1. Caddy version:
v2.2.1
2. How I run Caddy:
Hi! - I am attempting to setup a reverse-proxy using Caddy on Windows to replace an existing IIS reverse-proxy. I run the executable from an elevated command prompt. I got the executable from caddyserver.com by choosing Windows amd64 from the drop-down menu, adding a check-mark to the box for dns.providers.route53, and then clicking the download button.
a. System environment:
Microsoft Windows Server 2016 [Version 10.0.14393]
b. Command:
C:\Server\Caddy>caddy_windows_amd64_custom.exe run
d. My complete Caddyfile or JSON config:
*.qualgs.com {
tls {
dns route53
}
respond "It works!"
log {
output file C:\Server\Caddy\logs\qualgs_com_access.log {
roll true # Rotate logs, enabled by default
roll_size_mb 5 # Set max size 5 MB
roll_gzip true # Whether to compress rolled files
roll_local_time true # Use localhost time
roll_keep 2 # Keep at most 2 log files
roll_keep_days 7 # Keep log files for 7 days
}
}
header {
Strict-Transport-Security max-age=31536000;
}
}
3. The problem I’m having:
When I run the executable, Caddy seems to be unable to acquire a wildcard SSL certificate from letsencrypt.org
4. Error messages and/or full log output:
C:\Server\Caddy>caddy_windows_amd64_custom.exe run
2020/10/24 07:04:10.354 e[34mINFOe[0m using adjacent Caddyfile
2020/10/24 07:04:10.361 e[34mINFOe[0m admin admin endpoint started {"address": "tcp/localhost:2019", "enforce_origin": false, "origins": ["localhost:2019", "[::1]:2019", "127.0.0.1:2019"]}
2020/10/24 07:04:10.362 e[34mINFOe[0m http server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS {"server_name": "srv0", "https_port": 443}
2020/10/24 07:04:10.362 e[34mINFOe[0m http enabling automatic HTTP->HTTPS redirects {"server_name": "srv0"}
2020/10/24 07:04:10.363 e[34mINFOe[0m http enabling automatic TLS certificate management {"domains": ["*.qualgs.com"]}
2020/10/24 07:04:10.370 e[34mINFOe[0m autosaved config {"file": "C:\\Users\\Administrator\\AppData\\Roaming\\Caddy\\autosave.json"}
2020/10/24 07:04:10.456 e[34mINFOe[0m serving initial configuration
2020/10/24 07:04:10.382 e[34mINFOe[0m tls cleaned up storage units
2020/10/24 07:04:10.377 e[34mINFOe[0m tls.cache.maintenance started background certificate maintenance {"cache": "0xc00045c700"}
2020/10/24 07:04:10.497 e[34mINFOe[0m tls.obtain acquiring lock {"identifier": "*.qualgs.com"}
2020/10/24 07:04:10.565 e[34mINFOe[0m tls.obtain lock acquired {"identifier": "*.qualgs.com"}
2020/10/24 07:04:10.569 e[34mINFOe[0m tls.issuance.acme waiting on internal rate limiter {"identifiers": ["*.qualgs.com"]}
2020/10/24 07:04:10.569 e[34mINFOe[0m tls.issuance.acme done waiting on internal rate limiter {"identifiers": ["*.qualgs.com"]}
2020/10/24 07:04:11.231 e[34mINFOe[0m tls.issuance.acme.acme_client trying to solve challenge {"identifier": "*.qualgs.com", "challenge_type": "dns-01", "ca": "https://acme-v02.api.letsencrypt.org/directory"}
2020/10/24 07:04:11.483 e[31mERRORe[0m tls.issuance.acme.acme_client cleaning up solver {"identifier": "*.qualgs.com", "challenge_type": "dns-01", "error": "no memory of presenting a DNS record for qualgs.com (probably OK if presenting failed)"}
2020/10/24 07:04:11.575 e[31mERRORe[0m tls.obtain will retry {"error": "[*.qualgs.com] Obtain: [*.qualgs.com] solving challenges: presenting for challenge: adding temporary record for zone qualgs.com.: NoCredentialProviders: no valid providers in chain. Deprecated.\n\tFor verbose messaging see aws.Config.CredentialsChainVerboseErrors (order=https://acme-v02.api.letsencrypt.org/acme/order/99695345/5845534623) (ca=https://acme-v02.api.letsencrypt.org/directory)", "attempt": 1, "retrying_in": 60, "elapsed": 1.0065555, "max_duration": 2592000}
2020/10/24 07:04:16.771 e[34mINFOe[0m shutting down {"signal": "SIGINT"}
2020/10/24 07:04:16.773 e[34mINFOe[0m tls.cache.maintenance stopped background certificate maintenance {"cache": "0xc00045c700"}
2020/10/24 07:04:16.774 e[34mINFOe[0m tls.obtain releasing lock {"identifier": "*.qualgs.com"}
2020/10/24 07:04:16.776 e[31mERRORe[0m tls.obtain unable to unlock {"identifier": "*.qualgs.com", "lock_key": "cert_acme_*.qualgs.com_acme-v02.api.letsencrypt.org-directory", "error": "remove C:\\Users\\Administrator\\AppData\\Roaming\\Caddy\\locks\\cert_acme_wildcard_.qualgs.com_acme-v02.api.letsencrypt.org-directory.lock: The system cannot find the file specified."}
2020/10/24 07:04:16.777 e[31mERRORe[0m tls job failed {"error": "*.qualgs.com: obtaining certificate: context canceled"}
2020/10/24 07:04:16.779 e[34mINFOe[0m admin stopped previous server
2020/10/24 07:04:16.782 e[34mINFOe[0m shutdown done {"signal": "SIGINT"}
5. What I already tried:
If I replace the wildcard domain (*.qualgs.com) with the naked domain (qualgs.com) in the Caddyfile, then a certificate is issued successfully. I suspect I have miss-configured the Caddyfile, but my attempts at googling and trial-and-error have not discovered the problem.