ENV:
CentOS 7:
yum install yum-plugin-copr
yum copr enable @caddy/caddy
yum install caddy
Caddy version:
[developer@Dev_Payment_111 caddy]$ caddy version
v2.7.4 h1:J8nisjdOxnYHXlorUKXY75Gr6iBfudfoGhrJ8t7/flI=
[developer@Dev_Payment_111 caddy]$ whereis caddy
caddy: /usr/bin/caddy /etc/caddy /usr/share/caddy /usr/share/man/man8/caddy.8.gz
[developer@Dev_Payment_111 caddy]$ pwd
/usr/share/caddy
[developer@Dev_Payment_111 caddy]$ tree
.
└── index.html
0 directories, 1 file
Current situation:
There is no problem with the DNS resolution of my domain name, and it can be resolved to my server correctly.
Ports 80 and 443 are open and can be accessed from external networks.
caddy works fine when just http is used in the caddyfile:
{
email [email protected]
}
:80
reverse_proxy localhost:9876
- After https is enabled, an error message is displayed, causing a certificate application failure.
Caddyfile
[developer@Dev_Payment_111 caddy]$ cat Caddyfile
{
email [email protected]
}
www.example.top:443
reverse_proxy localhost:9876
error log:
Oct 09 02:11:35 Dev_Payment_111 caddy[18404]: {"level":"info","ts":1696817495.4480734,"logger":"tls","msg":"cleaning storage unit","description":"FileStorage:/var/lib/caddy/.local/share/caddy"}
Oct 09 02:11:35 Dev_Payment_111 caddy[18404]: {"level":"info","ts":1696817495.4481452,"logger":"tls","msg":"finished cleaning storage units"}
Oct 09 02:11:35 Dev_Payment_111 caddy[18404]: {"level":"info","ts":1696817495.4482486,"logger":"tls.obtain","msg":"acquiring lock","identifier":"www.example.top"}
Oct 09 02:11:35 Dev_Payment_111 caddy[18404]: {"level":"info","ts":1696817495.4482882,"msg":"autosaved config (load with --resume flag)","file":"/var/lib/caddy/.config/caddy/autosave.json"}
Oct 09 02:11:35 Dev_Payment_111 caddy[18404]: {"level":"info","ts":1696817495.448325,"msg":"serving initial configuration"}
Oct 09 02:11:35 Dev_Payment_111 caddy[18404]: {"level":"info","ts":1696817495.4864845,"logger":"tls.obtain","msg":"lock acquired","identifier":"www.example.top"}
Oct 09 02:11:35 Dev_Payment_111 caddy[18404]: {"level":"info","ts":1696817495.4866147,"logger":"tls.obtain","msg":"obtaining certificate","identifier":"www.example.top"}
Oct 09 02:11:35 Dev_Payment_111 caddy[18404]: {"level":"info","ts":1696817495.4937303,"logger":"tls.issuance.acme","msg":"waiting on internal rate limiter","identifiers":["www.example.top"],"ca":"https://acme-v02.api.letsencrypt.org/directory","account":"[email protected]"}
Oct 09 02:11:35 Dev_Payment_111 caddy[18404]: {"level":"info","ts":1696817495.493765,"logger":"tls.issuance.acme","msg":"done waiting on internal rate limiter","identifiers":["www.example.top"],"ca":"https://acmev02.api.letsencrypt.org/directory","account":"[email protected]"}
Oct 09 02:11:37 Dev_Payment_111 caddy[18404]: {"level":"info","ts":1696817497.6288013,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"www.example.top","challenge_type":"http01","ca":"https://acme-v02.api.letsencrypt.org/directory"}
Oct 09 02:11:49 Dev_Payment_111 caddy[18404]: {"level":"error","ts":1696817509.3985543,"logger":"tls.issuance.acme.acme_client","msg":"challenge failed","identifier":"www.example.top","challenge_type":"http-01","problem":{"type":"urn:ietf:params:acme:error:connection","title":"","detail":"211.xxx.xxx.xxx: Fetching http://www.example.top/.well-known/acme-challenge/Yf0M-T8e-dF0soOLQxBXwElnEMqkl02hJBNUVvsf_Lc: Timeout during connect (likely firewall problem)","instance":"","subproblems":[]}}
Oct 09 02:11:49 Dev_Payment_111 caddy[18404]: {"level":"error","ts":1696817509.3986027,"logger":"tls.issuance.acme.acme_client","msg":"validating authorization","identifier":"www.example.top","problem":{"type":"urn:ietf:params:acme:error:connection","title":"","detail":"xxx.xxx.xxx.xxxx: Fetching http://www.example.top/.well-known/acme-challenge/Yf0M-T8e-dF0soOLQxBXwElnEMqkl02hJBNUVvsf_Lc: Timeout during connect (likely firewall problem)","instance ":"","subproblems":[]},"order":"https://acme-v02.api.letsencrypt.org/acme/order/1349812566/213802657336","attempt":1,"max_attempts":3}
