1. The problem I’m having:
Certificates will not auto-renew due to a domain name not found with the Namecheap DNS plugin. This error has never been a problem in the past with this Caddyfile, so I have no idea what’s going on. I also haven’t seen any changes that have been made since Caddy 2.8 that would cause this problem.
2. Error messages and/or full log output:
Dec 28 12:48:26 homeserver caddy\[70671\]: {“level”:“info”,“ts”:1766951306.9181063,“msg”:“trying to solve challenge”,“identifier”:“cmms.famdam.top”,“challenge
\_type”:“dns-01”,“ca”:“https://acme-v02.api.letsencrypt.org/directory”}
Dec 28 12:48:26 homeserver caddy\[70671\]: {“level”:“debug”,“ts”:1766951306.9242563,“msg”:“http request”,“method”:“POST”,“url”:“https://acme-v02.api.letsencry
pt.org/acme/authz/2237117955/634470351906",“headers”:{“Content-Type”:[“application/jose+json”],“User-Agent”:["Caddy/2.10.2 CertMagic acmez (linux; amd64)”\]}
,“response_headers”:{“Boulder-Requester”:\[“2237117955”\],“Cache-Control”:\[“public, max-age=0, no-cache”\],“Content-Length”:\[“828”\],“Content-Type”:\[“applicatio
n/json”\],“Date”:\[“Sun, 28 Dec 2025 19:48:26 GMT”\],“Link”:\[“<https://acme-v02.api.letsencrypt.org/directory>;rel="index"”\],“Replay-Nonce”:\[“IijzadlS2huqy2r
RnNNz_h5urkkuIIYES8tz2lSCuMDbMn9AvaM”\],“Server”:\[“nginx”\],“Strict-Transport-Security”:\[“max-age=604800”\],“X-Frame-Options”:\[“DENY”\]},“status_code”:200}
Dec 28 12:48:26 homeserver caddy\[70671\]: {“level”:“debug”,“ts”:1766951306.9245346,“msg”:“no solver configured”,“challenge_type”:“tls-alpn-01”}
Dec 28 12:48:26 homeserver caddy\[70671\]: {“level”:“info”,“ts”:1766951306.924571,“msg”:“trying to solve challenge”,“identifier”:“wireguard.famdam.top”,“chall
enge_type”:“dns-01”,“ca”:“https://acme-v02.api.letsencrypt.org/directory”}
Dec 28 12:48:27 homeserver caddy\[70671\]: {“level”:“error”,“ts”:1766951307.316902,“logger”:“dynamic_dns”,“msg”:“unable to lookup current IPs from DNS records
“,“error”:“namecheap api returned error in response. Err: Error0: Domain name not found\\t”}
Dec 28 12:48:27 homeserver caddy\[70671\]: {“level”:“debug”,“ts”:1766951307.3169234,“logger”:“dynamic_dns”,“msg”:“looked up current IPs from DNS”,“lastIPs”:nu
ll}
Dec 28 12:48:27 homeserver caddy\[70671\]: {“level”:“debug”,“ts”:1766951307.4036417,“logger”:“dynamic_dns.ip_sources.simple_http”,“msg”:“lookup”,“type”:“IPv4”
,“endpoint”:“https://icanhazip.com”,“ip”:“207.204.57.77”}
Dec 28 12:48:27 homeserver caddy\[70671\]: {“level”:“info”,“ts”:1766951307.4036727,“logger”:“dynamic_dns”,“msg”:“updating DNS record”,“zone”:“famdam.top”,“typ
e”:“A”,“name”:”@”,“ip”:“207.204.57.77”,“ttl”:0}
Dec 28 12:48:27 homeserver caddy\[70671\]: {“level”:“error”,“ts”:1766951307.5790465,“logger”:“dynamic_dns”,“msg”:“failed setting DNS record(s) with new IP add
ress(es)”,“zone”:“famdam.top”,“error”:“namecheap api returned error in response. Err: Error0: Domain name not found\\t”}
