Unable to Issue or Renew SSL Certificates in Caddy with ZeroSSL

Tri_Nguyen · October 26, 2025, 2:52pm

Hello,
I’m facing a major issue while trying to create or renew SSL certificates for my domains.
I’m using Caddy + ZeroSSL + Redis.
My goal is to issue SSL certificates for my domains and then redirect them to a destination page.

1. The problem I’m having:

However, when the number of domains becomes too large, it leads to an error where SSL certificates cannot be issued, renewed, or even accessed for those domains.
I have tried deleting the SSL certificates and reissuing them, but it still doesn’t work.
Could you please help me with this issue?

2. Error messages and/or full log output:

2025-10-26T04:45:34.577721-10:00 cadb caddy[3030]: {“level”:“error”,“ts”:1761489934.576983,“logger”:“tls.on_demand”,“msg”:“renewing certificate on-demand failed”,“subjects”:[“mydomain”],“not_after”:1760918400,“error”:“[mydmain] Renew: context canceled”}

PASTE OVER THIS, BETWEEN THE ``` LINES.
Please use the preview pane to ensure it looks nice.

3. Caddy version:

v2.10.0

4. How I installed and ran Caddy:

a. System environment:

Ubuntu 24.04.2 LTS

b. Command:

PASTE OVER THIS, BETWEEN THE ``` LINES.
Please use the preview pane to ensure it looks nice.

c. Service/unit/compose file:

PASTE OVER THIS, BETWEEN THE ``` LINES.
Please use the preview pane to ensure it looks nice.

d. My complete Caddy config:

<!--
{
        acme_ca https://acme.zerossl.com/v2/DV90
        email myemail

        acme_eab {
                key_id my_id
                mac_key "my_key"
        }

        storage redis {
                address 127.0.0.1:6379
        }

        debug
        on_demand_tls {
                ask http://localhost:5555/check
        }

        order rate_limit first
}

:80 {
        @www {
                host www.*
        }
        handle @www {
                redir https://{host[4:]}{uri} permanent
        }

        rate_limit {
                log_key
                zone http_redirects {
                        key {remote_ip}-{host}
                        events 20000 # Increased for production
                        window 15m # More reasonable window
                }
        }
        @acme_challenge path /.well-known/acme-challenge/*

        handle {
                redir https://{host}{uri} permanent
        }
}

:443 {
        tls {
                on_demand # This is crucial for your 50k domains

        }

        rate_limit {
                log_key

                zone https_general {
                        key {remote_ip}-{host}
                        events 1000
                        window 15m
                }

                zone tls_ops {
                        key {remote_ip}-{host}
                        events 1000 
                        window 2h 
                        match {
                                path /.well-known/acme-challenge/*
                        }
                }
        }

        handle {
                redir https://mydomains/domain/{host} permanent
        }
}

-->

PASTE OVER THIS, BETWEEN THE ``` LINES.
Please use the preview pane to ensure it looks nice.

5. Links to relevant resources:

timelordx · October 26, 2025, 6:37pm

How many is “too large”? Also, which plan are you using with ZeroSSL?

Tri_Nguyen · October 28, 2025, 1:35am

Hi @timelordx

I’m using Premium Plan.

Thousands of Domains.

matt · October 28, 2025, 10:50pm

This is during on-demand TLS?

Context-canceled usually means that the client disconnected before the renewal finished.

We can only guess though since even though the help template asks for “full log output” you only gave us 1 line.

