WARN automatic HTTP->HTTPS redirects are disabled

Help
1

Hi, I am getting this error before I was able to successfully up my production but now I cannot. sometimes I get a rate-limiting limit. I show some logs in my production. I just replace my domain to mysite.online. for now I just remove the other service which hold the top domain. I just run my subdomain api.mysite.online but I cannot access the site.

please help me

thank you in advance.

frankencontainer  |    WARN  automatic HTTP->HTTPS redirects are disabled
caddy-breeze        | {"level":"info","ts":1717719685.5775692,"logger":"http","msg":"waiting on internal rate limiter","identifiers":["api.mysite.online "],"ca":"https://acme-v02.api.letsencrypt.org/directory","account":""}

api.mysite.online {
	reverse_proxy frankencontainer:8000
}



  caddy:
    image: caddy:latest
    container_name: caddy-breeze
    restart: unless-stopped
    ports:
      - "80:80"
      - "443:443"
    volumes:
      - caddy_data:/data
      - caddy_config:/config
      - ./Caddyfile:/etc/caddy/Caddyfile
    networks:
      - my-network

  php:
    container_name: frankencontainer
    image: myusername/myimage:latest
    volumes:
      - caddy_data:/data
      - caddy_config:/config
    entrypoint: php artisan octane:frankenphp --host=api.mysite.online --max-requests=1000 --https --admin-port=2019
    env_file:
      - ./.env
    networks:
      - my-network
2

It’s a warning, not an error. (Hence “WARN”)

It’s normal for proxy backends that are only accessed internally to not use HTTPS, so everything is fine.

1 Like
3

Please completely fill out the help topic template as per the forum rules. I’m not clear on what the problem is from your post. We need to see your full logs (including any error message), full config, Caddy version, steps you took to test it, and an example request with curl -v which shows the problem.