Dec 28 12:48:27 homeserver caddy\[70671\]: {“level”:“info”,“ts”:1766951307.5791023,“logger”:“dynamic_dns”,“msg”:“finished updating DNS”,“current_ips”:\[“207.20
4.57.77”\]}
Dec 28 12:49:42 homeserver caddy\[70671\]: {“level”:“debug”,“ts”:1766951382.2104208,“logger”:“events”,“msg”:“event”,“name”:“tls_get_certificate”,“id”:“b50c7f5
f-8489-40f5-8946-779a30eb22c1”,“origin”:“tls”,“data”:{“client_hello”:{“CipherSuites”:\[4865,4867,4866,49195,49199,52393,52392,49196,49200,49162,49161,49171,4
9172,156,157,47,53\],“ServerName”:“vaultwarden.famdam.top”,“SupportedCurves”:\[4588,29,23,24,25,256,257\],“SupportedPoints”:“AA==”,“SignatureSchemes”:\[1027,128
3,1539,2052,2053,2054,1025,1281,1537,515,513\],“SupportedProtos”:\[“h2”,“http/1.1”\],“SupportedVersions”:\[772,771\],“RemoteAddr”:{“IP”:“192.168.1.63”,“Port”:370
14,“Zone”:“”},“LocalAddr”:{“IP”:“192.168.1.60”,“Port”:443,“Zone”:“”}}}}
Dec 28 12:49:42 homeserver caddy\[70671\]: {“level”:“debug”,“ts”:1766951382.21051,“logger”:“tls.handshake”,“msg”:“choosing certificate”,“identifier”:“vaultwar
den.famdam.top”,“num_choices”:1}
Dec 28 12:49:42 homeserver caddy\[70671\]: {“level”:“debug”,“ts”:1766951382.210515,“logger”:“tls.handshake”,“msg”:“default certificate selection results”,“ide
ntifier”:“vaultwarden.famdam.top”,“subjects”:\[“vaultwarden.famdam.top”\],“managed”:true,“issuer_key”:“acme-v02.api.letsencrypt.org-directory”,“hash”:“3154678
d0da2c573549e5c996f293bf4feeb955b8eeeae975a109d10fabe373b”}
Dec 28 12:49:42 homeserver caddy\[70671\]: {“level”:“debug”,“ts”:1766951382.2105215,“logger”:“tls.handshake”,“msg”:“matched certificate in cache”,“remote_ip”:
“192.168.1.63”,“remote_port”:“37014”,“subjects”:\[“vaultwarden.famdam.top”\],“managed”:true,“expiration”:1766899033,“hash”:“3154678d0da2c573549e5c996f293bf4fe
eb955b8eeeae975a109d10fabe373b”}
Dec 28 12:49:42 homeserver caddy\[70671\]: {“level”:“debug”,“ts”:1766951382.215025,“logger”:“http.stdlib”,“msg”:“http: TLS handshake error from 192.168.1.63:3
7014: remote error: tls: expired certificate”}
Dec 28 12:49:47 homeserver caddy\[70671\]: {“level”:“error”,“ts”:1766951387.501337,“msg”:“cleaning up solver”,“identifier”:“test.famdam.top”,“challenge_type”:
“dns-01”,“error”:“no memory of presenting a DNS record for "*acme-challenge.test.famdam.top" (usually OK if presenting also failed)“,“stacktrace”:“github.
com/mholt/acmez/v3.(\*Client).solveChallenges.func1\\n\\tgithub.com/mholt/acmez/v3@v3.1.2/client.go:318\\ngithub.com/mholt/acmez/v3.(\*Client).solveChallenges\\n*
tgithub.com/mholt/acmez/v3@v3.1.2/client.go:363 *\\ngithub.com/mholt/acmez/v3.(\*Client).ObtainCertificate\\n\\tgithub.com/mholt/acmez/v3@v3.1.2/client.go:136\\ngi
thub.com/caddyserver/certmagic.(*ACMEIssuer).doIssue\\n\\tgithub.com/caddyserver/certmagic@v0.24.0/acmeissuer.go:489\\ngithub.com/caddyserver/certmagic.(\*ACMEI
