Unable to retrieve my ssl certificate

Hello, I would need help, I have a problem on my caddy, which runs on a docker-compose container, impossible to recover my ssl certificate, someone would have a solution. Thanks in advance.

configuration of Docker-compose.yml

version: '3.9'
services:

  caddy:
    image: caddy:2-alpine
    container_name: caddy
    environment:
      ACME_AGREE: "true"
    expose:
      - 443
      - 80
    ports:
      - "80:80"
      - "443:443"
    links:
      - website
    volumes:
      - /home/ubuntu/caddy/Caddyfile:/etc/caddy/Caddyfile
      - ./media:/srv/media/
      - ./static:/srv/static/

configuration of Caddyfile :

51.254.120.199, www.mathieudamotalongo.fr, mathieudamotalongo.fr {

    tls contact@mathieudamotalongo.fr
    encode gzip

    handle_path /static/* {
        root * /srv/static/
        file_server
    }

    handle_path /media/* {
        root * /srv/media/
        file_server
    }

    reverse_proxy website:8000
    header {
        header_up Host {http.request.host}
        header_up X-Forwarded-For {http.request.remote.host}
        header_up X-Forwarded-Proto {http.request.scheme}
    }
}

logs

{"level":"info","ts":1651763819.960709,"msg":"using provided configuration","config_file":"/etc/caddy/Caddyfile","config_adapter":"caddyfile"}
{"level":"warn","ts":1651763819.966733,"msg":"input is not formatted with 'caddy fmt'","adapter":"caddyfile","file":"/etc/caddy/Caddyfile","line":1}
{"level":"info","ts":1651763819.9751885,"logger":"admin","msg":"admin endpoint started","address":"tcp/localhost:2019","enforce_origin":false,"origins":["localhost:2019","[::1]:2019","127.0.0.1:2019"]}
{"level":"info","ts":1651763819.9755948,"logger":"http","msg":"server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS","server_name":"srv0","https_port":443}
{"level":"info","ts":1651763819.975702,"logger":"http","msg":"enabling automatic HTTP->HTTPS redirects","server_name":"srv0"}
{"level":"info","ts":1651763819.9767365,"logger":"http","msg":"enabling automatic TLS certificate management","domains":["www.mathieudamotalongo.fr","mathieudamotalongo.fr","51.254.120.199"]}
{"level":"info","ts":1651763819.9822912,"msg":"autosaved config (load with --resume flag)","file":"/config/caddy/autosave.json"}
{"level":"info","ts":1651763819.9824672,"msg":"serving initial configuration"}
{"level":"info","ts":1651763819.9829652,"logger":"tls.obtain","msg":"acquiring lock","identifier":"www.mathieudamotalongo.fr"}
{"level":"info","ts":1651763819.9837565,"logger":"tls.cache.maintenance","msg":"started background certificate maintenance","cache":"0xc00027cee0"}
{"level":"info","ts":1651763819.9838939,"logger":"tls","msg":"cleaning storage unit","description":"FileStorage:/data/caddy"}
{"level":"info","ts":1651763819.9840527,"logger":"tls","msg":"finished cleaning storage units"}
{"level":"info","ts":1651763819.987202,"logger":"tls.obtain","msg":"acquiring lock","identifier":"mathieudamotalongo.fr"}
{"level":"info","ts":1651763819.9902074,"logger":"tls.obtain","msg":"lock acquired","identifier":"www.mathieudamotalongo.fr"}
{"level":"info","ts":1651763819.9985325,"logger":"tls.obtain","msg":"acquiring lock","identifier":"51.254.120.199"}
{"level":"info","ts":1651763820.0195005,"logger":"tls.obtain","msg":"lock acquired","identifier":"mathieudamotalongo.fr"}
{"level":"info","ts":1651763820.021079,"logger":"tls.obtain","msg":"lock acquired","identifier":"51.254.120.199"}
{"level":"error","ts":1651763820.0217786,"logger":"tls.obtain","msg":"will retry","error":"[51.254.120.199] Obtain: subject does not qualify for a public certificate: 51.254.120.199","attempt":1,"retrying_in":60,"elapsed":0.000605159,"max_duration":2592000}
{"level":"info","ts":1651763820.8228278,"logger":"tls.issuance.acme","msg":"waiting on internal rate limiter","identifiers":["www.mathieudamotalongo.fr"],"ca":"https://acme-v02.api.letsencrypt.org/directory","account":"contact@mathieudamotalongo.fr"}
{"level":"info","ts":1651763820.8228507,"logger":"tls.issuance.acme","msg":"done waiting on internal rate limiter","identifiers":["www.mathieudamotalongo.fr"],"ca":"https://acme-v02.api.letsencrypt.org/directory","account":"contact@mathieudamotalongo.fr"}
{"level":"info","ts":1651763821.0853906,"logger":"tls.issuance.acme","msg":"waiting on internal rate limiter","identifiers":["mathieudamotalongo.fr"],"ca":"https://acme-v02.api.letsencrypt.org/directory","account":"contact@mathieudamotalongo.fr"}
{"level":"info","ts":1651763821.085414,"logger":"tls.issuance.acme","msg":"done waiting on internal rate limiter","identifiers":["mathieudamotalongo.fr"],"ca":"https://acme-v02.api.letsencrypt.org/directory","account":"contact@mathieudamotalongo.fr"}
{"level":"info","ts":1651763821.2936525,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"www.mathieudamotalongo.fr","challenge_type":"http-01","ca":"https://acme-v02.api.letsencrypt.org/directory"}
{"level":"info","ts":1651763821.5864346,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"mathieudamotalongo.fr","challenge_type":"http-01","ca":"https://acme-v02.api.letsencrypt.org/directory"}
{"level":"error","ts":1651763822.6679432,"logger":"tls.issuance.acme.acme_client","msg":"challenge failed","identifier":"www.mathieudamotalongo.fr","challenge_type":"http-01","problem":{"type":"urn:ietf:params:acme:error:connection","title":"","detail":"51.254.120.199: Fetching http://www.mathieudamotalongo.fr/.well-known/acme-challenge/Kx7mDRK0fwGooV9CevGdO8EZGLDR6CdzGaZW9RerKKo: Connection refused","instance":"","subproblems":[]}}
{"level":"error","ts":1651763822.667997,"logger":"tls.issuance.acme.acme_client","msg":"validating authorization","identifier":"www.mathieudamotalongo.fr","problem":{"type":"urn:ietf:params:acme:error:connection","title":"","detail":"51.254.120.199: Fetching http://www.mathieudamotalongo.fr/.well-known/acme-challenge/Kx7mDRK0fwGooV9CevGdO8EZGLDR6CdzGaZW9RerKKo: Connection refused","instance":"","subproblems":[]},"order":"https://acme-v02.api.letsencrypt.org/acme/order/530057686/86042963996","attempt":1,"max_attempts":3}
{"level":"error","ts":1651763822.972634,"logger":"tls.issuance.acme.acme_client","msg":"challenge failed","identifier":"mathieudamotalongo.fr","challenge_type":"http-01","problem":{"type":"urn:ietf:params:acme:error:connection","title":"","detail":"51.254.120.199: Fetching http://mathieudamotalongo.fr/.well-known/acme-challenge/qXfAm3s_OnROmbQVV20_LvwW9m1pzM1SwqymEujBR9g: Connection refused","instance":"","subproblems":[]}}
{"level":"error","ts":1651763822.9726777,"logger":"tls.issuance.acme.acme_client","msg":"validating authorization","identifier":"mathieudamotalongo.fr","problem":{"type":"urn:ietf:params:acme:error:connection","title":"","detail":"51.254.120.199: Fetching http://mathieudamotalongo.fr/.well-known/acme-challenge/qXfAm3s_OnROmbQVV20_LvwW9m1pzM1SwqymEujBR9g: Connection refused","instance":"","subproblems":[]},"order":"https://acme-v02.api.letsencrypt.org/acme/order/530057706/86042964896","attempt":1,"max_attempts":3}
{"level":"info","ts":1651763824.1546004,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"www.mathieudamotalongo.fr","challenge_type":"tls-alpn-01","ca":"https://acme-v02.api.letsencrypt.org/directory"}
{"level":"info","ts":1651763824.4509358,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"mathieudamotalongo.fr","challenge_type":"tls-alpn-01","ca":"https://acme-v02.api.letsencrypt.org/directory"}
{"level":"error","ts":1651763825.5460603,"logger":"tls.issuance.acme.acme_client","msg":"challenge failed","identifier":"www.mathieudamotalongo.fr","challenge_type":"tls-alpn-01","problem":{"type":"urn:ietf:params:acme:error:connection","title":"","detail":"51.254.120.199: Connection refused","instance":"","subproblems":[]}}
{"level":"error","ts":1651763825.5462556,"logger":"tls.issuance.acme.acme_client","msg":"validating authorization","identifier":"www.mathieudamotalongo.fr","problem":{"type":"urn:ietf:params:acme:error:connection","title":"","detail":"51.254.120.199: Connection refused","instance":"","subproblems":[]},"order":"https://acme-v02.api.letsencrypt.org/acme/order/530057686/86042983146","attempt":2,"max_attempts":3}
{"level":"error","ts":1651763825.8235385,"logger":"tls.issuance.acme.acme_client","msg":"challenge failed","identifier":"mathieudamotalongo.fr","challenge_type":"tls-alpn-01","problem":{"type":"urn:ietf:params:acme:error:connection","title":"","detail":"51.254.120.199: Connection refused","instance":"","subproblems":[]}}
{"level":"error","ts":1651763825.823783,"logger":"tls.issuance.acme.acme_client","msg":"validating authorization","identifier":"mathieudamotalongo.fr","problem":{"type":"urn:ietf:params:acme:error:connection","title":"","detail":"51.254.120.199: Connection refused","instance":"","subproblems":[]},"order":"https://acme-v02.api.letsencrypt.org/acme/order/530057706/86042985146","attempt":2,"max_attempts":3}
{"level":"error","ts":1651763827.1974096,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"www.mathieudamotalongo.fr","issuer":"acme-v02.api.letsencrypt.org-directory","error":"[www.mathieudamotalongo.fr] solving challenges: www.mathieudamotalongo.fr: no solvers available for remaining challenges (configured=[http-01 tls-alpn-01] offered=[http-01 dns-01 tls-alpn-01] remaining=[dns-01]) (order=https://acme-v02.api.letsencrypt.org/acme/order/530057686/86042996706) (ca=https://acme-v02.api.letsencrypt.org/directory)"}
{"level":"error","ts":1651763827.5321813,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"mathieudamotalongo.fr","issuer":"acme-v02.api.letsencrypt.org-directory","error":"[mathieudamotalongo.fr] solving challenges: mathieudamotalongo.fr: no solvers available for remaining challenges (configured=[http-01 tls-alpn-01] offered=[http-01 dns-01 tls-alpn-01] remaining=[dns-01]) (order=https://acme-v02.api.letsencrypt.org/acme/order/530057706/86042997836) (ca=https://acme-v02.api.letsencrypt.org/directory)"}
{"level":"info","ts":1651763828.1098056,"logger":"tls.issuance.zerossl","msg":"generated EAB credentials","key_id":"qF75is7QOIe9v-FYtAqpIg"}
{"level":"info","ts":1651763828.1204221,"logger":"tls.issuance.zerossl","msg":"generated EAB credentials","key_id":"I2T2_pK6g_PTrLGGzrrXhw"}
{"level":"info","ts":1651763856.0072834,"logger":"tls.issuance.acme","msg":"waiting on internal rate limiter","identifiers":["mathieudamotalongo.fr"],"ca":"https://acme.zerossl.com/v2/DV90","account":"contact@mathieudamotalongo.fr"}
{"level":"info","ts":1651763856.0073133,"logger":"tls.issuance.acme","msg":"done waiting on internal rate limiter","identifiers":["mathieudamotalongo.fr"],"ca":"https://acme.zerossl.com/v2/DV90","account":"contact@mathieudamotalongo.fr"}
{"level":"info","ts":1651763856.0145116,"logger":"tls.issuance.acme","msg":"waiting on internal rate limiter","identifiers":["www.mathieudamotalongo.fr"],"ca":"https://acme.zerossl.com/v2/DV90","account":"contact@mathieudamotalongo.fr"}
{"level":"info","ts":1651763856.0145411,"logger":"tls.issuance.acme","msg":"done waiting on internal rate limiter","identifiers":["www.mathieudamotalongo.fr"],"ca":"https://acme.zerossl.com/v2/DV90","account":"contact@mathieudamotalongo.fr"}
{"level":"error","ts":1651763880.0225797,"logger":"tls.obtain","msg":"will retry","error":"[51.254.120.199] Obtain: subject does not qualify for a public certificate: 51.254.120.199","attempt":2,"retrying_in":120,"elapsed":60.001405999,"max_duration":2592000}
{"level":"info","ts":1651763880.436537,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"www.mathieudamotalongo.fr","challenge_type":"http-01","ca":"https://acme.zerossl.com/v2/DV90"}
{"level":"info","ts":1651763880.506406,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"mathieudamotalongo.fr","challenge_type":"http-01","ca":"https://acme.zerossl.com/v2/DV90"}
{"level":"warn","ts":1651763909.1143038,"logger":"tls.issuance.acme.acme_client","msg":"HTTP request failed; retrying","url":"https://acme.zerossl.com/v2/DV90/authz/1YOV7u0ttJWCkCIhCr2ycw","error":"performing request: Post \"https://acme.zerossl.com/v2/DV90/authz/1YOV7u0ttJWCkCIhCr2ycw\": http2: timeout awaiting response headers"}
{"level":"warn","ts":1651763909.1235313,"logger":"tls.issuance.acme.acme_client","msg":"HTTP request failed; retrying","url":"https://acme.zerossl.com/v2/DV90/authz/m6jIAT780WrusPoEpME6jw","error":"performing request: Post \"https://acme.zerossl.com/v2/DV90/authz/m6jIAT780WrusPoEpME6jw\": http2: timeout awaiting response headers"}
{"level":"warn","ts":1651763924.365411,"logger":"tls.issuance.acme.acme_client","msg":"HTTP request failed; retrying","url":"https://acme.zerossl.com/v2/DV90/authz/1YOV7u0ttJWCkCIhCr2ycw","error":"performing request: Post \"https://acme.zerossl.com/v2/DV90/authz/1YOV7u0ttJWCkCIhCr2ycw\": http2: timeout awaiting response headers"}
{"level":"warn","ts":1651763924.3746672,"logger":"tls.issuance.acme.acme_client","msg":"HTTP request failed; retrying","url":"https://acme.zerossl.com/v2/DV90/authz/m6jIAT780WrusPoEpME6jw","error":"performing request: Post \"https://acme.zerossl.com/v2/DV90/authz/m6jIAT780WrusPoEpME6jw\": http2: timeout awaiting response headers"}

