caddy: "Context deadline exceeded" when creating certificate

Hello!

We’re getting this error when trying to generate new certificates. We’re using Caddy 2.4.2 and running in 2 servers behind a load balancer, we use DynamoDB to store the certificates.

Up until minutes ago we only used ZeroSSL as the issuer, but after seeing the error we thought it may be something on their side and decided to try with the new fallback functionality using Let’s Encrypt. But we’re getting the same error as with ZeroSSL, and we thought context deadline exceeded sounded like something from inside Caddy and not an error in the issuer.

TLS config tls { issuer zerossl blablablabla { email my@mail.com dir https://acme.zerossl.com/v2/DV90 eab blabla blablablablablablablablablablablablablablablabla } issuer acme { email my@mail.com } on_demand }

All these logs are from our staging environment, which is identical to production and we could replicate the error there.

Full log, with the error

Aug 02 15:22:22 custom-domains-staging-br-01 caddy[326595]: {“level”:“info”,“ts”:1627917742.2827234,“msg”:“using provided configuration”,“config_file”:“/etc/caddy/Caddyfile”,“config_adapter”:“”} Aug 02 15:22:22 custom-domains-staging-br-01 caddy[326595]: 2021/08/02 15:22:22 [WARNING] Unnecessary header_up (‘X-Forwarded-Proto’ field): the reverse proxy’s default behavior is to pass headers to the upstream Aug 02 15:22:22 custom-domains-staging-br-01 caddy[326595]: 2021/08/02 15:22:22 [WARNING] Unnecessary header_up (‘X-Forwarded-Proto’ field): the reverse proxy’s default behavior is to pass headers to the upstream Aug 02 15:22:22 custom-domains-staging-br-01 caddy[326595]: {“level”:“warn”,“ts”:1627917742.2882245,“msg”:“input is not formatted with ‘caddy fmt’”,“adapter”:“caddyfile”,“file”:“/etc/caddy/Caddyfile”,“line”:2} Aug 02 15:22:22 custom-domains-staging-br-01 caddy[326595]: {“level”:“info”,“ts”:1627917742.289781,“logger”:“admin”,“msg”:“admin endpoint started”,“address”:“tcp/localhost:2019”,“enforce_origin”:false,“origins”:[“127.0.0.1:2019”,“localhost:2019”,“[::1]:2019”]} Aug 02 15:22:22 custom-domains-staging-br-01 caddy[326595]: {“level”:“info”,“ts”:1627917742.290084,“logger”:“http”,“msg”:“server is listening only on the HTTP port, so no automatic HTTPS will be applied to this server”,“server_name”:“srv1”,“http_port”:80} Aug 02 15:22:22 custom-domains-staging-br-01 caddy[326595]: {“level”:“info”,“ts”:1627917742.2901125,“logger”:“http”,“msg”:“server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS”,“server_name”:“srv0”,“https_port”:443} Aug 02 15:22:22 custom-domains-staging-br-01 caddy[326595]: {“level”:“info”,“ts”:1627917742.290119,“logger”:“http”,“msg”:“enabling automatic HTTP->HTTPS redirects”,“server_name”:“srv0”} Aug 02 15:22:22 custom-domains-staging-br-01 caddy[326595]: {“level”:“info”,“ts”:1627917742.2903583,“logger”:“tls.cache.maintenance”,“msg”:“started background certificate maintenance”,“cache”:“0xc0002fe540”} Aug 02 15:22:22 custom-domains-staging-br-01 caddy[326595]: {“level”:“info”,“ts”:1627917742.2908654,“logger”:“tls”,“msg”:“cleaning storage unit”,“description”:“&{caddy_ssl_certificates <nil> false 0 0}”} Aug 02 15:22:22 custom-domains-staging-br-01 caddy[326595]: {“level”:“info”,“ts”:1627917742.2945075,“msg”:“autosaved config (load with --resume flag)”,“file”:“/var/lib/caddy/.config/caddy/autosave.json”} Aug 02 15:22:22 custom-domains-staging-br-01 caddy[326595]: {“level”:“info”,“ts”:1627917742.2945242,“msg”:“serving initial configuration”} Aug 02 15:22:24 custom-domains-staging-br-01 caddy[326595]: {“level”:“error”,“ts”:1627917744.3835282,“logger”:“http.handlers.reverse_proxy”,“msg”:“aborting