1. The problem I’m having:
Caddy Cloudflare Docker container, 2 x Radarr containers, 2 x Sonarr containers, Audiobookshelf container, all on the same host are not able to obtain LE certs. Other containers (Lidarr, Lubelogger, Teslamate) on the same host using the same Caddy container and Caddyfile as the “problem containers” are successfully getting LE certs.
2. Error messages and/or full log output:
challenge_type": "dns-01", "ca": "https://acme-v02.api.letsencrypt.org/directory"}
2026-02-04T01:13:44.129Z DEBUG http request {"method": "POST", "url": "https://acme-v02.api.letsencrypt.org/acme/new-order", "headers": {"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.10.2 CertMagic acmez (linux; amd64)"]}, "response_headers": {"Boulder-Requester":["2704005361"],"Cache-Control":["public, max-age=0, no-cache"],"Content-Length":["363"],"Content-Type":["application/json"],"Date":["Wed, 04 Feb 2026 01:13:44 GMT"],"Link":["<https://acme-v02.api.letsencrypt.org/directory>;rel=\"index\""],"Location":["https://acme-v02.api.letsencrypt.org/acme/order/2704005361/476591545236"],"Replay-Nonce":["yEIP-nqMrpEYMUXTgHgsS4B7g9eqEW0tfd_Wa0s0K4BCW47Ccdo"],"Server":["nginx"],"Strict-Transport-Security":["max-age=604800"],"X-Frame-Options":["DENY"]}, "status_code": 201}
2026-02-04T01:13:44.158Z DEBUG waiting for solver before continuing {"identifier": "audiobookshelf.theoltmanfamily.net", "challenge_type": "dns-01"}
2026-02-04T01:13:44.162Z DEBUG http request {"method": "POST", "url": "https://acme-v02.api.letsencrypt.org/acme/authz/2704005361/653330990856", "headers": {"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.10.2 CertMagic acmez (linux; amd64)"]}, "response_headers": {"Boulder-Requester":["2704005361"],"Cache-Control":["public, max-age=0, no-cache"],"Content-Length":["837"],"Content-Type":["application/json"],"Date":["Wed, 04 Feb 2026 01:13:44 GMT"],"Link":["<https://acme-v02.api.letsencrypt.org/directory>;rel=\"index\""],"Replay-Nonce":["yEIP-nqMx0liF0uo-MRxLRYZb1sNfxB4uFyEwYeYrJB2_IRKnD0"],"Server":["nginx"],"Strict-Transport-Security":["max-age=604800"],"X-Frame-Options":["DENY"]}, "status_code": 200}
2026-02-04T01:13:44.162Z INFO trying to solve challenge {"identifier": "radarr-2k.theoltmanfamily.net", "challenge_type": "dns-01", "ca": "https://acme-v02.api.letsencrypt.org/directory"}
2026-02-04T01:13:44.333Z DEBUG waiting for solver before continuing {"identifier": "radarr-2k.theoltmanfamily.net", "challenge_type": "dns-01"}
2026-02-04T01:13:46.109Z DEBUG http request {"method": "POST", "url": "https://acme-staging-v02.api.letsencrypt.org/acme/order/232604153/31414696173", "headers": {"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.10.2 CertMagic acmez (linux; amd64)"]}, "response_headers": {"Cache-Control":["public, max-age=0, no-cache"],"Content-Length":["485"],"Content-Type":["application/json"],"Date":["Wed, 04 Feb 2026 01:13:46 GMT"],"Link":["<https://acme-staging-v02.api.letsencrypt.org/directory>;rel=\"index\""],"Location":["https://acme-staging-v02.api.letsencrypt.org/acme/order/232604153/31414696173"],"Replay-Nonce":["Z8aV1-to1Hmq7ajFBVDlxadK3vY_j1xh5G0DLeKL3AcUAOL86OQ"],"Server":["nginx"],"Strict-Transport-Security":["max-age=604800"],"X-Frame-Options":["DENY"]}, "status_code": 200}