Hey @MathieuDML , welcome to the forums. FYI we have a rule that requires text to be given as text, not images, and that domain names must not be redacted: FAQ - Caddy Community

Please also fill out the help template. Then you will be more likely to get help. Thanks

Please, in the future give us ready to use configuration - the easier you can make it for us to be able to reproduce your situation, quicker we can help

My concerns with your docker-compose.yml if you want to host your ssl certificates externally is this is incomplete:

volumes:
- /home/ubuntu/caddy/Caddyfile: /etc/caddy/Caddyfile
- ./media:/srv/media/
- ./static:/srv/static/

You need to have something like:

- ${PWD}/${CADDY_DATA_PATH}:/data/caddy
- ${PWD}/certificates:/data/caddy/certificates

NOTE: The “/data/caddy”, “/etc/caddy/” changes across images - so confirm they exist and contain what you expect when changing/using images

good morning;

Thank you very much, I modified the code parts on the forum, moreover here are the modifications made, and the response of the terminal with the logs of caddy

I would like the caddy automatically renew the certificate

  caddy:
    image: caddy:2-alpine
    container_name: caddy
    environment:
      ACME_AGREE: "true"
    expose:
      - 443
      - 80
    ports:
      - "80:80"
      - "443:443"
    links:
      - website
    volumes:
      - /home/ubuntu/caddy/Caddyfile:/etc/caddy/Caddyfile
      - ./media:/srv/media/
      - ./static:/srv/static/
      - ./certificates:/data/caddy/certificates
      - ./${CADDY_DATA_PATH}:/data/caddy

