1. Caddy version (caddy version
):
v2.4.5 h1:P1mRs6V2cMcagSPn+NWpD+OEYUYLIf6ecOa48cFGeUg=
2. How I run Caddy:
Docker.
a. System environment:
Ubuntu 21.04
Docker version 20.10.9, build c2ea9bc
docker-compose version 1.29.2, build 5becea4c
b. Command:
docker-compose up -d
c. Service/unit/compose file:
docker-compose.yml
caddy:
container_name: caddy
image: caddy
build:
context: ./dockerfile/caddy/
dockerfile: dockerfile
ports:
- "80:80/tcp"
- "443:443/tcp"
volumes:
- type: bind
source: ./config/caddy/config
target: /config
- type: bind
source: ./config/caddy/Caddyfile
target: /etc/caddy/Caddyfile
- type: bind
source: ./storage/caddy
target: /data
dockerfile
ROM caddy:builder-alpine AS builder
RUN xcaddy build \
--with github.com/caddy-dns/cloudflare
FROM caddy:alpine
COPY --from=builder /usr/bin/caddy /usr/bin/caddy
d. My complete Caddyfile or JSON config:
prism.thematrix.dev {
tls {
dns cloudflare ABCDE
}
reverse_proxy 127.0.0.1:2342
}
3. The problem I’m having:
Compiling with the additional Cloudflare DNS module, it seems Caddy is still registering SSL certificate from Let’sEncrypt for me, but not use the Cloudflare configuration.
4. Error messages and/or full log output:
{"level":"info","ts":1633921310.0677338,"msg":"using provided configuration","config_file":"/etc/caddy/Caddyfile","config_adapter":"caddyfile"}
{"level":"info","ts":1633921310.0697114,"logger":"admin","msg":"admin endpoint started","address":"tcp/localhost:2019","enforce_origin":false,"origins":["localhost:2019","[::1]:2019","127.0.0.1:2019"]}
{"level":"info","ts":1633921310.0699155,"logger":"tls.cache.maintenance","msg":"started background certificate maintenance","cache":"0xc000248070"}
{"level":"info","ts":1633921310.0699563,"logger":"http","msg":"server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS","server_name":"srv0","https_port":443}
{"level":"info","ts":1633921310.0699692,"logger":"http","msg":"enabling automatic HTTP->HTTPS redirects","server_name":"srv0"}
{"level":"info","ts":1633921310.0702145,"logger":"http","msg":"enabling automatic TLS certificate management","domains":["prism.thematrix.dev"]}
{"level":"info","ts":1633921310.0702467,"logger":"tls","msg":"cleaning storage unit","description":"FileStorage:/data/caddy"}
{"level":"info","ts":1633921310.0702686,"logger":"tls","msg":"finished cleaning storage units"}
{"level":"info","ts":1633921310.0703993,"msg":"autosaved config (load with --resume flag)","file":"/config/caddy/autosave.json"}
{"level":"info","ts":1633921310.0704076,"msg":"serving initial configuration"}
{"level":"info","ts":1633921310.0705378,"logger":"tls.obtain","msg":"acquiring lock","identifier":"prism.thematrix.dev"}
{"level":"info","ts":1633921310.0714858,"logger":"tls.obtain","msg":"lock acquired","identifier":"prism.thematrix.dev"}
{"level":"info","ts":1633921310.0720735,"logger":"tls.issuance.acme","msg":"waiting on internal rate limiter","identifiers":["prism.thematrix.dev"],"ca":"https://acme-v02.api.letsencrypt.org/directory","account":""}
{"level":"info","ts":1633921310.0720863,"logger":"tls.issuance.acme","msg":"done waiting on internal rate limiter","identifiers":["prism.thematrix.dev"],"ca":"https://acme-v02.api.letsencrypt.org/directory","account":""}
{"level":"error","ts":1633921316.325541,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"prism.thematrix.dev","issuer":"acme-v02.api.letsencrypt.org-directory","error":"HTTP 429 urn:ietf:params:acme:error:rateLimited - Error creating new order :: too many failed authorizations recently: see https://letsencrypt.org/docs/rate-limits/"}
{"level":"warn","ts":1633921316.325894,"logger":"tls.issuance.zerossl","msg":"missing email address for ZeroSSL; it is strongly recommended to set one for next time"}
{"level":"info","ts":1633921317.388339,"logger":"tls.issuance.zerossl","msg":"generated EAB credentials","key_id":"aV4lF5ZjT1ehwKH_KdgOGA"}
{"level":"info","ts":1633921318.9381707,"logger":"tls.issuance.acme","msg":"waiting on internal rate limiter","identifiers":["prism.thematrix.dev"],"ca":"https://acme.zerossl.com/v2/DV90","account":""}
{"level":"info","ts":1633921318.9381888,"logger":"tls.issuance.acme","msg":"done waiting on internal rate limiter","identifiers":["prism.thematrix.dev"],"ca":"https://acme.zerossl.com/v2/DV90","account":""}
{"level":"info","ts":1633921319.5761466,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"prism.thematrix.dev","challenge_type":"dns-01","ca":"https://acme.zerossl.com/v2/DV90"}
{"level":"error","ts":1633921320.0300062,"logger":"tls.issuance.acme.acme_client","msg":"cleaning up solver","identifier":"prism.thematrix.dev","challenge_type":"dns-01","error":"no memory of presenting a DNS record for prism.thematrix.dev (probably OK if presenting failed)"}
{"level":"error","ts":1633921320.3427887,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"prism.thematrix.dev","issuer":"acme.zerossl.com-v2-DV90","error":"[prism.thematrix.dev] solving challenges: presenting for challenge: adding temporary record for zone thematrix.dev.: got error status: HTTP 403: [{Code:10000 Message:Authentication error}] (order=https://acme.zerossl.com/v2/DV90/order/B3L8wC8jeqZM3RHTvIQxHg) (ca=https://acme.zerossl.com/v2/DV90)"}
{"level":"error","ts":1633921320.3428075,"logger":"tls.obtain","msg":"will retry","error":"[prism.thematrix.dev] Obtain: [prism.thematrix.dev] solving challenges: presenting for challenge: adding temporary record for zone thematrix.dev.: got error status: HTTP 403: [{Code:10000 Message:Authentication error}] (order=https://acme.zerossl.com/v2/DV90/order/B3L8wC8jeqZM3RHTvIQxHg) (ca=https://acme.zerossl.com/v2/DV90)","attempt":1,"retrying_in":60,"elapsed":10.271306642,"max_duration":2592000}
caddy adapt --config /etc/caddy/Caddyfile
{"apps":{"http":{"servers":{"srv0":{"listen":[":443"],"routes":[{"match":[{"host":["prism.thematrix.dev"]}],"handle":[{"handler":"subroute","routes":[{"handle":[{"handler":"reverse_proxy","upstreams":[{"dial":"127.0.0.1:2342"}]}]}]}],"terminal":true}]}}},"tls":{"automation":{"policies":[{"subjects":["prism.thematrix.dev"],"issuers":[{"challenges":{"dns":{"provider":{"api_token":"ABCDE","name":"cloudflare"}}},"module":"acme"},{"challenges":{"dns":{"provider":{"api_token":"ABCDE","name":"cloudflare"}}},"module":"zerossl"}]}]}}}}
5. What I already tried:
Googled. Seems everything is doing with the same way.