What did I do wrong?

First time setting up Caddy, have been using Cloudflare tunnels for the longest time as it was just so easy for a person like myself.

I’ve been having a few weird things with Cloudflare tunnels + using Jellyfin so I did some research and came across Caddy. I got Caddy installed via Debian 12 in my proxmox lxc and have managed to get it up and working.

I can go to media.mydomain.tld and it goes to Jellyfin just fine. I did the " ```
journalctl -u caddy --no-pager | less +G


> May 09 05:31:48 Caddy caddy[4223]: {"level":"info","ts":1715232708.1872504,"logger":"http.log","msg":"server running","name":"remaining_auto_https_redirects","protocols":["h1","h2","h3"]}

May 09 05:31:48 Caddy caddy[4223]: {"level":"info","ts":1715232708.1872547,"logger":"http","msg":"enabling automatic TLS certificate management","domains":["requests.mydomain.tld","media.mydomain.tld"]}

May 09 05:31:48 Caddy caddy[4223]: {"level":"info","ts":1715232708.187265,"logger":"http","msg":"servers shutting down with eternal grace period"}

May 09 05:31:48 Caddy caddy[4223]: {"level":"info","ts":1715232708.187405,"msg":"autosaved config (load with --resume flag)","file":"/var/lib/caddy/.config/caddy/autosave.json"}

May 09 05:31:48 Caddy caddy[4223]: {"level":"info","ts":1715232708.1874483,"logger":"admin.api","msg":"load complete"}

May 09 05:31:48 Caddy caddy[4223]: {"level":"info","ts":1715232708.1881146,"logger":"admin","msg":"stopped previous server","address":"localhost:2019"}

May 09 05:31:48 Caddy systemd[1]: Reloaded caddy.service - Caddy.

May 09 13:16:38 Caddy caddy[4223]: {"level":"warn","ts":1715260598.3962617,"logger":"tls.cache.maintenance","msg":"error while checking if stored certificate is also expiring soon","identifiers":["media.mydomain.tld"],"error":"open /var/lib/caddy/.local/share/caddy/certificates/acme.zerossl.com-v2-dv90/media.mydomain.tld/media.mydomain.tld.key: no such file or directory"}

May 09 13:16:38 Caddy caddy[4223]: {"level":"info","ts":1715260598.3963065,"logger":"tls.cache.maintenance","msg":"certificate expires soon; queuing for renewal","identifiers":["media.mydomain.tld"],"remaining":14120.603693964}

May 09 13:16:38 Caddy caddy[4223]: {"level":"info","ts":1715260598.3963218,"logger":"tls.cache.maintenance","msg":"attempting certificate renewal","identifiers":["media.mydomain.tld"],"remaining":14120.603678403}

May 09 13:16:38 Caddy caddy[4223]: {"level":"info","ts":1715260598.3965387,"logger":"tls.renew","msg":"acquiring lock","identifier":"media.mydomain.tld"}

May 09 13:16:38 Caddy caddy[4223]: {"level":"info","ts":1715260598.4009676,"logger":"tls.renew","msg":"lock acquired","identifier":"media.mydomain.tld"}

May 09 13:16:38 Caddy caddy[4223]: {"level":"error","ts":1715260598.4012706,"logger":"tls.renew","msg":"will retry","error":"open /var/lib/caddy/.local/share/caddy/certificates/acme.zerossl.com-v2-dv90/media.mydomain.tld/media.mydomain.tld.key: no such file or directory","attempt":1,"retrying_in":60,"elapsed":0.00027668,"max_duration":2592000}

May 09 13:17:38 Caddy caddy[4223]: {"level":"error","ts":1715260658.402336,"logger":"tls.renew","msg":"will retry","error":"open /var/lib/caddy/.local/share/caddy/certificates/acme.zerossl.com-v2-dv90/media.mydomain.tld/media.mydomain.tld.key: no such file or directory","attempt":2,"retrying_in":120,"elapsed":60.001341324,"max_duration":2592000}

May 09 13:19:38 Caddy caddy[4223]: {"level":"error","ts":1715260778.402482,"logger":"tls.renew","msg":"will retry","error":"open /var/lib/caddy/.local/share/caddy/certificates/acme.zerossl.com-v2-dv90/media.mydomain.tld/media.mydomain.tld.key: no such file or directory","attempt":3,"retrying_in":120,"elapsed":180.001487314,"max_duration":2592000}

May 09 13:21:38 Caddy caddy[4223]: {"level":"error","ts":1715260898.4027643,"logger":"tls.renew","msg":"will retry","error":"open /var/lib/caddy/.local/share/caddy/certificates/acme.zerossl.com-v2-dv90/media.mydomain.tld/media.mydomain.tld.key: no such file or directory","attempt":4,"retrying_in":300,"elapsed":300.001769491,"max_duration":2592000}

May 09 13:26:38 Caddy caddy[4223]: {"level":"warn","ts":1715261198.3957415,"logger":"tls.cache.maintenance","msg":"error while checking if stored certificate is also expiring soon","identifiers":["media.mydomain.tld"],"error":"open /var/lib/caddy/.local/share/caddy/certificates/acme.zerossl.com-v2-dv90/media.mydomain.tld/media.mydomain.tld.key: no such file or directory"}

May 09 13:26:38 Caddy caddy[4223]: {"level":"warn","ts":1715261198.3957942,"logger":"tls.cache.maintenance","msg":"error while checking if stored certificate is also expiring soon","identifiers":["requests.mydomain.tld"],"error":"open /var/lib/caddy/.local/share/caddy/certificates/acme.zerossl.com-v2-dv90/requests.mydomain.tld/requests.mydomain.tld.key: no such file or directory"}

May 09 13:26:38 Caddy caddy[4223]: {"level":"info","ts":1715261198.3958018,"logger":"tls.cache.maintenance","msg":"certificate expires soon; queuing for renewal","identifiers":["media.mydomain.tld"],"remaining":13520.604198536}

May 09 13:26:38 Caddy caddy[4223]: {"level":"info","ts":1715261198.395807,"logger":"tls.cache.maintenance","msg":"certificate expires soon; queuing for renewal","identifiers":["requests.mydomain.tld"],"remaining":13807.60419311}

May 09 13:26:38 Caddy caddy[4223]: {"level":"info","ts":1715261198.3958192,"logger":"tls.cache.maintenance","msg":"attempting certificate renewal","identifiers":["requests.mydomain.tld"],"remaining":13807.60418098}

May 09 13:26:38 Caddy caddy[4223]: {"level":"info","ts":1715261198.3960412,"logger":"tls.renew","msg":"acquiring lock","identifier":"requests.mydomain.tld"}

May 09 13:26:38 Caddy caddy[4223]: {"level":"error","ts":1715261198.4029038,"logger":"tls.renew","msg":"will retry","error":"open /var/lib/caddy/.local/share/caddy/certificates/acme.zerossl.com-v2-dv90/media.mydomain.tld/media.mydomain.tld.key: no such file or directory","attempt":5,"retrying_in":600,"elapsed":600.001909702,"max_duration":2592000}

May 09 13:26:38 Caddy caddy[4223]: {"level":"info","ts":1715261198.404984,"logger":"tls.renew","msg":"lock acquired","identifier":"requests.mydomain.tld"}

May 09 13:26:38 Caddy caddy[4223]: {"level":"error","ts":1715261198.4050539,"logger":"tls.renew","msg":"will retry","error":"open /var/lib/caddy/.local/share/caddy/certificates/acme.zerossl.com-v2-dv90/requests.mydomain.tld/requests.mydomain.tld.key: no such file or directory","attempt":1,"retrying_in":60,"elapsed":0.000060752,"max_duration":2592000}

May 09 13:27:38 Caddy caddy[4223]: {"level":"error","ts":1715261258.4059937,"logger":"tls.renew","msg":"will retry","error":"open /var/lib/caddy/.local/share/caddy/certificates/acme.zerossl.com-v2-dv90/requests.mydomain.tld/requests.mydomain.tld.key: no such file or directory","attempt":2,"retrying_in":120,"elapsed":60.000999516,"max_duration":2592000}