with incomplete response”,“error”:“context canceled”} Aug 02 15:22:56 custom-domains-staging-br-01 caddy[326595]: {“level”:“info”,“ts”:1627917776.443357,“logger”:“tls.on_demand”,“msg”:“obtaining new certificate”,“server_name”:“catorce.publicala.me”} Aug 02 15:22:57 custom-domains-staging-br-01 caddy[326595]: {“level”:“info”,“ts”:1627917777.2787774,“logger”:“tls.obtain”,“msg”:“acquiring lock”,“identifier”:“catorce.publicala.me”} Aug 02 15:22:57 custom-domains-staging-br-01 caddy[326595]: {“level”:“info”,“ts”:1627917777.5153117,“logger”:“tls.obtain”,“msg”:“lock acquired”,“identifier”:“catorce.publicala.me”} Aug 02 15:22:58 custom-domains-staging-br-01 caddy[326595]: {“level”:“info”,“ts”:1627917778.2233639,“logger”:“tls.issuance.acme”,“msg”:“waiting on internal rate limiter”,“identifiers”:[“catorce.publicala.me”],“ca”:“https://acme.zerossl.com/v2/DV90",“account”:"fgilio@publica.la”} Aug 02 15:22:58 custom-domains-staging-br-01 caddy[326595]: {“level”:“info”,“ts”:1627917778.2233992,“logger”:“tls.issuance.acme”,“msg”:“done waiting on internal rate limiter”,“identifiers”:[“catorce.publicala.me”],“ca”:“https://acme.zerossl.com/v2/DV90",“account”:"fgilio@publica.la”} Aug 02 15:22:59 custom-domains-staging-br-01 caddy[326595]: {“level”:“info”,“ts”:1627917779.7658842,“logger”:“tls.issuance.acme.acme_client”,“msg”:“trying to solve challenge”,“identifier”:“catorce.publicala.me”,“challenge_type”:“http-01”,“ca”:“https://acme.zerossl.com/v2/DV90”} Aug 02 15:23:01 custom-domains-staging-br-01 caddy[326595]: {“level”:“info”,“ts”:1627917781.1090271,“logger”:“tls.issuance.acme.acme_client”,“msg”:“validations succeeded; finalizing order”,“order”:“https://acme.zerossl.com/v2/DV90/order/rrMkwcU6ke5zBbmRSEcfvw”} Aug 02 15:24:26 custom-domains-staging-br-01 caddy[326595]: {“level”:“error”,“ts”:1627917866.4442153,“logger”:“tls.obtain”,“msg”:“could not get certificate from issuer”,“identifier”:“catorce.publicala.me”,“issuer”:“acme.zerossl.com-v2-DV90”,“error”:“[catorce.publicala.me] finalizing order https://acme.zerossl.com/v2/DV90/order/rrMkwcU6ke5zBbmRSEcfvw: context deadline exceeded (ca=https://acme.zerossl.com/v2/DV90)”} Aug 02 15:24:26 custom-domains-staging-br-01 caddy[326595]: {“level”:“warn”,“ts”:1627917866.5625367,“logger”:“tls.issuance.acme.acme_client”,“msg”:“HTTP request failed; retrying”,“url”:“https://acme-v02.api.letsencrypt.org/directory",“error”:"performing request: Get "https://acme-v02.api.letsencrypt.org/directory\”: context deadline exceeded"} Aug 02 15:24:26 custom-domains-staging-br-01 caddy[326595]: {“level”:“error”,“ts”:1627917866.562598,“logger”:“tls.obtain”,“msg”:“could not get certificate from issuer”,“identifier”:“catorce.publicala.me”,“issuer”:“acme-v02.api.letsencrypt.org-directory”,“error”:“registering account [] with server: provisioning client: context deadline exceeded”} Aug 02 15:24:26 custom-domains-staging-br-01 caddy[326595]: {“level”:“error”,“ts”:1627917866.562613,“logger”:“tls.obtain”,“msg”:“will retry”,“error”:“[catorce.publicala.me] Obtain: registering account [] with server: provisioning client: context deadline exceeded”,“attempt”:1,“retrying_in”:60,“elapsed”:89.046767149,“max_duration”:2592000} Aug 02 15:24:26 custom-domains-staging-br-01 caddy[326595]: {“level”:“info”,“ts”:1627917866.562624,“logger”:“tls.obtain”,“msg”:“releasing lock”,“identifier”:“catorce.publicala.me”} Aug 02 15:24:28 custom-domains-staging-br-01 caddy[326595]: {“level”:“info”,“ts”:1627917868.276673,“logger”:“tls.on_demand”,“msg”:“obtaining new certificate”,“server_name”:“catorce.publicala.me”} Aug 02 15:24:29 custom-domains-staging-br-01 caddy[326595]: {“level”:“info”,“ts”:1627917869.1013489,“logger”:“tls.obtain”,“msg”:“acquiring lock”,“identifier”:“catorce.publicala.me”} Aug 02 15:24:29 custom-domains-staging-br-01 caddy[326595]: {“level”:“info”,“ts”:1627917869.336572,“logger”:“tls.obtain”,“msg”:“lock acquired”,“identifier”:“catorce.publicala.me”} Aug 02 15:24:30 custom-domains-staging-br-01 caddy[326595]: {“level”:“info”,“ts”:1627917870.0429702,“logger”:“tls.issuance.acme”,“msg”:“waiting on internal rate limiter”,“identifiers”:[“catorce.publicala.me”],“ca”:“https://acme.zerossl.com/v2/DV90",“account”:"fgilio@publica.la”} Aug 02 15:24:30 custom-domains-staging-br-01 caddy[326595]: {“level”:“info”,“ts”:1627917870.0430124,“logger”:“tls.issuance.acme”,“msg”:“done waiting on internal rate limiter”,“identifiers”:[“catorce.publicala.me”],“ca”:“https://acme.zerossl.com/v2/DV90",“account”:"fgilio@publica.la”} Aug 02 15:24:31 custom-domains-staging-br-01 caddy[326595]: {“level”:“info”,“ts”:1627917871.270235,“logger”:“tls.issuance.acme.acme_client”,“msg”:“trying to solve challenge”,“identifier”:“catorce.publicala.me”,“challenge_type”:“http-01”,“ca”:“https://acme.zerossl.com/v2/DV90”} Aug 02 15:24:32 custom-domains-staging-br-01 caddy[326595]: {“level”:“info”,“ts”:1627917872.3466265,“logger”:“tls.issuance.acme.acme_client”,“msg”:“validations succeeded; finalizing order”,“order”:“https://acme.zerossl.com/v2/DV90/order/9325Jmzsz9G0-3dzrFRTMg”} Aug 02 15:25:58 custom-domains-staging-br-01 caddy[326595]: {“level”:“error”,“ts”:1627917958.2774987,“logger”:“tls.obtain”,“msg”:“could not get certificate from issuer”,“identifier”:“catorce.publicala.me”,“issuer”:“acme.zerossl.com-v2-DV90”,“error”:“[catorce.publicala.me] finalizing order https://acme.zerossl.com/v2/DV90/order/9325Jmzsz9G0-3dzrFRTMg: context deadline exceeded (ca=https://acme.zerossl.com/v2/DV90)”} Aug 02 15:25:58 custom-domains-staging-br-01 caddy[326595]: {“level”:“warn”,“ts”:1627917958.4897046,“logger”:“tls.issuance.acme.acme_client”,“msg”:“HTTP request failed; retrying”,“url”:“https://acme-v02.api.letsencrypt.org/directory",“error”:"performing request: Get "https://acme-v02.api.letsencrypt.org/directory\”: context deadline exceeded"} Aug 02 15:25:58 custom-domains-staging-br-01 caddy[326595]: {“level”:“error”,“ts”:1627917958.4898303,“logger”:“tls.obtain”,“msg”:“could not get certificate from issuer”,“identifier”:“catorce.publicala.me”,“issuer”:“acme-v02.api.letsencrypt.org-directory”,“error”:“registering account [] with server: provisioning client: context deadline exceeded”} Aug 02 15:25:58 custom-domains-staging-br-01 caddy[326595]: {“level”:“error”,“ts”:1627917958.4898472,“logger”:“tls.obtain”,“msg”:“will retry”,“error”:“[catorce.publicala.me] Obtain: registering account [] with server: provisioning client: context deadline exceeded”,“attempt”:1,“retrying_in”:60,“elapsed”:89.15324904,“max_duration”:2592000} Aug 02 15:25:58 custom-domains-staging-br-01 caddy[326595]: {“level”:“info”,“ts”:1627917958.4898577,“logger”:“tls.obtain”,“msg”:“releasing lock”,“identifier”:“catorce.publicala.me”} Aug 02 15:28:38 custom-domains-staging-br-01 systemd[1]: Reloading Caddy. Aug 02 15:28:38 custom-domains-staging-br-01 caddy[327037]: {“level”:“info”,“ts”:1627918118.7171786,“msg”:“using provided configuration”,“config_file”:“/etc/caddy/Caddyfile”,“config_adapter”:“”} Aug 02 15:28:38 custom-domains-staging-br-01 caddy[327037]: 2021/08/02 15:28:38 [WARNING] Unnecessary header_up (‘X-Forwarded-Proto’ field): the reverse proxy’s default behavior is to pass headers to the upstream Aug 02 15:28:38 custom-domains-staging-br-01 caddy[327037]: 2021/08/02 15:28:38 [WARNING] Unnecessary header_up (‘X-Forwarded-Proto’ field): the reverse proxy’s