Struggling to understand this problem


(Johan Draaisma) #1

Hello everyone,

I am hoping someone can help me to get more information on this problem, and to resolve it.

I want to use Caddy for a very simple https:// website.

When I initially created a caddy file and started caddy, under root user account, it worked immediately. My let’s encrypt certificate was there and working wonderfully.

After several weeks I got an email from let’s encrypt that my certificate was about to expire. And indeed, it was not renewing on my caddy server.

So… I stopped caddy server and started it again, hoping it would renew the certificate. It didn’t. Now caddy doesn’t work anymore.

This is one of the error messages I get:

root@blabla# /usr/local/bin/caddy -conf /root/caddyfile
Activating privacy features…2017/10/06 21:45:33 too many renewal attempts; last error: acme: Error 429 - urn:acme:error:rateLimited - Error creating new authz :: Too many invalid authorizations recently.

When I waited an hour and tried again I got an error that the server could not be reached.

There is nothing running on port 80 and 443 that can be in the way:
Proto Recv-Q Send-Q Local Address Foreign Address State User Inode PID/Program name
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 0 10735 616/sshd
tcp6 0 0 :::22 :::* LISTEN 0 10743 616/sshd

That’s all I have. Port 80 shows up for about one second when I start Caddy. Then a few seconds later, port 443 shows up for about one second. Then the error message shows.

My caddy file looks like this:
backup.blabla.nl
root /var/www/
browse

That’s literally it. Nothing more.

The DNS name backup.blabla.nl exists and resolves to the public IP address this server runs on. (obviously I anonymized the address). The server is directly on the Internet and there are no firewalls installed at all. This is as vanilla an installation of Linux on the Internet as you can imagine. Yet… Caddy won’t work with Let’s Encrypt anymore? It did before. It ran for 3 months. Then the Let’s Encrypt certificate expired and now nothing.

How can I find more information to try and resolve this problem…?


(Magikstm) #2

What version of caddy are you using?

On which OS are you using it?


(Johan Draaisma) #3

Hi magikstm, thanks for paying attention.

Caddy 0.10.9 (now - I updated it when it didn’t work - unfortunately the update didn’t fix it either) on Debian Jessie (8.8 currently)

ps; just found out that the old version was 0.10.3.


(Magikstm) #4

Did you have logging enabled on that server? (the -log flag)


(Johan Draaisma) #5

Hi magikstm,

No, I did not. It’s the simplest http thing I could find and wanted to run and I saw no benefit in logging.

What I could do is wait for a while until the rate limiting problem has passed with let’s encrypt (I don’t need the server online immediately - it can wait a while) and then start caddy with the -log ./log.txt flag and see what it logs there and report it back here.


(Johan Draaisma) #6
2017/10/07 10:26:29 [INFO][backup.blabla.nl] acme: Trying renewal with -719 hours remaining
2017/10/07 10:26:29 [INFO][backup.blabla.nl] acme: Obtaining bundled SAN certificate
2017/10/07 10:26:29 [INFO][backup.blabla.nl] AuthURL: https://acme-v01.api.letsencrypt.org/acme/authz/QqA2Y70gHYnUttI7W2QiNYS1X3GW2fMW_cLE-ObVFcI
2017/10/07 10:26:29 [INFO][backup.blabla.nl] acme: Trying to solve TLS-SNI-01
2017/10/07 10:26:33 [ERROR] Renewing: acme: Error 400 - urn:acme:error:connection - Connection refused
Error Detail:
        Validation for backup.blabla.nl:443
        Resolved to:
                5.196.173.55
        Used: 5.196.173.55

; trying again in 10s

(Johan Draaisma) #7

I think I figured it out. The connection refused got me to retracing my steps and it turns out my provider for this machine has implemented a firewall outside of my reach. Contacted them and it should get resolved now. Thank for your time and effort.


(system) #8

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.