May 09 13:29:38 Caddy caddy[4223]: {"level":"error","ts":1715261378.406407,"logger":"tls.renew","msg":"will retry","error":"open /var/lib/caddy/.local/share/caddy/certificates/acme.zerossl.com-v2-dv90/requests.mydomain.tld/requests.mydomain.tld.key: no such file or directory","attempt":3,"retrying_in":120,"elapsed":180.001413068,"max_duration":2592000}

May 09 13:31:38 Caddy caddy[4223]: {"level":"error","ts":1715261498.407473,"logger":"tls.renew","msg":"will retry","error":"open /var/lib/caddy/.local/share/caddy/certificates/acme.zerossl.com-v2-dv90/requests.mydomain.tld/requests.mydomain.tld.key: no such file or directory","attempt":4,"retrying_in":300,"elapsed":300.002479026,"max_duration":2592000}

May 09 13:36:38 Caddy caddy[4223]: {"level":"warn","ts":1715261798.3962865,"logger":"tls.cache.maintenance","msg":"error while checking if stored certificate is also expiring soon","identifiers":["media.mydomain.tld"],"error":"open /var/lib/caddy/.local/share/caddy/certificates/acme.zerossl.com-v2-dv90/media.mydomain.tld/media.mydomain.tld.key: no such file or directory"}

May 09 13:36:38 Caddy caddy[4223]: {"level":"warn","ts":1715261798.3963385,"logger":"tls.cache.maintenance","msg":"error while checking if stored certificate is also expiring soon","identifiers":["requests.mydomain.tld"],"error":"open /var/lib/caddy/.local/share/caddy/certificates/acme.zerossl.com-v2-dv90/requests.mydomain.tld/requests.mydomain.tld.key: no such file or directory"}

May 09 13:36:38 Caddy caddy[4223]: {"level":"info","ts":1715261798.3963454,"logger":"tls.cache.maintenance","msg":"certificate expires soon; queuing for renewal","identifiers":["media.mydomain.tld"],"remaining":12920.603654926}

May 09 13:36:38 Caddy caddy[4223]: {"level":"info","ts":1715261798.3963509,"logger":"tls.cache.maintenance","msg":"certificate expires soon; queuing for renewal","identifiers":["requests.mydomain.tld"],"remaining":13207.603649258}

May 09 13:36:38 Caddy caddy[4223]: {"level":"error","ts":1715261798.4034162,"logger":"tls.renew","msg":"will retry","error":"open /var/lib/caddy/.local/share/caddy/certificates/acme.zerossl.com-v2-dv90/media.mydomain.tld/media.mydomain.tld.key: no such file or directory","attempt":6,"retrying_in":600,"elapsed":1200.0024218,"max_duration":2592000}

May 09 13:36:38 Caddy caddy[4223]: {"level":"error","ts":1715261798.4086156,"logger":"tls.renew","msg":"will retry","error":"open /var/lib/caddy/.local/share/caddy/certificates/acme.zerossl.com-v2-dv90/requests.mydomain.tld/requests.mydomain.tld.key: no such file or directory","attempt":5,"retrying_in":600,"elapsed":600.003621707,"max_duration":2592000}

root@Caddy:~# journalctl -u caddy --no-pager | less +G

May 09 05:31:48 Caddy caddy[4223]: {"level":"info","ts":1715232708.1872504,"logger":"http.log","msg":"server running","name":"remaining_auto_https_redirects","protocols":["h1","h2","h3"]}

May 09 05:31:48 Caddy caddy[4223]: {"level":"info","ts":1715232708.1872547,"logger":"http","msg":"enabling automatic TLS certificate management","domains":["requests.mydomain.tld","media.mydomain.tld"]}

May 09 05:31:48 Caddy caddy[4223]: {"level":"info","ts":1715232708.187265,"logger":"http","msg":"servers shutting down with eternal grace period"}

May 09 05:31:48 Caddy caddy[4223]: {"level":"info","ts":1715232708.187405,"msg":"autosaved config (load with --resume flag)","file":"/var/lib/caddy/.config/caddy/autosave.json"}

May 09 05:31:48 Caddy caddy[4223]: {"level":"info","ts":1715232708.1874483,"logger":"admin.api","msg":"load complete"}

May 09 05:31:48 Caddy caddy[4223]: {"level":"info","ts":1715232708.1881146,"logger":"admin","msg":"stopped previous server","address":"localhost:2019"}

May 09 05:31:48 Caddy systemd[1]: Reloaded caddy.service - Caddy.

May 09 13:16:38 Caddy caddy[4223]: {"level":"warn","ts":1715260598.3962617,"logger":"tls.cache.maintenance","msg":"error while checking if stored certificate is also expiring soon","identifiers":["media.mydomain.tld"],"error":"open /var/lib/caddy/.local/share/caddy/certificates/acme.zerossl.com-v2-dv90/media.mydomain.tld/media.mydomain.tld.key: no such file or directory"}

May 09 13:16:38 Caddy caddy[4223]: {"level":"info","ts":1715260598.3963065,"logger":"tls.cache.maintenance","msg":"certificate expires soon; queuing for renewal","identifiers":["media.mydomain.tld"],"remaining":14120.603693964}

May 09 13:16:38 Caddy caddy[4223]: {"level":"info","ts":1715260598.3963218,"logger":"tls.cache.maintenance","msg":"attempting certificate renewal","identifiers":["media.mydomain.tld"],"remaining":14120.603678403}

May 09 13:16:38 Caddy caddy[4223]: {"level":"info","ts":1715260598.3965387,"logger":"tls.renew","msg":"acquiring lock","identifier":"media.mydomain.tld"}

May 09 13:16:38 Caddy caddy[4223]: {"level":"info","ts":1715260598.4009676,"logger":"tls.renew","msg":"lock acquired","identifier":"media.mydomain.tld"}

May 09 13:16:38 Caddy caddy[4223]: {"level":"error","ts":1715260598.4012706,"logger":"tls.renew","msg":"will retry","error":"open /var/lib/caddy/.local/share/caddy/certificates/acme.zerossl.com-v2-dv90/media.mydomain.tld/media.mydomain.tld.key: no such file or directory","attempt":1,"retrying_in":60,"elapsed":0.00027668,"max_duration":2592000}

May 09 13:17:38 Caddy caddy[4223]: {"level":"error","ts":1715260658.402336,"logger":"tls.renew","msg":"will retry","error":"open /var/lib/caddy/.local/share/caddy/certificates/acme.zerossl.com-v2-dv90/media.mydomain.tld/media.mydomain.tld.key: no such file or directory","attempt":2,"retrying_in":120,"elapsed":60.001341324,"max_duration":2592000}

May 09 13:19:38 Caddy caddy[4223]: {"level":"error","ts":1715260778.402482,"logger":"tls.renew","msg":"will retry","error":"open /var/lib/caddy/.local/share/caddy/certificates/acme.zerossl.com-v2-dv90/media.mydomain.tld/media.mydomain.tld.key: no such file or directory","attempt":3,"retrying_in":120,"elapsed":180.001487314,"max_duration":2592000}

May 09 13:21:38 Caddy caddy[4223]: {"level":"error","ts":1715260898.4027643,"logger":"tls.renew","msg":"will retry","error":"open /var/lib/caddy/.local/share/caddy/certificates/acme.zerossl.com-v2-dv90/media.mydomain.tld/media.mydomain.tld.key: no such file or directory","attempt":4,"retrying_in":300,"elapsed":300.001769491,"max_duration":2592000}

May 09 13:26:38 Caddy caddy[4223]: {"level":"warn","ts":1715261198.3957415,"logger":"tls.cache.maintenance","msg":"error while checking if stored certificate is also expiring soon","identifiers":["media.mydomain.tld"],"error":"open /var/lib/caddy/.local/share/caddy/certificates/acme.zerossl.com-v2-dv90/media.mydomain.tld/media.mydomain.tld.key: no such file or directory"}

May 09 13:26:38 Caddy caddy[4223]: {"level":"warn","ts":1715261198.3957942,"logger":"tls.cache.maintenance","msg":"error while checking if stored certificate is also expiring soon","identifiers":["requests.mydomain.tld"],"error":"open /var/lib/caddy/.local/share/caddy/certificates/acme.zerossl.com-v2-dv90/requests.mydomain.tld/requests.mydomain.tld.key: no such file or directory"}

May 09 13:26:38 Caddy caddy[4223]: {"level":"info","ts":1715261198.3958018,"logger":"tls.cache.maintenance","msg":"certificate expires soon; queuing for renewal","identifiers":["media.mydomain.tld"],"remaining":13520.604198536}

