Struggling with wildcard certificates

1. Caddy version:


2. How I run Caddy:

Hi! - I am attempting to setup a reverse-proxy using Caddy on Windows to replace an existing IIS reverse-proxy. I run the executable from an elevated command prompt. I got the executable from by choosing Windows amd64 from the drop-down menu, adding a check-mark to the box for dns.providers.route53, and then clicking the download button.

a. System environment:

Microsoft Windows Server 2016 [Version 10.0.14393]

b. Command:

C:\Server\Caddy>caddy_windows_amd64_custom.exe run

d. My complete Caddyfile or JSON config:

* {
	tls {
		dns route53
	respond "It works!"
	log {
		output file C:\Server\Caddy\logs\qualgs_com_access.log {
			roll true               # Rotate logs, enabled by default
			roll_size_mb 5          # Set max size 5 MB
			roll_gzip true          # Whether to compress rolled files
			roll_local_time true    # Use localhost time
			roll_keep 2             # Keep at most 2 log files
			roll_keep_days 7        # Keep log files for 7 days
	header {
		Strict-Transport-Security max-age=31536000;

3. The problem I’m having:

When I run the executable, Caddy seems to be unable to acquire a wildcard SSL certificate from

4. Error messages and/or full log output:

C:\Server\Caddy>caddy_windows_amd64_custom.exe run
2020/10/24 07:04:10.354 e[34mINFOe[0m   using adjacent Caddyfile
2020/10/24 07:04:10.361 e[34mINFOe[0m   admin   admin endpoint started  {"address": "tcp/localhost:2019", "enforce_origin": false, "origins": ["localhost:2019", "[::1]:2019", ""]}
2020/10/24 07:04:10.362 e[34mINFOe[0m   http    server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS {"server_name": "srv0", "https_port": 443}
2020/10/24 07:04:10.362 e[34mINFOe[0m   http    enabling automatic HTTP->HTTPS redirects        {"server_name": "srv0"}
2020/10/24 07:04:10.363 e[34mINFOe[0m   http    enabling automatic TLS certificate management   {"domains": ["*"]}
2020/10/24 07:04:10.370 e[34mINFOe[0m   autosaved config        {"file": "C:\\Users\\Administrator\\AppData\\Roaming\\Caddy\\autosave.json"}
2020/10/24 07:04:10.456 e[34mINFOe[0m   serving initial configuration
2020/10/24 07:04:10.382 e[34mINFOe[0m   tls     cleaned up storage units
2020/10/24 07:04:10.377 e[34mINFOe[0m   tls.cache.maintenance   started background certificate maintenance      {"cache": "0xc00045c700"}
2020/10/24 07:04:10.497 e[34mINFOe[0m   tls.obtain      acquiring lock  {"identifier": "*"}
2020/10/24 07:04:10.565 e[34mINFOe[0m   tls.obtain      lock acquired   {"identifier": "*"}
2020/10/24 07:04:10.569 e[34mINFOe[0m   tls.issuance.acme       waiting on internal rate limiter    {"identifiers": ["*"]}
2020/10/24 07:04:10.569 e[34mINFOe[0m   tls.issuance.acme       done waiting on internal rate limiter   {"identifiers": ["*"]}
2020/10/24 07:04:11.231 e[34mINFOe[0m   tls.issuance.acme.acme_client   trying to solve challenge   {"identifier": "*", "challenge_type": "dns-01", "ca": ""}
2020/10/24 07:04:11.483 e[31mERRORe[0m  tls.issuance.acme.acme_client   cleaning up solver      {"identifier": "*", "challenge_type": "dns-01", "error": "no memory of presenting a DNS record for (probably OK if presenting failed)"}
2020/10/24 07:04:11.575 e[31mERRORe[0m  tls.obtain      will retry      {"error": "[*] Obtain: [*] solving challenges: presenting for challenge: adding temporary record for zone NoCredentialProviders: no valid providers in chain. Deprecated.\n\tFor verbose messaging see aws.Config.CredentialsChainVerboseErrors (order= (ca=", "attempt": 1, "retrying_in": 60, "elapsed": 1.0065555, "max_duration": 2592000}
2020/10/24 07:04:16.771 e[34mINFOe[0m   shutting down   {"signal": "SIGINT"}
2020/10/24 07:04:16.773 e[34mINFOe[0m   tls.cache.maintenance   stopped background certificate maintenance      {"cache": "0xc00045c700"}
2020/10/24 07:04:16.774 e[34mINFOe[0m   tls.obtain      releasing lock  {"identifier": "*"}
2020/10/24 07:04:16.776 e[31mERRORe[0m  tls.obtain      unable to unlock        {"identifier": "*", "lock_key": "cert_acme_*", "error": "remove C:\\Users\\Administrator\\AppData\\Roaming\\Caddy\\locks\\ The system cannot find the file specified."}
2020/10/24 07:04:16.777 e[31mERRORe[0m  tls     job failed      {"error": "* obtaining certificate: context canceled"}
2020/10/24 07:04:16.779 e[34mINFOe[0m   admin   stopped previous server
2020/10/24 07:04:16.782 e[34mINFOe[0m   shutdown done   {"signal": "SIGINT"}

5. What I already tried:

If I replace the wildcard domain (* with the naked domain ( in the Caddyfile, then a certificate is issued successfully. I suspect I have miss-configured the Caddyfile, but my attempts at googling and trial-and-error have not discovered the problem.

Hmm. You didn’t specify your API key for it (unless you omitted it), you’re meant to pass that as the next argument beside dns route53 in your Caddyfile. I think that’s what the NoCredentialProviders error is trying to tell you.

This topic was automatically closed after 30 days. New replies are no longer allowed.