1 Like
4

Here is the complete log, I am using caddy latest

Attaching to caddy-breeze, frankencondobreeze, mysql-breeze
mysql-breeze        | 2024-06-08 07:00:40+00:00 [Note] [Entrypoint]: Entrypoint script for MySQL Server 8.3.0-1.el8 started.
caddy-breeze        | {"level":"info","ts":1717830040.8064911,"msg":"using config from file","file":"/etc/caddy/Caddyfile"}
caddy-breeze        | {"level":"info","ts":1717830040.8194525,"msg":"adapted config to JSON","adapter":"caddyfile"}
caddy-breeze        | {"level":"info","ts":1717830040.8306403,"logger":"admin","msg":"admin endpoint started","address":"localhost:2019","enforce_origin":false,"origins":["//localhost:2019","//[::1]:2019","//127.0.0.1:2019"]}
caddy-breeze        | {"level":"info","ts":1717830040.831075,"logger":"http.auto_https","msg":"server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS","server_name":"srv0","https_port":443}
caddy-breeze        | {"level":"info","ts":1717830040.8311038,"logger":"http.auto_https","msg":"enabling automatic HTTP->HTTPS redirects","server_name":"srv0"}
caddy-breeze        | {"level":"info","ts":1717830040.834034,"logger":"tls.cache.maintenance","msg":"started background certificate maintenance","cache":"0xc0000ed480"}
caddy-breeze        | {"level":"info","ts":1717830040.8370745,"logger":"http","msg":"enabling HTTP/3 listener","addr":":443"}
caddy-breeze        | {"level":"info","ts":1717830040.8382225,"msg":"failed to sufficiently increase receive buffer size (was: 208 kiB, wanted: 7168 kiB, got: 416 kiB). See https://github.com/quic-go/quic-go/wiki/UDP-Buffer-Sizes for details."}
caddy-breeze        | {"level":"info","ts":1717830040.8403106,"logger":"http.log","msg":"server running","name":"srv0","protocols":["h1","h2","h3"]}
caddy-breeze        | {"level":"info","ts":1717830040.840914,"logger":"http.log","msg":"server running","name":"remaining_auto_https_redirects","protocols":["h1","h2","h3"]}
caddy-breeze        | {"level":"info","ts":1717830040.841282,"logger":"http","msg":"enabling automatic TLS certificate management","domains":["api.mysite.online"]}
caddy-breeze        | {"level":"info","ts":1717830040.8417938,"msg":"autosaved config (load with --resume flag)","file":"/config/caddy/autosave.json"}
caddy-breeze        | {"level":"info","ts":1717830040.842104,"msg":"serving initial configuration"}
caddy-breeze        | {"level":"info","ts":1717830040.8427427,"logger":"tls.obtain","msg":"acquiring lock","identifier":"api.mysite.online"}
caddy-breeze        | {"level":"info","ts":1717830040.8464987,"logger":"tls.obtain","msg":"lock acquired","identifier":"api.mysite.online"}
caddy-breeze        | {"level":"info","ts":1717830040.8471582,"logger":"tls.obtain","msg":"obtaining certificate","identifier":"api.mysite.online"}
caddy-breeze        | {"level":"info","ts":1717830040.8646028,"logger":"tls","msg":"cleaning storage unit","storage":"FileStorage:/data/caddy"}
caddy-breeze        | {"level":"info","ts":1717830040.8735514,"logger":"tls","msg":"finished cleaning storage units"}
mysql-breeze        | 2024-06-08 07:00:41+00:00 [Note] [Entrypoint]: Switching to dedicated user 'mysql'
mysql-breeze        | 2024-06-08 07:00:41+00:00 [Note] [Entrypoint]: Entrypoint script for MySQL Server 8.3.0-1.el8 started.
caddy-breeze        | {"level":"info","ts":1717830041.8778393,"logger":"http","msg":"waiting on internal rate limiter","identifiers":["api.mysite.online"],"ca":"https://acme-v02.api.letsencrypt.org/directory","account":""}
caddy-breeze        | {"level":"info","ts":1717830041.8785357,"logger":"http","msg":"done waiting on internal rate limiter","identifiers":["api.mysite.online"],"ca":"https://acme-v02.api.letsencrypt.org/directory","account":""}
caddy-breeze        | {"level":"info","ts":1717830041.8790393,"logger":"http","msg":"using ACME account","account_id":"https://acme-v02.api.letsencrypt.org/acme/acct/1770429097","account_contact":[]}
frankencondobreeze  | 
frankencondobreeze  |    INFO  Server running…
frankencondobreeze  | 
frankencondobreeze  |   Local: http://api.mysite.online:8000 
frankencondobreeze  | 
frankencondobreeze  |   Press Ctrl+C to stop the server
frankencondobreeze  | 
caddy-breeze        | {"level":"error","ts":1717830042.0863986,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"api.mysite.online","issuer":"acme-v02.api.letsencrypt.org-directory","error":"HTTP 429 urn:ietf:params:acme:error:rateLimited - Error creating new order :: too many certificates (5) already issued for this exact set of domains in the last 168 hours: api.mysite.online, retry after 2024-06-09T09:22:03Z: see https://letsencrypt.org/docs/duplicate-certificate-limit/"}
caddy-breeze        | {"level":"error","ts":1717830042.0865462,"logger":"tls.obtain","msg":"will retry","error":"[api.mysite.online] Obtain: [api.mysite.online] creating new order: attempt 1: https://acme-v02.api.letsencrypt.org/acme/new-order: HTTP 429 urn:ietf:params:acme:error:rateLimited - Error creating new order :: too many certificates (5) already issued for this exact set of domains in the last 168 hours: api.mysite.online, retry after 2024-06-09T09:22:03Z: see https://letsencrypt.org/docs/duplicate-certificate-limit/ (ca=https://acme-v02.api.letsencrypt.org/directory)","attempt":1,"retrying_in":60,"elapsed":1.239530625,"max_duration":2592000}