May 09 13:26:38 Caddy caddy[4223]: {"level":"info","ts":1715261198.395807,"logger":"tls.cache.maintenance","msg":"certificate expires soon; queuing for renewal","identifiers":["requests.mydomain.tld"],"remaining":13807.60419311}

May 09 13:26:38 Caddy caddy[4223]: {"level":"info","ts":1715261198.3958192,"logger":"tls.cache.maintenance","msg":"attempting certificate renewal","identifiers":["requests.mydomain.tld"],"remaining":13807.60418098}

May 09 13:26:38 Caddy caddy[4223]: {"level":"info","ts":1715261198.3960412,"logger":"tls.renew","msg":"acquiring lock","identifier":"requests.mydomain.tld"}

May 09 13:26:38 Caddy caddy[4223]: {"level":"error","ts":1715261198.4029038,"logger":"tls.renew","msg":"will retry","error":"open /var/lib/caddy/.local/share/caddy/certificates/acme.zerossl.com-v2-dv90/media.mydomain.tld/media.mydomain.tld.key: no such file or directory","attempt":5,"retrying_in":600,"elapsed":600.001909702,"max_duration":2592000}

May 09 13:26:38 Caddy caddy[4223]: {"level":"info","ts":1715261198.404984,"logger":"tls.renew","msg":"lock acquired","identifier":"requests.mydomain.tld"}

May 09 13:26:38 Caddy caddy[4223]: {"level":"error","ts":1715261198.4050539,"logger":"tls.renew","msg":"will retry","error":"open /var/lib/caddy/.local/share/caddy/certificates/acme.zerossl.com-v2-dv90/requests.mydomain.tld/requests.mydomain.tld.key: no such file or directory","attempt":1,"retrying_in":60,"elapsed":0.000060752,"max_duration":2592000}

May 09 13:27:38 Caddy caddy[4223]: {"level":"error","ts":1715261258.4059937,"logger":"tls.renew","msg":"will retry","error":"open /var/lib/caddy/.local/share/caddy/certificates/acme.zerossl.com-v2-dv90/requests.mydomain.tld/requests.mydomain.tld.key: no such file or directory","attempt":2,"retrying_in":120,"elapsed":60.000999516,"max_duration":2592000}

May 09 13:29:38 Caddy caddy[4223]: {"level":"error","ts":1715261378.406407,"logger":"tls.renew","msg":"will retry","error":"open /var/lib/caddy/.local/share/caddy/certificates/acme.zerossl.com-v2-dv90/requests.mydomain.tld/requests.mydomain.tld.key: no such file or directory","attempt":3,"retrying_in":120,"elapsed":180.001413068,"max_duration":2592000}

May 09 13:31:38 Caddy caddy[4223]: {"level":"error","ts":1715261498.407473,"logger":"tls.renew","msg":"will retry","error":"open /var/lib/caddy/.local/share/caddy/certificates/acme.zerossl.com-v2-dv90/requests.mydomain.tld/requests.mydomain.tld.key: no such file or directory","attempt":4,"retrying_in":300,"elapsed":300.002479026,"max_duration":2592000}

May 09 13:36:38 Caddy caddy[4223]: {"level":"warn","ts":1715261798.3962865,"logger":"tls.cache.maintenance","msg":"error while checking if stored certificate is also expiring soon","identifiers":["media.mydomain.tld"],"error":"open /var/lib/caddy/.local/share/caddy/certificates/acme.zerossl.com-v2-dv90/media.mydomain.tld/media.mydomain.tld.key: no such file or directory"}

May 09 13:36:38 Caddy caddy[4223]: {"level":"warn","ts":1715261798.3963385,"logger":"tls.cache.maintenance","msg":"error while checking if stored certificate is also expiring soon","identifiers":["requests.mydomain.tld"],"error":"open /var/lib/caddy/.local/share/caddy/certificates/acme.zerossl.com-v2-dv90/requests.mydomain.tld/requests.mydomain.tld.key: no such file or directory"}

May 09 13:36:38 Caddy caddy[4223]: {"level":"info","ts":1715261798.3963454,"logger":"tls.cache.maintenance","msg":"certificate expires soon; queuing for renewal","identifiers":["media.mydomain.tld"],"remaining":12920.603654926}

May 09 13:36:38 Caddy caddy[4223]: {"level":"info","ts":1715261798.3963509,"logger":"tls.cache.maintenance","msg":"certificate expires soon; queuing for renewal","identifiers":["requests.mydomain.tld"],"remaining":13207.603649258}

May 09 13:36:38 Caddy caddy[4223]: {"level":"error","ts":1715261798.4034162,"logger":"tls.renew","msg":"will retry","error":"open /var/lib/caddy/.local/share/caddy/certificates/acme.zerossl.com-v2-dv90/media.mydomain.tld/media.mydomain.tld.key: no such file or directory","attempt":6,"retrying_in":600,"elapsed":1200.0024218,"max_duration":2592000}

May 09 13:36:38 Caddy caddy[4223]: {"level":"error","ts":1715261798.4086156,"logger":"tls.renew","msg":"will retry","error":"open /var/lib/caddy/.local/share/caddy/certificates/acme.zerossl.com-v2-dv90/requests.mydomain.tld/requests.mydomain.tld.key: no such file or directory","attempt":5,"retrying_in":600,"elapsed":600.003621707,"max_duration":2592000}

Please fill out the help topic template. So we’re on the same page, we need to see your config, version, installation method, etc.

Thank you for your kind reply! I apologize I did not put the topic template. I have attached all of that below.