ssuer).Issue\\n\\tgithub.com/caddyserver/certmagic@v0.24.0/acmeissuer.go:382\\ngithub.com/caddyserver/caddy/v2/modules/caddytls.(\*ACMEIssuer).Issue\\n\\tgithub.c
om/caddyserver/caddy/v2@v2.10.2/modules/caddytls/acmeissuer.go:288\\ngithub.com/caddyserver/certmagic.(\*Config).renewCert.func2\\n\\tgithub.com/caddyserver/cer
tmagic@v0.24.0/config.go:906\\ngithub.com/caddyserver/certmagic.doWithRetry\\n\\tgithub.com/caddyserver/certmagic@v0.24.0/async.go:104\\ngithub.com/caddyserver/
certmagic.(\*Config).renewCert\\n\\tgithub.com/caddyserver/certmagic@v0.24.0/config.go:982\\ngithub.com/caddyserver/certmagic.(\*Config).RenewCertAsync\\n\\tgithub
.com/caddyserver/certmagic@v0.24.0/config.go:768\\ngithub.com/caddyserver/certmagic.(\*Config).manageOne.func2\\n\\tgithub.com/caddyserver/certmagic@v0.24.0/con
fig.go:469\\ngithub.com/caddyserver/certmagic.(\*jobManager).worker\\n\\tgithub.com/caddyserver/certmagic@v0.24.0/async.go:73”}
Dec 28 12:49:47 homeserver caddy\[70671\]: {“level”:“debug”,“ts”:1766951387.6451786,“msg”:“http request”,“method”:“POST”,“url”:“https://acme-v02.api.letsencry
pt.org/acme/authz/2237117955/634470350626",“headers”:{“Content-Type”:[“application/jose+json”],“User-Agent”:["Caddy/2.10.2 CertMagic acmez (linux; amd64)”\]}
,“response_headers”:{“Boulder-Requester”:\[“2237117955”\],“Cache-Control”:\[“public, max-age=0, no-cache”\],“Content-Length”:\[“827”\],“Content-Type”:\[“applicatio
n/json”\],“Date”:\[“Sun, 28 Dec 2025 19:49:47 GMT”\],“Link”:\[“<https://acme-v02.api.letsencrypt.org/directory>;rel="index"”\],“Replay-Nonce”:\[“IijzadlS2m65yeh
KO_uprG1NmtjwfdfF8EmIZXCwj-Z3_eVyaFE”\],“Server”:\[“nginx”\],“Strict-Transport-Security”:\[“max-age=604800”\],“X-Frame-Options”:\[“DENY”\]},“status_code”:200}
Dec 28 12:49:47 homeserver caddy\[70671\]: {“level”:“error”,“ts”:1766951387.6454473,“logger”:“tls.renew”,“msg”:“could not get certificate from issuer”,“identi
fier”:“test.famdam.top”,“issuer”:“acme-v02.api.letsencrypt.org-directory”,“error”:”\[test.famdam.top\] solving challenges: presenting for challenge: adding te
mporary record for zone "famdam.top.": namecheap api returned error in response. Err: Error0: Domain name not found\\t (order=https://acme-v02.api.letsencr
ypt.org/acme/order/2237117955/463690914896) (ca=https://acme-v02.api.letsencrypt.org/directory)“}
Dec 28 12:49:47 homeserver caddy\[70671\]: {“level”:“debug”,“ts”:1766951387.645509,“logger”:“events”,“msg”:“event”,“name”:“cert_failed”,“id”:“d7793237-60c7-4f
fb-88a2-e97342c5bf39”,“origin”:“tls”,“data”:{“error”:{},“identifier”:“test.famdam.top”,“issuers”:\[“acme-v02.api.letsencrypt.org-directory”\],“remaining”:-521
80214280883,“renewal”:true}}
Dec 28 12:49:47 homeserver caddy\[70671\]: {“level”:“error”,“ts”:1766951387.6455784,“logger”:“tls.renew”,“msg”:“will retry”,“error”:”\[test.famdam.top\] Renew:
\[test.famdam.top\] solving challenges: presenting for challenge: adding temporary record for zone "famdam.top.": namecheap api returned error in response.
