our rocketchat works since a few days just in tls self_signed mode.
when we try to start it without self_signed tls it doesn´t start.
we are not sure whether it is a caddy problem, but it seems like a problem between caddy and letsencrypt.
here is the relevant part of the log:
Mär 29 10:35:46 Rocket rocketchat-server.rocketchat-caddy[6680]: Activating privacy features… 2018/03/29 10:35:46 open /root/snap/rocketchat-server/1239/.caddy/acme/acme-v02.api.letsencrypt.org
Mär 29 10:35:46 Rocket systemd[1]: snap.rocketchat-server.rocketchat-caddy.service: Main process exited, code=exited, status=1/FAILURE
Mär 29 10:35:46 Rocket systemd[1]: snap.rocketchat-server.rocketchat-caddy.service: Unit entered failed state.
Mär 29 10:35:46 Rocket systemd[1]: snap.rocketchat-server.rocketchat-caddy.service: Failed with result ‘exit-code’.
Mär 29 10:35:46 Rocket systemd[1]: snap.rocketchat-server.rocketchat-caddy.service: Service hold-off time over, scheduling restart.
Mär 29 10:35:46 Rocket systemd[1]: Stopped Service for snap application rocketchat-server.rocketchat-caddy.
Caddy’s recent update necessitates a full refresh of certificates (since LetsEncrypt updated their ACME protocol to version 2, and we store TLS assets differently now).
I’d wager there’s some issue with the ACME challenge process, but the logs don’t seem to show it. Try altering the startup command to -log /path/to/caddy.log, reproduce the error again, and see if the log file has more information.
https://sub.domain.tld {
tls self_signed
proxy / 127.0.0.1:3000 {
websocket
transparent
}
}
sure we replaced sub.domain.tld
when we start rocketchat with this tls self_signed it works…
when we start it without, it tries to get cert from letsencrypt acme V2 but it fails.
there is no cert in the folder:
/root/snap/rocketchat-server/1238/.caddy/acme/acme-v02.api.letsencrypt.org/sites/…
We really need a process log from Caddy, which should report back exactly what error it’s running into during the cert requisitioning process. It doesn’t like your current log is showing the full output.
Run Caddy manually from the command line, with the -log flag pointed to a new log file just for this issue, and let us know what you get.
Can you build from the latest master? Although I am mobile and haven’t looked into this in detail, I remember seeing a similar behavior in my testing and I believe I pushed a fix, but whether it is the same root cause is just speculation on my part right now. If you build and test from master, that will help confirm.