2026-02-04T01:13:46.142Z DEBUG http request {"method": "POST", "url": "https://acme-staging-v02.api.letsencrypt.org/acme/cert/2c092aefef0369615e4aa8e5c52b97596e36", "headers": {"Content-Type":["application/jose+json"],"User-Agent":["Ca
mez (linux; amd64)"]}, "response_headers": {"Cache-Control":["public, max-age=0, no-cache"],"Content-Length":["101"],"Content-Type":["application/json"],"Date":["Wed, 04 Feb 2026 01:13:46 GMT"],"Link":["<https://acme-staging-v02.api.letsencrypt.org/directory>;rel=\"index\""],"Retry-After":["20037"],"Server":["nginx"],"Strict-Transport-Security":["max-age=604800"],"X-Frame-Options":["DENY"]}, "status_code": 200}
2026-02-04T01:13:46.178Z INFO got renewal info {"names": ["sonarr-4k.theoltmanfamily.net"], "window_start": "2026-04-04T02:59:15.000Z", "window_end": "2026-04-05T22:10:04.000Z", "selected_time": "2026-04-05T04:22:08.000Z", "recheck_after": "2026-02-04T06:47:43.178Z", "explanation_url": ""}
2026-02-04T01:13:46.213Z DEBUG http request {"method": "POST", "url": "https://acme-staging-v02.api.letsencrypt.org/acme/cert/2c092aefef0369615e4aa8e5c52b97596e36/1", "headers": {"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.10.2 CertMagic acmez (linux; amd64)"]}, "response_headers": {"Cache-Control":["public, max-age=0, no-cache"],"Content-Length":["2495"],"Content-Type":["application/pem-certificate-chain"],"Date":["Wed, 04 Feb 2026 01:13:46 GMT"],"Link":["<https://acme-staging-v02.api.letsencrypt.org/directory>;rel=\"index\"","<https://acme-staging-v02.api.letsencrypt.org/acme/cert/2c092aefef0369615e4aa8e5c52b97596e36/0>;rel=\"alternate\""],"Replay-Nonce":["NfnJmO45qtgkwEr9jVl9tZZNl0PjMX8uLOo2mxRJ8sVETxDGqPg"],"Server":["nginx"],"Strict-Transport-Security":["max-age=604800"],"X-Frame-Options":["DENY"]}, "status_code": 200}
2026-02-04T01:13:46.213Z DEBUG getting renewal info {"names": ["sonarr-4k.theoltmanfamily.net"]}
2026-02-04T01:13:46.240Z DEBUG http request {"method": "GET", "url": "https://acme-staging-v02.api.letsencrypt.org/acme/renewal-info/yUGTQkjRjBcGkfLyOdKgH6e72zk.LAkq7-8DaWFeSqjlxSuXWW42", "headers": {"User-Agent":["Caddy/2.10.2 CertMagic acmez (linux; amd64)"]}, "response_headers": {"Cache-Control":["public, max-age=0, no-cache"],"Content-Length":["101"],"Content-Type":["application/json"],"Date":["Wed, 04 Feb 2026 01:13:46 GMT"],"Link":["<https://acme-staging-v02.api.letsencrypt.org/directory>;rel=\"index\""],"Retry-After":["21586"],"Server":["nginx"],"Strict-Transport-Security":["max-age=604800"],"X-Frame-Options":["DENY"]}, "status_code": 200}
2026-02-04T01:13:46.240Z INFO got renewal info {"names": ["sonarr-4k.theoltmanfamily.net"], "window_start": "2026-04-04T02:59:15.000Z", "window_end": "2026-04-05T22:10:04.000Z", "selected_time": "2026-04-04T08:05:19.000Z", "recheck_after": "2026-02-04T07:13:32.240Z", "explanation_url": ""}
2026-02-04T01:13:46.240Z INFO successfully downloaded available certificate chains {"count": 2, "first_url": "https://acme-staging-v02.api.letsencrypt.org/acme/cert/2c092aefef0369615e4aa8e5c52b97596e36"}
2026-02-04T01:13:46.240Z DEBUG http selected certificate chain {"url": "https://acme-staging-v02.api.letsencrypt.org/acme/cert/2c092aefef0369615e4aa8e5c52b97596e36"}