Tri_Nguyen · October 29, 2025, 3:32am

2025-10-27T15:45:38.526834-10:00 cadb validation-service[39427]: 2025/10/27 15:45:38 Received request: /check?domain=mydomain
2025-10-27T15:45:38.526893-10:00 cadb validation-service[39427]: 2025/10/27 15:45:38 ✅ Domain mydomain is a main domain. SSL ALLOWED (no further checks).
2025-10-27T15:45:38.526999-10:00 cadb caddy[57775]: {"level":"debug","ts":1761615938.5268958,"logger":"tls.permission.http","msg":"response from permission endpoint","remote":"172.176.156.33:4509","domain":"mydomain","url":"http://localhost:5555/check?domain=mydomain","status":200}
2025-10-27T15:45:38.527837-10:00 cadb caddy[57775]: {"level":"debug","ts":1761615938.5276668,"logger":"tls.handshake","msg":"did not load cert from storage","remote_ip":"172.176.156.33","remote_port":"4509","server_name":"mydomain","error":"no matching certificate to load for mydomain: file does not exist"}
2025-10-27T15:45:38.528635-10:00 cadb caddy[57775]: {"level":"info","ts":1761615938.5277138,"logger":"tls.on_demand","msg":"obtaining new certificate","remote_ip":"172.176.156.33","remote_port":"4509","server_name":"mydomain"}
2025-10-27T15:45:38.530812-10:00 cadb caddy[57775]: {"level":"info","ts":1761615938.53064,"logger":"tls.obtain","msg":"acquiring lock","identifier":"mydomain"}
2025-10-27T15:45:38.530934-10:00 cadb caddy[57775]: {"level":"info","ts":1761615938.5308938,"logger":"tls.obtain","msg":"lock acquired","identifier":"mydomain"}
2025-10-27T15:45:38.531779-10:00 cadb caddy[57775]: {"level":"info","ts":1761615938.5311756,"logger":"tls.obtain","msg":"obtaining certificate","identifier":"mydomain"}
2025-10-27T15:45:38.531884-10:00 cadb caddy[57775]: {"level":"debug","ts":1761615938.5315301,"logger":"events","msg":"event","name":"cert_obtaining","id":"39d0c246-fff3-41ee-9d35-a269b5448ea3","origin":"tls","data":{"identifier":"mydomain"}}
2025-10-27T15:45:38.531924-10:00 cadb caddy[57775]: {"level":"debug","ts":1761615938.5317488,"logger":"tls","msg":"created CSR","identifiers":["mydomain"],"san_dns_names":["mydomain"],"san_emails":[],"common_name":"","extra_extensions":0}
2025-10-27T15:45:38.533111-10:00 cadb caddy[57775]: {"level":"info","ts":1761615938.5329268,"logger":"http","msg":"waiting on internal rate limiter","identifiers":["mydomain"],"ca":"https://acme.zerossl.com/v2/DV90","account":"andy@impire.com"}
2025-10-27T15:48:38.528327-10:00 cadb caddy[57775]: {"level":"error","ts":1761616118.528195,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"mydomain","issuer":"acme.zerossl.com-v2-DV90","error":"context canceled"}
2025-10-27T15:48:38.528447-10:00 cadb caddy[57775]: {"level":"debug","ts":1761616118.5283246,"logger":"events","msg":"event","name":"cert_failed","id":"7cd4a873-3db8-4268-a1ca-c81572e892cf","origin":"tls","data":{"error":{},"identifier":"mydomain","issuers":["acme.zerossl.com-v2-DV90"],"renewal":false}}
2025-10-27T15:48:38.528492-10:00 cadb caddy[57775]: {"level":"info","ts":1761616118.5284271,"logger":"tls.obtain","msg":"releasing lock","identifier":"mydomain"}
2025-10-27T15:48:38.528885-10:00 cadb caddy[57775]: {"level":"debug","ts":1761616118.5287673,"logger":"http.stdlib","msg":"http: TLS handshake error from 172.176.156.33:4509: [mydomain] Obtain: context canceled"}
2025-10-27T15:49:41.711235-10:00 cadb caddy[57775]: {"level":"debug","ts":1761616181.7109709,"logger":"events","msg":"event","name":"tls_get_certificate","id":"c68a82b1-f1f3-46d5-8615-ac4fb6805c80","origin":"tls","data":{"client_hello":{"CipherSuites":[31354,4865,4866,4867,49196,49195,52393,49200,49199,52392,49162,49161,49172,49171,157,156,53,47,49160,49170,10],"ServerName":"mydomain","SupportedCurves":[19018,29,23,24,25],"SupportedPoints":"AA==","SignatureSchemes":[1027,2052,1025,1283,2053,2053,1281,2054,1537,513],"SupportedProtos":["h2","http/1.1"],"SupportedVersions":[19018,772,771,770,769],"RemoteAddr":{"IP":"116.110.224.215","Port":33557,"Zone":""},"LocalAddr":{"IP":"89.117.19.57","Port":443,"Zone":""}}}}
2025-10-27T15:49:41.711398-10:00 cadb caddy[57775]: {"level":"debug","ts":1761616181.711032,"logger":"tls.handshake","msg":"no matching certificates and no custom selection logic","identifier":"mydomain"}
2025-10-27T15:49:41.711493-10:00 cadb caddy[57775]: {"level":"debug","ts":1761616181.7110841,"logger":"tls.handshake","msg":"all external certificate managers yielded no certificates and no errors","remote_ip":"116.110.224.215","remote_port":"33557","sni":"mydomain"}
2025-10-27T15:49:41.711524-10:00 cadb caddy[57775]: {"level":"debug","ts":1761616181.7110927,"logger":"tls","msg":"asking for permission for on-demand certificate","remote_ip":"116.110.224.215","domain":"mydomain"}
2025-10-27T15:49:41.711571-10:00 cadb caddy[57775]: {"level":"debug","ts":1761616181.7111063,"logger":"tls.permission.http","msg":"asking permission endpoint","remote":"116.110.224.215:33557","domain":"mydomain","url":"http://localhost:5555/check?domain=mydomain"}
2025-10-27T15:49:41.712412-10:00 cadb validation-service[39427]: 2025/10/27 15:49:41 Received request: /check?domain=mydomain
2025-10-27T15:49:41.712463-10:00 cadb validation-service[39427]: 2025/10/27 15:49:41 ✅ Domain mydomain is a main domain. SSL ALLOWED (no further checks).
2025-10-27T15:49:41.712595-10:00 cadb caddy[57775]: {"level":"debug","ts":1761616181.712521,"logger":"tls.permission.http","msg":"response from permission endpoint","remote":"116.110.224.215:33557","domain":"mydomain","url":"http://localhost:5555/check?domain=mydomain","status":200}
2025-10-27T15:49:41.713504-10:00 cadb caddy[57775]: {"level":"debug","ts":1761616181.7132726,"logger":"tls.handshake","msg":"did not load cert from storage","remote_ip":"116.110.224.215","remote_port":"33557","server_name":"mydomain","error":"no matching certificate to load for mydomain: file does not exist"}
2025-10-27T15:49:41.713657-10:00 cadb caddy[57775]: {"level":"info","ts":1761616181.7134137,"logger":"tls.on_demand","msg":"obtaining new certificate","remote_ip":"116.110.224.215","remote_port":"33557","server_name":"mydomain"}
2025-10-27T15:49:41.715874-10:00 cadb caddy[57775]: {"level":"info","ts":1761616181.7158551,"logger":"tls.obtain","msg":"acquiring lock","identifier":"mydomain"}
2025-10-27T15:49:41.716179-10:00 cadb caddy[57775]: {"level":"info","ts":1761616181.7160556,"logger":"tls.obtain","msg":"lock acquired","identifier":"mydomain"}
2025-10-27T15:49:41.716355-10:00 cadb caddy[57775]: {"level":"info","ts":1761616181.716271,"logger":"tls.obtain","msg":"obtaining certificate","identifier":"mydomain"}
2025-10-27T15:49:41.716423-10:00 cadb caddy[57775]: {"level":"debug","ts":1761616181.7163215,"logger":"events","msg":"event","name":"cert_obtaining","id":"323f891f-7c14-4f72-8414-85ae9fc993a6","origin":"tls","data":{"identifier":"mydomain"}}
2025-10-27T15:49:41.716546-10:00 cadb caddy[57775]: {"level":"debug","ts":1761616181.7164207,"logger":"tls","msg":"created CSR","identifiers":["mydomain"],"san_dns_names":["mydomain"],"san_emails":[],"common_name":"","extra_extensions":0}
2025-10-27T15:49:41.717797-10:00 cadb caddy[57775]: {"level":"info","ts":1761616181.7177176,"logger":"http","msg":"waiting on internal rate limiter","identifiers":["mydomain"],"ca":"https://acme.zerossl.com/v2/DV90","account":"andy@impire.com"}

The debug log of this issue, please take a look.
BTW, I was try to removed fully the domain in Redis, but It was not renew with new cert.
Thanks

Tri_Nguyen · October 30, 2025, 4:42am

yes. on-demand TLS.
could you please help me to fix it ?
Thanks

matt · October 31, 2025, 4:58am

That is interesting… upon close inspection, the log lines are out of order:

2025-10-27T15:45:38.531924-10:00 cadb caddy[57775]: {“level”:“debug”,“ts”:1761615938.5317488,“logger”:“tls”,“msg”:“created CSR”,“identifiers”:[“mydomain”],“san_dns_names”:[“mydomain”],“san_emails”:,“common_name”:“”,“extra_extensions”:0}
2025-10-27T15:45:38.533111-10:00 cadb caddy[57775]: {“level”:“info”,“ts”:1761615938.5329268,“logger”:“http”,“msg”:“waiting on internal rate limiter”,“identifiers”:[“mydomain”],“ca”:“https://acme.zerossl.com/v2/DV90",“account”:"andy@impire.com”}
2025-10-27T15:48:38.528327-10:00 cadb caddy[57775]: {“level”:“error”,“ts”:1761616118.528195,“logger”:“tls.obtain”,“msg”:“could not get certificate from issuer”,“identifier”:“mydomain”,“issuer”:“acme.zerossl.com-v2-DV90”,“error”:“context canceled”}

Notice how it goes from 38.53 seconds to 38.52 seconds. Is this a straight copy-paste of the logs?

I don’t know if that’s significant, but either way, the context is being canceled like… less than a hundredth of a second after it started?

What I’m getting from this is the client is immediately disconnecting.

Can you point us to an endpoint we can connect to so that we can reproduce the behavior?

Tri_Nguyen · October 31, 2025, 7:08am

I resend the full log of this case.
The API checkpoint will return 200 OK if the domain in the whitelisted domains file.