Err: Error0: Domain name not found\\t (order=https://acme-v02.api.letsencrypt.org/acme/order/2237117955/463690914896) (ca=https://acme-v02.api.letsencrypt.or
g/directory)“,“attempt”:1,“retrying_in”:60,“elapsed”:81.43156507,“max_duration”:2592000}
Dec 28 12:49:51 homeserver caddy\[70671\]: {“level”:“debug”,“ts”:1766951391.5901477,“logger”:“http.stdlib”,“msg”:“http: TLS handshake error from 198.235.24.21
4:50591: tls: client offered only unsupported versions: \[302 301\]”}
Dec 28 12:50:27 homeserver caddy\[70671\]: {“level”:“error”,“ts”:1766951427.078247,“msg”:“cleaning up solver”,“identifier”:“famdam.top”,“challenge_type”:“dns-
01”,“error”:“no memory of presenting a DNS record for "acme-challenge.famdam.top" (usually OK if presenting also failed)“,“stacktrace”:“* github.com/mholt/*
acmez/v3.(\*Client).solveChallenges.func1\\n\\tgithub.com/mholt/acmez/v3@v3.1.2/client.go:318\\ngithub.com/mholt/acmez/v3.(\*Client).solveChallenges\\n\\tgithub.co
m/mholt/acmez/v3@v3.1.2/client.go:363\\ngithub.com/mholt/acmez/v3.(\*Client).ObtainCertificate\\n\\tgithub.com/mholt/acmez/v3@v3.1.2/client.go:136\\ngithub.com/c
addyserver/certmagic.(\*ACMEIssuer).doIssue\\n\\tgithub.com/caddyserver/certmagic@v0.24.0/acmeissuer.go:489\\ngithub.com/caddyserver/certmagic.(\*ACMEIssuer).Iss
ue\\n\\tgithub.com/caddyserver/certmagic@v0.24.0/acmeissuer.go:382\\ngithub.com/caddyserver/caddy/v2/modules/caddytls.(\*ACMEIssuer).Issue\\n\\tgithub.com/caddyse
rver/caddy/v2@v2.10.2/modules/caddytls/acmeissuer.go:288\\ngithub.com/caddyserver/certmagic.(\*Config).renewCert.func2\\n\\tgithub.com/caddyserver/certmagic@v0.
24.0/config.go:906\\ngithub.com/caddyserver/certmagic.doWithRetry\\n\\tgithub.com/caddyserver/certmagic@v0.24.0/async.go:104\\ngithub.com/caddyserver/certmagic.
(\*Config).renewCert\\n\\tgithub.com/caddyserver/certmagic@v0.24.0/config.go:982\\ngithub.com/caddyserver/certmagic.(\*Config).RenewCertAsync\\n\\tgithub.com/caddy
server/certmagic@v0.24.0/config.go:768\\ngithub.com/caddyserver/certmagic.(\*Config).manageOne.func2\\n\\tgithub.com/caddyserver/certmagic@v0.24.0/config.go:469
\\ngithub.com/caddyserver/certmagic.(\*jobManager).worker\\n\\tgithub.com/caddyserver/certmagic@v0.24.0/async.go:73”}
Dec 28 12:50:27 homeserver caddy\[70671\]: {“level”:“debug”,“ts”:1766951427.2065034,“msg”:“http request”,“method”:“POST”,“url”:“https://acme-v02.api.letsencry
pt.org/acme/authz/2237117955/634470350756",“headers”:{“Content-Type”:[“application/jose+json”],“User-Agent”:["Caddy/2.10.2 CertMagic acmez (linux; amd64)”\]}
,“response_headers”:{“Boulder-Requester”:\[“2237117955”\],“Cache-Control”:\[“public, max-age=0, no-cache”\],“Content-Length”:\[“822”\],“Content-Type”:\[“applicatio
n/json”\],“Date”:\[“Sun, 28 Dec 2025 19:50:27 GMT”\],“Link”:\[“<https://acme-v02.api.letsencrypt.org/directory>;rel="index"”\],“Replay-Nonce”:\[“GxwILcG0QJQGjaC
1A2CAou_49rbHpVF1rxTIIbSAors82vzznnI”\],“Server”:\[“nginx”\],“Strict-Transport-Security”:\[“max-age=604800”\],“X-Frame-Options”:\[“DENY”\]},“status_code”:200}
Dec 28 12:50:27 homeserver caddy\[70671\]: {“level”:“error”,“ts”:1766951427.20695,“logger”:“tls.renew”,“msg”:“could not get certificate from issuer”,“identifi
er”:“famdam.top”,“issuer”:“acme-v02.api.letsencrypt.org-directory”,“error”:”\[famdam.top\] solving challenges: presenting for challenge: adding temporary reco
