/caddyserver/certmagic.doWithRetry
        github.com/caddyserver/certmagic@v0.23.0/async.go:104
github.com/caddyserver/certmagic.(*Config).obtainCert
        github.com/caddyserver/certmagic@v0.23.0/config.go:700
github.com/caddyserver/certmagic.(*Config).ObtainCertAsync
        github.com/caddyserver/certmagic@v0.23.0/config.go:505
github.com/caddyserver/certmagic.(*Config).manageOne.func1
        github.com/caddyserver/certmagic@v0.23.0/config.go:415
github.com/caddyserver/certmagic.(*jobManager).worker
        github.com/caddyserver/certmagic@v0.23.0/async.go:73
2025/08/19 04:44:00.697 ←[35mDEBUG←[0m  http request    {"method": "POST", "url": "https://acme-v02.api.letsencrypt.org/acme/authz/2594289706/571051566907", "headers": {"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.10.0 CertMagic acmez (windows; amd64)"]}, "response_headers": {"Boulder-Requester":["2594289706"],"Cache-Control":["public, max-age=0, no-cache"],"Content-Length":["826"],"Content-Type":["application/json"],"Date":["Tue, 19 Aug 2025 04:44:01 GMT"],"Link":["<https://acme-v02.api.letsencrypt.org/directory>;rel=\"index\""],"Replay-Nonce":["trI9TC2kTfrFHk2MRZ0lqZy2mbZAerz4OClYz9hiC3-FZsfdP8c"],"Server":["nginx"],"Strict-Transport-Security":["max-age=604800"],"X-Frame-Options":["DENY"]}, "status_code": 200}
2025/08/19 04:44:00.698 ←[31mERROR←[0m  tls.obtain      could not get certificate from issuer   {"identifier": "o.elsebody.com", "issuer": "acme-v02.api.letsencrypt.org-directory", "error": "[o.elsebody.com] solving challenges: presenting for challenge: adding temporary record for zone \"elsebody.com.\": find zone: get all zones: Bad Request (400) (order=https://acme-v02.api.letsencrypt.org/acme/order/2594289706/419371985697) (ca=https://acme-v02.api.letsencrypt.org/directory)"}
2025/08/19 04:44:00.699 ←[35mDEBUG←[0m  events  event   {"name": "cert_failed", "id": "50176870-5d27-4037-9b33-f3f42dc943b4", "origin": "tls", "data": {"error":{},"identifier":"o.elsebody.com","issuers":["acme-v02.api.letsencrypt.org-directory"],"renewal":false}}
2025/08/19 04:44:00.700 ←[31mERROR←[0m  tls.obtain      will retry      {"error": "[o.elsebody.com] Obtain: [o.elsebody.com] solving challenges: presenting for challenge: adding temporary record for zone \"elsebody.com.\": find zone: get all zones: Bad Request (400) (order=https://acme-v02.api.letsencrypt.org/acme/order/2594289706/419371985697) (ca=https://acme-v02.api.letsencrypt.org/directory)", "attempt": 1, "retrying_in": 60, "elapsed": 3.1989418, "max_duration": 2592000}

system · September 18, 2025, 4:45am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.