Summary

2025-10-30T20:52:03.552936-10:00 cadb caddy[9227]: {“level”:“debug”,“ts”:1761893523.5527737,“logger”:“events”,“msg”:“event”,“name”:“tls_get_certificate”,“id”:“e462177d-d765-401c-806a-a3dc9e3727ee”,“origin”:“tls”,“data”:{“client_hello”:{“CipherSuites”:[4865,4867,4866,49195,49199,52393,52392,49196,49200,49162,49161,49171,49172,156,157,47,53],“ServerName”:“``oynf.com``”,“SupportedCurves”:[4588,29,23,24,25,256,257],“SupportedPoints”:“AA==”,“SignatureSchemes”:[1027,1283,1539,2052,2053,2054,1025,1281,1537,515,513],“SupportedProtos”:[“h2”,“http/1.1”],“SupportedVersions”:[772,771],“RemoteAddr”:{“IP”:“203.119.65.147”,“Port”:64105,“Zone”:“”},“LocalAddr”:{“IP”:“89.117.19.57”,“Port”:443,“Zone”:“”}}}}
2025-10-30T20:52:03.552990-10:00 cadb caddy[9227]: {“level”:“debug”,“ts”:1761893523.5528889,“logger”:“tls.handshake”,“msg”:“choosing certificate”,“identifier”:“``oynf.com``”,“num_choices”:1}
2025-10-30T20:52:03.553014-10:00 cadb caddy[9227]: {“level”:“debug”,“ts”:1761893523.5529027,“logger”:“tls.handshake”,“msg”:“default certificate selection results”,“identifier”:“``oynf.com``”,“subjects”:[“``oynf.com``”],“managed”:true,“issuer_key”:“acme.zerossl.com-v2-DV90”,“hash”:“c85bd762b5a06a6e21e357101b9c997cf6530fc7157b10caac629de7fdec1e46”}
2025-10-30T20:52:03.553025-10:00 cadb caddy[9227]: {“level”:“debug”,“ts”:1761893523.5529146,“logger”:“tls.handshake”,“msg”:“matched certificate in cache”,“remote_ip”:“203.119.65.147”,“remote_port”:“64105”,“subjects”:[“``oynf.com``”],“managed”:true,“expiration”:1760918400,“hash”:“c85bd762b5a06a6e21e357101b9c997cf6530fc7157b10caac629de7fdec1e46”}
2025-10-30T20:52:03.553036-10:00 cadb caddy[9227]: {“level”:“info”,“ts”:1761893523.552934,“logger”:“tls”,“msg”:“certificate needs renewal based on ARI window”,“subjects”:[“``oynf.com``”],“expiration”:1760918400,“ari_cert_id”:“D2vmS845R672fpAeefAwkZLIX6M.AK0wmaPiaOv1l3CqkZNThh0”,“next_ari_update”:1760937037.5656383,“renew_check_interval”:600,“window_start”:1759622399,“window_end”:1759795199,“selected_time”:1759641802,“renewal_cutoff”:1759641202}
2025-10-30T20:52:03.554265-10:00 cadb caddy[9227]: {“level”:“debug”,“ts”:1761893523.5541778,“logger”:“tls”,“msg”:“asking for permission for on-demand certificate”,“remote_ip”:“203.119.65.147”,“domain”:“``oynf.com``”}
2025-10-30T20:52:03.554286-10:00 cadb caddy[9227]: {“level”:“debug”,“ts”:1761893523.554202,“logger”:“tls.permission.http”,“msg”:“asking permission endpoint”,“remote”:“203.119.65.147:64105”,“domain”:“``oynf.com``”,“url”:“`` ````` http://localhost:5555/check?domain=oynf.com”\`\`} ``` 2025-10-30T20:52:03.555400-10:00 cadb validation-service[8236]: 2025/10/30 20:52:03 ✅ Domain ``oynf.com`` allowed ``` ``` 2025-10-30T20:52:03.555555-10:00 cadb caddy[9227]: {“level”:“debug”,“ts”:1761893523.5554986,“logger”:“tls.permission.http”,“msg”:“response from permission endpoint”,“remote”:“203.119.65.147:64105”,“domain”:“``oynf.com``”,“url”:“`` ````` http://localhost:5555/check?domain=oynf.com","status”:200\` }` 2025-10-30T20:52:03.555586-10:00 cadb caddy[9227]: {“level”:“info”,“ts”:1761893523.5555212,“logger”:“tls.on_demand”,“msg”:“attempting certificate renewal”,“remote_ip”:“203.119.65.147”,“remote_port”:“64105”,“server_name”:“oynf.com”,“subjects”:[“oynf.com”],“expiration”:1760918400,“remaining”:-975123.554154688,“revoked”:false} 2025-10-30T20:52:03.560339-10:00 cadb caddy[9227]: {“level”:“info”,“ts”:1761893523.5598216,“logger”:“tls.renew”,“msg”:“acquiring lock”,“identifier”:“oynf.com”} 2025-10-30T20:52:03.560374-10:00 cadb caddy[9227]: {“level”:“info”,“ts”:1761893523.5602639,“logger”:“tls.renew”,“msg”:“lock acquired”,“identifier”:“oynf.com”} 2025-10-30T20:52:03.561622-10:00 cadb caddy[9227]: {“level”:“info”,“ts”:1761893523.5615172,“logger”:“tls.renew”,“msg”:“renewing certificate”,“identifier”:“oynf.com”,“remaining”:-975123.561511448} 2025-10-30T20:52:03.561653-10:00 cadb caddy[9227]: {“level”:“debug”,“ts”:1761893523.5616,“logger”:“events”,“msg”:“event”,“name”:“cert_obtaining”,“id”:“c7f1bba3-0159-4df7-ab41-10d352969aa4”,“origin”:“tls”,“data”:{“forced”:false,“identifier”:“oynf.com”,“issuer”:“acme.zerossl.com-v2-DV90”,“remaining”:-975123561511448,“renewal”:true}} 2025-10-30T20:52:03.561859-10:00 cadb caddy[9227]: {“level”:“debug”,“ts”:1761893523.5617986,“logger”:“tls”,“msg”:“created CSR”,“identifiers”:[“oynf.com”],“san_dns_names”:[“oynf.com”],“san_emails”: [ ]`,“common_name”:“”,“extra_extensions”:0}` 2025-10-30T20:52:03.562953-10:00 cadb caddy[9227]: {“level”:“info”,“ts”:1761893523.5629141,“logger”:“http”,“msg”:“waiting on internal rate limiter”,“identifiers”:[“oynf.com”],“ca”:“ ````` https://acme.zerossl.com/v2/DV90",“account”:"andy@impire.com”\`\` ```}` ``` 2025-10-30T20:52:03.568740-10:00 cadb caddy[9227]: {“level”:“debug”,“ts”:1761893523.568522,“logger”:“events”,“msg”:“event”,“name”:“tls_get_certificate”,“id”:“03938603-cd56-483b-885e-426f022735ff”,“origin”:“tls”,“data”:{“client_hello”:{“CipherSuites”:[4865,4867,4866,49195,49199,52393,52392,49196,49200,49162,49161,49171,49172,156,157,47,53],“ServerName”:“oynf.com”,“SupportedCurves”:[4588,29,23,24,25,256,257],“SupportedPoints”:“AA==”,“SignatureSchemes”:[1027,1283,1539,2052,2053,2054,1025,1281,1537,515,513],“SupportedProtos”:[“h2”,“http/1.1”],“SupportedVersions”:[772,771],“RemoteAddr”:{“IP”:“203.119.65.147”,“Port”:64106,“Zone”:“”},“LocalAddr”:{“IP”:“89.117.19.57”,“Port”:443,“Zone”:“”}}}} ``` ``` 