rd for zone "famdam.top.": namecheap api returned error in response. Err: Error0: Domain name not found\\t (order=https://acme-v02.api.letsencrypt.org/acme
/order/2237117955/463690915016) (ca=https://acme-v02.api.letsencrypt.org/directory)“}
Dec 28 12:50:27 homeserver caddy\[70671\]: {“level”:“debug”,“ts”:1766951427.2070315,“logger”:“events”,“msg”:“event”,“name”:“cert_failed”,“id”:“73034bea-dcbf-4
c13-9bb4-38557193541d”,“origin”:“tls”,“data”:{“error”:{},“identifier”:“famdam.top”,“issuers”:\[“acme-v02.api.letsencrypt.org-directory”\],“remaining”:-5222021
4657095,“renewal”:true}}
Dec 28 12:50:27 homeserver caddy\[70671\]: {“level”:“error”,“ts”:1766951427.2070892,“logger”:“tls.renew”,“msg”:“will retry”,“error”:”\[famdam.top\] Renew: \[famd
am.top\] solving challenges: presenting for challenge: adding temporary record for zone "famdam.top.": namecheap api returned error in response. Err: Error
0: Domain name not found\\t (order=https://acme-v02.api.letsencrypt.org/acme/order/2237117955/463690915016) (ca=https://acme-v02.api.letsencrypt.org/director
y)",“attempt”:1,“retrying_in”:60,“elapsed”:120.992838384,“max_duration”:2592000}
Dec 28 12:50:47 homeserver caddy\[70671\]: {“level”:“info”,“ts”:1766951447.6469228,“logger”:“tls.renew”,“msg”:“renewing certificate”,“identifier”:“test.famdam
.top”,“remaining”:-52321.64691117}
Dec 28 12:50:47 homeserver caddy\[70671\]: {“level”:“debug”,“ts”:1766951447.6470153,“logger”:“events”,“msg”:“event”,“name”:“cert_obtaining”,“id”:“0da15062-3fb
4-4dd5-af97-027ed6768ab4”,“origin”:“tls”,“data”:{“forced”:false,“identifier”:“test.famdam.top”,“issuer”:“acme-v02.api.letsencrypt.org-directory”,“remaining”
:-52321646911170,“renewal”:true}}
Dec 28 12:50:47 homeserver caddy\[70671\]: {“level”:“debug”,“ts”:1766951447.6472313,“logger”:“tls”,“msg”:“created CSR”,“identifiers”:\[“test.famdam.top”\],"san*
dns_names”:\[“test.famdam.top”\],“san_emails”:\[\],“common_name”:”“,“extra_extensions”:0}
Dec 28 12:50:47 homeserver caddy\[70671\]: {“level”:“debug”,“ts”:1766951447.6488776,“logger”:“http”,“msg”:“using existing ACME account because key found in st
orage associated with email”,“email”:“default”,“ca”:“https://acme-v02.api.letsencrypt.org/directory”}
Dec 28 12:50:47 homeserver caddy\[70671\]: {“level”:“debug”,“ts”:1766951447.6493444,“logger”:“http”,“msg”:“using existing ACME account because key found in st
orage associated with email”,“email”:”“,“ca”:“https://acme-staging-v02.api.letsencrypt.org/directory”}
Dec 28 12:50:47 homeserver caddy\[70671\]: {“level”:“info”,“ts”:1766951447.6493893,“logger”:“http”,“msg”:“using ACME account”,“account_id”:“https://acme-stagi
ng-v02.api.letsencrypt.org/acme/acct/185625174","account_contact”:\[\]}
Dec 28 12:50:47 homeserver caddy\[70671\]: {“level”:“debug”,“ts”:1766951447.7872171,“msg”:“http request”,“method”:“GET”,“url”:“https://acme-staging-v02.api.le
tsencrypt.org/directory",“headers”:{“User-Agent”:["Caddy/2.10.2 CertMagic acmez (linux; amd64)”\]},“response_headers”:{“Cache-Control”:\[“public, max-age=0, n
o-cache”\],“Content-Length”:\[“1107”\],“Content-Type”:\[“application/json”\],“Date”:\[“Sun, 28 Dec 2025 19:50:47 GMT”\],“Server”:\[“nginx”\],“Strict-Transport-Securi
ty”:\[“max-age=604800”\],“X-Frame-Options”:\[“DENY”\]},“status_code”:200}
