V2 Caddy Not Generating Certificate After Initial Creation

1. My Caddy version (caddy -version):

v2.0.0-beta.13 h1:QL0JAepFvLVtOatABqniuDRQ4HmtvWuuSWZW24qVVtk=

2. How I run Caddy:

a. System environment:

CentOS 7, SystemD

b. Command:

Runs As Service

c. Service/unit/compose file:

This service file requires the following:

#
# 1) Group named caddy:
#      $ groupadd --system caddy
#
# 2) User named caddy, with a writeable home folder:
#      $ useradd --system \
#           --gid caddy \
#           --create-home \
#           --home-dir /var/lib/caddy \
#           --shell /usr/sbin/nologin \
#           --comment "Caddy web server" \
#           caddy
#
# 3) Caddyfile at /etc/caddy/Caddyfile that is
#    readable by the caddy user
#

[Unit]
Description=Caddy Web Server
Documentation=https://caddyserver.com/docs/
After=network.target

[Service]
User=caddy
Group=caddy
ExecStart=/usr/bin/caddy run --config /etc/caddy/Caddyfile --adapter caddyfile --resume --environ
ExecReload=/usr/bin/caddy reload --config /etc/caddy/Caddyfile --adapter caddyfile
TimeoutStopSec=5s
LimitNOFILE=1048576
LimitNPROC=512
PrivateTmp=true
ProtectSystem=full
AmbientCapabilities=CAP_NET_BIND_SERVICE

[Install]
WantedBy=multi-user.target

d. My complete Caddyfile:

131-OVR-01.stfd13.org {
        reverse_proxy 10.0.8.3:443 {
        transport http {
                tls
                tls_insecure_skip_verify
                }
        }
}
portal.stfd13.org{
        reverse_proxy 10.0.0.46:443
        transport http {
                tls
                tls_insecure_skip_verify
                }
        }
}
gis.stfd13.org {
        reverse_proxy 10.0.0.47:443
        transport http {
                tls
                tls_insecure_skip_verify
                }
        }
}
wazuh.stfd13.org {
        reverse_proxy 10.0.0.13:5601
        transport http {
                tls
                tls_insecure_skip_verify
                }
        }
}


3. The problem Iā€™m having:

Not generating another certificate after website was added

4. Error messages and/or full log output:

 ā— caddy.service - Caddy Web Server
   Loaded: loaded (/etc/systemd/system/caddy.service; enabled; vendor preset: disabled)
   Active: active (running) since Fri 2020-01-24 15:03:13 EST; 10min ago
     Docs: https://caddyserver.com/docs/
  Process: 1930 ExecReload=/usr/bin/caddy reload --config /etc/caddy/Caddyfile --adapter caddyfile (code=exited, status=1/FAILURE)
 Main PID: 2087 (caddy)
   CGroup: /system.slice/caddy.service
           ā””ā”€2087 /usr/bin/caddy run --config /etc/caddy/Caddyfile --adapter caddyfile --resume --environ

Jan 24 15:03:16 caddy.stfd13.org caddy[2087]: 2020/01/24 15:03:16 http: TLS handshake error from 170.249.187.86:55340: no certificate available for 'portal.stfd13.org'
Jan 24 15:03:16 caddy.stfd13.org caddy[2087]: 2020/01/24 15:03:16 http: TLS handshake error from 170.249.187.86:55341: no certificate available for 'portal.stfd13.org'
Jan 24 15:03:16 caddy.stfd13.org caddy[2087]: 2020/01/24 15:03:16 http: TLS handshake error from 170.249.187.86:55342: no certificate available for 'portal.stfd13.org'
Jan 24 15:03:16 caddy.stfd13.org caddy[2087]: 2020/01/24 15:03:16 http: TLS handshake error from 170.249.187.86:55343: no certificate available for 'portal.stfd13.org'
Jan 24 15:03:16 caddy.stfd13.org caddy[2087]: 2020/01/24 15:03:16 http: TLS handshake error from 170.249.187.86:55344: no certificate available for 'portal.stfd13.org'
Jan 24 15:03:16 caddy.stfd13.org caddy[2087]: 2020/01/24 15:03:16 http: TLS handshake error from 170.249.187.86:55345: no certificate available for 'portal.stfd13.org'
Jan 24 15:03:16 caddy.stfd13.org caddy[2087]: 2020/01/24 15:03:16 http: TLS handshake error from 170.249.187.86:55348: no certificate available for 'portal.stfd13.org'
Jan 24 15:03:16 caddy.stfd13.org caddy[2087]: 2020/01/24 15:03:16 http: TLS handshake error from 170.249.187.86:55347: no certificate available for 'portal.stfd13.org'
Jan 24 15:13:48 caddy.stfd13.org caddy[2087]: 2020/01/24 15:13:48 http: TLS handshake error from 170.249.187.86:55764: no certificate available for 'wazuh.stfd13.org'
Jan 24 15:13:48 caddy.stfd13.org caddy[2087]: 2020/01/24 15:13:48 http: TLS handshake error from 170.249.187.86:55765: no certificate available for 'wazuh.stfd13.org'

5. What I already tried:

Restaring Service & Rebooting

6. Links to relevant resources:

Hi Robert! Welcome to the Caddy community.

Can you share what your initial Caddyfile looked like, how the config change was made, and how was Caddy notified of the update (i.e. what was the command used)? I see many possible scenarios and would like to know which one took place.

2 Likes

Some of the (subdomain).stfd13.org listed in the Caddyfile appear to have recently issued a certificate:
https://crt.sh/?q=stfd13.org

If you remember recently changing settings around tls, be careful.

Hey @Robert_Crawford, were you able to resolve your issue? From the top of my head, Iā€™m thinking if you modified the Caddyfile instead of POSTing the new config, you need to issue a reload so Caddy re-reads the config file. If you POST the new config, it will automatically write the new config as per the XDG_DATA spec.

1 Like

I am also interested in this.