mysql-breeze        | '/var/lib/mysql/mysql.sock' -> '/var/run/mysqld/mysqld.sock'
mysql-breeze        | 2024-06-08T07:00:42.292605Z 0 [System] [MY-015015] [Server] MySQL Server - start.
mysql-breeze        | 2024-06-08T07:00:42.837439Z 0 [System] [MY-010116] [Server] /usr/sbin/mysqld (mysqld 8.3.0) starting as process 1
mysql-breeze        | 2024-06-08T07:00:42.866794Z 1 [System] [MY-013576] [InnoDB] InnoDB initialization has started.
mysql-breeze        | 2024-06-08T07:00:43.394226Z 1 [System] [MY-013577] [InnoDB] InnoDB initialization has ended.
mysql-breeze        | 2024-06-08T07:00:43.823447Z 0 [Warning] [MY-010068] [Server] CA certificate ca.pem is self signed.
mysql-breeze        | 2024-06-08T07:00:43.824109Z 0 [System] [MY-013602] [Server] Channel mysql_main configured to support TLS. Encrypted connections are now supported for this channel.
mysql-breeze        | 2024-06-08T07:00:43.829908Z 0 [Warning] [MY-011810] [Server] Insecure configuration for --pid-file: Location '/var/run/mysqld' in the path is accessible to all OS users. Consider choosing a different directory.
mysql-breeze        | 2024-06-08T07:00:43.884904Z 0 [System] [MY-011323] [Server] X Plugin ready for connections. Bind-address: '::' port: 33060, socket: /var/run/mysqld/mysqlx.sock
mysql-breeze        | 2024-06-08T07:00:43.885970Z 0 [System] [MY-010931] [Server] /usr/sbin/mysqld: ready for connections. Version: '8.3.0'  socket: '/var/run/mysqld/mysqld.sock'  port: 3306  MySQL Community Server - GPL.
caddy-breeze        | {"level":"info","ts":1717830102.088767,"logger":"tls.obtain","msg":"obtaining certificate","identifier":"api.mysite.online"}
caddy-breeze        | {"level":"info","ts":1717830103.1415167,"logger":"http","msg":"using ACME account","account_id":"https://acme-staging-v02.api.letsencrypt.org/acme/acct/151264623","account_contact":[]}
caddy-breeze        | {"level":"info","ts":1717830103.5898142,"logger":"http.acme_client","msg":"trying to solve challenge","identifier":"api.mysite.online","challenge_type":"tls-alpn-01","ca":"https://acme-staging-v02.api.letsencrypt.org/directory"}
caddy-breeze        | {"level":"info","ts":1717830103.9551482,"logger":"tls","msg":"served key authentication certificate","server_name":"api.mysite.online","challenge":"tls-alpn-01","remote":"3.0.56.62:27906","distributed":false}
caddy-breeze        | {"level":"info","ts":1717830104.1365519,"logger":"tls","msg":"served key authentication certificate","server_name":"api.mysite.online","challenge":"tls-alpn-01","remote":"18.117.95.39:65022","distributed":false}
caddy-breeze        | {"level":"info","ts":1717830104.267938,"logger":"tls","msg":"served key authentication certificate","server_name":"api.mysite.online","challenge":"tls-alpn-01","remote":"66.133.109.36:64993","distributed":false}
caddy-breeze        | {"level":"info","ts":1717830104.4997578,"logger":"tls","msg":"served key authentication certificate","server_name":"api.mysite.online","challenge":"tls-alpn-01","remote":"16.16.77.212:29940","distributed":false}
caddy-breeze        | {"level":"info","ts":1717830114.1287317,"logger":"tls","msg":"served key authentication certificate","server_name":"api.mysite.online","challenge":"tls-alpn-01","remote":"34.216.80.128:33330","distributed":false}
caddy-breeze        | {"level":"info","ts":1717830114.7722816,"logger":"http.acme_client","msg":"authorization finalized","identifier":"api.mysite.online","authz_status":"valid"}
caddy-breeze        | {"level":"info","ts":1717830114.77232,"logger":"http.acme_client","msg":"validations succeeded; finalizing order","order":"https://acme-staging-v02.api.letsencrypt.org/acme/order/151264623/17056585393"}
caddy-breeze        | {"level":"info","ts":1717830118.6345,"logger":"http.acme_client","msg":"got renewal info","names":["api.mysite.online"],"window_start":1722925313.6666667,"window_end":1723098113.6666667,"selected_time":1722962908,"recheck_after":1717851718.6344934,"explanation_url":""}
caddy-breeze        | {"level":"info","ts":1717830119.0623538,"logger":"http.acme_client","msg":"got renewal info","names":["api.mysite.online"],"window_start":1722925313.6666667,"window_end":1723098113.6666667,"selected_time":1722934694,"recheck_after":1717851719.0623488,"explanation_url":""}
caddy-breeze        | {"level":"info","ts":1717830119.062423,"logger":"http.acme_client","msg":"successfully downloaded available certificate chains","count":2,"first_url":"https://acme-staging-v02.api.letsencrypt.org/acme/cert/2b89d4b7059e37a05e68e3db9a14d7ef5870"}
caddy-breeze        | {"level":"info","ts":1717830119.063586,"logger":"http","msg":"waiting on internal rate limiter","identifiers":["api.mysite.online"],"ca":"https://acme-v02.api.letsencrypt.org/directory","account":""}
