I believe I have a timezone issue so my SSL certificates are not being validated or working.
2.9.1
Ran caddy on bare metal
running using ubuntu server 24.04
Nothing in your logs say anything related to timezones, nor does the process depend on timezones. We can only help if you share full information properly with detailed description.
I am trying to get going with caddy for *arr apps, I have dns setup properly in my domain and it’s pointed towards my servers ip address. However, when I am running caddy I am getting the following warning, later proceeded by failed to get certificate. is it not setup properly? I followed the docs of the site.
my caddy file is here: overseerr.example.org { reverse_proxy localhost:5055}prowlarr.example.org - Pastebin.com
the errors im getting in the log: 2025/03/05 18:12:11.464 ERROR tls.obtain could not get certificate from i - Pastebin.com
Double check your DNS configuration. Some other server is replying with HTML.
Invalid response from http://**********.xyz: \"\\n<!DOCTYPE html>\\n<html lang=\\\"en\\\">\\n <head>\\n\\n<!-- Global site tag (gtag.js) - Google Analytics -->\\n<script async src=\\\"https://www\"
What’s the domain name you’re using it with?
server594.xyz, My DNS seems to be configured properly.
Here’s the dig result:
; <<>> DiG 9.10.6 <<>> overseer.server594.xyz
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 47926
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;overseer.server594.xyz. IN A
;; ANSWER SECTION:
overseer.server594.xyz. 600 IN A 192.168.4.77
;; Query time: 429 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Wed Mar 05 23:53:33 +03 2025
;; MSG SIZE rcvd: 89
You cannot use a private IP address to get a certificate from Let’s Encrypt.
I’m not sure what you mean by private IP address? What do I need to change?
This is not allowed. You can
IP addresses in these ranges are considered private and cannot be reached from outside your own internal network.
| RFC 1918 name | IP address range | Classful description |
|---|---|---|
| 24-bit block | 10.0.0.0 – 10.255.255.255 | single class A network |
| 20-bit block | 172.16.0.0 – 172.31.255.255 | 16 contiguous class B networks |
| 16-bit block | 192.168.0.0 – 192.168.255.255 | 256 contiguous class C networks |
If you want to continue with an IP address that’s within the private ranges, you need to use the DNS module of your DNS provider (appears to be Porkbun) so Caddy can complete the challenge successfully to obtain a certificate.
Great thanks I will give that a try, I guess an alternative is to change the IP address in my DNS settings with porkbun to point to a higher range IP?
How would I go about implementing this in my caddy? I installed xcaddy but kinda unsure where to go from here.
I am getting this error: jesse@server594:~/library$ sudo caddy run
2025/03/05 22:50:49.935 INFO using adjacent Caddyfile
Error: adapting config using caddyfile: parsing caddyfile tokens for ‘acme_dns’: getting module named ‘dns.providers.porkbun’: module not registered: dns.providers.porkbun, at Caddyfile:2
jesse@server594:~/library$
So it looks like you may have implemented the correct parameters in your Caddyfile based on your new error. For reference, here’s the module you need. Now you need to have the Caddy binary with the porkbun module. As you said before, you can use xcaddy. Instructions to use it are there.
Otherwise you can download the caddy binary with porkbun. The instructions for that are here.