Help Request Template

  1. Description of Issue:
    SSL log errors for 1 website domain + not able to access 1 website

  2. Logs and Error Messages:
    May 10 13:45:10 Caddy caddy[3118]: runtime.GOARCH=amd64
    May 10 13:45:10 Caddy caddy[3118]: runtime.Compiler=gc
    May 10 13:45:10 Caddy caddy[3118]: runtime.NumCPU=2
    May 10 13:45:10 Caddy caddy[3118]: runtime.GOMAXPROCS=2
    May 10 13:45:10 Caddy caddy[3118]: runtime.Version=go1.21.4
    May 10 13:45:10 Caddy caddy[3118]: os.Getwd=/
    May 10 13:45:10 Caddy caddy[3118]: LANG=C
    May 10 13:45:10 Caddy caddy[3118]: PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
    May 10 13:45:10 Caddy caddy[3118]: NOTIFY_SOCKET=/run/systemd/notify
    May 10 13:45:10 Caddy caddy[3118]: HOME=/var/lib/caddy
    May 10 13:45:10 Caddy caddy[3118]: LOGNAME=caddy
    May 10 13:45:10 Caddy caddy[3118]: USER=caddy
    May 10 13:45:10 Caddy caddy[3118]: INVOCATION_ID=46fb5130fd314f29854a39a75808651f
    May 10 13:45:10 Caddy caddy[3118]: JOURNAL_STREAM=8:21691553
    May 10 13:45:10 Caddy caddy[3118]: SYSTEMD_EXEC_PID=3118
    May 10 13:45:10 Caddy caddy[3118]: {“level”:“info”,“ts”:1715348710.7614484,“msg”:“using provided configuration”,“config_file”:“/etc/caddy/Caddyfile”,“config_adapter”:“”}
    May 10 13:45:10 Caddy caddy[3118]: {“level”:“warn”,“ts”:1715348710.7630641,“msg”:“Caddyfile input is not formatted; run ‘caddy fmt --overwrite’ to fix inconsistencies”,“adapter”:“caddyfile”,“file”:“/etc/caddy/Caddyfile”,“line”:2}
    May 10 13:45:10 Caddy caddy[3118]: {“level”:“info”,“ts”:1715348710.764155,“logger”:“admin”,“msg”:“admin endpoint started”,“address”:“localhost:2019”,“enforce_origin”:false,“origins”:[“//localhost:2019”,“//[::1]:2019”,“//127.0.0.1:2019”]}
    May 10 13:45:10 Caddy caddy[3118]: {“level”:“info”,“ts”:1715348710.7642365,“logger”:“http.auto_https”,“msg”:“server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS”,“server_name”:“srv0”,“https_port”:443}
    May 10 13:45:10 Caddy caddy[3118]: {“level”:“info”,“ts”:1715348710.7642517,“logger”:“http.auto_https”,“msg”:“enabling automatic HTTP->HTTPS redirects”,“server_name”:“srv0”}
    May 10 13:45:10 Caddy caddy[3118]: {“level”:“info”,“ts”:1715348710.764399,“logger”:“tls.cache.maintenance”,“msg”:“started background certificate maintenance”,“cache”:“0xc000036180”}
    May 10 13:45:10 Caddy caddy[3118]: {“level”:“info”,“ts”:1715348710.7645628,“logger”:“http”,“msg”:“enabling HTTP/3 listener”,“addr”:“:443”}
    May 10 13:45:10 Caddy caddy[3118]: {“level”:“info”,“ts”:1715348710.7646205,“msg”:“failed to sufficiently increase receive buffer size (was: 208 kiB, wanted: 2048 kiB, got: 416 kiB). See UDP Buffer Sizes · quic-go/quic-go Wiki · GitHub for details.”}
    May 10 13:45:10 Caddy caddy[3118]: {“level”:“info”,“ts”:1715348710.7646961,“logger”:“http.log”,“msg”:“server running”,“name”:“srv0”,“protocols”:[“h1”,“h2”,“h3”]}
    May 10 13:45:10 Caddy caddy[3118]: {“level”:“info”,“ts”:1715348710.7647288,“logger”:“http.log”,“msg”:“server running”,“name”:“remaining_auto_https_redirects”,“protocols”:[“h1”,“h2”,“h3”]}
    May 10 13:45:10 Caddy caddy[3118]: {“level”:“info”,“ts”:1715348710.764733,“logger”:“http”,“msg”:“enabling automatic TLS certificate management”,“domains”:[“requests.ericstuff.net”,“media.ericstuff.net”]}
    May 10 13:45:10 Caddy caddy[3118]: {“level”:“info”,“ts”:1715348710.765241,“logger”:“tls.obtain”,“msg”:“acquiring lock”,“identifier”:“requests.ericstuff.net”}
    May 10 13:45:10 Caddy caddy[3118]: {“level”:“info”,“ts”:1715348710.7652912,“msg”:“autosaved config (load with --resume flag)”,“file”:“/var/lib/caddy/.config/caddy/autosave.json”}
    May 10 13:45:10 Caddy systemd[1]: Started caddy.service - Caddy.
    May 10 13:45:10 Caddy caddy[3118]: {“level”:“info”,“ts”:1715348710.7664092,“msg”:“serving initial configuration”}
    May 10 13:45:10 Caddy caddy[3118]: {“level”:“info”,“ts”:1715348710.767526,“logger”:“tls.obtain”,“msg”:“lock acquired”,“identifier”:“requests.ericstuff.net”}
    May 10 13:45:10 Caddy caddy[3118]: {“level”:“info”,“ts”:1715348710.767627,“logger”:“tls.obtain”,“msg”:“obtaining certificate”,“identifier”:“requests.ericstuff.net”}
    May 10 13:45:10 Caddy caddy[3118]: {“level”:“info”,“ts”:1715348710.768362,“logger”:“http”,“msg”:“waiting on internal rate limiter”,“identifiers”:[“requests.ericstuff.net”],“ca”:“https://acme-v02.api.letsencrypt.org/directory",“account”:"admin@ericstuff.net”}
    May 10 13:45:10 Caddy caddy[3118]: {“level”:“info”,“ts”:1715348710.7683713,“logger”:“http”,“msg”:“done waiting on internal rate limiter”,“identifiers”:[“requests.ericstuff.net”],“ca”:“https://acme-v02.api.letsencrypt.org/directory",“account”:"admin@ericstuff.net”}
    May 10 13:45:10 Caddy caddy[3118]: {“level”:“warn”,“ts”:1715348710.768584,“logger”:“tls”,“msg”:“storage cleaning happened too recently; skipping for now”,“storage”:“FileStorage:/var/lib/caddy/.local/share/caddy”,“instance”:“d24125d1-98c4-4889-84f8-8a02d67c789d”,“try_again”:1715435110.768583,“try_again_in”:86399.999999738}
    May 10 13:45:10 Caddy caddy[3118]: {“level”:“info”,“ts”:1715348710.7686467,“logger”:“tls”,“msg”:“finished cleaning storage units”}
    May 10 13:45:11 Caddy caddy[3118]: {“level”:“error”,“ts”:1715348711.0022697,“logger”:“tls.obtain”,“msg”:“could not get certificate from issuer”,“identifier”:“requests.ericstuff.net”,“issuer”:“acme-v02.api.letsencrypt.org-directory”,“error”:“HTTP 429 urn:ietf:params:acme:error:rateLimited - Error creating new order :: too many failed authorizations recently: see Failed Validation Limit - Let's Encrypt”}
    May 10 13:45:11 Caddy caddy[3118]: {“level”:“info”,“ts”:1715348711.0025234,“logger”:“http”,“msg”:“waiting on internal rate limiter”,“identifiers”:[“requests.ericstuff.net”],“ca”:“https://acme.zerossl.com/v2/DV90",“account”:"admin@ericstuff.net”}
    May 10 13:45:11 Caddy caddy[3118]: {“level”:“info”,“ts”:1715348711.0025449,“logger”:“http”,“msg”:“done waiting on internal rate limiter”,“identifiers”:[“requests.ericstuff.net”],“ca”:“https://acme.zerossl.com/v2/DV90",“account”:"admin@ericstuff.net”}
    May 10 13:45:11 Caddy caddy[3118]: {“level”:“info”,“ts”:1715348711.816721,“logger”:“http.acme_client”,“msg”:“trying to solve challenge”,“identifier”:“requests.ericstuff.net”,“challenge_type”:“http-01”,“ca”:“https://acme.zerossl.com/v2/DV90”}
    root@Caddy:/etc/caddy# journalctl -u caddy -n 50 --no-pager | less
    May 10 13:45:10 Caddy caddy[3084]: {“level”:“info”,“ts”:1715348710.7174668,“msg”:“shutdown complete”,“signal”:“SIGTERM”,“exit_code”:0}
    May 10 13:45:10 Caddy systemd[1]: caddy.service: Deactivated successfully.
    May 10 13:45:10 Caddy systemd[1]: Stopped caddy.service - Caddy.
    May 10 13:45:10 Caddy systemd[1]: Starting caddy.service - Caddy…