terminal

WARNING: The CADDY_DATA_PATH variable is not set. Defauling to a blank string

logs caddy

{"level":"info","ts":1651763819.960709,"msg":"using provided configuration","config_file":"/etc/caddy/Caddyfile","config_adapter":"caddyfile"}
{"level":"warn","ts":1651763819.966733,"msg":"input is not formatted with 'caddy fmt'","adapter":"caddyfile","file":"/etc/caddy/Caddyfile","line":1}
{"level":"info","ts":1651763819.9751885,"logger":"admin","msg":"admin endpoint started","address":"tcp/localhost:2019","enforce_origin":false,"origins":["localhost:2019","[::1]:2019","127.0.0.1:2019"]}
{"level":"info","ts":1651763819.9755948,"logger":"http","msg":"server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS","server_name":"srv0","https_port":443}
{"level":"info","ts":1651763819.975702,"logger":"http","msg":"enabling automatic HTTP->HTTPS redirects","server_name":"srv0"}
{"level":"info","ts":1651763819.9767365,"logger":"http","msg":"enabling automatic TLS certificate management","domains":["www.mathieudamotalongo.fr","mathieudamotalongo.fr","51.254.120.199"]}
{"level":"info","ts":1651763819.9822912,"msg":"autosaved config (load with --resume flag)","file":"/config/caddy/autosave.json"}
{"level":"info","ts":1651763819.9824672,"msg":"serving initial configuration"}
{"level":"info","ts":1651763819.9829652,"logger":"tls.obtain","msg":"acquiring lock","identifier":"www.mathieudamotalongo.fr"}
{"level":"info","ts":1651763819.9837565,"logger":"tls.cache.maintenance","msg":"started background certificate maintenance","cache":"0xc00027cee0"}
{"level":"info","ts":1651763819.9838939,"logger":"tls","msg":"cleaning storage unit","description":"FileStorage:/data/caddy"}
{"level":"info","ts":1651763819.9840527,"logger":"tls","msg":"finished cleaning storage units"}
{"level":"info","ts":1651763819.987202,"logger":"tls.obtain","msg":"acquiring lock","identifier":"mathieudamotalongo.fr"}
{"level":"info","ts":1651763819.9902074,"logger":"tls.obtain","msg":"lock acquired","identifier":"www.mathieudamotalongo.fr"}
{"level":"info","ts":1651763819.9985325,"logger":"tls.obtain","msg":"acquiring lock","identifier":"51.254.120.199"}
{"level":"info","ts":1651763820.0195005,"logger":"tls.obtain","msg":"lock acquired","identifier":"mathieudamotalongo.fr"}
{"level":"info","ts":1651763820.021079,"logger":"tls.obtain","msg":"lock acquired","identifier":"51.254.120.199"}
{"level":"error","ts":1651763820.0217786,"logger":"tls.obtain","msg":"will retry","error":"[51.254.120.199] Obtain: subject does not qualify for a public certificate: 51.254.120.199","attempt":1,"retrying_in":60,"elapsed":0.000605159,"max_duration":2592000}
{"level":"info","ts":1651763820.8228278,"logger":"tls.issuance.acme","msg":"waiting on internal rate limiter","identifiers":["www.mathieudamotalongo.fr"],"ca":"https://acme-v02.api.letsencrypt.org/directory","account":"contact@mathieudamotalongo.fr"}
{"level":"info","ts":1651763820.8228507,"logger":"tls.issuance.acme","msg":"done waiting on internal rate limiter","identifiers":["www.mathieudamotalongo.fr"],"ca":"https://acme-v02.api.letsencrypt.org/directory","account":"contact@mathieudamotalongo.fr"}
{"level":"info","ts":1651763821.0853906,"logger":"tls.issuance.acme","msg":"waiting on internal rate limiter","identifiers":["mathieudamotalongo.fr"],"ca":"https://acme-v02.api.letsencrypt.org/directory","account":"contact@mathieudamotalongo.fr"}
{"level":"info","ts":1651763821.085414,"logger":"tls.issuance.acme","msg":"done waiting on internal rate limiter","identifiers":["mathieudamotalongo.fr"],"ca":"https://acme-v02.api.letsencrypt.org/directory","account":"contact@mathieudamotalongo.fr"}
{"level":"info","ts":1651763821.2936525,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"www.mathieudamotalongo.fr","challenge_type":"http-01","ca":"https://acme-v02.api.letsencrypt.org/directory"}
{"level":"info","ts":1651763821.5864346,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"mathieudamotalongo.fr","challenge_type":"http-01","ca":"https://acme-v02.api.letsencrypt.org/directory"}
{"level":"error","ts":1651763822.6679432,"logger":"tls.issuance.acme.acme_client","msg":"challenge failed","identifier":"www.mathieudamotalongo.fr","challenge_type":"http-01","problem":{"type":"urn:ietf:params:acme:error:connection","title":"","detail":"51.254.120.199: Fetching http://www.mathieudamotalongo.fr/.well-known/acme-challenge/Kx7mDRK0fwGooV9CevGdO8EZGLDR6CdzGaZW9RerKKo: Connection refused","instance":"","subproblems":[]}}
{"level":"error","ts":1651763822.667997,"logger":"tls.issuance.acme.acme_client","msg":"validating authorization","identifier":"www.mathieudamotalongo.fr","problem":{"type":"urn:ietf:params:acme:error:connection","title":"","detail":"51.254.120.199: Fetching http://www.mathieudamotalongo.fr/.well-known/acme-challenge/Kx7mDRK0fwGooV9CevGdO8EZGLDR6CdzGaZW9RerKKo: Connection refused","instance":"","subproblems":[]},"order":"https://acme-v02.api.letsencrypt.org/acme/order/530057686/86042963996","attempt":1,"max_attempts":3}
{"level":"error","ts":1651763822.972634,"logger":"tls.issuance.acme.acme_client","msg":"challenge failed","identifier":"mathieudamotalongo.fr","challenge_type":"http-01","problem":{"type":"urn:ietf:params:acme:error:connection","title":"","detail":"51.254.120.199: Fetching http://mathieudamotalongo.fr/.well-known/acme-challenge/qXfAm3s_OnROmbQVV20_LvwW9m1pzM1SwqymEujBR9g: Connection refused","instance":"","subproblems":[]}}
{"level":"error","ts":1651763822.9726777,"logger":"tls.issuance.acme.acme_client","msg":"validating authorization","identifier":"mathieudamotalongo.fr","problem":{"type":"urn:ietf:params:acme:error:connection","title":"","detail":"51.254.120.199: Fetching http://mathieudamotalongo.fr/.well-known/acme-challenge/qXfAm3s_OnROmbQVV20_LvwW9m1pzM1SwqymEujBR9g: Connection refused","instance":"","subproblems":[]},"order":"https://acme-v02.api.letsencrypt.org/acme/order/530057706/86042964896","attempt":1,"max_attempts":3}
{"level":"info","ts":1651763824.1546004,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"www.mathieudamotalongo.fr","challenge_type":"tls-alpn-01","ca":"https://acme-v02.api.letsencrypt.org/directory"}
{"level":"info","ts":1651763824.4509358,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"mathieudamotalongo.fr","challenge_type":"tls-alpn-01","ca":"https://acme-v02.api.letsencrypt.org/directory"}
{"level":"error","ts":1651763825.5460603,"logger":"tls.issuance.acme.acme_client","msg":"challenge failed","identifier":"www.mathieudamotalongo.fr","challenge_type":"tls-alpn-01","problem":{"type":"urn:ietf:params:acme:error:connection","title":"","detail":"51.254.120.199: Connection refused","instance":"","subproblems":[]}}
{"level":"error","ts":1651763825.5462556,"logger":"tls.issuance.acme.acme_client","msg":"validating authorization","identifier":"www.mathieudamotalongo.fr","problem":{"type":"urn:ietf:params:acme:error:connection","title":"","detail":"51.254.120.199: Connection refused","instance":"","subproblems":[]},"order":"https://acme-v02.api.letsencrypt.org/acme/order/530057686/86042983146","attempt":2,"max_attempts":3}
{"level":"error","ts":1651763825.8235385,"logger":"tls.issuance.acme.acme_client","msg":"challenge failed","identifier":"mathieudamotalongo.fr","challenge_type":"tls-alpn-01","problem":{"type":"urn:ietf:params:acme:error:connection","title":"","detail":"51.254.120.199: Connection refused","instance":"","subproblems":[]}}
{"level":"error","ts":1651763825.823783,"logger":"tls.issuance.acme.acme_client","msg":"validating authorization","identifier":"mathieudamotalongo.fr","problem":{"type":"urn:ietf:params:acme:error:connection","title":"","detail":"51.254.120.199: Connection refused","instance":"","subproblems":[]},"order":"https://acme-v02.api.letsencrypt.org/acme/order/530057706/86042985146","attempt":2,"max_attempts":3}
{"level":"error","ts":1651763827.1974096,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"www.mathieudamotalongo.fr","issuer":"acme-v02.api.letsencrypt.org-directory","error":"[www.mathieudamotalongo.fr] solving challenges: www.mathieudamotalongo.fr: no solvers available for remaining challenges (configured=[http-01 tls-alpn-01] offered=[http-01 dns-01 tls-alpn-01] remaining=[dns-01]) (order=https://acme-v02.api.letsencrypt.org/acme/order/530057686/86042996706) (ca=https://acme-v02.api.letsencrypt.org/directory)"}
{"level":"error","ts":1651763827.5321813,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"mathieudamotalongo.fr","issuer":"acme-v02.api.letsencrypt.org-directory","error":"[mathieudamotalongo.fr] solving challenges: mathieudamotalongo.fr: no solvers available for remaining challenges (configured=[http-01 tls-alpn-01] offered=[http-01 dns-01 tls-alpn-01] remaining=[dns-01]) (order=https://acme-v02.api.letsencrypt.org/acme/order/530057706/86042997836) (ca=https://acme-v02.api.letsencrypt.org/directory)"}
{"level":"info","ts":1651763828.1098056,"logger":"tls.issuance.zerossl","msg":"generated EAB credentials","key_id":"qF75is7QOIe9v-FYtAqpIg"}
{"level":"info","ts":1651763828.1204221,"logger":"tls.issuance.zerossl","msg":"generated EAB credentials","key_id":"I2T2_pK6g_PTrLGGzrrXhw"}
{"level":"info","ts":1651763856.0072834,"logger":"tls.issuance.acme","msg":"waiting on internal rate limiter","identifiers":["mathieudamotalongo.fr"],"ca":"https://acme.zerossl.com/v2/DV90","account":"contact@mathieudamotalongo.fr"}
{"level":"info","ts":1651763856.0073133,"logger":"tls.issuance.acme","msg":"done waiting on internal rate limiter","identifiers":["mathieudamotalongo.fr"],"ca":"https://acme.zerossl.com/v2/DV90","account":"contact@mathieudamotalongo.fr"}
{"level":"info","ts":1651763856.0145116,"logger":"tls.issuance.acme","msg":"waiting on internal rate limiter","identifiers":["www.mathieudamotalongo.fr"],"ca":"https://acme.zerossl.com/v2/DV90","account":"contact@mathieudamotalongo.fr"}
{"level":"info","ts":1651763856.0145411,"logger":"tls.issuance.acme","msg":"done waiting on internal rate limiter","identifiers":["www.mathieudamotalongo.fr"],"ca":"https://acme.zerossl.com/v2/DV90","account":"contact@mathieudamotalongo.fr"}
{"level":"error","ts":1651763880.0225797,"logger":"tls.obtain","msg":"will retry","error":"[51.254.120.199] Obtain: subject does not qualify for a public certificate: 51.254.120.199","attempt":2,"retrying_in":120,"elapsed":60.001405999,"max_duration":2592000}
{"level":"info","ts":1651763880.436537,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"www.mathieudamotalongo.fr","challenge_type":"http-01","ca":"https://acme.zerossl.com/v2/DV90"}
{"level":"info","ts":1651763880.506406,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"mathieudamotalongo.fr","challenge_type":"http-01","ca":"https://acme.zerossl.com/v2/DV90"}
{"level":"warn","ts":1651763909.1143038,"logger":"tls.issuance.acme.acme_client","msg":"HTTP request failed; retrying","url":"https://acme.zerossl.com/v2/DV90/authz/1YOV7u0ttJWCkCIhCr2ycw","error":"performing request: Post \"https://acme.zerossl.com/v2/DV90/authz/1YOV7u0ttJWCkCIhCr2ycw\": http2: timeout awaiting response headers"}
{"level":"warn","ts":1651763909.1235313,"logger":"tls.issuance.acme.acme_client","msg":"HTTP request failed; retrying","url":"https://acme.zerossl.com/v2/DV90/authz/m6jIAT780WrusPoEpME6jw","error":"performing request: Post \"https://acme.zerossl.com/v2/DV90/authz/m6jIAT780WrusPoEpME6jw\": http2: timeout awaiting response headers"}
{"level":"warn","ts":1651763924.365411,"logger":"tls.issuance.acme.acme_client","msg":"HTTP request failed; retrying","url":"https://acme.zerossl.com/v2/DV90/authz/1YOV7u0ttJWCkCIhCr2ycw","error":"performing request: Post \"https://acme.zerossl.com/v2/DV90/authz/1YOV7u0ttJWCkCIhCr2ycw\": http2: timeout awaiting response headers"}
{"level":"warn","ts":1651763924.3746672,"logger":"tls.issuance.acme.acme_client","msg":"HTTP request failed; retrying","url":"https://acme.zerossl.com/v2/DV90/authz/m6jIAT780WrusPoEpME6jw","error":"performing request: Post \"https://acme.zerossl.com/v2/DV90/authz/m6jIAT780WrusPoEpME6jw\": http2: timeout awaiting response headers"}
{"level":"warn","ts":1651763954.1586945,"logger":"tls.issuance.acme.acme_client","msg":"HTTP request failed; retrying","url":"https://acme.zerossl.com/v2/DV90/authz/1YOV7u0ttJWCkCIhCr2ycw","error":"performing request: Post \"https://acme.zerossl.com/v2/DV90/authz/1YOV7u0ttJWCkCIhCr2ycw\": http2: timeout awaiting response headers"}
{"level":"warn","ts":1651763954.2220714,"logger":"tls.issuance.acme.acme_client","msg":"HTTP request failed; retrying","url":"https://acme.zerossl.com/v2/DV90/authz/m6jIAT780WrusPoEpME6jw","error":"performing request: Post \"https://acme.zerossl.com/v2/DV90/authz/m6jIAT780WrusPoEpME6jw\": http2: timeout awaiting response headers"}
{"level":"warn","ts":1651763969.4098744,"logger":"tls.issuance.acme.acme_client","msg":"HTTP request failed; retrying","url":"https://acme.zerossl.com/v2/DV90/authz/1YOV7u0ttJWCkCIhCr2ycw","error":"performing request: Post \"https://acme.zerossl.com/v2/DV90/authz/1YOV7u0ttJWCkCIhCr2ycw\": http2: timeout awaiting response headers"}
{"level":"warn","ts":1651763969.473265,"logger":"tls.issuance.acme.acme_client","msg":"HTTP request failed; retrying","url":"https://acme.zerossl.com/v2/DV90/authz/m6jIAT780WrusPoEpME6jw","error":"performing request: Post \"https://acme.zerossl.com/v2/DV90/authz/m6jIAT780WrusPoEpME6jw\": http2: timeout awaiting response headers"}
{"level":"error","ts":1651764000.0232987,"logger":"tls.obtain","msg":"will retry","error":"[51.254.120.199] Obtain: subject does not qualify for a public certificate: 51.254.120.199","attempt":3,"retrying_in":120,"elapsed":180.002125246,"max_duration":2592000}
{"level":"warn","ts":1651764094.240048,"logger":"tls.issuance.acme.acme_client","msg":"HTTP request failed; retrying","url":"https://acme.zerossl.com/v2/DV90/authz/1YOV7u0ttJWCkCIhCr2ycw","error":"performing request: Post \"https://acme.zerossl.com/v2/DV90/authz/1YOV7u0ttJWCkCIhCr2ycw\": http2: timeout awaiting response headers"}
{"level":"error","ts":1651764120.0240395,"logger":"tls.obtain","msg":"will retry","error":"[51.254.120.199] Obtain: subject does not qualify for a public certificate: 51.254.120.199","attempt":4,"retrying_in":300,"elapsed":300.002865216,"max_duration":2592000}
{"level":"warn","ts":1651764154.9493437,"logger":"tls.issuance.acme.acme_client","msg":"HTTP request failed; retrying","url":"https://acme.zerossl.com/v2/DV90/authz/m6jIAT780WrusPoEpME6jw","error":"performing request: Post \"https://acme.zerossl.com/v2/DV90/authz/m6jIAT780WrusPoEpME6jw\": http2: timeout awaiting response headers"}
{"level":"error","ts":1651764204.8027363,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"mathieudamotalongo.fr","issuer":"acme.zerossl.com-v2-DV90","error":"[mathieudamotalongo.fr] solving challenges: [mathieudamotalongo.fr] authorization took too long (order=https://acme.zerossl.com/v2/DV90/order/aTjzk9brDybAOmMOpApI7g) (ca=https://acme.zerossl.com/v2/DV90)"}
{"level":"error","ts":1651764204.8027766,"logger":"tls.obtain","msg":"will retry","error":"[mathieudamotalongo.fr] Obtain: [mathieudamotalongo.fr] solving challenges: [mathieudamotalongo.fr] authorization took too long (order=https://acme.zerossl.com/v2/DV90/order/aTjzk9brDybAOmMOpApI7g) (ca=https://acme.zerossl.com/v2/DV90)","attempt":1,"retrying_in":60,"elapsed":384.783112484,"max_duration":2592000}
{"level":"error","ts":1651764210.7872758,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"www.mathieudamotalongo.fr","issuer":"acme.zerossl.com-v2-DV90","error":"[www.mathieudamotalongo.fr] solving challenges: [www.mathieudamotalongo.fr] authorization took too long (order=https://acme.zerossl.com/v2/DV90/order/1i4BaHrbsRrG0Okz8xo6_Q) (ca=https://acme.zerossl.com/v2/DV90)"}
{"level":"error","ts":1651764210.7873127,"logger":"tls.obtain","msg":"will retry","error":"[www.mathieudamotalongo.fr] Obtain: [www.mathieudamotalongo.fr] solving challenges: [www.mathieudamotalongo.fr] authorization took too long (order=https://acme.zerossl.com/v2/DV90/order/1i4BaHrbsRrG0Okz8xo6_Q) (ca=https://acme.zerossl.com/v2/DV90)","attempt":1,"retrying_in":60,"elapsed":390.788051614,"max_duration":2592000}
{"level":"info","ts":1651764265.8767102,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"mathieudamotalongo.fr","challenge_type":"tls-alpn-01","ca":"https://acme-staging-v02.api.letsencrypt.org/directory"}
{"level":"error","ts":1651764267.6008797,"logger":"tls.issuance.acme.acme_client","msg":"challenge failed","identifier":"mathieudamotalongo.fr","challenge_type":"tls-alpn-01","problem":{"type":"urn:ietf:params:acme:error:connection","title":"","detail":"51.254.120.199: Connection refused","instance":"","subproblems":[]}}
{"level":"error","ts":1651764267.6010425,"logger":"tls.issuance.acme.acme_client","msg":"validating authorization","identifier":"mathieudamotalongo.fr","problem":{"type":"urn:ietf:params:acme:error:connection","title":"","detail":"51.254.120.199: Connection refused","instance":"","subproblems":[]},"order":"https://acme-staging-v02.api.letsencrypt.org/acme/order/53147384/2494972334","attempt":1,"max_attempts":3}
{"level":"info","ts":1651764268.9019604,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"mathieudamotalongo.fr","challenge_type":"http-01","ca":"https://acme-staging-v02.api.letsencrypt.org/directory"}
{"level":"error","ts":1651764270.2340934,"logger":"tls.issuance.acme.acme_client","msg":"challenge failed","identifier":"mathieudamotalongo.fr","challenge_type":"http-01","problem":{"type":"urn:ietf:params:acme:error:connection","title":"","detail":"51.254.120.199: Fetching http://mathieudamotalongo.fr/.well-known/acme-challenge/MVSKRZOc-z_Vkrx5dSi1XnErC8q_kdOl8tbtHqP3aek: Connection refused","instance":"","subproblems":[]}}
{"level":"error","ts":1651764270.2341335,"logger":"tls.issuance.acme.acme_client","msg":"validating authorization","identifier":"mathieudamotalongo.fr","problem":{"type":"urn:ietf:params:acme:error:connection","title":"","detail":"51.254.120.199: Fetching http://mathieudamotalongo.fr/.well-known/acme-challenge/MVSKRZOc-z_Vkrx5dSi1XnErC8q_kdOl8tbtHqP3aek: Connection refused","instance":"","subproblems":[]},"order":"https://acme-staging-v02.api.letsencrypt.org/acme/order/53147384/2494972654","attempt":2,"max_attempts":3}
{"level":"info","ts":1651764271.5284579,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"www.mathieudamotalongo.fr","challenge_type":"tls-alpn-01","ca":"https://acme-staging-v02.api.letsencrypt.org/directory"}
{"level":"error","ts":1651764271.68456,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"mathieudamotalongo.fr","issuer":"acme-v02.api.letsencrypt.org-directory","error":"[mathieudamotalongo.fr] solving challenges: mathieudamotalongo.fr: no solvers available for remaining challenges (configured=[tls-alpn-01 http-01] offered=[http-01 dns-01 tls-alpn-01] remaining=[dns-01]) (order=https://acme-staging-v02.api.letsencrypt.org/acme/order/53147384/2494973194) (ca=https://acme-staging-v02.api.letsencrypt.org/directory)"}
{"level":"error","ts":1651764272.4708679,"logger":"tls.issuance.acme.acme_client","msg":"challenge failed","identifier":"www.mathieudamotalongo.fr","challenge_type":"tls-alpn-01","problem":{"type":"urn:ietf:params:acme:error:connection","title":"","detail":"51.254.120.199: Connection refused","instance":"","subproblems":[]}}
{"level":"error","ts":1651764272.4710977,"logger":"tls.issuance.acme.acme_client","msg":"validating authorization","identifier":"www.mathieudamotalongo.fr","problem":{"type":"urn:ietf:params:acme:error:connection","title":"","detail":"51.254.120.199: Connection refused","instance":"","subproblems":[]},"order":"https://acme-staging-v02.api.letsencrypt.org/acme/order/53147384/2494973184","attempt":1,"max_attempts":3}
{"level":"info","ts":1651764273.775701,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"www.mathieudamotalongo.fr","challenge_type":"http-01","ca":"https://acme-staging-v02.api.letsencrypt.org/directory"}
{"level":"error","ts":1651764274.3154795,"logger":"tls.issuance.acme.acme_client","msg":"challenge failed","identifier":"www.mathieudamotalongo.fr","challenge_type":"http-01","problem":{"type":"urn:ietf:params:acme:error:connection","title":"","detail":"51.254.120.199: Fetching http://www.mathieudamotalongo.fr/.well-known/acme-challenge/SwKKa_QVrWuyPjtUZldMJLCjXgtYHLDzfaHyITXgiPs: Connection refused","instance":"","subproblems":[]}}
{"level":"error","ts":1651764274.3156722,"logger":"tls.issuance.acme.acme_client","msg":"validating authorization","identifier":"www.mathieudamotalongo.fr","problem":{"type":"urn:ietf:params:acme:error:connection","title":"","detail":"51.254.120.199: Fetching http://www.mathieudamotalongo.fr/.well-known/acme-challenge/SwKKa_QVrWuyPjtUZldMJLCjXgtYHLDzfaHyITXgiPs: Connection refused","instance":"","subproblems":[]},"order":"https://acme-staging-v02.api.letsencrypt.org/acme/order/53147384/2494973544","attempt":2,"max_attempts":3}
{"level":"error","ts":1651764275.7638383,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"www.mathieudamotalongo.fr","issuer":"acme-v02.api.letsencrypt.org-directory","error":"[www.mathieudamotalongo.fr] solving challenges: www.mathieudamotalongo.fr: no solvers available for remaining challenges (configured=[http-01 tls-alpn-01] offered=[http-01 dns-01 tls-alpn-01] remaining=[dns-01]) (order=https://acme-staging-v02.api.letsencrypt.org/acme/order/53147384/2494973804) (ca=https://acme-staging-v02.api.letsencrypt.org/directory)"}
{"level":"info","ts":1651764302.7230458,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"mathieudamotalongo.fr","challenge_type":"http-01","ca":"https://acme.zerossl.com/v2/DV90"}
{"level":"info","ts":1651764306.359695,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"www.mathieudamotalongo.fr","challenge_type":"http-01","ca":"https://acme.zerossl.com/v2/DV90"}