2025-10-30T20:52:03.570850-10:00 cadb caddy[9227]: {“level”:“debug”,“ts”:1761893523.5707626,“logger”:“tls.handshake”,“msg”:“choosing certificate”,“identifier”:“oynf.com”,“num_choices”:1} ``` ``` 2025-10-30T20:52:03.570859-10:00 cadb caddy[9227]: {“level”:“debug”,“ts”:1761893523.5707805,“logger”:“tls.handshake”,“msg”:“default certificate selection results”,“identifier”:“oynf.com”,“subjects”:[“oynf.com”],“managed”:true,“issuer_key”:“acme.zerossl.com-v2-DV90”,“hash”:“c85bd762b5a06a6e21e357101b9c997cf6530fc7157b10caac629de7fdec1e46”} ``` ``` 2025-10-30T20:52:03.570867-10:00 cadb caddy[9227]: {“level”:“debug”,“ts”:1761893523.570793,“logger”:“tls.handshake”,“msg”:“matched certificate in cache”,“remote_ip”:“203.119.65.147”,“remote_port”:“64106”,“subjects”:[“oynf.com”],“managed”:true,“expiration”:1760918400,“hash”:“c85bd762b5a06a6e21e357101b9c997cf6530fc7157b10caac629de7fdec1e46”} ``` ``` 2025-10-30T20:52:03.570889-10:00 cadb caddy[9227]: {“level”:“info”,“ts”:1761893523.5708117,“logger”:“tls”,“msg”:“certificate needs renewal based on ARI window”,“subjects”:[“oynf.com”],“expiration”:1760918400,“ari_cert_id”:“D2vmS845R672fpAeefAwkZLIX6M.AK0wmaPiaOv1l3CqkZNThh0”,“next_ari_update”:1760937037.5656383,“renew_check_interval”:600,“window_start”:1759622399,“window_end”:1759795199,“selected_time”:1759641802,“renewal_cutoff”:1759641202} ``` ``` 2025-10-30T20:52:03.571830-10:00 cadb caddy[9227]: {“level”:“debug”,“ts”:1761893523.571743,“logger”:“tls.on_demand”,“msg”:“certificate has expired, but is already being renewed; waiting for renewal to complete”,“remote_ip”:“203.119.65.147”,“remote_port”:“64106”,“subjects”:[“oynf.com”],“expired”:1760918400,“revoked”:false} ``` ``` 2025-10-30T20:52:06.197044-10:00 cadb caddy[9227]: {“level”:“debug”,“ts”:1761893526.1967335,“logger”:“events”,“msg”:“event”,“name”:“tls_get_certificate”,“id”:“08ccedb0-2e58-4f79-95b8-52ef8a7d290f”,“origin”:“tls”,“data”:{“client_hello”:{“CipherSuites”:[4865,4867,4866,49195,49199,52393,52392,49196,49200,49162,49161,49171,49172,156,157,47,53],“ServerName”:“oynf.com”,“SupportedCurves”:[4588,29,23,24,25,256,257],“SupportedPoints”:“AA==”,“SignatureSchemes”:[1027,1283,1539,2052,2053,2054,1025,1281,1537,515,513],“SupportedProtos”:[“h2”,“http/1.1”],“SupportedVersions”:[772,771],“RemoteAddr”:{“IP”:“203.119.65.147”,“Port”:64110,“Zone”:“”},“LocalAddr”:{“IP”:“89.117.19.57”,“Port”:443,“Zone”:“”}}}} ``` ``` 2025-10-30T20:52:06.197083-10:00 cadb caddy[9227]: {“level”:“debug”,“ts”:1761893526.1969433,“logger”:“tls.handshake”,“msg”:“choosing certificate”,“identifier”:“oynf.com”,“num_choices”:1} ``` ``` 2025-10-30T20:52:06.197128-10:00 cadb caddy[9227]: {“level”:“debug”,“ts”:1761893526.1969635,“logger”:“tls.handshake”,“msg”:“default certificate selection results”,“identifier”:“oynf.com”,“subjects”:[“oynf.com”],“managed”:true,“issuer_key”:“acme.zerossl.com-v2-DV90”,“hash”:“c85bd762b5a06a6e21e357101b9c997cf6530fc7157b10caac629de7fdec1e46”} ``` ``` 2025-10-30T20:52:06.197140-10:00 cadb caddy[9227]: {“level”:“debug”,“ts”:1761893526.1970131,“logger”:“tls.handshake”,“msg”:“matched certificate in cache”,“remote_ip”:“203.119.65.147”,“remote_port”:“64110”,“subjects”:[“oynf.com”],“managed”:true,“expiration”:1760918400,“hash”:“c85bd762b5a06a6e21e357101b9c997cf6530fc7157b10caac629de7fdec1e46”} ``` ``` 2025-10-30T20:52:06.197150-10:00 cadb caddy[9227]: {“level”:“info”,“ts”:1761893526.1970496,“logger”:“tls”,“msg”:“certificate needs renewal based on ARI window”,“subjects”:[“oynf.com”],“expiration”:1760918400,“ari_cert_id”:“D2vmS845R672fpAeefAwkZLIX6M.AK0wmaPiaOv1l3CqkZNThh0”,“next_ari_update”:1760937037.5656383,“renew_check_interval”:600,“window_start”:1759622399,“window_end”:1759795199,“selected_time”:1759641802,“renewal_cutoff”:1759641202} ``` ``` 2025-10-30T20:52:06.198302-10:00 cadb caddy[9227]: {“level”:“debug”,“ts”:1761893526.1982508,“logger”:“tls.on_demand”,“msg”:“certificate has expired, but is already being renewed; waiting for renewal to complete”,“remote_ip”:“203.119.65.147”,“remote_port”:“64110”,“subjects”:[“oynf.com”],“expired”:1760918400,“revoked”:false} ``` ``` 2025-10-30T20:52:13.348512-10:00 cadb caddy[9227]: {“level”:“debug”,“ts”:1761893533.3482103,“logger”:“tls.cache”,“msg”:“cache full; evicting random certificate”,“removing_subjects”:[“oynf.com”],“removing_hash”:“c85bd762b5a06a6e21e357101b9c997cf6530fc7157b10caac629de7fdec1e46”,“inserting_subjects”:[“qlti.com”],“inserting_hash”:“edaf9447b5414424c8be0677a5d014edc6a39893f227121de91f6adc91044b3b”} ``` ``` 2025-10-30T20:52:13.348550-10:00 cadb caddy[9227]: {“level”:“debug”,“ts”:1761893533.3482456,“logger”:“tls.cache”,“msg”:“removed certificate from cache”,“subjects”:[“oynf.com”],“expiration”:1760918400,“managed”:true,“issuer_key”:“acme.zerossl.com-v2-DV90”,“hash”:“c85bd762b5a06a6e21e357101b9c997cf6530fc7157b10caac629de7fdec1e46”,“cache_size”:9999,“cache_capacity”:10000} ``` ``` 2025-10-30T20:52:40.280176-10:00 