Dec 28 12:50:47 homeserver caddy\[70671\]: {“level”:“debug”,“ts”:1766951447.7874355,“msg”:“creating order”,“account”:“https://acme-staging-v02.api.letsencrypt
.org/acme/acct/185625174”,“identifiers”:\[“test.famdam.top”\]}
Dec 28 12:50:47 homeserver caddy\[70671\]: {“level”:“debug”,“ts”:1766951447.8823273,“msg”:“http request”,“method”:“HEAD”,“url”:“https://acme-staging-v02.api.l
etsencrypt.org/acme/new-nonce",“headers”:{“User-Agent”:["Caddy/2.10.2 CertMagic acmez (linux; amd64)”\]},“response_headers”:{“Cache-Control”:\[“public, max-ag
e=0, no-cache”\],“Date”:\[“Sun, 28 Dec 2025 19:50:47 GMT”\],“Link”:\[“<https://acme-staging-v02.api.letsencrypt.org/directory>;rel="index"”\],“Replay-Nonce”:\[”
0t1BB3M7gbmukxz-5PFTgZvRtc-I7q5XXILPrIu560mxalLSQOI"\],“Server”:\[“nginx”\],“Strict-Transport-Security”:\[“max-age=604800”\],“X-Frame-Options”:\[“DENY”\]},"status
code”:200}
Dec 28 12:50:47 homeserver caddy\[70671\]: {“level”:“debug”,“ts”:1766951447.9260323,“msg”:“http request”,“method”:“POST”,“url”:“https://acme-staging-v02.api.l
etsencrypt.org/acme/new-order",“headers”:{“Content-Type”:[“application/jose+json”],“User-Agent”:["Caddy/2.10.2 CertMagic acmez (linux; amd64)”\]},“response_h
eaders”:{“Boulder-Requester”:\[“185625174”\],“Cache-Control”:\[“public, max-age=0, no-cache”\],“Content-Length”:\[“361”\],“Content-Type”:\[“application/json”\],“Dat
e”:\[“Sun, 28 Dec 2025 19:50:47 GMT”\],“Link”:\[“<https://acme-staging-v02.api.letsencrypt.org/directory>;rel="index"”\],“Location”:\[“https://acme-staging-v02
.api.letsencrypt.org/acme/order/185625174/29978095773”\],“Replay-Nonce”:\[“0t1BB3M7J-U2TtCcKYRnddz1l_Uvb4e08_zxK7qOp-xE1h0uPa0”\],“Server”:\[“nginx”\],“Strict-Tr
ansport-Security”:\[“max-age=604800”\],“X-Frame-Options”:\[“DENY”\]},“status_code”:201}
Dec 28 12:50:47 homeserver caddy\[70671\]: {“level”:“debug”,“ts”:1766951447.9630847,“msg”:“http request”,“method”:“POST”,“url”:“https://acme-staging-v02.api.l
etsencrypt.org/acme/authz/185625174/20923664153",“headers”:{“Content-Type”:[“application/jose+json”],“User-Agent”:["Caddy/2.10.2 CertMagic acmez (linux; amd
64)”\]},“response_headers”:{“Boulder-Requester”:\[“185625174”\],“Cache-Control”:\[“public, max-age=0, no-cache”\],“Content-Length”:\[“841”\],“Content-Type”:\[“appli
cation/json”\],“Date”:\[“Sun, 28 Dec 2025 19:50:47 GMT”\],“Link”:\[“<https://acme-staging-v02.api.letsencrypt.org/directory>;rel="index"”\],“Replay-Nonce”:\[“0t
1BB3M7qelHAP_jM4saRpXljti7dtRypOQY9u-JzmLwUKZduho”\],“Server”:\[“nginx”\],“Strict-Transport-Security”:\[“max-age=604800”\],“X-Frame-Options”:\[“DENY”\]},“status_co
de”:200}
Dec 28 12:50:47 homeserver caddy\[70671\]: {“level”:“debug”,“ts”:1766951447.9633846,“msg”:“no solver configured”,“challenge_type”:“tls-alpn-01”}
Dec 28 12:50:47 homeserver caddy\[70671\]: {“level”:“info”,“ts”:1766951447.9634116,“msg”:“trying to solve challenge”,“identifier”:“test.famdam.top”,“challenge
\_type”:“dns-01”,“ca”:“https://acme-staging-v02.api.letsencrypt.org/directory”}
3. Caddy version:
v2.10.2 h1:g/gTYjGMD0dec+UgMw8SnfmJ3I9+M2TdvoRL/Ovu6U8=
4. How I installed and ran Caddy:
xcaddy build --with github.com/caddy-dns/namecheap --with github.com/mholt/caddy-dynamicdns -- with github.com/hslatman/caddy-crowdsec-bouncer
a. System environment:
Arch Linux using linux-hardened kernel, x86_64
Rootless Podman
b. Command:
systemctl --user start caddy.socket
