1. The problem I’m having:
Cannot get a cert. Used to work. Used to have about 10 sites in caddyfile. All was fine. Now only 3. Changed a subdomain today and cloudflare gives 525 because there’s no cert.
on my last reload, I got this log output (see below).
i’m using Tomcat on a Windows 2022 server.
this has worked for over a year - no changes.
In the past, I could duplicate a section and save, then reload and it would go get the cert for the new domain. No problem.
But I’m missing something here.
No way the ‘.well-known’ method is going to work. there’s no way a file is being written to my file system.
And if Cloudfare can’t come to my site because the SSL cert isn’t there, then how is zerossl/letsencrypt getting in to see if the site is real.
Is something supposed to be setup in Cloudflare? I’ve searched the forum and don’t see what I’m supposed to do.
‘Too many requests’ error is all I see - I don’t know how to fix that.
2. Error messages and/or full log output:
Apr 22 22:57:57 ubuntu-1cpu-1gb-us-chi1 caddy[1932869]: {"level":"info","ts":1713826677.0144684,"logger":"tls.obtain","msg":"obtaining certificate","identifier":"medstar.oemmed.com"}
Apr 22 22:57:57 ubuntu-1cpu-1gb-us-chi1 caddy[1932869]: {"level":"info","ts":1713826677.2592108,"logger":"http.acme_client","msg":"trying to solve challenge","identifier":"medstar.oemmed.com","challenge_type":"tls-alpn-01","ca":"https://acme-staging-v02.api.letsencrypt.org/directory"}
Apr 22 22:57:57 ubuntu-1cpu-1gb-us-chi1 caddy[1932869]: {"level":"info","ts":1713826677.2723067,"logger":"tls.obtain","msg":"obtaining certificate","identifier":"etdemo.oemmed.com"}
Apr 22 22:57:57 ubuntu-1cpu-1gb-us-chi1 caddy[1932869]: {"level":"info","ts":1713826677.4250717,"logger":"http.acme_client","msg":"trying to solve challenge","identifier":"etdemo.oemmed.com","challenge_type":"tls-alpn-01","ca":"https://acme-staging-v02.api.letsencrypt.org/directory"}
Apr 22 22:57:57 ubuntu-1cpu-1gb-us-chi1 caddy[1932869]: {"level":"error","ts":1713826677.5893095,"logger":"http.acme_client","msg":"challenge failed","identifier":"medstar.oemmed.com","challenge_type":"tls-alpn-01","problem":{"type":"urn:ietf:params:acme:error:unauthorized","title":"","detail":"Cannot negotiate ALPN protocol \"acme-tls/1\" for tls-alpn-01 challenge","instance":"","subproblems":[]}}
Apr 22 22:57:57 ubuntu-1cpu-1gb-us-chi1 caddy[1932869]: {"level":"error","ts":1713826677.5894494,"logger":"http.acme_client","msg":"validating authorization","identifier":"medstar.oemmed.com","problem":{"type":"urn:ietf:params:acme:error:unauthorized","title":"","detail":"Cannot negotiate ALPN protocol \"acme-tls/1\" for tls-alpn-01 challenge","instance":"","subproblems":[]},"order":"https://acme-staging-v02.api.letsencrypt.org/acme/order/90348824/16090140654","attempt":1,"max_attempts":3}
Apr 22 22:57:57 ubuntu-1cpu-1gb-us-chi1 caddy[1932869]: {"level":"error","ts":1713826677.7549567,"logger":"http.acme_client","msg":"challenge failed","identifier":"etdemo.oemmed.com","challenge_type":"tls-alpn-01","problem":{"type":"urn:ietf:params:acme:error:unauthorized","title":"","detail":"Cannot negotiate ALPN protocol \"acme-tls/1\" for tls-alpn-01 challenge","instance":"","subproblems":[]}}