cadb caddy[9227]: {“level”:“debug”,“ts”:1761893560.2800624,“logger”:“events”,“msg”:“event”,“name”:“tls_get_certificate”,“id”:“ed2544a6-abf3-4234-91ad-590efbc464dc”,“origin”:“tls”,“data”:{“client_hello”:{“CipherSuites”:[4865,4867,4866,49195,49199,52393,52392,49196,49200,49162,49161,49171,49172,156,157,47,53],“ServerName”:“oynf.com”,“SupportedCurves”:[4588,29,23,24,25,256,257],“SupportedPoints”:“AA==”,“SignatureSchemes”:[1027,1283,1539,2052,2053,2054,1025,1281,1537,515,513],“SupportedProtos”:[“h2”,“http/1.1”],“SupportedVersions”:[772,771],“RemoteAddr”:{“IP”:“203.119.65.147”,“Port”:64126,“Zone”:“”},“LocalAddr”:{“IP”:“89.117.19.57”,“Port”:443,“Zone”:“”}}}} ``` ``` 2025-10-30T20:52:40.280196-10:00 cadb caddy[9227]: {“level”:“debug”,“ts”:1761893560.280165,“logger”:“tls.handshake”,“msg”:“no matching certificates and no custom selection logic”,“identifier”:“oynf.com”} ``` ``` 2025-10-30T20:52:40.280427-10:00 cadb caddy[9227]: {“level”:“debug”,“ts”:1761893560.2803724,“logger”:“tls.handshake”,“msg”:“all external certificate managers yielded no certificates and no errors”,“remote_ip”:“203.119.65.147”,“remote_port”:“64126”,“sni”:“oynf.com”} ``` ``` 2025-10-30T20:52:40.280478-10:00 cadb caddy[9227]: {“level”:“debug”,“ts”:1761893560.2803843,“logger”:“tls”,“msg”:“asking for permission for on-demand certificate”,“remote_ip”:“203.119.65.147”,“domain”:“oynf.com”} ``` ``` 2025-10-30T20:52:40.280501-10:00 cadb caddy[9227]: {“level”:“debug”,“ts”:1761893560.2804117,“logger”:“tls.permission.http”,“msg”:“asking permission endpoint”,“remote”:“203.119.65.147:64126”,“domain”:“oynf.com”,“url”:“ http://localhost:5555/check?domain=oynf.com”\`\` ```}` ``` 2025-10-30T20:52:40.282611-10:00 cadb validation-service[8236]: 2025/10/30 20:52:40 ✅ Domain ``oynf.com`` allowed ``` ``` 2025-10-30T20:52:40.283106-10:00 cadb caddy[9227]: {“level”:“debug”,“ts”:1761893560.2830153,“logger”:“tls.permission.http”,“msg”:“response from permission endpoint”,“remote”:“203.119.65.147:64126”,“domain”:“``oynf.com``”,“url”:“`` http://localhost:5555/check?domain=oynf.com","status”:200\`\` }` 2025-10-30T20:52:40.388898-10:00 cadb caddy[9227]: {“level”:“warn”,“ts”:1761893560.3887486,“logger”:“tls”,“msg”:“stapling OCSP”,“error”:“no OCSP stapling for [oynf.com]: parsing OCSP response: ocsp: error from server: unauthorized”,“identifiers”:[“oynf.com”]} 2025-10-30T20:52:40.391869-10:00 cadb caddy[9227]: {“level”:“debug”,“ts”:1761893560.3917673,“logger”:“tls.cache”,“msg”:“cache full; evicting random certificate”,“removing_subjects”:[“sqsb.net”],“removing_hash”:“716d3224f26ff9afbbe2b745acd83963ae61df5f25f630ae598d4473ad7bf37d”,“inserting_subjects”:[“oynf.com”],“inserting_hash”:“c85bd762b5a06a6e21e357101b9c997cf6530fc7157b10caac629de7fdec1e46”} 2025-10-30T20:52:40.392015-10:00 cadb caddy[9227]: {“level”:“debug”,“ts”:1761893560.391962,“logger”:“tls.cache”,“msg”:“added certificate to cache”,“subjects”:[“oynf.com”],“expiration”:1760918400,“managed”:true,“issuer_key”:“acme.zerossl.com-v2-DV90”,“hash”:“c85bd762b5a06a6e21e357101b9c997cf6530fc7157b10caac629de7fdec1e46”,“cache_size”:10000,“cache_capacity”:10000} 2025-10-30T20:52:40.392412-10:00 cadb caddy[9227]: {“level”:“debug”,“ts”:1761893560.3920739,“logger”:“events”,“msg”:“event”,“name”:“cached_managed_cert”,“id”:“297d4f91-b7e2-4cb7-95cc-18f8ebc92991”,“origin”:“tls”,“data”:{“sans”:[“oynf.com”]}} 2025-10-30T20:52:40.392430-10:00 cadb caddy[9227]: {“level”:“debug”,“ts”:1761893560.3921459,“logger”:“tls.handshake”,“msg”:“loaded certificate from storage”,“remote_ip”:“203.119.65.147”,“remote_port”:“64126”,“subjects”:[“oynf.com”],“managed”:true,“expiration”:1760918400,“hash”:“c85bd762b5a06a6e21e357101b9c997cf6530fc7157b10caac629de7fdec1e46”} 2025-10-30T20:52:40.392441-10:00 cadb caddy[9227]: {“level”:“info”,“ts”:1761893560.392201,“logger”:“tls”,“msg”:“certificate needs renewal based on ARI window”,“subjects”:[“oynf.com”],“expiration”:1760918400,“ari_cert_id”:“D2vmS845R672fpAeefAwkZLIX6M.AK0wmaPiaOv1l3CqkZNThh0”,“next_ari_update”:1760937037.5656383,“renew_check_interval”:600,“window_start”:1759622399,“window_end”:1759795199,“selected_time”:1759641802,“renewal_cutoff”:1759641202} 2025-10-30T20:52:40.392832-10:00 cadb caddy[9227]: {“level”:“debug”,“ts”:1761893560.3927138,“logger”:“tls.on_demand”,“msg”:“certificate has expired, but is already being renewed; waiting for renewal to complete”,“remote_ip”:“203.119.65.147”,“remote_port”:“64126”,“subjects”:[“oynf.com”],“expired”:1760918400,“revoked”:false} 2025-10-30T20:53:33.554472-10:00 cadb caddy[9227]: {“level”:“error”,“ts”:1761893613.5543156,“logger”:“tls.renew”,“msg”:“could not get certificate from issuer”,“identifier”:“oynf.com”,“issuer”:“acme.zerossl.com-v2-DV90”,“error”:“context canceled”} 2025-10-30T20:53:33.554529-10:00 cadb caddy[9227]: {“level”:“debug”,“ts”:1761893613.554362,“logger”:“events”,“msg”:“event”,“name”:“cert_failed”,“id”:“012446c3-e277-4410-b0ed-c7fe4b7b0281”,“origin”:“tls”,“data”:{“error”:{},“identifier”:“oynf.com”,“issuers”:[“acme.zerossl.com-v2-DV90”],“remaining”:-975123561511448,“renewal”:true}} 2025-10-30T20:53:33.554573-10:00 cadb caddy[9227]: {“level”:“info”,“ts”:1761893613.5544283,“logger”:“tls.renew”,“msg”:“releasing lock”,“identifier”:“oynf.com”} 2025-10-30T20:53:33.555544-10:00 cadb caddy[9227]: {“level”:“error”,“ts”:1761893613.5549667,“logger”:“tls.on_demand”,“msg”:“renewing and reloading certificate”,“remote_ip”:“203.119.65.147”,“remote_port”:“64105”,“server_name”:“oynf.com”,“subjects”:[“oynf.com”],“expiration”:1760918400,“remaining”:-975123.554154688,“revoked”:false,“server_name”:“oynf.com”,“error”:“[oynf.com] Renew: context canceled”} 2025-10-30T20:53:33.555634-10:00 cadb caddy[9227]: {“level”:“error”,“ts”:1761893613.5551267,“logger”:“tls.on_demand”,“msg”:“renewing certificate on-demand failed”,“subjects”:[“oynf.com”],“not_after”:1760918400,“error”:“[oynf.com] Renew: context canceled”} 2025-10-30T20:53:33.555667-10:00 cadb caddy[9227]: {“level”:“debug”,“ts”:1761893613.5551403,“logger”:“tls.handshake”,“msg”:“choosing certificate”,“identifier”:“oynf.com”,“num_choices”:1} 2025-10-30T20:53:33.555752-10:00 cadb caddy[9227]: {“level”:“debug”,“ts”:1761893613.5551815,“logger”:“http.stdlib”,“msg”:“http: TLS handshake error from 203.119.65.147:64105: [oynf.com] Renew: context canceled”} 2025-10-30T20:53:33.555795-10:00 cadb caddy[9227]: {“level”:“debug”,“ts”:1761893613.5551848,“logger”:“tls.handshake”,“msg”:“default certificate selection results”,“identifier”:“oynf.com”,“subjects”:[“oynf.com”],“managed”:true,“issuer_key”:“acme.zerossl.com-v2-DV90”,“hash”:“c85bd762b5a06a6e21e357101b9c997cf6530fc7157b10caac629de7fdec1e46”} 2025-10-30T20:53:33.555825-10:00 cadb caddy[9227]: {“level”:“debug”,“ts”:1761893613.5552077,“logger”:“tls.handshake”,“msg”:“matched certificate in cache”,“remote_ip”:“203.119.65.147”,“remote_port”:“64106”,“subjects”:[“oynf.com”],“managed”:true,“expiration”:1760918400,“hash”:“c85bd762b5a06a6e21e357101b9c997cf6530fc7157b10caac629de7fdec1e46”} 2025-10-30T20:53:33.555894-10:00 cadb caddy[9227]: {“level”:“debug”,“ts”:1761893613.555071,“logger”:“tls.handshake”,“msg”:“choosing certificate”,“identifier”:“oynf.com”,“num_choices”:1} 2025-10-30T20:53:33.555932-10:00 cadb caddy[9227]: {“level”:“debug”,“ts”:1761893613.5552557,“logger”:“tls.handshake”,“msg”:“default certificate selection results”,“identifier”:“oynf.com”,“subjects”:[“oynf.com”],“managed”:true,“issuer_key”:“acme.zerossl.com-v2-DV90”,“hash”:“c85bd762b5a06a6e21e357101b9c997cf6530fc7157b10caac629de7fdec1e46”} 2025-10-30T20:53:33.556349-10:00 cadb caddy[9227]: {“level”:“debug”,“ts”:1761893613.5552847,“logger”:“tls.handshake”,“msg”:“matched certificate in cache”,“remote_ip”:“203.119.65.147”,“remote_port”:“64126”,“subjects”:[“oynf.com”],“managed”:true,“expiration”:1760918400,“hash”:“c85bd762b5a06a6e21e357101b9c997cf6530fc7157b10caac629de7fdec1e46”} 2025-10-30T20:53:33.556379-10:00 cadb caddy[9227]: {“level”:“debug”,“ts”:1761893613.5551462,“logger”:“tls.handshake”,“msg”:“choosing certificate”,“identifier”:“oynf.com”,“num_choices”:1} 2025-10-30T20:53:33.556409-10:00 cadb caddy[9227]: {“level”:“debug”,“ts”:1761893613.5554001,“logger”:“tls.handshake”,“msg”:“default certificate selection results”,“identifier”:“oynf.com”,“subjects”:[“oynf.com”],“managed”:true,“issuer_key”:“acme.zerossl.com-v2-DV90”,“hash”:“c85bd762b5a06a6e21e357101b9c997cf6530fc7157b10caac629de7fdec1e46”} 2025-10-30T20:53:33.556441-10:00 cadb caddy[9227]: {“level”:“debug”,“ts”:1761893613.5554173,“logger”:“tls.handshake”,“msg”:“matched certificate in cache”,“remote_ip”:“203.119.65.147”,“remote_port”:“64110”,“subjects”:[“oynf.com”],“managed”:true,“expiration”:1760918400,“hash”:“c85bd762b5a06a6e21e357101b9c997cf6530fc7157b10caac629de7fdec1e46”} 2025-10-30T20:56:47.151918-10:00 cadb caddy[9227]: {“level”:“debug”,“ts”:1761893807.151681,“logger”:“events”,“msg”:“event”,“name”:“tls_get_certificate”,“id”:“cd0cedf9-129d-486e-b9b9-b816fbe326d2”,“origin”:“tls”,“data”:{“client_hello”:{“CipherSuites”:[4865,4867,4866,49195,49199,52393,52392,49196,49200,49162,49161,49171,49172,156,157,47,53],“ServerName”:“oynf.com”,“SupportedCurves”:[4588,29,23,24,25,256,257],“SupportedPoints”:“AA==”,“SignatureSchemes”:[1027,1283,1539,2052,2053,2054,1025,1281,1537,515,513],“SupportedProtos”:[“h2”,“http/1.1”],“SupportedVersions”:[772,771],“RemoteAddr”:{“IP”:“203.119.65.147”,“Port”:59474,“Zone”:“”},“LocalAddr”:{“IP”:“89.117.19.57”,“Port”:443,“Zone”:“”}}}} 2025-10-30T20:56:47.151953-10:00 cadb caddy[9227]: {“level”:“debug”,“ts”:1761893807.1518002,“logger”:“tls.handshake”,“msg”:“choosing certificate”,“identifier”:“oynf.com”,“num_choices”:1} 2025-10-30T20:56:47.151961-10:00 cadb caddy[9227]: {“level”:“debug”,“ts”:1761893807.1518097,“logger”:“tls.handshake”,“msg”:“default certificate selection results”,“identifier”:“oynf.com”,“subjects”:[“oynf.com”],“managed”:true,“issuer_key”:“acme.zerossl.com-v2-DV90”,“hash”:“c85bd762b5a06a6e21e357101b9c997cf6530fc7157b10caac629de7fdec1e46”} 2025-10-30T20:56:47.151970-10:00 cadb caddy[9227]: {“level”:“debug”,“ts”:1761893807.1518385,“logger”:“tls.handshake”,“msg”:“matched certificate in cache”,“remote_ip”:“203.119.65.147”,“remote_port”:“59474”,“subjects”:[“oynf.com”],“managed”:true,“expiration”:1760918400,“hash”:“c85bd762b5a06a6e21e357101b9c997cf6530fc7157b10caac629de7fdec1e46”} 