default behavior is to pass headers to the upstream Aug 02 15:28:38 custom-domains-staging-br-01 caddy[327037]: {“level”:“warn”,“ts”:1627918118.7200844,“msg”:“input is not formatted with ‘caddy fmt’”,“adapter”:“caddyfile”,“file”:“/etc/caddy/Caddyfile”,“line”:2} Aug 02 15:28:38 custom-domains-staging-br-01 caddy[326595]: {“level”:“info”,“ts”:1627918118.7220445,“logger”:“admin.api”,“msg”:“received request”,“method”:“POST”,“host”:“localhost:2019”,“uri”:“/load”,“remote_addr”:“127.0.0.1:33140”,“headers”:{“Accept-Encoding”:[“gzip”],“Content-Length”:[“1775”],“Content-Type”:[“application/json”],“Origin”:[“localhost:2019”],“User-Agent”:[“Go-http-client/1.1”]}} Aug 02 15:28:38 custom-domains-staging-br-01 caddy[326595]: {“level”:“info”,“ts”:1627918118.722826,“logger”:“admin”,“msg”:“admin endpoint started”,“address”:“tcp/localhost:2019”,“enforce_origin”:false,“origins”:[“localhost:2019”,“[::1]:2019”,“127.0.0.1:2019”]} Aug 02 15:28:38 custom-domains-staging-br-01 caddy[326595]: {“level”:“info”,“ts”:1627918118.7231193,“logger”:“tls.cache.maintenance”,“msg”:“started background certificate maintenance”,“cache”:“0xc0001249a0”} Aug 02 15:28:38 custom-domains-staging-br-01 caddy[326595]: {“level”:“info”,“ts”:1627918118.7231383,“logger”:“http”,“msg”:“server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS”,“server_name”:“srv0”,“https_port”:443} Aug 02 15:28:38 custom-domains-staging-br-01 caddy[326595]: {“level”:“info”,“ts”:1627918118.7232556,“logger”:“http”,“msg”:“enabling automatic HTTP->HTTPS redirects”,“server_name”:“srv0”} Aug 02 15:28:38 custom-domains-staging-br-01 caddy[326595]: {“level”:“info”,“ts”:1627918118.7232819,“logger”:“http”,“msg”:“server is listening only on the HTTP port, so no automatic HTTPS will be applied to this server”,“server_name”:“srv1”,“http_port”:80} Aug 02 15:28:38 custom-domains-staging-br-01 caddy[326595]: {“level”:“info”,“ts”:1627918118.7929738,“logger”:“tls.cache.maintenance”,“msg”:“stopped background certificate maintenance”,“cache”:“0xc0002fe540”} Aug 02 15:28:38 custom-domains-staging-br-01 caddy[326595]: {“level”:“info”,“ts”:1627918118.7932832,“msg”:“autosaved config (load with --resume flag)”,“file”:“/var/lib/caddy/.config/caddy/autosave.json”} Aug 02 15:28:38 custom-domains-staging-br-01 caddy[326595]: {“level”:“info”,“ts”:1627918118.7933016,“logger”:“admin.api”,“msg”:“load complete”} Aug 02 15:28:38 custom-domains-staging-br-01 systemd[1]: Reloaded Caddy. Aug 02 15:28:38 custom-domains-staging-br-01 caddy[326595]: {“level”:“info”,“ts”:1627918118.8629189,“logger”:“admin”,“msg”:“stopped previous server”,“address”:“tcp/localhost:2019”} Aug 02 15:28:39 custom-domains-staging-br-01 caddy[326595]: 2021/08/02 15:28:39 [ERROR] Deleting expired certificates: context canceled Aug 02 15:28:39 custom-domains-staging-br-01 caddy[326595]: {“level”:“info”,“ts”:1627918119.1675758,“logger”:“tls”,“msg”:“finished cleaning storage units”} Aug 02 15:28:40 custom-domains-staging-br-01 caddy[326595]: {“level”:“error”,“ts”:1627918120.3807824,“logger”:“http.handlers.reverse_proxy”,“msg”:“aborting with incomplete response”,“error”:“context canceled”} Aug 02 15:28:45 custom-domains-staging-br-01 caddy[326595]: {“level”:“info”,“ts”:1627918125.1546447,“logger”:“tls.on_demand”,“msg”:“obtaining new certificate”,“server_name”:“catorce.publicala.me”} Aug 02 15:28:45 custom-domains-staging-br-01 caddy[326595]: {“level”:“info”,“ts”:1627918125.989216,“logger”:“tls.obtain”,“msg”:“acquiring lock”,“identifier”:“catorce.publicala.me”} Aug 02 15:28:46 custom-domains-staging-br-01 caddy[326595]: {“level”:“info”,“ts”:1627918126.2274082,“logger”:“tls.obtain”,“msg”:“lock acquired”,“identifier”:“catorce.publicala.me”} Aug 