Apr 22 22:57:57 ubuntu-1cpu-1gb-us-chi1 caddy[1932869]: {"level":"error","ts":1713826677.7552779,"logger":"http.acme_client","msg":"validating authorization","identifier":"etdemo.oemmed.com","problem":{"type":"urn:ietf:params:acme:error:unauthorized","title":"","detail":"Cannot negotiate ALPN protocol \"acme-tls/1\" for tls-alpn-01 challenge","instance":"","subproblems":[]},"order":"https://acme-staging-v02.api.letsencrypt.org/acme/order/90348824/16090140704","attempt":1,"max_attempts":3}
Apr 22 22:57:58 ubuntu-1cpu-1gb-us-chi1 caddy[1932869]: {"level":"error","ts":1713826678.7051382,"logger":"http.acme_client","msg":"validating authorization","problem":{"type":"urn:ietf:params:acme:error:malformed","title":"","detail":"No such authorization","instance":"","subproblems":[]},"order":"https://acme-staging-v02.api.letsencrypt.org/acme/order/90348824/16090140884","attempt":2,"max_attempts":3}
Apr 22 22:57:58 ubuntu-1cpu-1gb-us-chi1 caddy[1932869]: {"level":"error","ts":1713826678.7056148,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"medstar.oemmed.com","issuer":"acme-v02.api.letsencrypt.org-directory","error":"HTTP 404 urn:ietf:params:acme:error:malformed - No such authorization"}
Apr 22 22:57:58 ubuntu-1cpu-1gb-us-chi1 caddy[1932869]: {"level":"error","ts":1713826678.7080092,"logger":"http.acme_client","msg":"validating authorization","problem":{"type":"urn:ietf:params:acme:error:malformed","title":"","detail":"No such authorization","instance":"","subproblems":[]},"order":"https://acme-staging-v02.api.letsencrypt.org/acme/order/90348824/16090140894","attempt":2,"max_attempts":3}
Apr 22 22:57:58 ubuntu-1cpu-1gb-us-chi1 caddy[1932869]: {"level":"info","ts":1713826678.8714244,"logger":"http.acme_client","msg":"trying to solve challenge","identifier":"etdemo.oemmed.com","challenge_type":"http-01","ca":"https://acme-staging-v02.api.letsencrypt.org/directory"}
Apr 22 22:57:58 ubuntu-1cpu-1gb-us-chi1 caddy[1932869]: {"level":"info","ts":1713826678.9781578,"logger":"http.acme_client","msg":"trying to solve challenge","identifier":"medstar.oemmed.com","challenge_type":"http-01","ca":"https://acme.zerossl.com/v2/DV90"}
Apr 22 22:57:59 ubuntu-1cpu-1gb-us-chi1 caddy[1932869]: {"level":"info","ts":1713826679.2582805,"logger":"http","msg":"served key authentication","identifier":"etdemo.oemmed.com","challenge":"http-01","remote":"172.69.135.58:39904","distributed":false}
Apr 22 22:57:59 ubuntu-1cpu-1gb-us-chi1 caddy[1932869]: {"level":"error","ts":1713826679.4919605,"logger":"http.acme_client","msg":"challenge failed","identifier":"etdemo.oemmed.com","challenge_type":"http-01","problem":{"type":"urn:ietf:params:acme:error:unauthorized","title":"","detail":"During secondary validation: 2606:4700:20::681a:f5c: Invalid response from http://etdemo.oemmed.com/.well-known/acme-challenge/e8oqWro-HULRfqutBCqMs4gpb1_EpyuLObPsA02kSgU: 403","instance":"","subproblems":[]}}