c. Service/unit/compose file:
[Unit]
Wants=podman-user-wait-network-online.service
After=podman-user-wait-network-online.service
AssertPathExists=%h/.local/share/containers/storage/caddy/Caddyfile
SourcePath=/home/riley/.config/containers/systemd/caddy.container
RequiresMountsFor=%t/containers
Requires=dns-network.service
After=dns-network.service
Requires=vaultwarden-network.service
After=vaultwarden-network.service
Requires=ts-net-network.service
After=ts-net-network.service
Requires=immich-network.service
After=immich-network.service
Requires=radicale-network.service
After=radicale-network.service
Requires=crowdsec-network.service
After=crowdsec-network.service
Requires=atlas-cmms-network.service
After=atlas-cmms-network.service
RequiresMountsFor=/srv/www
[X-Container]
ContainerName=caddy
Image=docker.io/library/caddy
Exec=/usr/bin/caddy run --config /etc/caddy/Caddyfile
Environment=EMAIL=rileymotter@protonmail.com
Environment=LOG_FILE=/data/access.log
Secret=NAMECHEAP_API_KEY,type=env,target=NAMECHEAP_API_KEY
Secret=NAMECHEAP_API_USER,type=env,target=NAMECHEAP_API_USER
Secret=CROWDSEC_API_KEY,type=env,target=CROWDSEC_API_KEY
Volume=%h/.local/share/containers/storage/caddy/caddy:/usr/bin/caddy
Volume=%h/.local/share/containers/storage/caddy/Caddyfile:/etc/caddy/Caddyfile
Volume=%h/.local/share/containers/storage/caddy/caddy-config:/config
Volume=%h/.local/share/containers/storage/caddy/caddy-data:/data
Volume=%h/.local/share/containers/storage/caddy/log.d:/data/log.d
Volume=/srv/www:/srv/www:ro
Notify=true
Memory=256m
Network=dns.network
AddHost=pihole:172.17.0.5
AddHost=unbound:172.17.0.20
Network=vaultwarden.network
AddHost=vaultwarden:172.19.0.5
Network=ts-net.network
AddHost=ts3-server:172.20.0.10
Network=immich.network
AddHost=immich-infra:10.89.1.21
Network=radicale.network
AddHost=radicale:10.89.2.3
Network=crowdsec.network
AddHost=crowdsec:10.89.0.4
Network=atlas-cmms.network
AddHost=atlas-cmms-infra:10.89.5.21
[Install]
WantedBy=default.target
[Service]
#Restart=always
ExecReload=/usr/bin/podman exec caddy /usr/bin/caddy reload --config /etc/caddy/Caddyfile --force
Environment=PODMAN_SYSTEMD_UNIT=%n
KillMode=mixed
ExecStop=/usr/bin/podman rm -v -f -i caddy
ExecStopPost=-/usr/bin/podman rm -v -f -i caddy
Delegate=yes
Type=notify
NotifyAccess=all
SyslogIdentifier=%N
ExecStart=/usr/bin/podman run --name caddy --replace --rm --cgroups=split --memory 256m --add-host pihole:172.17.0.5 --add-host unbound:172.17.0.20 --add-ho
st vaultwarden:172.19.0.5 --add-host ts3-server:172.20.0.10 --add-host immich-infra:10.89.1.21 --add-host radicale:10.89.2.3 --add-host crowdsec:10.89.0.4 -
-add-host atlas-cmms-infra:10.89.5.21 --network dns --network vaultwarden --network ts-net --network immich --network radicale --network crowdsec --network
atlas-cmms --sdnotify=container -d -v %h/.local/share/containers/storage/caddy/caddy:/usr/bin/caddy -v %h/.local/share/containers/storage/caddy/Caddyfile:/e
tc/caddy/Caddyfile -v %h/.local/share/containers/storage/caddy/caddy-config:/config -v %h/.local/share/containers/storage/caddy/caddy-data:/data -v %h/.loca
l/share/containers/storage/caddy/log.d:/data/log.d -v /srv/www:/srv/www:ro --env EMAIL=rileymotter@protonmail.com --env LOG_FILE=/data/access.log --secret N