02 15:28:46 custom-domains-staging-br-01 caddy[326595]: {“level”:“info”,“ts”:1627918126.9420567,“logger”:“tls.issuance.acme”,“msg”:“waiting on internal rate limiter”,“identifiers”:[“catorce.publicala.me”],“ca”:“https://acme.zerossl.com/v2/DV90",“account”:"fgilio@publica.la”} Aug 02 15:28:46 custom-domains-staging-br-01 caddy[326595]: {“level”:“info”,“ts”:1627918126.9421027,“logger”:“tls.issuance.acme”,“msg”:“done waiting on internal rate limiter”,“identifiers”:[“catorce.publicala.me”],“ca”:“https://acme.zerossl.com/v2/DV90",“account”:"fgilio@publica.la”} Aug 02 15:28:48 custom-domains-staging-br-01 caddy[326595]: {“level”:“info”,“ts”:1627918128.0681744,“logger”:“tls.issuance.acme.acme_client”,“msg”:“trying to solve challenge”,“identifier”:“catorce.publicala.me”,“challenge_type”:“http-01”,“ca”:“https://acme.zerossl.com/v2/DV90”} Aug 02 15:28:48 custom-domains-staging-br-01 caddy[326595]: {“level”:“info”,“ts”:1627918128.9010139,“logger”:“tls.issuance.acme.acme_client”,“msg”:“validations succeeded; finalizing order”,“order”:“https://acme.zerossl.com/v2/DV90/order/KVdNMcg11-Ewufv5Nzdtig”} Aug 02 15:30:15 custom-domains-staging-br-01 caddy[326595]: {“level”:“error”,“ts”:1627918215.1555398,“logger”:“tls.obtain”,“msg”:“could not get certificate from issuer”,“identifier”:“catorce.publicala.me”,“issuer”:“acme.zerossl.com-v2-DV90”,“error”:“[catorce.publicala.me] finalizing order https://acme.zerossl.com/v2/DV90/order/KVdNMcg11-Ewufv5Nzdtig: context deadline exceeded (ca=https://acme.zerossl.com/v2/DV90)”} Aug 02 15:30:15 custom-domains-staging-br-01 caddy[326595]: {“level”:“info”,“ts”:1627918215.7659411,“logger”:“tls.issuance.acme”,“msg”:“waiting on internal rate limiter”,“identifiers”:[“catorce.publicala.me”],“ca”:“https://acme-v02.api.letsencrypt.org/directory",“account”:"fgilio@publica.la”} Aug 02 15:30:15 custom-domains-staging-br-01 caddy[326595]: {“level”:“info”,“ts”:1627918215.7661862,“logger”:“tls.issuance.acme”,“msg”:“done waiting on internal rate limiter”,“identifiers”:[“catorce.publicala.me”],“ca”:“https://acme-v02.api.letsencrypt.org/directory",“account”:"fgilio@publica.la”} Aug 02 15:30:15 custom-domains-staging-br-01 caddy[326595]: {“level”:“warn”,“ts”:1627918215.7662575,“logger”:“tls.issuance.acme.acme_client”,“msg”:“HTTP request failed; retrying”,“url”:“https://acme-v02.api.letsencrypt.org/directory",“error”:"performing request: Get "https://acme-v02.api.letsencrypt.org/directory\”: context deadline exceeded"} Aug 02 15:30:15 custom-domains-staging-br-01 caddy[326595]: {“level”:“error”,“ts”:1627918215.7662952,“logger”:“tls.obtain”,“msg”:“could not get certificate from issuer”,“identifier”:“catorce.publicala.me”,“issuer”:“acme-v02.api.letsencrypt.org-directory”,“error”:“[catorce.publicala.me] creating new order: provisioning client: context deadline exceeded (ca=https://acme-v02.api.letsencrypt.org/directory)”} Aug 02 15:30:15 custom-domains-staging-br-01 caddy[326595]: {“level”:“error”,“ts”:1627918215.7663093,“logger”:“tls.obtain”,“msg”:“will retry”,“error”:“[catorce.publicala.me] Obtain: [catorce.publicala.me] creating new order: provisioning client: context deadline exceeded (ca=https://acme-v02.api.letsencrypt.org/directory)”,“attempt”:1,“retrying_in”:60,“elapsed”:89.538869619,“max_duration”:2592000} Aug 02 15:30:15 custom-domains-staging-br-01 caddy[326595]: {“level”:“info”,“ts”:1627918215.7663207,“logger”:“tls.obtain”,“msg”:“releasing lock”,“identifier”:“catorce.publicala.me”}

UPDATE: We started to be able to generate certificates while I was writing this issue. All the new certificates are being generated with Let’s Encrypt after ZeroSSL fails.