Apr 22 22:57:59 ubuntu-1cpu-1gb-us-chi1 caddy[1932869]: {"level":"error","ts":1713826679.492212,"logger":"http.acme_client","msg":"validating authorization","identifier":"etdemo.oemmed.com","problem":{"type":"urn:ietf:params:acme:error:unauthorized","title":"","detail":"During secondary validation: 2606:4700:20::681a:f5c: Invalid response from http://etdemo.oemmed.com/.well-known/acme-challenge/e8oqWro-HULRfqutBCqMs4gpb1_EpyuLObPsA02kSgU: 403","instance":"","subproblems":[]},"order":"https://acme-staging-v02.api.letsencrypt.org/acme/order/90348824/16090140914","attempt":2,"max_attempts":3}
Apr 22 22:57:59 ubuntu-1cpu-1gb-us-chi1 caddy[1932869]: {"level":"error","ts":1713826679.4923775,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"etdemo.oemmed.com","issuer":"acme-v02.api.letsencrypt.org-directory","error":"HTTP 403 urn:ietf:params:acme:error:unauthorized - During secondary validation: 2606:4700:20::681a:f5c: Invalid response from http://etdemo.oemmed.com/.well-known/acme-challenge/e8oqWro-HULRfqutBCqMs4gpb1_EpyuLObPsA02kSgU: 403"}
Apr 22 22:57:59 ubuntu-1cpu-1gb-us-chi1 caddy[1932869]: {"level":"error","ts":1713826679.499146,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"medstar.oemmed.com","issuer":"acme.zerossl.com-v2-DV90","error":"[medstar.oemmed.com] solving challenges: initiating challenge with server: attempt 1: https://acme.zerossl.com/v2/DV90/chall/fY6ZqSoyrzqiFXrjng_lUg: HTTP 429: <html>\r\n<head><title>429 Too Many Requests</title></head>\r\n<body>\r\n<center><h1>429 Too Many Requests</h1></center>\r\n<hr><center>nginx</center>\r\n</body>\r\n</html>\r\n (order=https://acme.zerossl.com/v2/DV90/order/crxs9FXy_YHc2sOcLGJDwQ) (ca=https://acme.zerossl.com/v2/DV90)"}
Apr 22 22:57:59 ubuntu-1cpu-1gb-us-chi1 caddy[1932869]: {"level":"error","ts":1713826679.4993193,"logger":"tls.obtain","msg":"will retry","error":"[medstar.oemmed.com] Obtain: [medstar.oemmed.com] solving challenges: initiating challenge with server: attempt 1: https://acme.zerossl.com/v2/DV90/chall/fY6ZqSoyrzqiFXrjng_lUg: HTTP 429: <html>\r\n<head><title>429 Too Many Requests</title></head>\r\n<body>\r\n<center><h1>429 Too Many Requests</h1></center>\r\n<hr><center>nginx</center>\r\n</body>\r\n</html>\r\n (order=https://acme.zerossl.com/v2/DV90/order/crxs9FXy_YHc2sOcLGJDwQ) (ca=https://acme.zerossl.com/v2/DV90)","attempt":2,"retrying_in":120,"elapsed":65.210222554,"max_duration":2592000}
Apr 22 22:57:59 ubuntu-1cpu-1gb-us-chi1 caddy[1932869]: {"level":"info","ts":1713826679.9242055,"logger":"http.acme_client","msg":"trying to solve challenge","identifier":"etdemo.oemmed.com","challenge_type":"http-01","ca":"https://acme.zerossl.com/v2/DV90"}
3. Caddy version:
2.6.2
4. How I installed and ran Caddy:
been over a year. not really sure. not docker.
a. System environment:
ubuntu server at Upcloud
b. Command:
sudo systemctl reload caddy
d. My complete Caddy config:
medstar.oemmed.com {
log {
output file /var/lib/caddy/.local/share/caddy/market3_hopkins.log
format json
}
reverse_proxy * {
to http://209.50.59.202
}
}
exchangedemo.oemmed.com {
log {
output file /var/lib/caddy/.local/share/caddy/market0_demo.log
format json
}
reverse_proxy * {
to http://209.50.59.202
}
}
etdemo.oemmed.com {
log {
output file /var/lib/caddy/.local/share/caddy/expertech_demo.log
format json
}
reverse_proxy * {
to http://209.50.59.202
}
}