AMECHEAP_API_KEY,type=env,target=NAMECHEAP_API_KEY --secret NAMECHEAP_API_USER,type=env,target=NAMECHEAP_API_USER --secret CROWDSEC_API_KEY,type=env,target=
CROWDSEC_API_KEY docker.io/library/caddy /usr/bin/caddy run --config /etc/caddy/Caddyfile
d. My complete Caddy config:
{
debug
crowdsec {
api_url http://crowdsec:8080
api_key {env.CROWDSEC_API_KEY}
}
dynamic_dns {
provider namecheap {
api_key {env.NAMECHEAP_API_KEY}
user {env.NAMECHEAP_API_USER}
}
domains {
famdam.top
}
# versions ipv4
}
acme_dns namecheap {
api_key {env.NAMECHEAP_API_KEY}
user {env.NAMECHEAP_API_USER}
api_endpoint https://api.namecheap.com/xml.response
}
}
famdam.top {
bind fd/3 {
protocols h1
}
bind fd/4 {
protocols h1 h2
}
bind fdgram/5 {
protocols h3
}
log {
output file /data/log.d/famdam.log {
roll_local_time
mode 644
roll_keep_for 48h
}
}
root * /srv/www
encode zstd gzip
file_server {
browse
}
@nicholson {
file yes.gif
}
}
vaultwarden.famdam.top {
bind fd/3 {
protocols h1
}
bind fd/4 {
protocols h1 h2
}
bind fdgram/5 {
protocols h3
}
log {
output file /data/log.d/vaultwarden.log {
roll_local_time
mode 644
roll_keep_for 48h
}
}
reverse_proxy vaultwarden:80 {
header_up X-Real-IP {remote_host}
}
# import admin_redir
}
immich.famdam.top {
bind fd/3 {
protocols h1
}
bind fd/4 {
protocols h1 h2
}
bind fdgram/5 {
protocols h3
}
log {
output file /data/log.d/immich.log {
roll_local_time
mode 644
roll_keep_for 48h
}
}
reverse_proxy immich-infra:2283 {
header_up X-Forwarded-For {remote_ip}
header_up X-Forwarded-Host {host}
header_up X-Forwarded-Proto {scheme}
}
}
radicale.famdam.top {
bind fd/3 {
protocols h1
}
bind fd/4 {
protocols h1 h2
}
bind fdgram/5 {
protocols h3
}
log {
output file /data/log.d/radicale.log {
roll_local_time
mode 644
roll_keep_for 48h
}
}
reverse_proxy radicale:5232
encode zstd gzip
}
wireguard.famdam.top {
bind fd/3 {
protocols h1
}
bind fd/4 {
protocols h1 h2
}
bind fdgram/5 {
protocols h3
}
log {
output file /data/log.d/wireguard.log {
roll_local_time
mode 644
roll_keep_for 48h
}
}
reverse_proxy wireguard:80
encode zstd gzip
}
pihole.famdam.top {
bind fd/3 {
protocols h1
}
bind fd/4 {
protocols h1 h2
}
bind fdgram/5 {
protocols h3
}
log {
output file /data/log.d/pihole.log {
roll_local_time
mode 644
roll_keep_for 48h
}
}
reverse_proxy pihole:80
encode zstd gzip
}
test.famdam.top {
bind fd/3 {
protocols h1
}
bind fd/4 {
protocols h1 h2
}
bind fdgram/5 {
protocols h3
}
root * /srv/www
log {
output file /data/log.d/test.log {
roll_local_time
mode 644
roll_keep_for 48h
}
}
encode zstd gzip
file_server
handle_path /watcher* {
root * /srv/www/frontend/watcher
# try_files {path} {file} /index.html
# file_server browse
}
handle /broadcaster* {
# uri strip_prefix /broadcaster
root * /srv/www/frontend
# try_files {path} {file} /index.html
# file_server browse
}
}
cmms.famdam.top {
bind fd/3 {
protocols h1
}
bind fd/4 {
protocols h1 h2
}
bind fdgram/5 {
protocols h3
}
log {
output file /data/log.d/cmms.log {
roll_local_time
mode 644
roll_keep_for 48h
}
}
handle_path /api/* {
reverse_proxy atlas-cmms-infra:8080
}
handle {
reverse_proxy atlas-cmms-infra:3000
}
}
minio.famdam.top {
bind fd/3 {
protocols h1
}
bind fd/4 {
protocols h1 h2
}
bind fdgram/5 {
protocols h3
}
log {
output file /data/log.d/cmms-minio.log {
roll_local_time
mode 644
roll_keep_for 48h
}
}
reverse_proxy atlas-cmms-infra:9000
}