    May 10 13:45:10 Caddy caddy[3118]: caddy.HomeDir=/var/lib/caddy
    May 10 13:45:10 Caddy caddy[3118]: caddy.AppDataDir=/var/lib/caddy/.local/share/caddy
    May 10 13:45:10 Caddy caddy[3118]: caddy.AppConfigDir=/var/lib/caddy/.config/caddy
    May 10 13:45:10 Caddy caddy[3118]: caddy.ConfigAutosavePath=/var/lib/caddy/.config/caddy/autosave.json
    May 10 13:45:10 Caddy caddy[3118]: caddy.Version=v2.7.6 h1:w0NymbG2m9PcvKWsrXO6EEkY9Ru4FJK8uQbYcev1p3A=
    May 10 13:45:10 Caddy caddy[3118]: runtime.GOOS=linux
    May 10 13:45:10 Caddy caddy[3118]: runtime.GOARCH=amd64
    May 10 13:45:10 Caddy caddy[3118]: runtime.Compiler=gc
    May 10 13:45:10 Caddy caddy[3118]: runtime.NumCPU=2
    May 10 13:45:10 Caddy caddy[3118]: runtime.GOMAXPROCS=2
    May 10 13:45:10 Caddy caddy[3118]: runtime.Version=go1.21.4
    May 10 13:45:10 Caddy caddy[3118]: os.Getwd=/
    May 10 13:45:10 Caddy caddy[3118]: LANG=C
    May 10 13:45:10 Caddy caddy[3118]: PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
    May 10 13:45:10 Caddy caddy[3118]: NOTIFY_SOCKET=/run/systemd/notify
    May 10 13:45:10 Caddy caddy[3118]: HOME=/var/lib/caddy
    May 10 13:45:10 Caddy caddy[3118]: LOGNAME=caddy
    May 10 13:45:10 Caddy caddy[3118]: USER=caddy
    May 10 13:45:10 Caddy caddy[3118]: INVOCATION_ID=46fb5130fd314f29854a39a75808651f
    May 10 13:45:10 Caddy caddy[3118]: JOURNAL_STREAM=8:21691553
    May 10 13:45:10 Caddy caddy[3118]: SYSTEMD_EXEC_PID=3118
    May 10 13:45:10 Caddy caddy[3118]: {“level”:“info”,“ts”:1715348710.7614484,“msg”:“using provided configuration”,“config_file”:“/etc/caddy/Caddyfile”,“config_adapter”:“”}
    May 10 13:45:10 Caddy caddy[3118]: {“level”:“warn”,“ts”:1715348710.7630641,“msg”:“Caddyfile input is not formatted; run ‘caddy fmt --overwrite’ to fix inconsistencies”,“adapter”:“caddyfile”,“file”:“/etc/caddy/Caddyfile”,“line”:2}
    May 10 13:45:10 Caddy caddy[3118]: {“level”:“info”,“ts”:1715348710.764155,“logger”:“admin”,“msg”:“admin endpoint started”,“address”:“localhost:2019”,“enforce_origin”:false,“origins”:[“//localhost:2019”,“//[::1]:2019”,“//127.0.0.1:2019”]}
    May 10 13:45:10 Caddy caddy[3118]: {“level”:“info”,“ts”:1715348710.7642365,“logger”:“http.auto_https”,“msg”:“server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS”,“server_name”:“srv0”,“https_port”:443}
    May 10 13:45:10 Caddy caddy[3118]: {“level”:“info”,“ts”:1715348710.7642517,“logger”:“http.auto_https”,“msg”:“enabling automatic HTTP->HTTPS redirects”,“server_name”:“srv0”}
    May 10 13:45:10 Caddy caddy[3118]: {“level”:“info”,“ts”:1715348710.764399,“logger”:“tls.cache.maintenance”,“msg”:“started background certificate maintenance”,“cache”:“0xc000036180”}
    May 10 13:45:10 Caddy caddy[3118]: {“level”:“info”,“ts”:1715348710.7645628,“logger”:“http”,“msg”:“enabling HTTP/3 listener”,“addr”:“:443”}
    May 10 13:45:10 Caddy caddy[3118]: {“level”:“info”,“ts”:1715348710.7646205,“msg”:“failed to sufficiently increase receive buffer size (was: 208 kiB, wanted: 2048 kiB, got: 416 kiB). See UDP Buffer Sizes · quic-go/quic-go Wiki · GitHub for details.”}
    May 10 13:45:10 Caddy caddy[3118]: {“level”:“info”,“ts”:1715348710.7646961,“logger”:“http.log”,“msg”:“server running”,“name”:“srv0”,“protocols”:[“h1”,“h2”,“h3”]}
    May 10 13:45:10 Caddy caddy[3118]: {“level”:“info”,“ts”:1715348710.7647288,“logger”:“http.log”,“msg”:“server running”,“name”:“remaining_auto_https_redirects”,“protocols”:[“h1”,“h2”,“h3”]}
    May 10 13:45:10 Caddy caddy[3118]: {“level”:“info”,“ts”:1715348710.764733,“logger”:“http”,“msg”:“enabling automatic TLS certificate management”,“domains”:[“requests.ericstuff.net”,“media.ericstuff.net”]}
    May 10 13:45:10 Caddy caddy[3118]: {“level”:“info”,“ts”:1715348710.765241,“logger”:“tls.obtain”,“msg”:“acquiring lock”,“identifier”:“requests.ericstuff.net”}
    May 10 13:45:10 Caddy caddy[3118]: {“level”:“info”,“ts”:1715348710.7652912,“msg”:“autosaved config (load with --resume flag)”,“file”:“/var/lib/caddy/.config/caddy/autosave.json”}
    May 10 13:45:10 Caddy systemd[1]: Started caddy.service - Caddy.
    May 10 13:45:10 Caddy caddy[3118]: {“level”:“info”,“ts”:1715348710.7664092,“msg”:“serving initial configuration”}
    May 10 13:45:10 Caddy caddy[3118]: {“level”:“info”,“ts”:1715348710.767526,“logger”:“tls.obtain”,“msg”:“lock acquired”,“identifier”:“requests.ericstuff.net”}
    May 10 13:45:10 Caddy caddy[3118]: {“level”:“info”,“ts”:1715348710.767627,“logger”:“tls.obtain”,“msg”:“obtaining certificate”,“identifier”:“requests.ericstuff.net”}
    May 10 13:45:10 Caddy caddy[3118]: {“level”:“info”,“ts”:1715348710.768362,“logger”:“http”,“msg”:“waiting on internal rate limiter”,“identifiers”:[“requests.ericstuff.net”],“ca”:“https://acme-v02.api.letsencrypt.org/directory",“account”:"admin@ericstuff.net”}
    May 10 13:45:10 Caddy caddy[3118]: {“level”:“info”,“ts”:1715348710.7683713,“logger”:“http”,“msg”:“done waiting on internal rate limiter”,“identifiers”:[“requests.ericstuff.net”],“ca”:“https://acme-v02.api.letsencrypt.org/directory",“account”:"admin@ericstuff.net”}
    May 10 13:45:10 Caddy caddy[3118]: {“level”:“warn”,“ts”:1715348710.768584,“logger”:“tls”,“msg”:“storage cleaning happened too recently; skipping for now”,“storage”:“FileStorage:/var/lib/caddy/.local/share/caddy”,“instance”:“d2412
    5d1-98c4-4889-84f8-8a02d67c789d”,“try_again”:1715435110.768583,“try_again_in”:86399.999999738}
    May 10 13:45:10 Caddy caddy[3118]: {“level”:“info”,“ts”:1715348710.7686467,“logger”:“tls”,“msg”:“finished cleaning storage units”}
    May 10 13:45:11 Caddy caddy[3118]: {“level”:“error”,“ts”:1715348711.0022697,“logger”:“tls.obtain”,“msg”:“could not get certificate from issuer”,“identifier”:“requests.ericstuff.net”,“issuer”:“acme-v02.api.letsencrypt.org-director
    y”,“error”:“HTTP 429 urn:ietf:params:acme:error:rateLimited - Error creating new order :: too many failed authorizations recently: see Failed Validation Limit - Let's Encrypt”}
    May 10 13:45:11 Caddy caddy[3118]: {“level”:“info”,“ts”:1715348711.0025234,“logger”:“http”,“msg”:“waiting on internal rate limiter”,“identifiers”:[“requests.ericstuff.net”],“ca”:“https://acme.zerossl.com/v2/DV90",“account”:"admin
    @ericstuff.net”}
    May 10 13:45:11 Caddy caddy[3118]: {“level”:“info”,“ts”:1715348711.0025449,“logger”:“http”,“msg”:“done waiting on internal rate limiter”,“identifiers”:[“requests.ericstuff.net”],“ca”:“https://acme.zerossl.com/v2/DV90",“account”:"
    admin@ericstuff.net”}
    May 10 13:45:11 Caddy caddy[3118]: {“level”:“info”,“ts”:1715348711.816721,“logger”:“http.acme_client”,“msg”:“trying to solve challenge”,“identifier”:“requests.ericstuff.net”,“challenge_type”:“http-01”,“ca”:“https://acme.zerossl.c
    om/v2/DV90”}