caddy-breeze        | {"level":"info","ts":1717830119.0636547,"logger":"http","msg":"done waiting on internal rate limiter","identifiers":["api.mysite.online"],"ca":"https://acme-v02.api.letsencrypt.org/directory","account":""}
caddy-breeze        | {"level":"info","ts":1717830119.0636802,"logger":"http","msg":"using ACME account","account_id":"https://acme-v02.api.letsencrypt.org/acme/acct/1770429097","account_contact":[]}
caddy-breeze        | {"level":"error","ts":1717830119.4765725,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"api.mysite.online","issuer":"acme-v02.api.letsencrypt.org-directory","error":"HTTP 429 urn:ietf:params:acme:error:rateLimited - Error creating new order :: too many certificates (5) already issued for this exact set of domains in the last 168 hours: api.mysite.online, retry after 2024-06-09T09:22:03Z: see https://letsencrypt.org/docs/duplicate-certificate-limit/"}
caddy-breeze        | {"level":"error","ts":1717830119.4766743,"logger":"tls.obtain","msg":"will retry","error":"[api.mysite.online] Obtain: [api.mysite.online] creating new order: attempt 1: https://acme-v02.api.letsencrypt.org/acme/new-order: HTTP 429 urn:ietf:params:acme:error:rateLimited - Error creating new order :: too many certificates (5) already issued for this exact set of domains in the last 168 hours: api.mysite.online, retry after 2024-06-09T09:22:03Z: see https://letsencrypt.org/docs/duplicate-certificate-limit/ (ca=https://acme-v02.api.letsencrypt.org/directory)","attempt":2,"retrying_in":120,"elapsed":78.629659281,"max_duration":2592000}
caddy-breeze        | {"level":"info","ts":1717830239.478878,"logger":"tls.obtain","msg":"obtaining certificate","identifier":"api.mysite.online"}
caddy-breeze        | {"level":"info","ts":1717830239.4804604,"logger":"http","msg":"using ACME account","account_id":"https://acme-staging-v02.api.letsencrypt.org/acme/acct/151264623","account_contact":[]}
caddy-breeze        | {"level":"info","ts":1717830240.127605,"logger":"http.acme_client","msg":"authorization finalized","identifier":"api.mysite.online","authz_status":"valid"}
caddy-breeze        | {"level":"info","ts":1717830240.1276317,"logger":"http.acme_client","msg":"validations succeeded; finalizing order","order":"https://acme-staging-v02.api.letsencrypt.org/acme/order/151264623/17056614763"}
caddy-breeze        | {"level":"info","ts":1717830243.9772232,"logger":"http.acme_client","msg":"got renewal info","names":["api.mysite.online"],"window_start":1722925439.3333333,"window_end":1723098239.3333333,"selected_time":1723024728,"recheck_after":1717851843.9772172,"explanation_url":""}
caddy-breeze        | {"level":"info","ts":1717830244.3958797,"logger":"http.acme_client","msg":"got renewal info","names":["api.mysite.online"],"window_start":1722925439.3333333,"window_end":1723098239.3333333,"selected_time":1722973489,"recheck_after":1717851844.3958757,"explanation_url":""}
caddy-breeze        | {"level":"info","ts":1717830244.3959365,"logger":"http.acme_client","msg":"successfully downloaded available certificate chains","count":2,"first_url":"https://acme-staging-v02.api.letsencrypt.org/acme/cert/2bcfd759fe48632760854500256e7db5382a"}
caddy-breeze        | {"level":"info","ts":1717830244.3962204,"logger":"http","msg":"waiting on internal rate limiter","identifiers":["api.mysite.online"],"ca":"https://acme-v02.api.letsencrypt.org/directory","account":""}
caddy-breeze        | {"level":"info","ts":1717830244.3962283,"logger":"http","msg":"done waiting on internal rate limiter","identifiers":["api.mysite.online"],"ca":"https://acme-v02.api.letsencrypt.org/directory","account":""}
caddy-breeze        | {"level":"info","ts":1717830244.3962374,"logger":"http","msg":"using ACME account","account_id":"https://acme-v02.api.letsencrypt.org/acme/acct/1770429097","account_contact":[]}
caddy-breeze        | {"level":"error","ts":1717830244.8032424,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"api.mysite.online","issuer":"acme-v02.api.letsencrypt.org-directory","error":"HTTP 429 urn:ietf:params:acme:error:rateLimited - Error creating new order :: too many certificates (5) already issued for this exact set of domains in the last 168 hours: api.mysite.online, retry after 2024-06-09T09:22:03Z: see https://letsencrypt.org/docs/duplicate-certificate-limit/"}
caddy-breeze        | {"level":"error","ts":1717830244.8040464,"logger":"tls.obtain","msg":"will retry","error":"[api.mysite.online] Obtain: [api.mysite.online] creating new order: attempt 1: https://acme-v02.api.letsencrypt.org/acme/new-order: HTTP 429 urn:ietf:params:acme:error:rateLimited - Error creating new order :: too many certificates (5) already issued for this exact set of domains in the last 168 hours: api.mysite.online, retry after 2024-06-09T09:22:03Z: see https://letsencrypt.org/docs/duplicate-certificate-limit/ (ca=https://acme-v02.api.letsencrypt.org/directory)","attempt":3,"retrying_in":120,"elapsed":203.957030539,"max_duration":2592000}