You’re very welcome.

Caddy will automatically renew the certificate for you, no other action needed

Remove this line then:

      - ./${CADDY_DATA_PATH}:/data/caddy

${CADDY_DATA_PATH} is an environment var that you’re expected to populated but you can skip it for now

After you run this, your certificates will be under ./certificates

You still have some issues to resolve with ports until then.

the HTTP-01 challenge method requires that a URL in the format http://<YOUR_DOMAIN>/.well-known/acme-challenge/<TOKEN> be accessible from the outside world - note that it’s HTTP, not HTTPS since it’s assumed HTTPS/TLS is not enabled yet

While you figure all of this out, switch to their staging environment to avoid hitting rate limits.

You don’t need this environment variable, it was only needed for Caddy v1, but not needed for Caddy v2.

Remove these, you already specify ports; it doesn’t make sense to specify both expose and ports.

FYI, you should just persist /data, don’t try to be fancy with subdirs. There’s no guarantee that the paths within /data will stay the same.

This is invalid config, and unnecessary. header_up needs to go inside reverse_proxy. But you don’t need to specify these specific headers, because Caddy already sets them by default:

Seems like Let’s Encrypt isn’t able to reach your server. Are you sure you have ports 80 and 443 open and forwarded to your Caddy server? Are you sure your DNS is correct for those domains?

Always an anomaly present

The modifications made on docker-compose

  caddy:
    image: caddy:2-alpine
    container_name: caddy
    ports:
      - "80:80"
      - "443:443"
    links:
      - website
    volumes:
      - /home/ubuntu/caddy/Caddyfile:/etc/caddy/Caddyfile
      - ./media:/srv/media/
      - ./static:/srv/static/
      - ./certificates:/data/caddy/certificates