2026-02-04T01:13:46.240Z DEBUG http using existing ACME account
ew-nonce", "headers": {"User-Agent":["Caddy/2.10.2 CertMagic acmez (linux; amd64)"]}, "response_headers": {"Cache-Control":["public, max-age=0, no-cache"],"Date":["Wed, 04 Feb 2026 01:13:46 GMT"],"Link":["<https://acme-v02.api.letsencrypt.org/directory>;rel=\"index\""],"Replay-Nonce":["yEIP-nqMxwGQjSrzgnFlSUjHxHRwX4JquaLCtLTbin8kZjQFCMI"],"Server":["nginx"],"Strict-Transport-Security":["max-age=604800"],"X-Frame-Options":["DENY"]}, "status_code": 200}
2026-02-04T01:13:46.380Z DEBUG http request {"method": "POST", "url": "https://acme-v02.api.letsencrypt.org/acme/new-order", "headers": {"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.10.2 CertMagic acmez (linux; amd64)"]}, "response_headers": {"Boulder-Requester":["2704005361"],"Cache-Control":["public, max-age=0, no-cache"],"Content-Length":["363"],"Content-Type":["application/json"],"Date":["Wed, 04 Feb 2026 01:13:46 GMT"],"Link":["<https://acme-v02.api.letsencrypt.org/directory>;rel=\"index\""],"Location":["https://acme-v02.api.letsencrypt.org/acme/order/2704005361/476591554056"],"Replay-Nonce":["yEIP-nqMWaPqZqiRqXsASqRKUh2xDNi99T1O3nFQ86Kdok6Q09w"],"Server":["nginx"],"Strict-Transport-Security":["max-age=604800"],"X-Frame-Options":["DENY"]}, "status_code": 201}
2026-02-04T01:13:46.400Z DEBUG http request {"method": "POST", "url": "https://acme-v02.api.letsencrypt.org/acme/authz/2704005361/653331004206", "headers": {"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.10.2 CertMagic acmez (linux; amd64)"]}, "response_headers": {"Boulder-Requester":["2704005361"],"Cache-Control":["public, max-age=0, no-cache"],"Content-Length":["837"],"Content-Type":["application/json"],"Date":["Wed, 04 Feb 2026 01:13:46 GMT"],"Link":["<https://acme-v02.api.letsencrypt.org/directory>;rel=\"index\""],"Replay-Nonce":["yEIP-nqM0DlpUUWDvPLzQOYhVUkiR68uqTdQEMaxir6PT8Rk9V4"],"Server":["nginx"],"Strict-Transport-Security":["max-age=604800"],"X-Frame-Options":["DENY"]}, "status_code": 200}
2026-02-04T01:13:46.401Z INFO trying to solve challenge {"identifier": "sonarr-4k.theoltmanfamily.net", "challenge_type": "dns-01", "ca": "https://acme-v02.api.letsencrypt.org/directory"}
2026-02-04T01:13:46.557Z DEBUG waiting for solver before continuing {"identifier": "sonarr-4k.theoltmanfamily.net", "challenge_type": "dns-01"}
2026-02-04T01:15:43.785Z DEBUG done waiting for solver {"identifier": "radarr-4k.theoltmanfamily.net", "challenge_type": "dns-01"}
2026-02-04T01:15:43.849Z DEBUG done waiting for solver {"identifier": "sonarr-2k.theoltmanfamily.net", "challenge_type": "dns-01"}
2026-02-04T01:15:44.365Z DEBUG done waiting for solver {"identifier": "audiobookshelf.theoltmanfamily.net", "challenge_type": "dns-01"}
2026-02-04T01:15:44.476Z DEBUG http request {"method": "POST", "url": "https://acme-v02.api.letsencrypt.org/acme/authz/2704005361/653330986476", "headers": {"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.10.2 C
26) (ca=https://acme-v02.api.letsencrypt.org/directory)"}
2026-02-04T01:15:44.476Z DEBUG events event {"name": "cert_failed", "id": "38cd3973-8d74-469e-9654-fefb5045ca5f", "origin": "tls", "data": {"error":{"Err":{}},"identifier":"radarr-4k.theoltmanfamily.net","issuers":["acme-v02.api.letsencrypt.org-directory"],"renewal":false}}