We’re not sure if this is indeed an error on ZeroSSL or if something else was also happening with Let’s Encrypt, as this log suggests Aug 02 15:30:15 custom-domains-staging-br-01 caddy[326595]: {"level":"error","ts":1627918215.7663093,"logger":"tls.obtain","msg":"will retry","error":"[catorce.publicala.me] Obtain: [catorce.publicala.me] creating new order: provisioning client: context deadline exceeded (ca=https://acme-v02.api.letsencrypt.org/directory)","attempt":1,"retrying_in":60,"elapsed":89.538869619,"max_duration":2592000}.

Full log after error solved "itself"

Aug 02 15:36:24 custom-domains-staging-br-01 caddy[326595]: {“level”:“info”,“ts”:1627918584.6788352,“logger”:“tls.on_demand”,“msg”:“obtaining new certificate”,“server_name”:“catorce.publicala.me”} Aug 02 15:36:25 custom-domains-staging-br-01 caddy[326595]: {“level”:“info”,“ts”:1627918585.4860163,“logger”:“tls.obtain”,“msg”:“acquiring lock”,“identifier”:“catorce.publicala.me”} Aug 02 15:36:25 custom-domains-staging-br-01 caddy[326595]: {“level”:“info”,“ts”:1627918585.7181144,“logger”:“tls.obtain”,“msg”:“lock acquired”,“identifier”:“catorce.publicala.me”} Aug 02 15:36:26 custom-domains-staging-br-01 caddy[326595]: {“level”:“info”,“ts”:1627918586.4122481,“logger”:“tls.issuance.acme”,“msg”:“waiting on internal rate limiter”,“identifiers”:[“catorce.publicala.me”],“ca”:“https://acme.zerossl.com/v2/DV90",“account”:"fgilio@publica.la”} Aug 02 15:36:26 custom-domains-staging-br-01 caddy[326595]: {“level”:“info”,“ts”:1627918586.4122853,“logger”:“tls.issuance.acme”,“msg”:“done waiting on internal rate limiter”,“identifiers”:[“catorce.publicala.me”],“ca”:“https://acme.zerossl.com/v2/DV90",“account”:"fgilio@publica.la”} Aug 02 15:36:27 custom-domains-staging-br-01 caddy[326595]: {“level”:“error”,“ts”:1627918587.2315016,“logger”:“tls.obtain”,“msg”:“could not get certificate from issuer”,“identifier”:“catorce.publicala.me”,“issuer”:“acme.zerossl.com-v2-DV90”,“error”:“[catorce.publicala.me] creating new order: fetching new nonce from server: HTTP 504: (ca=https://acme.zerossl.com/v2/DV90)”} Aug 02 15:36:27 custom-domains-staging-br-01 caddy[326595]: {“level”:“info”,“ts”:1627918587.4627676,“logger”:“tls.issuance.acme”,“msg”:“waiting on internal rate limiter”,“identifiers”:[“catorce.publicala.me”],“ca”:“https://acme-v02.api.letsencrypt.org/directory",“account”:"fgilio@publica.la”} Aug 02 15:36:27 custom-domains-staging-br-01 caddy[326595]: {“level”:“info”,“ts”:1627918587.4628348,“logger”:“tls.issuance.acme”,“msg”:“done waiting on internal rate limiter”,“identifiers”:[“catorce.publicala.me”],“ca”:“https://acme-v02.api.letsencrypt.org/directory",“account”:"fgilio@publica.la”} Aug 02 15:36:28 custom-domains-staging-br-01 caddy[326595]: {“level”:“info”,“ts”:1627918588.7454534,“logger”:“tls.issuance.acme.acme_client”,“msg”:“trying to solve challenge”,“identifier”:“catorce.publicala.me”,“challenge_type”:“http-01”,“ca”:“https://acme-v02.api.letsencrypt.org/directory”} Aug 02 15:36:32 custom-domains-staging-br-01 caddy[326595]: {“level”:“info”,“ts”:1627918592.7008424,“logger”:“tls.issuance.acme.acme_client”,“msg”:“validations succeeded; finalizing order”,“order”:“https://acme-v02.api.letsencrypt.org/acme/order/113805931/14027200930”} Aug 02 15:36:33 custom-domains-staging-br-01 caddy[326595]: {“level”:“info”,“ts”:1627918593.4735258,“logger”:“tls.issuance.acme.acme_client”,“msg”:“successfully downloaded available certificate chains”,“count”:2,“first_url”:“https://acme-v02.api.letsencrypt.org/acme/cert/03e24093caca1e12dae2699a7ccc5578a9d7”} Aug 02 15:36:33 custom-domains-staging-br-01 caddy[326595]: {“level”:“info”,“ts”:1627918593.8252475,“logger”:“tls.obtain”,“msg”:“certificate obtained successfully”,“identifier”:“catorce.publicala.me”} Aug 02 15:36:33 custom-domains-staging-br-01 caddy[326595]: {“level”:“info”,“ts”:1627918593.8252823,“logger”:“tls.obtain”,“msg”:“releasing lock”,“identifier”:“catorce.publicala.me”}

