1. Caddy version (caddy version
):
v2.4.5
2. How I run Caddy:
Caddy running in Kubernetes Cluster as a deployment.
a. System environment:
Docker (Kubernetes)
c. Service/unit/compose file:
I run the
apiVersion: apps/v1
kind: Deployment
metadata:
annotations:
deployment.kubernetes.io/revision: "1"
labels:
deployment: caddy
name: caddy-deployment
namespace: default
spec:
progressDeadlineSeconds: 600
replicas: 1
revisionHistoryLimit: 10
selector:
matchLabels:
deployment: caddy
strategy:
rollingUpdate:
maxSurge: 25%
maxUnavailable: 25%
type: RollingUpdate
template:
metadata:
creationTimestamp: null
labels:
deployment: caddy
namespace: default
spec:
automountServiceAccountToken: false
containers:
- image: eu.gcr.io/my_registry/caddy:d6da163533500b50901ed41f794eae520253f044
imagePullPolicy: IfNotPresent
name: caddy
resources:
limits:
cpu: 500m
memory: 512Mi
requests:
cpu: 100m
memory: 50Mi
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
dnsPolicy: ClusterFirst
restartPolicy: Always
schedulerName: default-scheduler
securityContext: {}
terminationGracePeriodSeconds: 30
d. My complete Caddyfile or JSON config:
*.myweb1.com, myweb2.com {
reverse_proxy frontend-service:3000
}
3. The problem I’m having:
The problem occurs in the wildcard certificate generation. As you can see in my caddy file I have two webs defined. The second one it is working perfectly and the certificate was generated okay, but the wildcard one, it is failing in the certificate generation. I’m using LetsEncrypt certificates.
4. Error messages and/or full log output:
{"level":"warn","ts":1654072342.0371742,"logger":"tls.issuance.zerossl","msg":"missing email address for ZeroSSL; it is strongly recommended to set one for next time"}
{"level":"info","ts":1654072342.907673,"logger":"tls.issuance.zerossl","msg":"generated EAB credentials","key_id":"BztbeM1m8stBvfC1yJ-8nQ"}
{"level":"warn","ts":1654072376.3145614,"logger":"tls.issuance.acme.acme_client","msg":"HTTP request failed; retrying","url":"https://acme.zerossl.com/v2/DV90/newOrder","error":"performing request: Post \"https://acme.zerossl.com/v2/DV90/newOrder\": http2: timeout awaiting response headers"}
{"level":"error","ts":1654072411.9290082,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"*.myweb1.com","issuer":"acme.zerossl.com-v2-DV90","error":"[*.myweb1.com] solving challenges: *.myweb1.com: no solvers available for remaining challenges (configured=[http-01 tls-alpn-01] offered=[dns-01] remaining=[dns-01]) (order=https://acme.zerossl.com/v2/DV90/order/fa14RtUNHlQ-mrJyefUHRQ) (ca=https://acme.zerossl.com/v2/DV90)"}
{"level":"error","ts":1654072411.9290702,"logger":"tls.obtain","msg":"will retry","error":"[*.myweb1.com] Obtain: [*.myweb1.com] solving challenges: *.myweb1.com: no solvers available for remaining challenges (configured=[http-01 tls-alpn-01] offered=[dns-01] remaining=[dns-01]) (order=https://acme.zerossl.com/v2/DV90/order/fa14RtUNHlQ-mrJyefUHRQ) (ca=https://acme.zerossl.com/v2/DV90)","attempt":4,"retrying_in":300,"elapsed":502.555984698,"max_duration":2592000}
5. What I already tried:
I have tried to change the caddy file separating the two webs in different block, but with no succes…