This is the display of my browser

Secure Connection Failed

An error occurred during a connection to api.mysite.online. Peer reports it experienced an internal error.

Error code: SSL_ERROR_INTERNAL_ERROR_ALERT

    The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
    Please contact the website owners to inform them of this problem.

Thank you in advance

5

Pretty self-explanatory. You issued too many certs for the same domain. Now you’ll need to wait until tomorrow, or use a different subdomain for the time being. Make sure to not wipe out Caddy’s storage, you need to make sure /data is persisted. Don’t delete the data volume.

2 Likes
6

Hi

Yes, I deleted the volume every time I pulled the image to my production so that I could have a fresh installation and data. so even if I will edit the Caddyfile I should not delete the Caddy /data?. Thank you so much for helping me. Ok, I will just wait to cool down the rate limit. I will be back if I encounter it again.

By the way in my local machine, I always do that deleting all volumes, especially caddy data, but my local machine works fine. maybe because it is just local and I did not use the real domain ?

1 Like
7

Yeah, you definitely should not wipe out the /data volume because it’s subject to ACME issuer rate limits. It puts a burden on their infrastructure to continually re-issue certificates, so they have to put limits to prevent abuse.

If you’re using tls internal then you’re issuing using Caddy’s internal CA, so no rate limits apply. So in that case it’s fine to wipe out the storage. Though keep in mind if you wipe the storage, you also cause Caddy to regenerate a new root CA certificate, so if you tried installing that in your trust stores then you’d need to redo it every time. So in general, just don’t wipe the storage unless you have a specific issue that requires it (i.e. we ask you to do it as part of troubleshooting) but that’s very very rare.

2 Likes
8

Thank you

9

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.