EDIT

We’re getting a similar error again, these logs are from our production environment:

Aug 02 15:42:24 custom-domains-prod-br-01 caddy[259728]: {"level":"info","ts":1627918944.980402,"logger":"tls.on_demand","msg":"obtaining new certificate","server_name":"fugolahome.publica.la"} Aug 02 15:42:25 custom-domains-prod-br-01 caddy[259728]: {"level":"info","ts":1627918945.7890599,"logger":"tls.obtain","msg":"acquiring lock","identifier":"fugolahome.publica.la"} Aug 02 15:42:26 custom-domains-prod-br-01 caddy[259728]: {"level":"info","ts":1627918946.0221035,"logger":"tls.obtain","msg":"lock acquired","identifier":"fugolahome.publica.la"} Aug 02 15:42:26 custom-domains-prod-br-01 caddy[259728]: {"level":"info","ts":1627918946.7189736,"logger":"tls.issuance.acme","msg":"waiting on internal rate limiter","identifiers":["fugolahome.publica.la"],"ca":"https://acme.zerossl.com/v2/DV90","account":"fgilio@publica.la"} Aug 02 15:42:26 custom-domains-prod-br-01 caddy[259728]: {"level":"info","ts":1627918946.7193184,"logger":"tls.issuance.acme","msg":"done waiting on internal rate limiter","identifiers":["fugolahome.publica.la"],"ca":"https://acme.zerossl.com/v2/DV90","account":"fgilio@publica.la"} Aug 02 15:42:27 custom-domains-prod-br-01 caddy[259728]: {"level":"info","ts":1627918947.976487,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"fugolahome.publica.la","challenge_type":"http-01","ca":"https://acme.zerossl.com/v2/DV90"} Aug 02 15:42:30 custom-domains-prod-br-01 caddy[259728]: {"level":"error","ts":1627918950.666122,"logger":"http.handlers.reverse_proxy","msg":"reading from backend","error":"http2: server sent GOAWAY and closed the connection; LastStreamID=1999, ErrCode=NO_ERROR, debug=\"\""} Aug 02 15:42:30 custom-domains-prod-br-01 caddy[259728]: {"level":"error","ts":1627918950.6669643,"logger":"http.handlers.reverse_proxy","msg":"aborting with incomplete response","error":"http2: server sent GOAWAY and closed the connection; LastStreamID=1999, ErrCode=NO_ERROR, debug=\"\""} Aug 02 15:42:34 custom-domains-prod-br-01 caddy[259728]: {"level":"info","ts":1627918954.1778336,"logger":"tls.issuance.acme.acme_client","msg":"validations succeeded; finalizing order","order":"https://acme.zerossl.com/v2/DV90/order/KixxRv3AIJLYPnuIag-qWg"} Aug 02 15:42:52 custom-domains-prod-br-01 caddy[259728]: {"level":"error","ts":1627918972.2500432,"logger":"http.handlers.reverse_proxy","msg":"reading from backend","error":"http2: server sent GOAWAY and closed the connection; LastStreamID=1999, ErrCode=NO_ERROR, debug=\"\""} Aug 02 15:42:52 custom-domains-prod-br-01 caddy[259728]: {"level":"error","ts":1627918972.25082,"logger":"http.handlers.reverse_proxy","msg":"aborting with incomplete response","error":"http2: server sent GOAWAY and closed the connection; LastStreamID=1999, ErrCode=NO_ERROR, debug=\"\""} Aug 02 15:43:54 custom-domains-prod-br-01 caddy[259728]: {"level":"error","ts":1627919034.9812496,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"fugolahome.publica.la","issuer":"acme.zerossl.com-v2-DV90","error":"[fugolahome.publica.la] finalizing order https://acme.zerossl.com/v2/DV90/order/KixxRv3AIJLYPnuIag-qWg: context deadline exceeded (ca=https://acme.zerossl.com/v2/DV90)"} Aug 02 15:43:55 custom-domains-prod-br-01 caddy[259728]: {"level":"info","ts":1627919035.21582,"logger":"tls.issuance.acme","msg":"waiting on internal rate limiter","identifiers":["fugolahome.publica.la"],"ca":"https://acme-v02.api.letsencrypt.org/directory","account":"fgilio@publica.la"} Aug 02 15:43:55 custom-domains-prod-br-01 caddy[259728]: {"level":"info","ts":1627919035.2158678,"logger":"tls.issuance.acme","msg":"done waiting on internal rate limiter","identifiers":["fugolahome.publica.la"],"ca":"https://acme-v02.api.letsencrypt.org/directory","account":"fgilio@publica.la"} Aug 02 15:43:55 