1. Caddy version (caddy version
): v2.4.5 h1:P1mRs6V2cMcagSPn+NWpD+OEYUYLIf6ecOa48cFGeUg=
2. How I run Caddy:
Using systemctl (caddy enabled and started successfully)
a. System environment:
Raspbian latest with systemd
b. Command:
systemctl start
c. Service/unit/compose file:
# caddy.service
#
# For using Caddy with a config file.
#
# Make sure the ExecStart and ExecReload commands are correct
# for your installation.
#
# See https://caddyserver.com/docs/install for instructions.
#
# WARNING: This service does not use the --resume flag, so if you
# use the API to make changes, they will be overwritten by the
# Caddyfile next time the service is restarted. If you intend to
# use Caddy's API to configure it, add the --resume flag to the
# `caddy run` command or use the caddy-api.service file instead.
[Unit]
Description=Caddy
Documentation=https://caddyserver.com/docs/
After=network.target network-online.target
Requires=network-online.target
[Service]
Type=notify
User=caddy
Group=caddy
ExecStart=/usr/bin/caddy run --environ --config /etc/caddy/Caddyfile
ExecReload=/usr/bin/caddy reload --config /etc/caddy/Caddyfile
TimeoutStopSec=5s
LimitNOFILE=1048576
LimitNPROC=512
PrivateTmp=true
ProtectSystem=full
AmbientCapabilities=CAP_NET_BIND_SERVICE
d. My complete Caddyfile or JSON config:
*.xyzat.xyz {
root * /var/www/public_html
encode gzip
file_server
tls myname.herel@gmail.com
header / {
Content-Security-Policy = "upgrade-insecure-requests; default-src 'self'; style-src 'self'; script-src 'self'; img-src 'self'; object-src 'self'; worker-src 'self'; manifest-src 'self';"
Strict-Transport-Security = "max-age=63072000; includeSubDomains; preload"
X-Xss-Protection = "1; mode=block"
X-Frame-Options = "DENY"
X-Content-Type-Options = "nosniff"
Referrer-Policy = "strict-origin-when-cross-origin"
Permissions-Policy = "fullscreen=(self)"
cache-control = "max-age=0,no-cache,no-store,must-revalidate"
}
}
3. The problem I’m having:
Unable to get a certificate on startup.
4. Error messages and/or full log output:
{“level”:“error”,“ts”:1634001876.7426176,“logger”:“tls.obtain”,“msg”:“could not get certificate from issuer”,“identifier”:"*.xyzat.xyz",“issuer”:“acme-v02.api.letsencrypt.org-directory”,“error”:“registering account [mailto:my.name.here@gmail.com] with server: provisioning client: performing request: Get “https://acme-v02.api.letsencrypt.org/directory”: dial tcp: lookup acme-v02.api.letsencrypt.org on 192.168.1.1:53: read udp 192.168.1.55:57115->192.168.1.1:53: i/o timeout”}
The above keeps repeating
5. What I already tried:
I have spent more than two days trying to fix the issue changing many things, on firewall, Caddyfile, re-generating static site, etc… All to no avail.