2026-02-04T01:15:44.476Z INFO tls.obtain releasing lock {"identifier": "radarr-4k.theoltmanfamily.net"}
2026-02-04T01:15:44.476Z ERROR tls job failed {"error": "radarr-4k.theoltmanfamily.net: obtaining certificate: [radarr-4k.theoltmanfamily.net] Obtain: [radarr-4k.theoltmanfamily.net] solving challenges: waiting for solver certmagic.solverWrapper to be ready: timed out waiting for record to fully propagate; verify DNS provider configuration is correct - last error: <nil> (order=https://acme-v02.api.letsencrypt.org/acme/order/2704005361/476591542126) (ca=https://acme-v02.api.letsencrypt.org/directory)"}
2026-02-04T01:15:44.483Z DEBUG http request {"method": "POST", "url": "https://acme-v02.api.letsencrypt.org/acme/authz/2704005361/653330987406", "headers": {"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.10.2 CertMagic acmez (linux; amd64)"]}, "response_headers": {"Boulder-Requester":["2704005361"],"Cache-Control":["public, max-age=0, no-cache"],"Content-Length":["841"],"Content-Type":["application/json"],"Date":["Wed, 04 Feb 2026 01:15:44 GMT"],"Link":["<https://acme-v02.api.letsencrypt.org/directory>;rel=\"index\""],"Replay-Nonce":["ay3RMBSdxEjpdtcLlz8VZ6TL9hDcuaLn2GiDREtwss3O7XhuKlY"],"Server":["nginx"],"Strict-Transport-Security":["max-age=604800"],"X-Frame-Options":["DENY"]}, "status_code": 200}
2026-02-04T01:15:44.483Z ERROR tls.obtain could not get certificate from issuer {"identifier": "sonarr-2k.theoltmanfamily.net", "issuer": "acme-v02.api.letsencrypt.org-directory", "error": "[sonarr-2k.theoltmanfamily.net] solving challenges: waiting for solver certmagic.solverWrapper to be ready: timed out waiting for record to fully propagate; verify DNS provider configuration is correct - last error: <nil> (order=https://acme-v02.api.letsencrypt.org/acme/order/2704005361/476591542816) (ca=https://acme-v02.api.letsencrypt.org/directory)"}
2026-02-04T01:15:44.483Z DEBUG events event {"name": "cert_failed", "id": "48cc277f-b519-4748-8d99-b167ae556a7a", "origin": "tls", "data": {"error":{"Err":{}},"identifier":"sonarr-2k.theoltmanfamily.net","issuers":["acme-v02.api.letsencrypt.org-directory"],"renewal":false}}
2026-02-04T01:15:44.483Z INFO tls.obtain releasing lock {"identifier": "sonarr-2k.theoltmanfamily.net"}
2026-02-04T01:15:44.483Z ERROR tls job failed {"error": "sonarr-2k.theoltmanfamily.net: obtaining certificate: [sonarr-2k.theoltmanfamily.net] Obtain: [sonarr-2k.theoltmanfamily.net] solving challenges: waiting for solver certmagic.solverWrapper to be ready: timed out waiting for record to fully propagate; verify DNS provider configuration is correct - last error: <nil> (order=https://acme-v02.api.letsencrypt.org/acme
2026-02-04T01:15:44.794Z ERROR tls.obtain could not get certificate from issuer {"identifier": "audiobookshelf.theoltmanfamily.net", "issuer": "acme-v02.api.letsencrypt.org-directory", "error": "[audiobookshelf.theoltmanfamily.net] solving challenges: waiting for solver certmagic.solverWrapper to be ready: timed out waiting for record to fully propagate; verify DNS provider configuration is correct - last error: <nil> (order=https://acme-v02.api.letsencrypt.org/acme/order/2704005361/476591544666) (ca=https://acme-v02.api.letsencrypt.org/directory)"}
