caddy: Certificate error: One or more domains had a problem

I just updated Caddy to 0.10.13 and tried to run Caddy but it crashed while getting certificates.

1. What version of Caddy are you using (caddy -version)?

Caddy 0.10.13 (+0784717) (Filiosoft)

The custom binary can be found here: https://cdn.filiosoft.com/artifacts/caddy/caddy-0.10.13

2. What are you trying to do?

Run Caddy.

3. What is your entire Caddyfile?

status.filiosoft.com {
        tls certs@filiosoft.com {
                dns cloudflare
        }

        proxy / http://127.0.0.1:8080 {
                health_check /
                transparent
        }

        log /var/log/caddy/status.access.log
        errors /var/log/caddy/status.error.log
}

4. How did you run Caddy (give the full command and describe the execution environment)?

Command run:

/usr/local/bin/caddy -log stdout -agree=true -conf=/etc/caddy/Caddyfile -root=/var/tmp -quic

Environment:

  • OS: Ubuntu 16.04

5. Please paste any relevant HTTP request(s) here.

Not applicable.

6. What did you expect to see?

Caddy should start, grab certificates, and then start serving the site.

7. What did you see instead (give full error messages and/or log)?

Caddy crashes while getting the certificate.

Activating privacy features... 2018/04/19 01:40:06 [INFO][status.filiosoft.com] acme: Obtaining bundled SAN certificate
2018/04/19 01:40:06 [INFO][status.filiosoft.com] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz/<redacted>
2018/04/19 01:40:06 [INFO][status.filiosoft.com] acme: Authorization already valid; skipping challenge
2018/04/19 01:40:06 [INFO][status.filiosoft.com] acme: Validations succeeded; requesting certificates
2018/04/19 01:40:09 [INFO][status.filiosoft.com] Server responded with a certificate.
2018/04/19 01:40:09 [status.filiosoft.com] failed to obtain certificate: acme: Error -> One or more domains had a problem:

About this issue

  • Original URL
  • State: closed
  • Created 6 years ago
  • Reactions: 1
  • Comments: 20 (7 by maintainers)

Most upvoted comments

Okay, just reproduced it during lunch break, and identified the cause. Geez, it’s subtle. Fix is coming soon.

+4
mholt on Apr 19, 2018

Pushed a fix: https://github.com/xenolf/lego/commit/fad2257e11ae4ff31ed03739386873aa405dec2d

Updating vendor and committing new release shortly.

+2
mholt on Apr 20, 2018

I have a final group project due in one of my classes soon that I am working on today, but I’m going to try to reproduce this bug ASAP.

+2
mholt on Apr 19, 2018

caddy --version Caddy v1.0.3 (h1:i9gRhBgvc5ifchwWtSe7pDpsdS9+Q0Rw9oYQmYUTw1w=)

caddy.service - Caddy HTTP/2 web server Loaded: loaded (/etc/systemd/system/caddy.service; enabled; vendor preset: enabled) Active: active (running) since Sat 2019-09-21 00:40:07 EDT; 20s ago Docs: https://caddyserver.com/docs Main PID: 1276 (caddy) CGroup: /system.slice/caddy.service └─1276 /usr/local/bin/caddy -log stdout -agree=true -conf=/etc/caddy/Caddyfile -root=/var/tmp

Sep 21 00:40:24 tiny caddy[1276]: 2019/09/21 00:40:24 [ERROR][xx.xx.xx] failed to obtain certificate: acme: Error -> One or more domains had a problem: Sep 21 00:40:24 tiny caddy[1276]: [xx.xx.xx] [xx.xx.xx] acme: error presenting token: presenting with standard provider server: could not start HTTPS server for chall Sep 21 00:40:24 tiny caddy[1276]: (attempt 2/3; challenge=tls-alpn-01) Sep 21 00:40:25 tiny caddy[1276]: 2019/09/21 00:40:25 [INFO] [xx.xx.xx] acme: Obtaining bundled SAN certificate Sep 21 00:40:26 tiny caddy[1276]: 2019/09/21 00:40:26 [INFO] [xx.xx.xx] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/435955722 Sep 21 00:40:26 tiny caddy[1276]: 2019/09/21 00:40:26 [INFO] [xx.xx.xx] acme: use tls-alpn-01 solver Sep 21 00:40:26 tiny caddy[1276]: 2019/09/21 00:40:26 [INFO] [xx.xx.xx] acme: Trying to solve TLS-ALPN-01 Sep 21 00:40:27 tiny caddy[1276]: 2019/09/21 00:40:27 [ERROR][xx.xx.xx] failed to obtain certificate: acme: Error -> One or more domains had a problem: Sep 21 00:40:27 tiny caddy[1276]: [xx.xx.xx] [xx.xx.xx] acme: error presenting token: presenting with standard provider server: could not start HTTPS server for chall Sep 21 00:40:27 tiny caddy[1276]: (attempt 3/3; challenge=tls-alpn-01)

systemctl failed. but if I run /usr/local/bin/caddy -log stdout -agree=true -conf=/etc/caddy/Caddyfile -root=/var/tmp as root its ok

fresh installation on debian 9

+1
lowprofileusername on Sep 21, 2019

My bad, you were right. When I ran caddy on the command line, everything worked fine. (Then I ran it through systemd again, and I was rate limited. So I copied over the certificate from my home directory and then it worked fine in systemd.) Sorry for complaining both here and on the forum!

+1
skyfaller on Apr 20, 2018

I can also confirm that 0.10.14 is working for me, thanks!

+1
kpine on Apr 20, 2018

I can confirm that 0.10.14 fixes the issue! Thanks!

+1
nprail on Apr 20, 2018

upgraded from a version older than 0.10.12

@mholt I received the error on a completely fresh installation, so caddy was never used on that server before. ~/.caddy/acme/acme-v02.api.letsencrypt.org/sites exists, but is completely empty.

+1
SteffenDE on Apr 19, 2018
Read more comments on GitHub
← caddy: Can't server any PHP content
caddy: Certificate is invalid on Chrome →