2025-10-30T20:56:47.151989-10:00 cadb caddy[9227]: {“level”:“info”,“ts”:1761893807.151855,“logger”:“tls”,“msg”:“certificate needs renewal based on ARI window”,“subjects”:[“oynf.com”],“expiration”:1760918400,“ari_cert_id”:“D2vmS845R672fpAeefAwkZLIX6M.AK0wmaPiaOv1l3CqkZNThh0”,“next_ari_update”:1760937037.5656383,“renew_check_interval”:600,“window_start”:1759622399,“window_end”:1759795199,“selected_time”:1759641802,“renewal_cutoff”:1759641202} 2025-10-30T20:56:47.152557-10:00 cadb caddy[9227]: {“level”:“debug”,“ts”:1761893807.1523523,“logger”:“tls”,“msg”:“asking for permission for on-demand certificate”,“remote_ip”:“203.119.65.147”,“domain”:“oynf.com”} 2025-10-30T20:56:47.152585-10:00 cadb caddy[9227]: {“level”:“debug”,“ts”:1761893807.152385,“logger”:“tls.permission.http”,“msg”:“asking permission endpoint”,“remote”:“203.119.65.147:59474”,“domain”:“oynf.com”,“url”:“````` http://localhost:5555/check?domain=oynf.com”\`\` ```}` ``` 2025-10-30T20:56:47.153863-10:00 cadb validation-service[8236]: 2025/10/30 20:56:47 ✅ Domainoynf.com allowed ``` ``` 2025-10-30T20:56:47.154051-10:00 cadb caddy[9227]: {“level”:“debug”,“ts”:1761893807.1539469,“logger”:“tls.permission.http”,“msg”:“response from permission endpoint”,“remote”:“203.119.65.147:59474”,“domain”:“oynf.com”,“url”:“ http://localhost:5555/check?domain=oynf.com","status”:200\`\` ```}` ``` 2025-10-30T20:56:47.154076-10:00 cadb caddy[9227]: {“level”:“info”,“ts”:1761893807.154007,“logger”:“tls.on_demand”,“msg”:“attempting certificate renewal”,“remote_ip”:“203.119.65.147”,“remote_port”:“59474”,“server_name”:“``oynf.com``”,“subjects”:[“``oynf.com``”],“expiration”:1760918400,“remaining”:-975407.152331931,“revoked”:false} ``` ``` 2025-10-30T20:56:47.155131-10:00 cadb caddy[9227]: {“level”:“info”,“ts”:1761893807.1550434,“logger”:“tls.renew”,“msg”:“acquiring lock”,“identifier”:“``oynf.com``”} ``` ``` 2025-10-30T20:56:47.155266-10:00 cadb caddy[9227]: {“level”:“info”,“ts”:1761893807.1552098,“logger”:“tls.renew”,“msg”:“lock acquired”,“identifier”:“``oynf.com``”} ``` ``` 2025-10-30T20:56:47.156402-10:00 cadb caddy[9227]: {“level”:“info”,“ts”:1761893807.156325,“logger”:“tls.renew”,“msg”:“renewing certificate”,“identifier”:“``oynf.com``”,“remaining”:-975407.156319195} ``` ``` 2025-10-30T20:56:47.156437-10:00 cadb caddy[9227]: {“level”:“debug”,“ts”:1761893807.1563828,“logger”:“events”,“msg”:“event”,“name”:“cert_obtaining”,“id”:“f6036eb7-bdcc-49ad-8206-a868c9b20f72”,“origin”:“tls”,“data”:{“forced”:false,“identifier”:“``oynf.com``”,“issuer”:“acme.zerossl.com-v2-DV90”,“remaining”:-975407156319195,“renewal”:true}} ``` ``` 2025-10-30T20:56:47.156594-10:00 cadb caddy[9227]: {“level”:“debug”,“ts”:1761893807.1565301,“logger”:“tls”,“msg”:“created CSR”,“identifiers”:[“``oynf.com``”],“san_dns_names”:[“``oynf.com``”],“san_emails”: ```[ ]`,“common_name”:“”,“extra_extensions”:0}` ``` 2025-10-30T20:56:47.157383-10:00 cadb caddy[9227]: {“level”:“debug”,“ts”:1761893807.1571403,“logger”:“events”,“msg”:“event”,“name”:“tls_get_certificate”,“id”:“23651464-a871-4b2a-a213-886c78f0cc6c”,“origin”:“tls”,“data”:{“client_hello”:{“CipherSuites”:[4865,4867,4866,49195,49199,52393,52392,49196,49200,49162,49161,49171,49172,156,157,47,53],“ServerName”:“``oynf.com``”,“SupportedCurves”:[4588,29,23,24,25,256,257],“SupportedPoints”:“AA==”,“SignatureSchemes”:[1027,1283,1539,2052,2053,2054,1025,1281,1537,515,513],“SupportedProtos”:[“h2”,“http/1.1”],“SupportedVersions”:[772,771],“RemoteAddr”:{“IP”:“203.119.65.147”,“Port”:59475,“Zone”:“”},“LocalAddr”:{“IP”:“89.117.19.57”,“Port”:443,“Zone”:“”}}}} ``` ``` 2025-10-30T20:56:47.157406-10:00 cadb caddy[9227]: {“level”:“debug”,“ts”:1761893807.1572413,“logger”:“tls.handshake”,“msg”:“choosing certificate”,“identifier”:“``oynf.com``”,“num_choices”:1} ``` ``` 2025-10-30T20:56:47.157416-10:00 cadb caddy[9227]: {“level”:“debug”,“ts”:1761893807.157252,“logger”:“tls.handshake”,“msg”:“default certificate selection results”,“identifier”:“``oynf.com``”,“subjects”:[“``oynf.com``”],“managed”:true,“issuer_key”:“acme.zerossl.com-v2-DV90”,“hash”:“c85bd762b5a06a6e21e357101b9c997cf6530fc7157b10caac629de7fdec1e46”} ``` ``` 2025-10-30T20:56:47.157427-10:00 cadb caddy[9227]: {“level”:“debug”,“ts”:1761893807.1572676,“logger”:“tls.handshake”,“msg”:“matched certificate in cache”,“remote_ip”:“203.119.65.147”,“remote_port”:“59475”,“subjects”:[“``oynf.com``”],“managed”:true,“expiration”:1760918400,“hash”:“c85bd762b5a06a6e21e357101b9c997cf6530fc7157b10caac629de7fdec1e46”} ``` ``` 2025-10-30T20:56:47.157439-10:00 cadb caddy[9227]: {“level”:“info”,“ts”:1761893807.157291,“logger”:“tls”,“msg”:“certificate needs renewal based on ARI window”,“subjects”:[“``oynf.com``”],“expiration”:1760918400,“ari_cert_id”:“D2vmS845R672fpAeefAwkZLIX6M.AK0wmaPiaOv1l3CqkZNThh0”,“next_ari_update”:1760937037.5656383,“renew_check_interval”:600,“window_start”:1759622399,“window_end”:1759795199,“selected_time”:1759641802,“renewal_cutoff”:1759641202} ``` ``` 2025-10-30T20:56:47.157674-10:00 cadb caddy[9227]: {“level”:“info”,“ts”:1761893807.1575754,“logger”:“http”,“msg”:“waiting on internal rate