2026-02-04T01:15:44.794Z DEBUG events event {"name": "cert_failed", "id": "695a5339-b523-483a-9466-16cd744f9989", "origin": "tls", "data": {"error":{"Err":{}},"identifier":"audiobookshelf.theoltmanfamily.net","issuers":["acme-v02.api.letsencrypt.org-directory"],"renewal":false}}
2026-02-04T01:15:44.794Z INFO tls.obtain releasing lock {"identifier": "audiobookshelf.theoltmanfamily.net"}
2026-02-04T01:15:44.794Z ERROR tls job failed {"error": "audiobookshelf.theoltmanfamily.net: obtaining certificate: [audiobookshelf.theoltmanfamily.net] Obtain: [audiobookshelf.theoltmanfamily.net] solving challenges: waiting for solver certmagic.solverWrapper to be ready: timed out waiting for record to fully propagate; verify DNS provider configuration is correct - last error: <nil> (order=https://acme-v02.api.letsencrypt.org/acme/order/2704005361/476591544666) (ca=https://acme-v02.api.letsencrypt.org/directory)"}
2026-02-04T01:15:44.980Z DEBUG http request {"method": "POST", "url": "https://acme-v02.api.letsencrypt.org/acme/authz/2704005361/653330990856", "headers": {"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.10.2 CertMagic acmez (linux; amd64)"]}, "response_headers": {"Boulder-Requester":["2704005361"],"Cache-Control":["public, max-age=0, no-cache"],"Content-Length":["841"],"Content-Type":["application/json"],"Date":["Wed, 04 Feb 2026 01:15:44 GMT"],"Link":["<https://acme-v02.api.letsencrypt.org/directory>;rel=\"index\""],"Replay-Nonce":["ay3RMBSdsRk8JVahZ1g180mzeFEpb8QmFySd4gh9eAQWexB3I2Q"],"Server":["nginx"],"Strict-Transport-Security":["max-age=604800"],"X-Frame-Options":["DENY"]}, "status_code": 200}
2026-02-04T01:15:44.980Z ERROR tls.obtain could not get certificate from issuer {"identifier": "radarr-2k.theoltmanfamily.net", "issuer": "acme-v02.api.letsencrypt.org-directory", "error": "[radarr-2k.theoltmanfamily.net] solving challenges: waiting for solver certmagic.solverWrapper to be ready: timed out waiting for record to fully propagate; verify DNS provider configuration is correct - last error: <nil> (order=https://acme-v02.api.letsencrypt.org/acme/order/2704005361/476591545236) (ca=https://acme-v02.api.letsencrypt.org/directory)"}
2026-02-04T01:15:44.980Z DEBUG events event {"name": "cert_failed", "id": "4b55cc29-3202-4731-8558-19de2f1addaa", "origin": "tls", "data": {"error":{"Err":{}},"identifier":"radarr-2k.theoltmanfamily.net","issuers":["acme-v02.api.letsencrypt.org-directory"],"renewal":false}}
2026-02-04T01:15:44.980Z INFO tls.ob
z (linux; amd64)"]}, "response_headers": {"Boulder-Requester":["2704005361"],"Cache-Control":["public, max-age=0, no-cache"],"Content-Length":["841"],"Content-Type":["application/json"],"Date":["Wed, 04 Feb 2026 01:15:47 GMT"],"Link":["<https://acme-v02.api.letsencrypt.org/directory>;rel=\"index\""],"Replay-Nonce":["yEIP-nqMBQbHG50PwuOawJofZZrZV0neSKaOUVSuPzQ4zpT99X8"],"Server":["nginx"],"Strict-Transport-Security":["max-age=604800"],"X-Frame-Options":["DENY"]}, "status_code": 200}