Caddyfile

51.254.120.199, www.mathieudamotalongo.fr, mathieudamotalongo.fr {

    tls contact@mathieudamotalongo.fr
    encode gzip

    handle_path /static/* {
        root * /srv/static/
        file_server
    }

    handle_path /media/* {
        root * /srv/media/
        file_server
    }

    reverse_proxy website:8000 {
    header_up Host {http.request.host}
}
}

logs caddy

{"level":"info","ts":1651839915.635984,"msg":"using provided configuration","config_file":"/etc/caddy/Caddyfile","config_adapter":"caddyfile"}
{"level":"warn","ts":1651839915.6378148,"msg":"input is not formatted with 'caddy fmt'","adapter":"caddyfile","file":"/etc/caddy/Caddyfile","line":1}
{"level":"info","ts":1651839915.6410294,"logger":"admin","msg":"admin endpoint started","address":"tcp/localhost:2019","enforce_origin":false,"origins":["localhost:2019","[::1]:2019","127.0.0.1:2019"]}
{"level":"info","ts":1651839915.6415644,"logger":"http","msg":"server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS","server_name":"srv0","https_port":443}
{"level":"info","ts":1651839915.6416578,"logger":"http","msg":"enabling automatic HTTP->HTTPS redirects","server_name":"srv0"}
{"level":"info","ts":1651839915.643797,"logger":"http","msg":"enabling automatic TLS certificate management","domains":["51.254.120.199","www.mathieudamotalongo.fr","mathieudamotalongo.fr"]}
{"level":"info","ts":1651839915.6444097,"msg":"autosaved config (load with --resume flag)","file":"/config/caddy/autosave.json"}
{"level":"info","ts":1651839915.6444855,"msg":"serving initial configuration"}
{"level":"info","ts":1651839915.6455214,"logger":"tls.obtain","msg":"acquiring lock","identifier":"51.254.120.199"}
{"level":"info","ts":1651839915.6490464,"logger":"tls.cache.maintenance","msg":"started background certificate maintenance","cache":"0xc0000eae70"}
{"level":"info","ts":1651839915.6490726,"logger":"tls","msg":"cleaning storage unit","description":"FileStorage:/data/caddy"}
{"level":"info","ts":1651839915.6511147,"logger":"tls","msg":"finished cleaning storage units"}
{"level":"info","ts":1651839915.6501884,"logger":"tls.obtain","msg":"acquiring lock","identifier":"mathieudamotalongo.fr"}
{"level":"info","ts":1651839915.6499228,"logger":"tls.obtain","msg":"acquiring lock","identifier":"www.mathieudamotalongo.fr"}
{"level":"info","ts":1651839915.6520505,"logger":"tls.obtain","msg":"lock acquired","identifier":"51.254.120.199"}
{"level":"error","ts":1651839915.654008,"logger":"tls.obtain","msg":"will retry","error":"[51.254.120.199] Obtain: subject does not qualify for a public certificate: 51.254.120.199","attempt":1,"retrying_in":60,"elapsed":0.001797595,"max_duration":2592000}
{"level":"info","ts":1651839915.654324,"logger":"tls.obtain","msg":"lock acquired","identifier":"mathieudamotalongo.fr"}
{"level":"info","ts":1651839915.6587265,"logger":"tls.obtain","msg":"lock acquired","identifier":"www.mathieudamotalongo.fr"}
{"level":"info","ts":1651839916.4874582,"logger":"tls.issuance.acme","msg":"waiting on internal rate limiter","identifiers":["mathieudamotalongo.fr"],"ca":"https://acme-v02.api.letsencrypt.org/directory","account":"contact@mathieudamotalongo.fr"}
{"level":"info","ts":1651839916.4874835,"logger":"tls.issuance.acme","msg":"done waiting on internal rate limiter","identifiers":["mathieudamotalongo.fr"],"ca":"https://acme-v02.api.letsencrypt.org/directory","account":"contact@mathieudamotalongo.fr"}
{"level":"info","ts":1651839916.7737756,"logger":"tls.issuance.acme","msg":"waiting on internal rate limiter","identifiers":["www.mathieudamotalongo.fr"],"ca":"https://acme-v02.api.letsencrypt.org/directory","account":"contact@mathieudamotalongo.fr"}
{"level":"info","ts":1651839916.7738101,"logger":"tls.issuance.acme","msg":"done waiting on internal rate limiter","identifiers":["www.mathieudamotalongo.fr"],"ca":"https://acme-v02.api.letsencrypt.org/directory","account":"contact@mathieudamotalongo.fr"}
{"level":"info","ts":1651839916.8447106,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"mathieudamotalongo.fr","challenge_type":"http-01","ca":"https://acme-v02.api.letsencrypt.org/directory"}
{"level":"info","ts":1651839917.095657,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"www.mathieudamotalongo.fr","challenge_type":"http-01","ca":"https://acme-v02.api.letsencrypt.org/directory"}
{"level":"error","ts":1651839918.9716954,"logger":"tls.issuance.acme.acme_client","msg":"challenge failed","identifier":"mathieudamotalongo.fr","challenge_type":"http-01","problem":{"type":"urn:ietf:params:acme:error:connection","title":"","detail":"51.254.120.199: Fetching http://mathieudamotalongo.fr/.well-known/acme-challenge/yJELagaW3nYsaeHryx3T3qfrC06fZ02tEpg6VrubAZQ: Connection refused","instance":"","subproblems":[]}}
{"level":"error","ts":1651839918.9717245,"logger":"tls.issuance.acme.acme_client","msg":"validating authorization","identifier":"mathieudamotalongo.fr","problem":{"type":"urn:ietf:params:acme:error:connection","title":"","detail":"51.254.120.199: Fetching http://mathieudamotalongo.fr/.well-known/acme-challenge/yJELagaW3nYsaeHryx3T3qfrC06fZ02tEpg6VrubAZQ: Connection refused","instance":"","subproblems":[]},"order":"https://acme-v02.api.letsencrypt.org/acme/order/531275646/86293530236","attempt":1,"max_attempts":3}
{"level":"error","ts":1651839919.2741046,"logger":"tls.issuance.acme.acme_client","msg":"challenge failed","identifier":"www.mathieudamotalongo.fr","challenge_type":"http-01","problem":{"type":"urn:ietf:params:acme:error:connection","title":"","detail":"51.254.120.199: Fetching http://www.mathieudamotalongo.fr/.well-known/acme-challenge/FAlkFNr8O6yyUNdsStODqVZl7-5xqBFvSCHv3UZefN0: Connection refused","instance":"","subproblems":[]}}
{"level":"error","ts":1651839919.274133,"logger":"tls.issuance.acme.acme_client","msg":"validating authorization","identifier":"www.mathieudamotalongo.fr","problem":{"type":"urn:ietf:params:acme:error:connection","title":"","detail":"51.254.120.199: Fetching http://www.mathieudamotalongo.fr/.well-known/acme-challenge/FAlkFNr8O6yyUNdsStODqVZl7-5xqBFvSCHv3UZefN0: Connection refused","instance":"","subproblems":[]},"order":"https://acme-v02.api.letsencrypt.org/acme/order/531275656/86293531176","attempt":1,"max_attempts":3}
{"level":"info","ts":1651839920.3074548,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"mathieudamotalongo.fr","challenge_type":"tls-alpn-01","ca":"https://acme-v02.api.letsencrypt.org/directory"}
{"level":"info","ts":1651839920.590046,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"www.mathieudamotalongo.fr","challenge_type":"tls-alpn-01","ca":"https://acme-v02.api.letsencrypt.org/directory"}
{"level":"error","ts":1651839921.667674,"logger":"tls.issuance.acme.acme_client","msg":"challenge failed","identifier":"mathieudamotalongo.fr","challenge_type":"tls-alpn-01","problem":{"type":"urn:ietf:params:acme:error:connection","title":"","detail":"51.254.120.199: Connection refused","instance":"","subproblems":[]}}
{"level":"error","ts":1651839921.6679552,"logger":"tls.issuance.acme.acme_client","msg":"validating authorization","identifier":"mathieudamotalongo.fr","problem":{"type":"urn:ietf:params:acme:error:connection","title":"","detail":"51.254.120.199: Connection refused","instance":"","subproblems":[]},"order":"https://acme-v02.api.letsencrypt.org/acme/order/531275646/86293541906","attempt":2,"max_attempts":3}
{"level":"error","ts":1651839921.9236903,"logger":"tls.issuance.acme.acme_client","msg":"challenge failed","identifier":"www.mathieudamotalongo.fr","challenge_type":"tls-alpn-01","problem":{"type":"urn:ietf:params:acme:error:connection","title":"","detail":"51.254.120.199: Connection refused","instance":"","subproblems":[]}}
{"level":"error","ts":1651839921.9239037,"logger":"tls.issuance.acme.acme_client","msg":"validating authorization","identifier":"www.mathieudamotalongo.fr","problem":{"type":"urn:ietf:params:acme:error:connection","title":"","detail":"51.254.120.199: Connection refused","instance":"","subproblems":[]},"order":"https://acme-v02.api.letsencrypt.org/acme/order/531275656/86293542906","attempt":2,"max_attempts":3}
{"level":"error","ts":1651839923.1259525,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"mathieudamotalongo.fr","issuer":"acme-v02.api.letsencrypt.org-directory","error":"[mathieudamotalongo.fr] solving challenges: mathieudamotalongo.fr: no solvers available for remaining challenges (configured=[tls-alpn-01 http-01] offered=[http-01 dns-01 tls-alpn-01] remaining=[dns-01]) (order=https://acme-v02.api.letsencrypt.org/acme/order/531275646/86293550636) (ca=https://acme-v02.api.letsencrypt.org/directory)"}
{"level":"error","ts":1651839923.3937848,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"www.mathieudamotalongo.fr","issuer":"acme-v02.api.letsencrypt.org-directory","error":"[www.mathieudamotalongo.fr] solving challenges: www.mathieudamotalongo.fr: no solvers available for remaining challenges (configured=[http-01 tls-alpn-01] offered=[http-01 dns-01 tls-alpn-01] remaining=[dns-01]) (order=https://acme-v02.api.letsencrypt.org/acme/order/531275656/86293551396) (ca=https://acme-v02.api.letsencrypt.org/directory)"}
{"level":"info","ts":1651839923.8642209,"logger":"tls.issuance.zerossl","msg":"generated EAB credentials","key_id":"gaNfcuDfZAyf69_AOcQJGg"}
{"level":"info","ts":1651839923.8863363,"logger":"tls.issuance.zerossl","msg":"generated EAB credentials","key_id":"F8hdRzs3oTFZRYL30N62mA"}
{"level":"error","ts":1651839929.0050142,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"mathieudamotalongo.fr","issuer":"acme.zerossl.com-v2-DV90","error":"registering account [mailto:contact@mathieudamotalongo.fr] with server: fetching new nonce from server: HTTP 500: "}
{"level":"error","ts":1651839929.0052063,"logger":"tls.obtain","msg":"will retry","error":"[mathieudamotalongo.fr] Obtain: registering account [mailto:contact@mathieudamotalongo.fr] with server: fetching new nonce from server: HTTP 500: ","attempt":1,"retrying_in":60,"elapsed":13.350702475,"max_duration":2592000}
{"level":"error","ts":1651839929.0741713,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"www.mathieudamotalongo.fr","issuer":"acme.zerossl.com-v2-DV90","error":"registering account [mailto:contact@mathieudamotalongo.fr] with server: fetching new nonce from server: HTTP 500: "}
{"level":"error","ts":1651839929.0744147,"logger":"tls.obtain","msg":"will retry","error":"[www.mathieudamotalongo.fr] Obtain: registering account [mailto:contact@mathieudamotalongo.fr] with server: fetching new nonce from server: HTTP 500: ","attempt":1,"retrying_in":60,"elapsed":13.415073063,"max_duration":2592000}
{"level":"error","ts":1651839975.6550045,"logger":"tls.obtain","msg":"will retry","error":"[51.254.120.199] Obtain: subject does not qualify for a public certificate: 51.254.120.199","attempt":2,"retrying_in":120,"elapsed":60.002793844,"max_duration":2592000}
{"level":"info","ts":1651839990.1412375,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"mathieudamotalongo.fr","challenge_type":"tls-alpn-01","ca":"https://acme-staging-v02.api.letsencrypt.org/directory"}
{"level":"info","ts":1651839990.3852332,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"www.mathieudamotalongo.fr","challenge_type":"tls-alpn-01","ca":"https://acme-staging-v02.api.letsencrypt.org/directory"}
{"level":"error","ts":1651839991.7185397,"logger":"tls.issuance.acme.acme_client","msg":"challenge failed","identifier":"www.mathieudamotalongo.fr","challenge_type":"tls-alpn-01","problem":{"type":"urn:ietf:params:acme:error:connection","title":"","detail":"51.254.120.199: Connection refused","instance":"","subproblems":[]}}
{"level":"error","ts":1651839991.7187963,"logger":"tls.issuance.acme.acme_client","msg":"validating authorization","identifier":"www.mathieudamotalongo.fr","problem":{"type":"urn:ietf:params:acme:error:connection","title":"","detail":"51.254.120.199: Connection refused","instance":"","subproblems":[]},"order":"https://acme-staging-v02.api.letsencrypt.org/acme/order/53233674/2503704784","attempt":1,"max_attempts":3}
{"level":"error","ts":1651839991.8658137,"logger":"tls.issuance.acme.acme_client","msg":"challenge failed","identifier":"mathieudamotalongo.fr","challenge_type":"tls-alpn-01","problem":{"type":"urn:ietf:params:acme:error:connection","title":"","detail":"51.254.120.199: Connection refused","instance":"","subproblems":[]}}
{"level":"error","ts":1651839991.8659904,"logger":"tls.issuance.acme.acme_client","msg":"validating authorization","identifier":"mathieudamotalongo.fr","problem":{"type":"urn:ietf:params:acme:error:connection","title":"","detail":"51.254.120.199: Connection refused","instance":"","subproblems":[]},"order":"https://acme-staging-v02.api.letsencrypt.org/acme/order/53233664/2503704764","attempt":1,"max_attempts":3}
{"level":"info","ts":1651839993.0602431,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"www.mathieudamotalongo.fr","challenge_type":"http-01","ca":"https://acme-staging-v02.api.letsencrypt.org/directory"}
{"level":"info","ts":1651839993.1693091,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"mathieudamotalongo.fr","challenge_type":"http-01","ca":"https://acme-staging-v02.api.letsencrypt.org/directory"}
{"level":"error","ts":1651839993.6186576,"logger":"tls.issuance.acme.acme_client","msg":"challenge failed","identifier":"www.mathieudamotalongo.fr","challenge_type":"http-01","problem":{"type":"urn:ietf:params:acme:error:connection","title":"","detail":"51.254.120.199: Fetching http://www.mathieudamotalongo.fr/.well-known/acme-challenge/PcVkljsI4e-7gZQl6FtlOevk94Gs143vzUHVS3NcVg4: Connection refused","instance":"","subproblems":[]}}
{"level":"error","ts":1651839993.6189027,"logger":"tls.issuance.acme.acme_client","msg":"validating authorization","identifier":"www.mathieudamotalongo.fr","problem":{"type":"urn:ietf:params:acme:error:connection","title":"","detail":"51.254.120.199: Fetching http://www.mathieudamotalongo.fr/.well-known/acme-challenge/PcVkljsI4e-7gZQl6FtlOevk94Gs143vzUHVS3NcVg4: Connection refused","instance":"","subproblems":[]},"order":"https://acme-staging-v02.api.letsencrypt.org/acme/order/53233674/2503705064","attempt":2,"max_attempts":3}
{"level":"error","ts":1651839993.711488,"logger":"tls.issuance.acme.acme_client","msg":"challenge failed","identifier":"mathieudamotalongo.fr","challenge_type":"http-01","problem":{"type":"urn:ietf:params:acme:error:connection","title":"","detail":"51.254.120.199: Fetching http://mathieudamotalongo.fr/.well-known/acme-challenge/8PMT4D0Ylksp4V0K_PUdzjCZUQYt4V65Gie1xoYaOWQ: Connection refused","instance":"","subproblems":[]}}
{"level":"error","ts":1651839993.7117825,"logger":"tls.issuance.acme.acme_client","msg":"validating authorization","identifier":"mathieudamotalongo.fr","problem":{"type":"urn:ietf:params:acme:error:connection","title":"","detail":"51.254.120.199: Fetching http://mathieudamotalongo.fr/.well-known/acme-challenge/8PMT4D0Ylksp4V0K_PUdzjCZUQYt4V65Gie1xoYaOWQ: Connection refused","instance":"","subproblems":[]},"order":"https://acme-staging-v02.api.letsencrypt.org/acme/order/53233664/2503705084","attempt":2,"max_attempts":3}
{"level":"error","ts":1651839995.0715826,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"www.mathieudamotalongo.fr","issuer":"acme-v02.api.letsencrypt.org-directory","error":"[www.mathieudamotalongo.fr] solving challenges: www.mathieudamotalongo.fr: no solvers available for remaining challenges (configured=[http-01 tls-alpn-01] offered=[http-01 dns-01 tls-alpn-01] remaining=[dns-01]) (order=https://acme-staging-v02.api.letsencrypt.org/acme/order/53233674/2503705274) (ca=https://acme-staging-v02.api.letsencrypt.org/directory)"}
{"level":"error","ts":1651839995.165837,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"mathieudamotalongo.fr","issuer":"acme-v02.api.letsencrypt.org-directory","error":"[mathieudamotalongo.fr] solving challenges: mathieudamotalongo.fr: no solvers available for remaining challenges (configured=[http-01 tls-alpn-01] offered=[http-01 dns-01 tls-alpn-01] remaining=[dns-01]) (order=https://acme-staging-v02.api.letsencrypt.org/acme/order/53233664/2503705284) (ca=https://acme-staging-v02.api.letsencrypt.org/directory)"}
{"level":"info","ts":1651839995.7012107,"logger":"tls.issuance.zerossl","msg":"generated EAB credentials","key_id":"ceGn3e3h6BztN4JhzKrAhA"}
{"level":"info","ts":1651839995.7634323,"logger":"tls.issuance.zerossl","msg":"generated EAB credentials","key_id":"KL0GEIy1RsCCmGh6d5wyrQ"}
{"level":"info","ts":1651840028.8830748,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"mathieudamotalongo.fr","challenge_type":"http-01","ca":"https://acme.zerossl.com/v2/DV90"}
{"level":"info","ts":1651840029.0709624,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"www.mathieudamotalongo.fr","challenge_type":"http-01","ca":"https://acme.zerossl.com/v2/DV90"}