limiter”,“identifiers”:[“``oynf.com``”],“ca”:“`` https://acme.zerossl.com/v2/DV90",“account”:"andy@impire.com”\`\` }` 2025-10-30T20:56:47.157846-10:00 cadb caddy[9227]: {“level”:“debug”,“ts”:1761893807.1577506,“logger”:“tls.on_demand”,“msg”:“certificate has expired, but is already being renewed; waiting for renewal to complete”,“remote_ip”:“203.119.65.147”,“remote_port”:“59475”,“subjects”:[“oynf.com”],“expired”:1760918400,“revoked”:false} 2025-10-30T20:57:55.001479-10:00 cadb caddy[9227]: {“level”:“debug”,“ts”:1761893875.0011687,“logger”:“tls.cache”,“msg”:“cache full; evicting random certificate”,“removing_subjects”:[“oynf.com”],“removing_hash”:“c85bd762b5a06a6e21e357101b9c997cf6530fc7157b10caac629de7fdec1e46”,“inserting_subjects”:[“fkek.com”],“inserting_hash”:“f76e7c31ec18a6d59b3a99cabdc6f43ae0c4f3dedb94b423d883f1330ed38764”} 2025-10-30T20:57:55.001648-10:00 cadb caddy[9227]: {“level”:“debug”,“ts”:1761893875.0012903,“logger”:“tls.cache”,“msg”:“removed certificate from cache”,“subjects”:[“oynf.com”],“expiration”:1760918400,“managed”:true,“issuer_key”:“acme.zerossl.com-v2-DV90”,“hash”:“c85bd762b5a06a6e21e357101b9c997cf6530fc7157b10caac629de7fdec1e46”,“cache_size”:9999,“cache_capacity”:10000} 2025-10-30T20:58:17.153217-10:00 cadb caddy[9227]: {“level”:“error”,“ts”:1761893897.1529884,“logger”:“tls.renew”,“msg”:“could not get certificate from issuer”,“identifier”:“oynf.com”,“issuer”:“acme.zerossl.com-v2-DV90”,“error”:“context canceled”} 2025-10-30T20:58:17.153264-10:00 cadb caddy[9227]: {“level”:“debug”,“ts”:1761893897.1530936,“logger”:“events”,“msg”:“event”,“name”:“cert_failed”,“id”:“fd39ab17-570d-428b-a9c8-3e1a065b3f5f”,“origin”:“tls”,“data”:{“error”:{},“identifier”:“oynf.com”,“issuers”:[“acme.zerossl.com-v2-DV90”],“remaining”:-975407156319195,“renewal”:true}} 2025-10-30T20:58:17.153273-10:00 cadb caddy[9227]: {“level”:“info”,“ts”:1761893897.153176,“logger”:“tls.renew”,“msg”:“releasing lock”,“identifier”:“oynf.com”} 2025-10-30T20:58:17.154043-10:00 cadb caddy[9227]: {“level”:“error”,“ts”:1761893897.1538386,“logger”:“tls.on_demand”,“msg”:“renewing and reloading certificate”,“remote_ip”:“203.119.65.147”,“remote_port”:“59474”,“server_name”:“oynf.com”,“subjects”:[“oynf.com”],“expiration”:1760918400,“remaining”:-975407.152331931,“revoked”:false,“server_name”:“oynf.com”,“error”:“[oynf.com] Renew: context canceled”} 2025-10-30T20:58:17.154070-10:00 cadb caddy[9227]: {“level”:“error”,“ts”:1761893897.1539123,“logger”:“tls.on_demand”,“msg”:“renewing certificate on-demand failed”,“subjects”:[“oynf.com”],“not_after”:1760918400,“error”:“[oynf.com] Renew: context canceled”} 2025-10-30T20:58:17.154103-10:00 cadb caddy[9227]: {“level”:“debug”,“ts”:1761893897.153986,“logger”:“http.stdlib”,“msg”:“http: TLS handshake error from 203.119.65.147:59474: [oynf.com] Renew: context canceled”} 2025-10-30T20:58:17.154208-10:00 cadb caddy[9227]: {“level”:“debug”,“ts”:1761893897.1541166,“logger”:“tls.handshake”,“msg”:“no matching certificates and no custom selection logic”,“identifier”:“oynf.com”} 2025-10-30T20:58:17.154266-10:00 cadb caddy[9227]: {“level”:“debug”,“ts”:1761893897.154194,“logger”:“tls.handshake”,“msg”:“all external certificate managers yielded no certificates and no errors”,“remote_ip”:“203.119.65.147”,“remote_port”:“59475”,“sni”:“oynf.com”} 2025-10-30T20:58:17.154280-10:00 cadb caddy[9227]: {“level”:“debug”,“ts”:1761893897.154208,“logger”:“tls”,“msg”:“asking for permission for on-demand certificate”,“remote_ip”:“203.119.65.147”,“domain”:“oynf.com”} 2025-10-30T20:58:17.154292-10:00 cadb caddy[9227]: {“level”:“debug”,“ts”:1761893897.1542397,“logger”:“tls.permission.http”,“msg”:“asking permission endpoint”,“remote”:“203.119.65.147:59475”,“domain”:“oynf.com”,“url”:“````` http://localhost:5555/check?domain=oynf.com”\`\` ```}` ``` 2025-10-30T20:58:17.156329-10:00 cadb validation-service[8236]: 2025/10/30 20:58:17 ✅ Domainoynf.com allowed ``` ``` 2025-10-30T20:58:17.157027-10:00 cadb caddy[9227]: {“level”:“debug”,“ts”:1761893897.1568277,“logger”:“tls.permission.http”,“msg”:“response from permission endpoint”,“remote”:“203.119.65.147:59475”,“domain”:“oynf.com”,“url”:“ ````` http://localhost:5555/check?domain=oynf.com","status”:200\`\` }` 2025-10-30T20:58:17.157061-10:00 cadb caddy[9227]: {“level”:“debug”,“ts”:1761893897.1569183,“logger”:“tls.handshake”,“msg”:“no certificate matching TLS ClientHello”,“remote_ip”:“203.119.65.147”,“remote_port”:“59475”,“server_name”:“oynf.com”,“remote”:“203.119.65.147:59475”,“identifier”:“oynf.com”,“cipher_suites”:[4865,4867,4866,49195,49199,52393,52392,49196,49200,49162,49161,49171,49172,156,157,47,53],“cert_cache_fill”:1,“load_or_obtain_if_necessary”:false,“on_demand”:true} 2025-10-30T20:58:17.157096-10:00 cadb caddy[9227]: {“level”:“error”,“ts”:1761893897.1570115,“logger”:“tls.on_demand”,“msg”:“renewing certificate on-demand failed”,“subjects”:[“oynf.com”],“not_after”:1760918400,“error”:“no certificate available for ‘oynf.com’”} 2025-10-30T20:58:17.157108-10:00 cadb caddy[9227]: {“level”:“debug”,“ts”:1761893897.1570683,“logger”:“http.stdlib”,“msg”:“http: TLS handshake error from 203.119.65.147:59475: no certificate available for ‘oynf.com’”} ```