2026-02-04T01:15:47.239Z ERROR tls.obtain could not get certificate from issuer {"identifier": "sonarr-4k.theoltmanfamily.net", "issuer": "acme-v02.api.letsencrypt.org-directory", "error": "[sonarr-4k.theoltmanfamily.net] solving challenges: waiting for solver certmagic.solverWrapper to be ready: timed out waiting for record to fully propagate; verify DNS provider configuration is correct - last error: <nil> (order=https://acme-v02.api.letsencrypt.org/acme/order/2704005361/476591554056) (ca=https://acme-v02.api.letsencrypt.org/directory)"}
2026-02-04T01:15:47.239Z DEBUG events event {"name": "cert_failed", "id": "b6d05450-b50e-4c0e-af14-79f32ed3f26a", "origin": "tls", "data": {"error":{"Err":{}},"identifier":"sonarr-4k.theoltmanfamily.net","issuers":["acme-v02.api.letsencrypt.org-directory"],"renewal":false}}
2026-02-04T01:15:47.239Z INFO tls.obtain releasing lock {"identifier": "sonarr-4k.theoltmanfamily.net"}
2026-02-04T01:15:47.239Z ERROR tls job failed {"error": "sonarr-4k.theoltmanfamily.net: obtaining certificate: [sonarr-4k.theoltmanfamily.net] Obtain: [sonarr-4k.theoltmanfamily.net] solving challenges: waiting for solver certmagic.solverWrapper to be ready: timed out waiting for record to fully propagate; verify DNS provider configuration is correct - last error: <nil> (order=https://acme-v02.api.letsencrypt.org/acme/order/2704005361/476591554056) (ca=https://acme-v02.api.letsencrypt.org/directory)"}
2026-02-04T01:38:04.116Z DEBUG getting renewal info {"names": ["lubelogger.theoltmanfamily.net"]}
2026-02-04T01:38:04.255Z DEBUG http request {"method": "GET", "url": "https://acme-v02.api.letsencrypt.org/acme/renewal-info/jw0TovYuftFQbDMYOF1ZjiNykco.BYmHKkm4lfEyHj0C-ZOlV_ik", "headers": {"User-Agent":["Caddy/2.10.2 CertMagic acmez (linux; amd64)"]}, "response_headers": {"Cache-Control":["public, max-age=0, no-cache"],"Content-Length":["101"],"Content-Type":["application/json"],"Date":["Wed, 04 Feb 2026 01:38:04 GMT"],"Link":["<https://acme-v02.api.letsencrypt.org/directory>;rel=\"index\""],"Retry-After":["21600"],"Server":["nginx"],"Strict-Transport-Security":["max-age=604800"],"X-Frame-Options":["DENY"]}, "status_code": 200}
2026-02-04T01:38:04.255Z INFO got renewal info {"names": ["lubelogger.theoltmanfamily.net"], "window_start": "2026-04-01T19:55:04.000Z", "window_end": "2026-04-03T15:05:53.000Z", "selected_time": "2026-04-03T02:36:39.000Z", "recheck_after": "2026-02-04T07:38:04.255Z", "explanation_url": ""}
3. Caddy version:
v2.10.2 h1:g/gTYjGMD0dec+UgMw8SnfmJ3I9+M2TdvoRL/Ovu6U8=
4. How I installed and ran Caddy:
Caddy docker image: Package caddy-cloudflare · GitHub
a. System environment:
Ubuntu 24.04 LTS, Docker version 29.1.1, build 0aedba5
b. Command:
Caddy runs as part of the docker con
c. Service/unit/compose file:
include:
- ../networks.yaml
services:
caddy:
image: ghcr.io/caddybuilds/caddy-cloudflare:latest
restart: unless-stopped
cap_add:
- NET_ADMIN
ports:
- "80:80"
- "443:443"
- "443:443/udp"
volumes:
- /mnt/docker/caddy/Caddyfile:/etc/caddy/Caddyfile
- /mnt/docker/caddy/site:/srv
- /mnt/docker/caddy/data:/data
- /mnt/docker/caddy/config:/config
- /mnt/docker/caddy/.env:/etc/caddy/.env
environment:
- CLOUDFLARE_API_TOKEN=${CLOUDFLARE_API_KEY}
env_file:
- .env
networks:
macvlan-net:
ipv4_address: 10.0.10.99
caddy_net:
arr_net:
profiles: ["caddy","all"]
d. My complete Caddy config:
# The Caddyfile is an easy way to configure your Caddy web server.
#
# Unless the file starts with a global options block, the first
# uncommented line is always the address of your site.
#
# To use your own domain name (with automatic HTTPS), first make
# sure your domain's A/AAAA DNS records are properly pointed to
# this machine's public IP, then replace ":80" below with your
# domain name.
{
debug
email {$LETSENCRYPT_EMAIL_ADDRESS}
acme_ca {$LETSENCRYPT_STAGING:"https://acme-v02.api.letsencrypt.org/directory"}
acme_dns cloudflare {$CLOUDFLARE_API_KEY}
log {
output stderr
format console {
time_format iso8601
time_local
level_format color
}
}
}
https://radarr-4k.{$MY_DOMAIN} {
# Reverse proxy for all requests
reverse_proxy http://radarr-4k-container:7878
tls {
dns cloudflare {$CLOUDFLARE_API_KEY}
resolvers 1.1.1.1 1.0.0.1
}
log radarr-4k {
output file /var/log/caddy-access-radarr-4k.log
format console {
time_format iso8601
time_local
level_format color
}
level INFO
}
}
https://radarr-2k.{$MY_DOMAIN} {
# Reverse proxy for all requests
reverse_proxy http://radarr-2k-container:7878
tls {
dns cloudflare {$CLOUDFLARE_API_KEY}
resolvers 1.1.1.1 1.0.0.1
}
log radarr-2k {
output file /var/log/caddy-access-radarr-2k.log
format console {
time_format iso8601
time_local
level_format color
}
level INFO
}
}
https://sonarr-4k.{$MY_DOMAIN} {
# Reverse proxy for all requests
reverse_proxy http://sonarr-4k-container:8989
tls {
dns cloudflare {$CLOUDFLARE_API_KEY}
resolvers 1.1.1.1 1.0.0.1
}
log sonarr-4k {
output file /var/log/caddy-access-sonarr-4k.log
format console {
time_format iso8601
time_local
level_format color
}
level INFO
}
}
https://sonarr-2k.{$MY_DOMAIN} {
# Reverse proxy for all requests
reverse_proxy http://sonarr-2k-container:8989
tls {
dns cloudflare {$CLOUDFLARE_API_KEY}
resolvers 1.1.1.1 1.0.0.1
}
log sonarr-2k {
output file /var/log/caddy-access-sonarr-2k.log
format console {
time_format iso8601
time_local
level_format color
}
level INFO
}
}
https://lidarr.{$MY_DOMAIN} {
# Reverse proxy for all requests
reverse_proxy http://lidarr-container:8686
tls {
dns cloudflare {$CLOUDFLARE_API_KEY}
resolvers 1.1.1.1 1.0.0.1
}
log lidarr {
output file /var/log/caddy-access-lidarr.log
format console {
time_format iso8601
time_local
level_format color
}
level INFO
}
}
https://lubelogger.{$MY_DOMAIN} {
# Reverse proxy for all requests
reverse_proxy lubelogger-container:8080
tls {
dns cloudflare {$CLOUDFLARE_API_KEY}
resolvers 1.1.1.1 1.0.0.1
}
log lubelogger {
output file /var/log/caddy-access-lubelogger.log
format console {
time_format iso8601
time_local
level_format color
}
level INFO
}
}
https://audiobookshelf.{$MY_DOMAIN} {
# Reverse proxy for all requests
reverse_proxy http://audiobookshelf-container
tls {
dns cloudflare {$CLOUDFLARE_API_KEY}
resolvers 1.1.1.1 1.0.0.1
}
log audiobookshelf {
output file /var/log/caddy-access-audiobookshelf.log
format console {
time_format iso8601
time_local
level_format color
}
level INFO
}
}
https://teslamate.{$MY_DOMAIN} {
handle /grafana* {
encode gzip
# @not-local not remote_ip 192.168.1.0/24 # Exclude LAN IP's
# basic_auth @not-local {
# # username is gf-admin and password is a hash obtained using the caddy hash-password command
# gf-admin $23ihnqbeocbqebfihbadfvnbsrgbsfb
# }
reverse_proxy teslamate-grafana:3000
}
handle {
encode gzip
# @not-local not remote_ip 192.168.1.0/24 # Exclude LAN IP's
# basic_auth @not-local {
# # username is tm-admin and password is a hash obtained using the caddy hash-password command
# tm-admin $vweonqvbqvuabworhuqfvjanefjn
# }
reverse_proxy teslamate-container:4000
}
log teslamate {
output file /var/log/caddy-access-teslamate.log
format console {
time_format iso8601
time_local
level_format color
}
level INFO
}
tls {
dns cloudflare {$CLOUDFLARE_API_KEY}
resolvers 1.1.1.1 1.0.0.1
}
}
5. Links to relevant resources:
This is the contents of the .env file that Caddy references (Cloudflare Token redacted):
PUID=1001
PGID=1001
TZ=America/Denver
LETSENCRYPT_EMAIL_ADDRESS="jim.oltman@gmail.com"
CLOUDFLARE_API_KEY="REDACTED"
MY_DOMAIN="theoltmanfamily.net"
#LETSENCRYPT_STAGING="https://acme-staging-v02.api.letsencrypt.org/directory" # Optionally set to Letsncrypt staging endpoint for testing (https://acme-staging-v02.api.letsencrypt.org/directory) - default is set in Caddyfile to the live endpoint