The server firewall

ubuntu@vps-16172b79:~$ sudo ufw status verbose
Status: active
Logging: on (low)
Default: deny (incoming), allow (outgoing), deny (routed)
New profiles: skip

To                         Action      From
--                         ------      ----
80                         ALLOW IN    Anywhere                  
443                        ALLOW IN    Anywhere                  
3306                       ALLOW IN    Anywhere                  
80 (v6)                    ALLOW IN    Anywhere (v6)             
443 (v6)                   ALLOW IN    Anywhere (v6)             
3306 (v6)                  ALLOW IN    Anywhere (v6)   

Thanks a lot for your help

Remove this header_up line. Like I said earlier, it’s redundant. reverse_proxy already takes care of setting the Host header correctly.

You should persist /data, not /data/caddy/certificates. There’s more data in other subdirectories that need to be persisted as well.

Please follow the docs here:

From your logs, I think you’re still on Caddy v2.4.6 or earlier. Please upgrade to v2.5.0.

I don’t understand what you mean. Your logs don’t show any problem, there’s no errors.

What’s not working? Please explain in detail. Make a request with curl -v to show the behaviour.

Caddyfile

51.254.120.199, www.mathieudamotalongo.fr, mathieudamotalongo.fr {

    tls contact@mathieudamotalongo.fr
    encode gzip

    handle_path /static/* {
        root * /srv/static/
        file_server
    }

    handle_path /media/* {
        root * /srv/media/
        file_server
    }

    reverse_proxy website:8000
}

Docker-compose

 caddy:
    image: caddy:2.5.0-alpine
    container_name: caddy
    ports:
      - "80:80"
      - "443:443"
    links:
      - website
    volumes:
      - /home/ubuntu/caddy/Caddyfile:/etc/caddy/Caddyfile
      - ./media:/srv/media/
      - ./static:/srv/static/
      - caddy_data:/data
      - caddy_config:/config

volumes:
  caddy_data:
  caddy_config:

logs

{"level":"info","ts":1651849849.7189345,"msg":"using provided configuration","config_file":"/etc/caddy/Caddyfile","config_adapter":"caddyfile"}
{"level":"warn","ts":1651849849.7272594,"msg":"Caddyfile input is not formatted; run the 'caddy fmt' command to fix inconsistencies","adapter":"caddyfile","file":"/etc/caddy/Caddyfile","line":1}
{"level":"info","ts":1651849849.72882,"logger":"admin","msg":"admin endpoint started","address":"tcp/localhost:2019","enforce_origin":false,"origins":["//localhost:2019","//[::1]:2019","//127.0.0.1:2019"]}
{"level":"info","ts":1651849849.7291937,"logger":"http","msg":"server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS","server_name":"srv0","https_port":443}
{"level":"info","ts":1651849849.730397,"logger":"http","msg":"enabling automatic HTTP->HTTPS redirects","server_name":"srv0"}
{"level":"info","ts":1651849849.7322474,"logger":"http","msg":"enabling automatic TLS certificate management","domains":["51.254.120.199","www.mathieudamotalongo.fr","mathieudamotalongo.fr"]}
{"level":"info","ts":1651849849.7350013,"msg":"autosaved config (load with --resume flag)","file":"/config/caddy/autosave.json"}
{"level":"info","ts":1651849849.7469857,"msg":"serving initial configuration"}
{"level":"info","ts":1651849849.7462375,"logger":"tls","msg":"cleaning storage unit","description":"FileStorage:/data/caddy"}
{"level":"info","ts":1651849849.7471986,"logger":"tls","msg":"finished cleaning storage units"}
{"level":"info","ts":1651849849.7468045,"logger":"tls.obtain","msg":"acquiring lock","identifier":"mathieudamotalongo.fr"}
{"level":"info","ts":1651849849.7469656,"logger":"tls.obtain","msg":"acquiring lock","identifier":"51.254.120.199"}
{"level":"info","ts":1651849849.7371328,"logger":"tls.cache.maintenance","msg":"started background certificate maintenance","cache":"0xc00019a770"}
{"level":"info","ts":1651849849.746602,"logger":"tls.obtain","msg":"acquiring lock","identifier":"www.mathieudamotalongo.fr"}
{"level":"info","ts":1651849849.7487261,"logger":"tls.obtain","msg":"lock acquired","identifier":"mathieudamotalongo.fr"}
{"level":"info","ts":1651849849.7491941,"logger":"tls.obtain","msg":"lock acquired","identifier":"51.254.120.199"}
{"level":"error","ts":1651849849.7588587,"logger":"tls.obtain","msg":"will retry","error":"[51.254.120.199] Obtain: subject does not qualify for a public certificate: 51.254.120.199","attempt":1,"retrying_in":60,"elapsed":0.000514937,"max_duration":2592000}
{"level":"info","ts":1651849849.7593968,"logger":"tls.obtain","msg":"lock acquired","identifier":"www.mathieudamotalongo.fr"}
{"level":"info","ts":1651849850.5650473,"logger":"tls.issuance.acme","msg":"waiting on internal rate limiter","identifiers":["mathieudamotalongo.fr"],"ca":"https://acme-v02.api.letsencrypt.org/directory","account":"contact@mathieudamotalongo.fr"}
{"level":"info","ts":1651849850.5650716,"logger":"tls.issuance.acme","msg":"done waiting on internal rate limiter","identifiers":["mathieudamotalongo.fr"],"ca":"https://acme-v02.api.letsencrypt.org/directory","account":"contact@mathieudamotalongo.fr"}
{"level":"info","ts":1651849850.83617,"logger":"tls.issuance.acme","msg":"waiting on internal rate limiter","identifiers":["www.mathieudamotalongo.fr"],"ca":"https://acme-v02.api.letsencrypt.org/directory","account":"contact@mathieudamotalongo.fr"}
{"level":"info","ts":1651849850.8362064,"logger":"tls.issuance.acme","msg":"done waiting on internal rate limiter","identifiers":["www.mathieudamotalongo.fr"],"ca":"https://acme-v02.api.letsencrypt.org/directory","account":"contact@mathieudamotalongo.fr"}
{"level":"info","ts":1651849851.079057,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"mathieudamotalongo.fr","challenge_type":"http-01","ca":"https://acme-v02.api.letsencrypt.org/directory"}
{"level":"info","ts":1651849851.345411,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"www.mathieudamotalongo.fr","challenge_type":"http-01","ca":"https://acme-v02.api.letsencrypt.org/directory"}
{"level":"error","ts":1651849852.834297,"logger":"tls.issuance.acme.acme_client","msg":"challenge failed","identifier":"mathieudamotalongo.fr","challenge_type":"http-01","problem":{"type":"urn:ietf:params:acme:error:connection","title":"","detail":"51.254.120.199: Fetching http://mathieudamotalongo.fr/.well-known/acme-challenge/HDuybpppjKzMX9BmVhJDjm4YzVVMUyXpT9MIVs-6BG8: Connection refused","instance":"","subproblems":[]}}
{"level":"error","ts":1651849852.8343272,"logger":"tls.issuance.acme.acme_client","msg":"validating authorization","identifier":"mathieudamotalongo.fr","problem":{"type":"urn:ietf:params:acme:error:connection","title":"","detail":"51.254.120.199: Fetching http://mathieudamotalongo.fr/.well-known/acme-challenge/HDuybpppjKzMX9BmVhJDjm4YzVVMUyXpT9MIVs-6BG8: Connection refused","instance":"","subproblems":[]},"order":"https://acme-v02.api.letsencrypt.org/acme/order/531462176/86324919546","attempt":1,"max_attempts":3}
{"level":"error","ts":1651849853.1319773,"logger":"tls.issuance.acme.acme_client","msg":"challenge failed","identifier":"www.mathieudamotalongo.fr","challenge_type":"http-01","problem":{"type":"urn:ietf:params:acme:error:connection","title":"","detail":"51.254.120.199: Fetching http://www.mathieudamotalongo.fr/.well-known/acme-challenge/BebqMgx3Mgv8fiyK9jCPeYI6LzCPMI079VBeIHmQlAE: Connection refused","instance":"","subproblems":[]}}
{"level":"error","ts":1651849853.1320217,"logger":"tls.issuance.acme.acme_client","msg":"validating authorization","identifier":"www.mathieudamotalongo.fr","problem":{"type":"urn:ietf:params:acme:error:connection","title":"","detail":"51.254.120.199: Fetching http://www.mathieudamotalongo.fr/.well-known/acme-challenge/BebqMgx3Mgv8fiyK9jCPeYI6LzCPMI079VBeIHmQlAE: Connection refused","instance":"","subproblems":[]},"order":"https://acme-v02.api.letsencrypt.org/acme/order/531462186/86324920196","attempt":1,"max_attempts":3}
{"level":"info","ts":1651849854.3277888,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"mathieudamotalongo.fr","challenge_type":"tls-alpn-01","ca":"https://acme-v02.api.letsencrypt.org/directory"}
{"level":"info","ts":1651849854.5911713,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"www.mathieudamotalongo.fr","challenge_type":"tls-alpn-01","ca":"https://acme-v02.api.letsencrypt.org/directory"}
{"level":"error","ts":1651849855.2763646,"logger":"tls.issuance.acme.acme_client","msg":"challenge failed","identifier":"mathieudamotalongo.fr","challenge_type":"tls-alpn-01","problem":{"type":"urn:ietf:params:acme:error:connection","title":"","detail":"51.254.120.199: Connection refused","instance":"","subproblems":[]}}
{"level":"error","ts":1651849855.2765565,"logger":"tls.issuance.acme.acme_client","msg":"validating authorization","identifier":"mathieudamotalongo.fr","problem":{"type":"urn:ietf:params:acme:error:connection","title":"","detail":"51.254.120.199: Connection refused","instance":"","subproblems":[]},"order":"https://acme-v02.api.letsencrypt.org/acme/order/531462176/86324927806","attempt":2,"max_attempts":3}
{"level":"error","ts":1651849855.276767,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"mathieudamotalongo.fr","issuer":"acme-v02.api.letsencrypt.org-directory","error":"HTTP 400 urn:ietf:params:acme:error:connection - 51.254.120.199: Connection refused"}
{"level":"error","ts":1651849855.9445453,"logger":"tls.issuance.acme.acme_client","msg":"challenge failed","identifier":"www.mathieudamotalongo.fr","challenge_type":"tls-alpn-01","problem":{"type":"urn:ietf:params:acme:error:connection","title":"","detail":"51.254.120.199: Connection refused","instance":"","subproblems":[]}}
{"level":"error","ts":1651849855.9447727,"logger":"tls.issuance.acme.acme_client","msg":"validating authorization","identifier":"www.mathieudamotalongo.fr","problem":{"type":"urn:ietf:params:acme:error:connection","title":"","detail":"51.254.120.199: Connection refused","instance":"","subproblems":[]},"order":"https://acme-v02.api.letsencrypt.org/acme/order/531462186/86324928416","attempt":2,"max_attempts":3}
{"level":"error","ts":1651849855.9449365,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"www.mathieudamotalongo.fr","issuer":"acme-v02.api.letsencrypt.org-directory","error":"HTTP 400 urn:ietf:params:acme:error:connection - 51.254.120.199: Connection refused"}
{"level":"info","ts":1651849856.053152,"logger":"tls.issuance.zerossl","msg":"generated EAB credentials","key_id":"2Seyn5aUv_cK7Z0MR4f7pw"}
{"level":"info","ts":1651849856.3089633,"logger":"tls.issuance.zerossl","msg":"generated EAB credentials","key_id":"qiJ_l6bjbpIu80sw9jjnUg"}
{"level":"info","ts":1651849868.5634117,"logger":"tls.issuance.acme","msg":"waiting on internal rate limiter","identifiers":["www.mathieudamotalongo.fr"],"ca":"https://acme.zerossl.com/v2/DV90","account":"contact@mathieudamotalongo.fr"}
{"level":"info","ts":1651849868.5634394,"logger":"tls.issuance.acme","msg":"done waiting on internal rate limiter","identifiers":["www.mathieudamotalongo.fr"],"ca":"https://acme.zerossl.com/v2/DV90","account":"contact@mathieudamotalongo.fr"}
{"level":"info","ts":1651849878.0096676,"logger":"tls.issuance.acme","msg":"waiting on internal rate limiter","identifiers":["mathieudamotalongo.fr"],"ca":"https://acme.zerossl.com/v2/DV90","account":"contact@mathieudamotalongo.fr"}
{"level":"info","ts":1651849878.009703,"logger":"tls.issuance.acme","msg":"done waiting on internal rate limiter","identifiers":["mathieudamotalongo.fr"],"ca":"https://acme.zerossl.com/v2/DV90","account":"contact@mathieudamotalongo.fr"}
{"level":"info","ts":1651849886.4553916,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"mathieudamotalongo.fr","challenge_type":"http-01","ca":"https://acme.zerossl.com/v2/DV90"}
{"level":"info","ts":1651849886.7805872,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"www.mathieudamotalongo.fr","challenge_type":"http-01","ca":"https://acme.zerossl.com/v2/DV90"}
{"level":"error","ts":1651849909.7599885,"logger":"tls.obtain","msg":"will retry","error":"[51.254.120.199] Obtain: subject does not qualify for a public certificate: 51.254.120.199","attempt":2,"retrying_in":120,"elapsed":60.001643708,"max_duration":2592000}
{"level":"error","ts":1651850029.7610834,"logger":"tls.obtain","msg":"will retry","error":"[51.254.120.199] Obtain: subject does not qualify for a public certificate: 51.254.120.199","attempt":3,"retrying_in":120,"elapsed":180.00273878,"max_duration":2592000}
{"level":"error","ts":1651850149.761828,"logger":"tls.obtain","msg":"will retry","error":"[51.254.120.199] Obtain: subject does not qualify for a public certificate: 51.254.120.199","attempt":4,"retrying_in":300,"elapsed":300.003483932,"max_duration":2592000}
{"level":"error","ts":1651850203.3849077,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"www.mathieudamotalongo.fr","issuer":"acme.zerossl.com-v2-DV90","error":"[www.mathieudamotalongo.fr] solving challenges: [www.mathieudamotalongo.fr] authorization took too long (order=https://acme.zerossl.com/v2/DV90/order/g37n2awZ6wjAnS3mcDdGGQ) (ca=https://acme.zerossl.com/v2/DV90)"}
{"level":"error","ts":1651850203.384941,"logger":"tls.obtain","msg":"will retry","error":"[www.mathieudamotalongo.fr] Obtain: [www.mathieudamotalongo.fr] solving challenges: [www.mathieudamotalongo.fr] authorization took too long (order=https://acme.zerossl.com/v2/DV90/order/g37n2awZ6wjAnS3mcDdGGQ) (ca=https://acme.zerossl.com/v2/DV90)","attempt":1,"retrying_in":60,"elapsed":353.625413444,"max_duration":2592000}
{"level":"error","ts":1651850205.8261447,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"mathieudamotalongo.fr","issuer":"acme.zerossl.com-v2-DV90","error":"[mathieudamotalongo.fr] solving challenges: [mathieudamotalongo.fr] authorization took too long (order=https://acme.zerossl.com/v2/DV90/order/_jpO0UyiO3xZnHSdlYVMVg) (ca=https://acme.zerossl.com/v2/DV90)"}
{"level":"error","ts":1651850205.8261716,"logger":"tls.obtain","msg":"will retry","error":"[mathieudamotalongo.fr] Obtain: [mathieudamotalongo.fr] solving challenges: [mathieudamotalongo.fr] authorization took too long (order=https://acme.zerossl.com/v2/DV90/order/_jpO0UyiO3xZnHSdlYVMVg) (ca=https://acme.zerossl.com/v2/DV90)","attempt":1,"retrying_in":60,"elapsed":356.076894614,"max_duration":2592000}
{"level":"info","ts":1651850264.4659371,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"www.mathieudamotalongo.fr","challenge_type":"tls-alpn-01","ca":"https://acme-staging-v02.api.letsencrypt.org/directory"}
{"level":"error","ts":1651850266.1924868,"logger":"tls.issuance.acme.acme_client","msg":"challenge failed","identifier":"www.mathieudamotalongo.fr","challenge_type":"tls-alpn-01","problem":{"type":"urn:ietf:params:acme:error:connection","title":"","detail":"51.254.120.199: Connection refused","instance":"","subproblems":[]}}
{"level":"error","ts":1651850266.1927667,"logger":"tls.issuance.acme.acme_client","msg":"validating authorization","identifier":"www.mathieudamotalongo.fr","problem":{"type":"urn:ietf:params:acme:error:connection","title":"","detail":"51.254.120.199: Connection refused","instance":"","subproblems":[]},"order":"https://acme-staging-v02.api.letsencrypt.org/acme/order/53249374/2505036004","attempt":1,"max_attempts":3}
{"level":"info","ts":1651850266.5610342,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"mathieudamotalongo.fr","challenge_type":"tls-alpn-01","ca":"https://acme-staging-v02.api.letsencrypt.org/directory"}
{"level":"info","ts":1651850267.5441396,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"www.mathieudamotalongo.fr","challenge_type":"http-01","ca":"https://acme-staging-v02.api.letsencrypt.org/directory"}
{"level":"error","ts":1651850268.283166,"logger":"tls.issuance.acme.acme_client","msg":"challenge failed","identifier":"mathieudamotalongo.fr","challenge_type":"tls-alpn-01","problem":{"type":"urn:ietf:params:acme:error:connection","title":"","detail":"51.254.120.199: Connection refused","instance":"","subproblems":[]}}
{"level":"error","ts":1651850268.283207,"logger":"tls.issuance.acme.acme_client","msg":"validating authorization","identifier":"mathieudamotalongo.fr","problem":{"type":"urn:ietf:params:acme:error:connection","title":"","detail":"51.254.120.199: Connection refused","instance":"","subproblems":[]},"order":"https://acme-staging-v02.api.letsencrypt.org/acme/order/53249374/2505036454","attempt":1,"max_attempts":3}
{"level":"error","ts":1651850268.4803169,"logger":"tls.issuance.acme.acme_client","msg":"challenge failed","identifier":"www.mathieudamotalongo.fr","challenge_type":"http-01","problem":{"type":"urn:ietf:params:acme:error:connection","title":"","detail":"51.254.120.199: Fetching http://www.mathieudamotalongo.fr/.well-known/acme-challenge/FQDilIWsjCw8NO5Lx3ihCzPAkW_hSZQb2DsHtc0wZnQ: Connection refused","instance":"","subproblems":[]}}
{"level":"error","ts":1651850268.4803495,"logger":"tls.issuance.acme.acme_client","msg":"validating authorization","identifier":"www.mathieudamotalongo.fr","problem":{"type":"urn:ietf:params:acme:error:connection","title":"","detail":"51.254.120.199: Fetching http://www.mathieudamotalongo.fr/.well-known/acme-challenge/FQDilIWsjCw8NO5Lx3ihCzPAkW_hSZQb2DsHtc0wZnQ: Connection refused","instance":"","subproblems":[]},"order":"https://acme-staging-v02.api.letsencrypt.org/acme/order/53249374/2505036664","attempt":2,"max_attempts":3}
{"level":"error","ts":1651850268.4803846,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"www.mathieudamotalongo.fr","issuer":"acme-v02.api.letsencrypt.org-directory","error":"HTTP 400 urn:ietf:params:acme:error:connection - 51.254.120.199: Fetching http://www.mathieudamotalongo.fr/.well-known/acme-challenge/FQDilIWsjCw8NO5Lx3ihCzPAkW_hSZQb2DsHtc0wZnQ: Connection refused"}
{"level":"info","ts":1651850269.5882082,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"mathieudamotalongo.fr","challenge_type":"http-01","ca":"https://acme-staging-v02.api.letsencrypt.org/directory"}
{"level":"error","ts":1651850270.1296697,"logger":"tls.issuance.acme.acme_client","msg":"challenge failed","identifier":"mathieudamotalongo.fr","challenge_type":"http-01","problem":{"type":"urn:ietf:params:acme:error:connection","title":"","detail":"51.254.120.199: Fetching http://mathieudamotalongo.fr/.well-known/acme-challenge/sI5XqjVR1vcu_BxGkFfh8gZPcOO_94vNxfNPzVwhldI: Connection refused","instance":"","subproblems":[]}}
{"level":"error","ts":1651850270.1298537,"logger":"tls.issuance.acme.acme_client","msg":"validating authorization","identifier":"mathieudamotalongo.fr","problem":{"type":"urn:ietf:params:acme:error:connection","title":"","detail":"51.254.120.199: Fetching http://mathieudamotalongo.fr/.well-known/acme-challenge/sI5XqjVR1vcu_BxGkFfh8gZPcOO_94vNxfNPzVwhldI: Connection refused","instance":"","subproblems":[]},"order":"https://acme-staging-v02.api.letsencrypt.org/acme/order/53249374/2505036984","attempt":2,"max_attempts":3}
{"level":"error","ts":1651850270.1299732,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"mathieudamotalongo.fr","issuer":"acme-v02.api.letsencrypt.org-directory","error":"HTTP 400 urn:ietf:params:acme:error:connection - 51.254.120.199: Fetching http://mathieudamotalongo.fr/.well-known/acme-challenge/sI5XqjVR1vcu_BxGkFfh8gZPcOO_94vNxfNPzVwhldI: Connection refused"}
{"level":"info","ts":1651850293.2897992,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"www.mathieudamotalongo.fr","challenge_type":"http-01","ca":"https://acme.zerossl.com/v2/DV90"}
{"level":"info","ts":1651850295.341552,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"mathieudamotalongo.fr","challenge_type":"http-01","ca":"https://acme.zerossl.com/v2/DV90"}
{"level":"error","ts":1651850449.7631612,"logger":"tls.obtain","msg":"will retry","error":"[51.254.120.199] Obtain: subject does not qualify for a public certificate: 51.254.120.199","attempt":5,"retrying_in":600,"elapsed":600.004817014,"max_duration":2592000}
{"level":"error","ts":1651850619.2639513,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"www.mathieudamotalongo.fr","issuer":"acme.zerossl.com-v2-DV90","error":"[www.mathieudamotalongo.fr] solving challenges: [www.mathieudamotalongo.fr] authorization took too long (order=https://acme.zerossl.com/v2/DV90/order/cZBV6Qp4UyPvBOO_oB_LbQ) (ca=https://acme.zerossl.com/v2/DV90)"}
{"level":"error","ts":1651850619.2640052,"logger":"tls.obtain","msg":"will retry","error":"[www.mathieudamotalongo.fr] Obtain: [www.mathieudamotalongo.fr] solving challenges: [www.mathieudamotalongo.fr] authorization took too long (order=https://acme.zerossl.com/v2/DV90/order/cZBV6Qp4UyPvBOO_oB_LbQ) (ca=https://acme.zerossl.com/v2/DV90)","attempt":2,"retrying_in":120,"elapsed":769.504476898,"max_duration":2592000}
{"level":"error","ts":1651850627.6106606,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"mathieudamotalongo.fr","issuer":"acme.zerossl.com-v2-DV90","error":"[mathieudamotalongo.fr] solving challenges: [mathieudamotalongo.fr] authorization took too long (order=https://acme.zerossl.com/v2/DV90/order/_UUkX065oGOiXs5vufbcOg) (ca=https://acme.zerossl.com/v2/DV90)"}
{"level":"error","ts":1651850627.6107023,"logger":"tls.obtain","msg":"will retry","error":"[mathieudamotalongo.fr] Obtain: [mathieudamotalongo.fr] solving challenges: [mathieudamotalongo.fr] authorization took too long (order=https://acme.zerossl.com/v2/DV90/order/_UUkX065oGOiXs5vufbcOg) (ca=https://acme.zerossl.com/v2/DV90)","attempt":2,"retrying_in":120,"elapsed":777.861425154,"max_duration":2592000}