  3. Configuration Details:

    • Software/Tool Name: Caddy
    • Version: v2.7.6 h1:w0NymbG2m9PcvKWsrXO6EEkY9Ru4FJK8uQbYcev1p3A=
    • Operating System: Debian 12
    • Installation Method: Debian 12 install method
    • Relevant Configuration Files:

media.ericstuff.net {
# Set up encoding
encode gzip

# Add security headers
header {
    Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
    X-Content-Type-Options "nosniff"
    X-Frame-Options "DENY"
    X-XSS-Protection "1; mode=block"
    Referrer-Policy "no-referrer-when-downgrade"
}

# Reverse proxy to the Jellyfin server
reverse_proxy 192.168.10.30:8096

}

requests.ericstuff.net {
# Set up encoding
encode gzip

# Add security headers
header {
    Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
    X-Content-Type-Options "nosniff"
    X-Frame-Options "DENY"
    X-XSS-Protection "1; mode=block"
    Referrer-Policy "no-referrer-when-downgrade"
}

# Reverse proxy to the Jellyfin server
reverse_proxy 192.168.10.31:5055

}

I apologize if this is not the correct template. I was not able to find a specific one.

Part of the issue I am having is this:

When I have both website domains in like this - I can access Jellyfin just fine. I can NOT access the requests page though. I get an SSL error.
The funny part is when I take out the media.ericstuff.net part and just have the requests.ericstuff.net, but change the url to the “media” to see if it’s a configuration issue, it loads right up. So there’s something wrong with my domain it seems? However everything on Cloudflare is the exact same

The help topic template is given when you click New Topic (from the homepage of the forums).

Please use code blocks when posting config & logs, i.e. triple backticks ``` on their own lines before and after the content, or use the </> button to insert a code block.

Unfortunately, you’ve been rate limited.

You’ll have to dig higher in your logs to find the actual cause of the error before you started getting rate limited.

1 Like

Thank you for your kind help and guidance.

With the Rate limiting - Instead of using letsencrypt can I use my Cloudflare account with my domain name already to avoid the Rate limit?

With regards to rate limiting - I tried setting up a few different subdomains. Jelly.xxx.com, requesting.xxx.com etc and they have the same issue, media.ericstuff is totally fine though

No, you’d still be using Let’s Encrypt (and/or ZeroSSL, if you configure an email, as of v2.8.0) for issuing certs, using the ACME DNS challenge only allows Caddy to write DNS records that the ACME issuers will check to verify the certificates.

Please read back in your logs to find the actual cause of the problem, before being rate limited. That’s what we need to know.

1 Like

I did journalctl -u caddy -n 50 --no-pager | less

and this was the output

May 10 17:21:49 Caddy caddy[3380]: caddy.HomeDir=/var/lib/caddy
May 10 17:21:49 Caddy caddy[3380]: caddy.AppDataDir=/var/lib/caddy/.local/share/caddy
May 10 17:21:49 Caddy caddy[3380]: caddy.AppConfigDir=/var/lib/caddy/.config/caddy
May 10 17:21:49 Caddy caddy[3380]: caddy.ConfigAutosavePath=/var/lib/caddy/.config/caddy/autosave.json
May 10 17:21:49 Caddy caddy[3380]: caddy.Version=v2.7.6 h1:w0NymbG2m9PcvKWsrXO6EEkY9Ru4FJK8uQbYcev1p3A=
May 10 17:21:49 Caddy caddy[3380]: runtime.GOOS=linux
May 10 17:21:49 Caddy caddy[3380]: runtime.GOARCH=amd64
May 10 17:21:49 Caddy caddy[3380]: runtime.Compiler=gc
May 10 17:21:49 Caddy caddy[3380]: runtime.NumCPU=2
May 10 17:21:49 Caddy caddy[3380]: runtime.GOMAXPROCS=2
May 10 17:21:49 Caddy caddy[3380]: runtime.Version=go1.21.4
May 10 17:21:49 Caddy caddy[3380]: os.Getwd=/
May 10 17:21:49 Caddy caddy[3380]: LANG=C
May 10 17:21:49 Caddy caddy[3380]: PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
May 10 17:21:49 Caddy caddy[3380]: NOTIFY_SOCKET=/run/systemd/notify
May 10 17:21:49 Caddy caddy[3380]: HOME=/var/lib/caddy
May 10 17:21:49 Caddy caddy[3380]: LOGNAME=caddy
May 10 17:21:49 Caddy caddy[3380]: USER=caddy
May 10 17:21:49 Caddy caddy[3380]: INVOCATION_ID=c48fbb93278241b98e48b5c32035728f
May 10 17:21:49 Caddy caddy[3380]: JOURNAL_STREAM=8:21968022
May 10 17:21:49 Caddy caddy[3380]: SYSTEMD_EXEC_PID=3380
May 10 17:21:49 Caddy caddy[3380]: {"level":"info","ts":1715361709.26144,"msg":"using provided configuration","config_file":"/etc/caddy/Caddyfile","config_adapter":""}
May 10 17:21:49 Caddy caddy[3380]: {"level":"warn","ts":1715361709.2633944,"msg":"Caddyfile input is not formatted; run 'caddy fmt --overwrite' to fix inconsistencies","adapter":"caddyfile","file":"/etc/caddy/Caddyfile","line":19}
May 10 17:21:49 Caddy caddy[3380]: {"level":"info","ts":1715361709.2654505,"logger":"admin","msg":"admin endpoint started","address":"localhost:2019","enforce_origin":false,"origins":["//localhost:2019","//[::1]:2019","//127.0.0.1:2019"]}
May 10 17:21:49 Caddy caddy[3380]: {"level":"info","ts":1715361709.265543,"logger":"http.auto_https","msg":"server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS","server_name":"srv0","https_port":443}
May 10 17:21:49 Caddy caddy[3380]: {"level":"info","ts":1715361709.265554,"logger":"http.auto_https","msg":"enabling automatic HTTP->HTTPS redirects","server_na
me":"srv0"}
May 10 17:21:49 Caddy caddy[3380]: {"level":"info","ts":1715361709.2658694,"logger":"http","msg":"enabling HTTP/3 listener","addr":":443"}
May 10 17:21:49 Caddy caddy[3380]: {"level":"info","ts":1715361709.265927,"msg":"failed to sufficiently increase receive buffer size (was: 208 kiB, wanted: 2048
 kiB, got: 416 kiB). See https://github.com/quic-go/quic-go/wiki/UDP-Buffer-Sizes for details."}
May 10 17:21:49 Caddy caddy[3380]: {"level":"info","ts":1715361709.2660465,"logger":"http.log","msg":"server running","name":"srv0","protocols":["h1","h2","h3"]
}
May 10 17:21:49 Caddy caddy[3380]: {"level":"info","ts":1715361709.2660825,"logger":"http.log","msg":"server running","name":"remaining_auto_https_redirects","p
rotocols":["h1","h2","h3"]}
May 10 17:21:49 Caddy caddy[3380]: {"level":"info","ts":1715361709.2660882,"logger":"http","msg":"enabling automatic TLS certificate management","domains":["med
ia.ericstuff.net","requests.ericstuff.net"]}
May 10 17:21:49 Caddy caddy[3380]: {"level":"info","ts":1715361709.2666435,"msg":"autosaved config (load with --resume flag)","file":"/var/lib/caddy/.config/cad
dy/autosave.json"}
May 10 17:21:49 Caddy caddy[3380]: {"level":"info","ts":1715361709.2667015,"msg":"serving initial configuration"}
May 10 17:21:49 Caddy caddy[3380]: {"level":"info","ts":1715361709.2669845,"logger":"tls.obtain","msg":"acquiring lock","identifier":"requests.ericstuff.net"}
May 10 17:21:49 Caddy caddy[3380]: {"level":"info","ts":1715361709.2673535,"logger":"tls.cache.maintenance","msg":"started background certificate maintenance","
cache":"0xc000622500"}
May 10 17:21:49 Caddy systemd[1]: Started caddy.service - Caddy.
May 10 17:21:49 Caddy caddy[3380]: {"level":"info","ts":1715361709.2689738,"logger":"tls.obtain","msg":"lock acquired","identifier":"requests.ericstuff.net"}
May 10 17:21:49 Caddy caddy[3380]: {"level":"info","ts":1715361709.2690892,"logger":"tls.obtain","msg":"obtaining certificate","identifier":"requests.ericstuff.
net"}
May 10 17:21:49 Caddy caddy[3380]: {"level":"warn","ts":1715361709.2695472,"logger":"tls","msg":"storage cleaning happened too recently; skipping for now","stor
age":"FileStorage:/var/lib/caddy/.local/share/caddy","instance":"d24125d1-98c4-4889-84f8-8a02d67c789d","try_again":1715448109.269546,"try_again_in":86399.999999
713}
May 10 17:21:49 Caddy caddy[3380]: {"level":"info","ts":1715361709.2696087,"logger":"tls","msg":"finished cleaning storage units"}
May 10 17:21:49 Caddy caddy[3380]: {"level":"info","ts":1715361709.2698698,"logger":"http","msg":"waiting on internal rate limiter","identifiers":["requests.eri
cstuff.net"],"ca":"https://acme-v02.api.letsencrypt.org/directory","account":"admin@ericstuff.net"}
May 10 17:21:49 Caddy caddy[3380]: {"level":"info","ts":1715361709.2698803,"logger":"http","msg":"done waiting on internal rate limiter","identifiers":["request
s.ericstuff.net"],"ca":"https://acme-v02.api.letsencrypt.org/directory","account":"admin@ericstuff.net"}
May 10 17:21:49 Caddy caddy[3380]: {"level":"info","ts":1715361709.6150553,"logger":"http.acme_client","msg":"trying to solve challenge","identifier":"requests.
ericstuff.net","challenge_type":"tls-alpn-01","ca":"https://acme-v02.api.letsencrypt.org/directory"}
May 10 17:21:49 Caddy caddy[3380]: {"level":"error","ts":1715361709.9641778,"logger":"http.acme_client","msg":"challenge failed","identifier":"requests.ericstuf
f.net","challenge_type":"tls-alpn-01","problem":{"type":"urn:ietf:params:acme:error:unauthorized","title":"","detail":"Cannot negotiate ALPN protocol \"acme-tls
/1\" for tls-alpn-01 challenge","instance":"","subproblems":[]}}
May 10 17:21:49 Caddy caddy[3380]: {"level":"error","ts":1715361709.9642088,"logger":"http.acme_client","msg":"validating authorization","identifier":"requests.
ericstuff.net","problem":{"type":"urn:ietf:params:acme:error:unauthorized","title":"","detail":"Cannot negotiate ALPN protocol \"acme-tls/1\" for tls-alpn-01 ch
allenge","instance":"","subproblems":[]},"order":"https://acme-v02.api.letsencrypt.org/acme/order/1719194327/268254976887","attempt":1,"max_attempts":3}
May 10 17:21:51 Caddy caddy[3380]: {"level":"error","ts":1715361711.0276244,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"re
quests.ericstuff.net","issuer":"acme-v02.api.letsencrypt.org-directory","error":"HTTP 429 urn:ietf:params:acme:error:rateLimited - Error creating new order :: t
oo many failed authorizations recently: see https://letsencrypt.org/docs/failed-validation-limit/"}
May 10 17:21:51 Caddy caddy[3380]: {"level":"info","ts":1715361711.02786,"logger":"http","msg":"waiting on internal rate limiter","identifiers":["requests.erics
tuff.net"],"ca":"https://acme.zerossl.com/v2/DV90","account":"admin@ericstuff.net"}
May 10 17:21:51 Caddy caddy[3380]: {"level":"info","ts":1715361711.0278718,"logger":"http","msg":"done waiting on internal rate limiter","identifiers":["request
s.ericstuff.net"],"ca":"https://acme.zerossl.com/v2/DV90","account":"admin@ericstuff.net"}
May 10 17:21:51 Caddy caddy[3380]: {"level":"info","ts":1715361711.6234467,"logger":"http.acme_client","msg":"trying to solve challenge","identifier":"requests.
ericstuff.net","challenge_type":"http-01","ca":"https://acme.zerossl.com/v2/DV90"}```