Oct 09 02:11:51 Dev_Payment_111 caddy[18404]: {"level":"info","ts":1696817511.1904821,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"www.example.top","challenge_type":"tls-alpn-01","ca":"https://acme-v02.api.letsencrypt.org/directory"}
Oct 09 02:12:02 Dev_Payment_111 caddy[18404]: {"level":"error","ts":1696817522.2106516,"logger":"tls.issuance.acme.acme_client","msg":"challenge failed","identifier":"www.example.top","challenge_type":"tls-alpn-01","problem":{"type":"urn:ietf:params:acme:error:connection","title":"","detail":"xxx.xxx.xxx.xxx: Timeout during connect (likely firewall problem)","instance":"","subproblems":[]}}
Oct 09 02:12:02 Dev_Payment_111 caddy[18404]: {"level":"error","ts":1696817522.2107036,"logger":"tls.issuance.acme.acme_client","msg":"validating authorization","identifier":"www.example.top","problem":{"type":"urn:ietf:params:acme:error:connection","title":"","detail":"xxx.xxx.xxx.xxxx: Timeout during connect (likely firewall problem)","instance":"","subproblems":[]},"order":"https://acme-v02.api.letsencrypt.org/acme/order/1349812566/213802709246","a ttempt":2,"max_attempts":3}
Oct 09 02:12:02 Dev_Payment_111 caddy[18404]: {"level":"error","ts":1696817522.2107475,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"www.example.top","issuer":"acme-v02.api.letsencrypt.org-directory","error":"HTTP 400 rn:ietf:params:acme:error:connection - xxx.xxx.xxx.xxx: Timeout during connect (likely firewall problem)"}
Oct 09 02:12:02 Dev_Payment_111 caddy[18404]: {"level":"info","ts":1696817522.3516479,"logger":"tls.issuance.zerossl","msg":"waiting on internal rate limiter","identifiers":["www.example.top"],"ca":"https://acme.zerossl.com/v2/DV90","account":"[email protected]"}
Oct 09 02:12:02 Dev_Payment_111 caddy[18404]: {"level":"info","ts":1696817522.351804,"logger":"tls.issuance.zerossl","msg":"done waiting on internal rat e limiter","identifiers":["www.example.top"],"ca":"https://acme.zerossl.com/v2/DV90","account":"[email protected]"}
Oct 09 02:12:06 Dev_Payment_111 caddy[18404]: {"level":"info","ts":1696817526.396537,"logger":"tls.issuance.zerossl.acme_client","msg":"trying to solve challenge","identifier":"www.example.top","challenge_type":"http-01","ca":"https://acme.zerossl.com/v2/DV90"}
Oct 09 02:12:20 Dev_Payment_111 caddy[18404]: {"level":"error","ts":1696817540.312028,"logger":"tls.issuance.zerossl.acme_client","msg":"challenge failed","identifier":"www.example.top","challenge_type":"http-01","problem":{"type":"","title":"","detail":"","instance":"","subproblems":[]}}
Oct 09 02:12:20 Dev_Payment_111 caddy[18404]: {"level":"error","ts":1696817540.312073,"logger":"tls.issuance.zerossl.acme_client","msg":"validating authorization","identifier":"www.example.top","problem":{"type":"","title":"","detail":"","instance":"","subproblems":[]},"order":"https://acme.zerossl.com/v2/DV90/order/GPCD7FAjoDQM8ZM5aQ41og","attempt":1,"max_attempts":3}
Oct 09 02:12:20 Dev_Payment_111 caddy[18404]: {"level":"error","ts":1696817540.312127,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"www.example.top","issuer":"acme.zerossl.com-v2-DV90","error":"HTTP 0 - "}
Oct 09 02:12:20 Dev_Payment_111 caddy[18404]: {"level":"error","ts":1696817540.3121705,"logger":"tls.obtain","msg":"will retry","error":"[www.example.top] Obtain: [www.example.top] solving challenge: www.example.top: [www.example.top] authorization failed: HTTP 0 - (ca=https://acme.zerossl.com/v2/DV90)","attempt":1,"retrying_in":60,"elapsed":44.825670399,"max_duration":2592000}
- What is the reason for the error? My firewall is OK and I can access ports 80 and 443 from the external network?