1. The problem I’m having:
Caddy used to run fine until suddenly it did not. I did not touch anything, really. Not from the server, not from my router configuration. I figured out Caddy is now suddenly unable to get certificates from issuers.
After this happened I purged Caddy and reinstalled it. In the process, I deleted the contents of /var/lib/caddy, because I wanted to delete the certificate cache.
Now the problem is the same as before deleting that folder and reinstalling Caddy.
If I do an nmap 80,443, both ports show filtered, but I’ve tried disabling my router’s Firewall and it’s the same.
EDIT: I also added “admin 0.0.0.0:2020” to my Caddyfile (see below) because it said port 2019 was already being used.
EDIT2: doing a “curl -v” to any of my domains, leads to a timeout (both http and https) - could it be that my ISP is suddenly blocking something? How would I go about checking that and fixing it given the case?
2. Error messages and/or full log output:
sep 23 12:59:10 afir-server caddy[14163]: {"level":"error","ts":1695466750.1335347,"logger":"tls.obtain","msg":"will retry","error":"[afirplay.ddns.net] Obtain: [afirplay.ddns.net] solving challenge: afirplay.ddns.net: [afirplay.ddns.net] authorization failed: HTTP 0 - (ca=https://acme.zerossl.com/v2/DV90)","attempt":5,"retrying_in":600,"elapsed":769.400081908,"max_duration":2592000}
sep 23 13:08:54 afir-server caddy[14163]: {"level":"info","ts":1695467334.1165738,"logger":"tls.obtain","msg":"obtaining certificate","identifier":"afirplay-movies.ddns.net"}
sep 23 13:08:55 afir-server caddy[14163]: {"level":"info","ts":1695467335.1157572,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"afirplay-movies.ddns.net","challenge_type":"tls-alpn-01","ca":"https://acme-staging-v02.api.letsencrypt.org/directory"}
sep 23 13:09:05 afir-server caddy[14163]: {"level":"error","ts":1695467345.8316135,"logger":"tls.issuance.acme.acme_client","msg":"challenge failed","identifier":"afirplay-movies.ddns.net","challenge_type":"tls-alpn-01","problem":{"type":"urn:ietf:params:acme:error:connection","title":"","detail":"83.43.69.222: Timeout during connect (likely firewall problem)","instance":"","subproblems":[]}}
sep 23 13:09:05 afir-server caddy[14163]: {"level":"error","ts":1695467345.8316858,"logger":"tls.issuance.acme.acme_client","msg":"validating authorization","identifier":"afirplay-movies.ddns.net","problem":{"type":"urn:ietf:params:acme:error:connection","title":"","detail":"83.43.69.222: Timeout during connect (likely firewall problem)","instance":"","subproblems":[]},"order":"https://acme-staging-v02.api.letsencrypt.org/acme/order/119461654/11119947834","attempt":1,"max_attempts":3}
sep 23 13:09:07 afir-server caddy[14163]: {"level":"info","ts":1695467347.0013647,"logger":"tls.obtain","msg":"obtaining certificate","identifier":"afirplay-tv.ddns.net"}
sep 23 13:09:07 afir-server caddy[14163]: {"level":"info","ts":1695467347.2408235,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"afirplay-movies.ddns.net","challenge_type":"http-01","ca":"https://acme-staging-v02.api.letsencrypt.org/directory"}
sep 23 13:09:07 afir-server caddy[14163]: {"level":"info","ts":1695467347.5946667,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"afirplay-tv.ddns.net","challenge_type":"tls-alpn-01","ca":"https://acme-staging-v02.api.letsencrypt.org/directory"}
sep 23 13:09:10 afir-server caddy[14163]: {"level":"info","ts":1695467350.1344507,"logger":"tls.obtain","msg":"obtaining certificate","identifier":"afirplay.ddns.net"}
sep 23 13:09:10 afir-server caddy[14163]: {"level":"info","ts":1695467350.7265687,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"afirplay.ddns.net","challenge_type":"tls-alpn-01","ca":"https://acme-staging-v02.api.letsencrypt.org/directory"}
3. Caddy version:
v2.7.4 h1:J8nisjdOxnYHXlorUKXY75Gr6iBfudfoGhrJ8t7/flI=
4. How I installed and ran Caddy:
I installed it doing:
sudo apt install -y debian-keyring debian-archive-keyring apt-transport-https
curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/gpg.key' | sudo gpg --dearmor -o /usr/share/keyrings/caddy-stable-archive-keyring.gpg
curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/debian.deb.txt' | sudo tee /etc/apt/sources.list.d/caddy-stable.list
sudo apt update
sudo apt install caddy
I edited the Caddyfile and reloaded through
sudo service caddy reload
a. System environment:
Ubuntu 22.04.1 LTS
b. Command:
I have no idea what you want here.
c. Service/unit/compose file:
d. My complete Caddy config:
{
email rogermacaya@gmail.com
admin 0.0.0.0:2020
}
# The Caddyfile is an easy way to configure your Caddy web server.
#
# Unless the file starts with a global options block, the first
# uncommented line is always the address of your site.
#
# To use your own domain name (with automatic HTTPS), first make
# sure your domain's A/AAAA DNS records are properly pointed to
# this machine's public IP, then replace ":80" below with your
# domain name.
:80 {
# Set this path to your site's directory.
root * /usr/share/caddy
# Enable the static file server.
file_server
# Another common task is to set up a reverse proxy:
# reverse_proxy localhost:8080
# Or serve a PHP site through php-fpm:
# php_fastcgi localhost:9000
}
# Refer to the Caddy docs for more information:
# https://caddyserver.com/docs/caddyfile
afirplay.ddns.net {
handle_path /tv* {
reverse_proxy 127.0.0.1:8989
}
handle /movies* {
reverse_proxy 127.0.0.1:7878
}
handle {
reverse_proxy localhost:8096
}
}
afirplay-movies.ddns.net {
reverse_proxy localhost:7878
}
afirplay-tv.ddns.net {
reverse_proxy localhost:8989
}