This tells me that you probably have some other proxy of somekind in front of Caddy, causing TLS connections to not reach Caddy directly.

My understanding is Cloudflare tunnels should just be a TCP pipe with no proxying. That should let connections through right to Caddy.

My setup is this

Proxmox Running LXCs

1 LXC I’d dedicated specifically to Caddy

I HAD cloudflare tunnels setup on another LXC before swapping to Caddy. That LXC is no longer active. Everything to do with cloudflare tunnels has been disabled or removed so tunnels is no more.

On Caddy, I can reach media.ericstuff.net
On Caddy I can not reach requests.ericstuff.net

Both entries are in the caddyfile. I have caddy DNS/SSL stuff set up as Full without the strict part

If you have Cloudflare’s proxying enabled, then TLS connections are hitting Cloudflare first, not hitting Caddy, so Caddy isn’t able to automate TLS issuance using the ACME HTTP or ACME TLS-ALPN challenges.

Either turn off proxying (so connections hit Caddy directly) or set up the ACME DNS challenge (requires building Caddy with the Cloudflare DNS plugin).

1 Like

Ope! This is where I started struggling. I did manage to redo caddy and have the cloudflare plugins already downloaded and built!

Follow up question: Why would 1 domain work yet not the other if they both are using lets encrypt?

If you had a valid cert from before you made these changes, they’d still be valid and not expired. But any new issuance or renewals would fail.

Thank you again for all this insight and information.

While I appreciate y’all spending this time to help inform me, I also do not want to just be fed everything to fix this as I do want to try and learn this stuff.

Is there some resources y’all have that may be of use to help get this slowly fixed, in a manner an idiot can follow along?

Then all you need to do is configure Caddy to use the DNS plugin, and give it your Cloudflare API key.

Do I have to do that for each and every domain in the Caddyfile or can I do it one time at the top as a sort of “global”

You can use the acme_dns global option, or use snippets to copy common config into each site.

Like this?

{
        acme_dns cloudflare {MY Cloudflare Global API}
}


media.ericstuff.net {
        # Set up encoding
        encode gzip

        # Add security headers
        header {
                Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
                X-Content-Type-Options "nosniff"
                X-Frame-Options "DENY"
                X-XSS-Protection "1; mode=block"
                Referrer-Policy "no-referrer-when-downgrade"
        }

        # Reverse proxy to the Jellyfin server
        reverse_proxy 192.168.10.30:8096
}

requests.ericstuff.net {

continues

Sure, try it!

Thank you for your positivity! I have applied the changes however seems the logs still present a 400 error