CURL

curl -v mathieudamotalongo.fr
*   Trying 51.254.120.199:80...
* Connected to mathieudamotalongo.fr (51.254.120.199) port 80 (#0)
> GET / HTTP/1.1
> Host: mathieudamotalongo.fr
> User-Agent: curl/7.79.1
> Accept: */*

That all looks fine. Is there still a problem, or not?

I have the impression that the caddy container systematically shuts down, and the certificate is still not available to access my website

Where do you see it shutting down? Your logs show that Caddy is running correctly. The curl -v request shows that you were able to connect.

what I can’t understand is why it does not issue the certificate so that I can access my website

I do not understand this error

{"level":"error","ts":1651856652.792212,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"mathieudamotalongo.fr","issuer":"acme-v02.api.letsencrypt.org-directory","error":"HTTP 400 urn:ietf:params:acme:error:connection - 51.254.120.199: Connection refused"}

Oh sorry, didn’t realize the logs had more…

Firefox recently made a change to hide scrollbars by default, and I’ve been too used to seeing scroll bars always, didn’t realize there was more.

Yeah, okay, so Let’s Encrypt can still not reach your server.

If I try to connect myself, it also fails:

$ curl -v http://mathieudamotalongo.fr
*   Trying 51.254.120.199:80...
* connect to 51.254.120.199 port 80 failed: Connection refused
* Failed to connect to mathieudamotalongo.fr port 80: Connection refused
* Closing connection 0
curl: (7) Failed to connect to mathieudamotalongo.fr port 80: Connection refused

You’ll need to figure out what part of your networking stack is preventing the connection.

FYI, IP certificates are not supported by Let’s Encrypt and ZeroSSL right now. Why do you need this?

I removed IP in the caddyfile. I really don’t see, all the ports are open 80 and 443 in both directions, the DNS are configured, maybe in the docker-compose parameters ?

with curl on my side find that

curl -v http://mathieudamotalongo.fr
*   Trying 51.254.120.199:80...
* Connected to mathieudamotalongo.fr (51.254.120.199) port 80 (#0)
> GET / HTTP/1.1
> Host: mathieudamotalongo.fr
> User-Agent: curl/7.79.1
> Accept: */*

caddy logs after removing IP from caddy file

{"level":"error","ts":1651857616.3966472,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"mathieudamotalongo.fr","issuer":"acme-v02.api.letsencrypt.org-directory","error":"HTTP 400 urn:ietf:params:acme:error:connection - 51.254.120.199: Fetching http://mathieudamotalongo.fr/.well-known/acme-challenge/Yulwyb3ZqrLCl01_uj64sIlVBTaizi49Odx6C6S8OdQ: Connection refused"}
{"level":"error","ts":1651857616.4855115,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"mathieudamotalongo.fr","issuer":"acme.zerossl.com-v2-DV90","error":"[mathieudamotalongo.fr] creating new order: fetching new nonce from server: HTTP 500:  (ca=https://acme.zerossl.com/v2/DV90)"}
{"level":"error","ts":1651857616.4855652,"logger":"tls.obtain","msg":"will retry","error":"[mathieudamotalongo.fr] Obtain: [mathieudamotalongo.fr] creating new order: fetching new nonce from server: HTTP 500:  (ca=https://acme.zerossl.com/v2/DV90)","attempt":4,"retrying_in":300,"elapsed":718.87127795,"max_duration":2592000}
{"level":"info","ts":1651857658.7524874,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"www.mathieudamotalongo.fr","challenge_type":"http-01","ca":"https://acme.zerossl.com/v2/DV90"}

If you’re making that request from inside your own network then that’ll have a different result than making the request from outside.

Is this a home network? Check your router’s port forwarding config. Maybe your ISP blocks usage of ports 80/443 (it’s not unheard of).

not a network outside the server, the server and on OVH and the ufw is well configured to allow 80 and 443 to pass

After several tests here are the new logs

{"level":"error","ts":1652007959.6933012,"logger":"tls.issuance.acme.acme_client","msg":"validating authorization","identifier":"mathieudamotalongo.fr","problem":{"type":"urn:ietf:params:acme:error:connection","title":"","detail":"51.254.120.199: Connection refused","instance":"","subproblems":[]},"order":"https://acme-v02.api.letsencrypt.org/acme/order/531586176/86843345506","attempt":2,"max_attempts":3}
{"level":"error","ts":1652007959.6934824,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"mathieudamotalongo.fr","issuer":"acme-v02.api.letsencrypt.org-directory","error":"HTTP 400 urn:ietf:params:acme:error:connection - 51.254.120.199: Connection refused"}
{"level":"info","ts":1652007959.693927,"logger":"tls.issuance.acme","msg":"waiting on internal rate limiter","identifiers":["mathieudamotalongo.fr"],"ca":"https://acme.zerossl.com/v2/DV90","account":"webmaster@mathieudamotalongo.fr"}
{"level":"info","ts":1652007959.6940296,"logger":"tls.issuance.acme","msg":"done waiting on internal rate limiter","identifiers":["mathieudamotalongo.fr"],"ca":"https://acme.zerossl.com/v2/DV90","account":"webmaster@mathieudamotalongo.fr"}
{"level":"info","ts":1652007974.7927425,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"www.mathieudamotalongo.fr","challenge_type":"http-01","ca":"https://acme.zerossl.com/v2/DV90"}
{"level":"info","ts":1652007982.2106576,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"mathieudamotalongo.fr","challenge_type":"http-01","ca":"https://acme.zerossl.com/v2/DV90"}
{"level":"error","ts":1652008298.8529406,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"mathieudamotalongo.fr","issuer":"acme.zerossl.com-v2-DV90","error":"[mathieudamotalongo.fr] solving challenges: [mathieudamotalongo.fr] authorization took too long (order=https://acme.zerossl.com/v2/DV90/order/N0GWZqzw1C_9SJKo0RCrBQ) (ca=https://acme.zerossl.com/v2/DV90)"}
{"level":"error","ts":1652008298.8529913,"logger":"tls.obtain","msg":"will retry","error":"[mathieudamotalongo.fr] Obtain: [mathieudamotalongo.fr] solving challenges: [mathieudamotalongo.fr] authorization took too long (order=https://acme.zerossl.com/v2/DV90/order/N0GWZqzw1C_9SJKo0RCrBQ) (ca=https://acme.zerossl.com/v2/DV90)","attempt":1,"retrying_in":60,"elapsed":347.241287683,"max_duration":2592000}
{"level":"error","ts":1652008299.819453,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"www.mathieudamotalongo.fr","issuer":"acme.zerossl.com-v2-DV90","error":"[www.mathieudamotalongo.fr] solving challenges: [www.mathieudamotalongo.fr] authorization took too long (order=https://acme.zerossl.com/v2/DV90/order/WGyDegjohhR53yghBkjoQg) (ca=https://acme.zerossl.com/v2/DV90)"}
{"level":"error","ts":1652008299.8194811,"logger":"tls.obtain","msg":"will retry","error":"[www.mathieudamotalongo.fr] Obtain: [www.mathieudamotalongo.fr] solving challenges: [www.mathieudamotalongo.fr] authorization took too long (order=https://acme.zerossl.com/v2/DV90/order/WGyDegjohhR53yghBkjoQg) (ca=https://acme.zerossl.com/v2/DV90)","attempt":1,"retrying_in":60,"elapsed":348.214753472,"max_duration":2592000}

Here is the firewall of the server

$ sudo ufw status verbose
Status: active
Logging: on (low)
Default: deny (incoming), allow (outgoing), deny (routed)
New profiles: skip

To                         Action      From
--                         ------      ----
22/tcp                     ALLOW IN    Anywhere                  
80/tcp                     ALLOW IN    Anywhere                  
443                        ALLOW IN    Anywhere                  
21/tcp                     ALLOW IN    Anywhere                  
3306/tcp                   ALLOW IN    Anywhere                  
22/tcp (v6)                ALLOW IN    Anywhere (v6)             
80/tcp (v6)                ALLOW IN    Anywhere (v6)             
443 (v6)                   ALLOW IN    Anywhere (v6)             
21/tcp (v6)                ALLOW IN    Anywhere (v6)             
3306/tcp (v6)              ALLOW IN    Anywhere (v6)   

Thank you in advance for your help