May 11 15:20:11 Caddy caddy[3955]: caddy.AppDataDir=/var/lib/caddy/.local/share/caddy
May 11 15:20:11 Caddy caddy[3955]: caddy.AppConfigDir=/var/lib/caddy/.config/caddy
May 11 15:20:11 Caddy caddy[3955]: caddy.ConfigAutosavePath=/var/lib/caddy/.config/caddy/autosave.json
May 11 15:20:11 Caddy caddy[3955]: caddy.Version=v2.7.6 h1:w0NymbG2m9PcvKWsrXO6EEkY9Ru4FJK8uQbYcev1p3A=
May 11 15:20:11 Caddy caddy[3955]: runtime.GOOS=linux
May 11 15:20:11 Caddy caddy[3955]: runtime.GOARCH=amd64
May 11 15:20:11 Caddy caddy[3955]: runtime.Compiler=gc
May 11 15:20:11 Caddy caddy[3955]: runtime.NumCPU=2
May 11 15:20:11 Caddy caddy[3955]: runtime.GOMAXPROCS=2
May 11 15:20:11 Caddy caddy[3955]: runtime.Version=go1.21.4
May 11 15:20:11 Caddy caddy[3955]: os.Getwd=/
May 11 15:20:11 Caddy caddy[3955]: LANG=C
May 11 15:20:11 Caddy caddy[3955]: PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
May 11 15:20:11 Caddy caddy[3955]: NOTIFY_SOCKET=/run/systemd/notify
May 11 15:20:11 Caddy caddy[3955]: HOME=/var/lib/caddy
May 11 15:20:11 Caddy caddy[3955]: LOGNAME=caddy
May 11 15:20:11 Caddy caddy[3955]: USER=caddy
May 11 15:20:11 Caddy caddy[3955]: INVOCATION_ID=76064a7e8c484397b7bee2b2bc35802e
May 11 15:20:11 Caddy caddy[3955]: JOURNAL_STREAM=8:23361193
May 11 15:20:11 Caddy caddy[3955]: SYSTEMD_EXEC_PID=3955
May 11 15:20:11 Caddy caddy[3955]: {"level":"info","ts":1715440811.369116,"msg":"using provided configuration","config_file":"/etc/caddy/Caddyfile","config_adapter":""}
May 11 15:20:11 Caddy caddy[3955]: {"level":"warn","ts":1715440811.3708096,"msg":"Caddyfile input is not formatted; run 'caddy fmt --overwrite' to fix inconsistencies","adapter":"caddyfile","file":"/etc/caddy/Caddyfile","line":19}
May 11 15:20:11 Caddy caddy[3955]: {"level":"info","ts":1715440811.3715575,"logger":"admin","msg":"admin endpoint started","address":"localhost:2019","enforce_origin":false,"origins":["//localhost:2019","//[::1]:2019","//127.0.0.1:2019"]}
May 11 15:20:11 Caddy caddy[3955]: {"level":"info","ts":1715440811.3717244,"logger":"http.auto_https","msg":"server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS","server_name":"srv0","https_port":443}
May 11 15:20:11 Caddy caddy[3955]: {"level":"info","ts":1715440811.371735,"logger":"http.auto_https","msg":"enabling automatic HTTP->HTTPS redirects","server_name":"srv0"}
May 11 15:20:11 Caddy caddy[3955]: {"level":"info","ts":1715440811.3718305,"logger":"tls.cache.maintenance","msg":"started background certificate maintenance","
cache":"0xc0002dbe00"}
May 11 15:20:11 Caddy caddy[3955]: {"level":"info","ts":1715440811.372034,"logger":"http","msg":"enabling HTTP/3 listener","addr":":443"}
May 11 15:20:11 Caddy caddy[3955]: {"level":"info","ts":1715440811.372131,"msg":"failed to sufficiently increase receive buffer size (was: 208 kiB, wanted: 2048
 kiB, got: 416 kiB). See https://github.com/quic-go/quic-go/wiki/UDP-Buffer-Sizes for details."}
May 11 15:20:11 Caddy caddy[3955]: {"level":"info","ts":1715440811.3722615,"logger":"http.log","msg":"server running","name":"srv0","protocols":["h1","h2","h3"]
}
May 11 15:20:11 Caddy caddy[3955]: {"level":"info","ts":1715440811.3722944,"logger":"http.log","msg":"server running","name":"remaining_auto_https_redirects","p
rotocols":["h1","h2","h3"]}
May 11 15:20:11 Caddy caddy[3955]: {"level":"info","ts":1715440811.372299,"logger":"http","msg":"enabling automatic TLS certificate management","domains":["requ
ests.ericstuff.net","media.ericstuff.net"]}
May 11 15:20:11 Caddy caddy[3955]: {"level":"info","ts":1715440811.372671,"logger":"tls.obtain","msg":"acquiring lock","identifier":"requests.ericstuff.net"}
May 11 15:20:11 Caddy caddy[3955]: {"level":"info","ts":1715440811.3728218,"msg":"autosaved config (load with --resume flag)","file":"/var/lib/caddy/.config/cad
dy/autosave.json"}
May 11 15:20:11 Caddy systemd[1]: Started caddy.service - Caddy.
May 11 15:20:11 Caddy caddy[3955]: {"level":"info","ts":1715440811.3732514,"msg":"serving initial configuration"}
May 11 15:20:11 Caddy caddy[3955]: {"level":"info","ts":1715440811.3818743,"logger":"tls.obtain","msg":"lock acquired","identifier":"requests.ericstuff.net"}
May 11 15:20:11 Caddy caddy[3955]: {"level":"info","ts":1715440811.3819776,"logger":"tls.obtain","msg":"obtaining certificate","identifier":"requests.ericstuff.
net"}
May 11 15:20:11 Caddy caddy[3955]: {"level":"warn","ts":1715440811.382187,"logger":"tls","msg":"storage cleaning happened too recently; skipping for now","stora
ge":"FileStorage:/var/lib/caddy/.local/share/caddy","instance":"d24125d1-98c4-4889-84f8-8a02d67c789d","try_again":1715527211.3821862,"try_again_in":86399.999999
736}
May 11 15:20:11 Caddy caddy[3955]: {"level":"info","ts":1715440811.382247,"logger":"tls","msg":"finished cleaning storage units"}
May 11 15:20:11 Caddy caddy[3955]: {"level":"info","ts":1715440811.3827124,"logger":"tls.issuance.acme","msg":"waiting on internal rate limiter","identifiers":[
"requests.ericstuff.net"],"ca":"https://acme-v02.api.letsencrypt.org/directory","account":"admin@ericstuff.net"}
May 11 15:20:11 Caddy caddy[3955]: {"level":"info","ts":1715440811.382726,"logger":"tls.issuance.acme","msg":"done waiting on internal rate limiter","identifier
s":["requests.ericstuff.net"],"ca":"https://acme-v02.api.letsencrypt.org/directory","account":"admin@ericstuff.net"}
May 11 15:20:11 Caddy caddy[3955]: {"level":"info","ts":1715440811.8505166,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifie
r":"requests.ericstuff.net","challenge_type":"dns-01","ca":"https://acme-v02.api.letsencrypt.org/directory"}
May 11 15:20:11 Caddy caddy[3955]: {"level":"error","ts":1715440811.9909737,"logger":"tls.issuance.acme.acme_client","msg":"cleaning up solver","identifier":"re
quests.ericstuff.net","challenge_type":"dns-01","error":"no memory of presenting a DNS record for \"_acme-challenge.requests.ericstuff.net\" (usually OK if pres
enting also failed)"}
May 11 15:20:12 Caddy caddy[3955]: {"level":"error","ts":1715440812.0874763,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"re
quests.ericstuff.net","issuer":"acme-v02.api.letsencrypt.org-directory","error":"[requests.ericstuff.net] solving challenges: presenting for challenge: adding t
emporary record for zone \"ericstuff.net.\": got error status: HTTP 400: [{Code:6003 Message:Invalid request headers ErrorChain:[{Code:6111 Message:Invalid form
at for Authorization header}]}] (order=https://acme-v02.api.letsencrypt.org/acme/order/1719194327/268508209347) (ca=https://acme-v02.api.letsencrypt.org/directo
ry)"}
May 11 15:20:12 Caddy caddy[3955]: {"level":"info","ts":1715440812.0877445,"logger":"tls.issuance.zerossl","msg":"waiting on internal rate limiter","identifiers
":["requests.ericstuff.net"],"ca":"https://acme.zerossl.com/v2/DV90","account":"admin@ericstuff.net"}
May 11 15:20:12 Caddy caddy[3955]: {"level":"info","ts":1715440812.0877576,"logger":"tls.issuance.zerossl","msg":"done waiting on internal rate limiter","identi
fiers":["requests.ericstuff.net"],"ca":"https://acme.zerossl.com/v2/DV90","account":"admin@ericstuff.net"}
May 11 15:20:12 Caddy caddy[3955]: {"level":"info","ts":1715440812.9934878,"logger":"tls.issuance.zerossl.acme_client","msg":"trying to solve challenge","identi
fier":"requests.ericstuff.net","challenge_type":"dns-01","ca":"https://acme.zerossl.com/v2/DV90"}
May 11 15:20:13 Caddy caddy[3955]: {"level":"error","ts":1715440813.1309972,"logger":"tls.issuance.zerossl.acme_client","msg":"cleaning up solver","identifier":
"requests.ericstuff.net","challenge_type":"dns-01","error":"no memory of presenting a DNS record for \"_acme-challenge.requests.ericstuff.net\" (usually OK if p
resenting also failed)"}
May 11 15:20:13 Caddy caddy[3955]: {"level":"error","ts":1715440813.4782462,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"re
quests.ericstuff.net","issuer":"acme.zerossl.com-v2-DV90","error":"[requests.ericstuff.net] solving challenges: presenting for challenge: adding temporary recor
d for zone \"ericstuff.net.\": got error status: HTTP 400: [{Code:6003 Message:Invalid request headers ErrorChain:[{Code:6111 Message:Invalid format for Authori
zation header}]}] (order=https://acme.zerossl.com/v2/DV90/order/XMhh46kxq6ec-n0CX3NsWg) (ca=https://acme.zerossl.com/v2/DV90)"}
May 11 15:20:13 Caddy caddy[3955]: {"level":"error","ts":1715440813.478284,"logger":"tls.obtain","msg":"will retry","error":"[requests.ericstuff.net] Obtain: [r
equests.ericstuff.net] solving challenges: presenting for challenge: adding temporary record for zone \"ericstuff.net.\": got error status: HTTP 400: [{Code:600
3 Message:Invalid request headers ErrorChain:[{Code:6111 Message:Invalid format for Authorization header}]}] (order=https://acme.zerossl.com/v2/DV90/order/XMhh4
6kxq6ec-n0CX3NsWg) (ca=https://acme.zerossl.com/v2/DV90)","attempt":1,"retrying_in":60,"elapsed":2.096398821,"max_duration":2592000}

This is saying that your Cloudflare API key is invalid.