custom-domains-prod-br-01 caddy[259728]: {"level":"warn","ts":1627919035.215924,"logger":"tls.issuance.acme.acme_client","msg":"HTTP request failed; retrying","url":"https://acme-v02.api.letsencrypt.org/acme/new-nonce","error":"performing request: Head \"https://acme-v02.api.letsencrypt.org/acme/new-nonce\": context deadline exceeded"} Aug 02 15:43:55 custom-domains-prod-br-01 caddy[259728]: {"level":"error","ts":1627919035.2159603,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"fugolahome.publica.la","issuer":"acme-v02.api.letsencrypt.org-directory","error":"[fugolahome.publica.la] creating new order: fetching new nonce from server: context deadline exceeded (ca=https://acme-v02.api.letsencrypt.org/directory)"} Aug 02 15:43:55 custom-domains-prod-br-01 caddy[259728]: {"level":"error","ts":1627919035.2159724,"logger":"tls.obtain","msg":"will retry","error":"[fugolahome.publica.la] Obtain: [fugolahome.publica.la] creating new order: fetching new nonce from server: context deadline exceeded (ca=https://acme-v02.api.letsencrypt.org/directory)","attempt":1,"retrying_in":60,"elapsed":89.193835892,"max_duration":2592000} Aug 02 15:43:55 custom-domains-prod-br-01 caddy[259728]: {"level":"info","ts":1627919035.2159827,"logger":"tls.obtain","msg":"releasing lock","identifier":"fugolahome.publica.la"} Aug 02 15:44:01 custom-domains-prod-br-01 caddy[259728]: {"level":"info","ts":1627919041.5071127,"logger":"tls.on_demand","msg":"obtaining new certificate","server_name":"fugolahome.publica.la"} Aug 02 15:44:02 custom-domains-prod-br-01 caddy[259728]: {"level":"info","ts":1627919042.3175468,"logger":"tls.obtain","msg":"acquiring lock","identifier":"fugolahome.publica.la"} Aug 02 15:44:02 custom-domains-prod-br-01 caddy[259728]: {"level":"info","ts":1627919042.5523498,"logger":"tls.obtain","msg":"lock acquired","identifier":"fugolahome.publica.la"} Aug 02 15:44:03 custom-domains-prod-br-01 caddy[259728]: {"level":"info","ts":1627919043.2485526,"logger":"tls.issuance.acme","msg":"waiting on internal rate limiter","identifiers":["fugolahome.publica.la"],"ca":"https://acme.zerossl.com/v2/DV90","account":"fgilio@publica.la"} Aug 02 15:44:03 custom-domains-prod-br-01 caddy[259728]: {"level":"info","ts":1627919043.248832,"logger":"tls.issuance.acme","msg":"done waiting on internal rate limiter","identifiers":["fugolahome.publica.la"],"ca":"https://acme.zerossl.com/v2/DV90","account":"fgilio@publica.la"} Aug 02 15:44:04 custom-domains-prod-br-01 caddy[259728]: {"level":"info","ts":1627919044.2504113,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"fugolahome.publica.la","challenge_type":"http-01","ca":"https://acme.zerossl.com/v2/DV90"} Aug 02 15:44:05 custom-domains-prod-br-01 caddy[259728]: {"level":"info","ts":1627919045.5463946,"logger":"tls.issuance.acme.acme_client","msg":"validations succeeded; finalizing order","order":"https://acme.zerossl.com/v2/DV90/order/j-gZOwxkAIOEaCJ74lDOHw"} Aug 02 15:44:54 custom-domains-prod-br-01 caddy[259728]: {"level":"error","ts":1627919094.2912614,"logger":"http.handlers.reverse_proxy","msg":"reading from backend","error":"http2: server sent GOAWAY and closed the connection; LastStreamID=1999, ErrCode=NO_ERROR, debug=\"\""} Aug 02 15:44:54 custom-domains-prod-br-01 caddy[259728]: {"level":"error","ts":1627919094.2920265,"logger":"http.handlers.reverse_proxy","msg":"aborting with incomplete response","error":"http2: server sent GOAWAY and closed the connection; LastStreamID=1999, ErrCode=NO_ERROR, debug=\"\""} Aug 02 15:45:31 custom-domains-prod-br-01 caddy[259728]: {"level":"error","ts":1627919131.5076334,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"fugolahome.publica.la","issuer":"acme.zerossl.com-v2-DV90","error":"[fugolahome.publica.la] finalizing order https://acme.zerossl.com/v2/DV90/order/j-gZOwxkAIOEaCJ74lDOHw: context deadline exceeded (ca=https://acme.zerossl.com/v2/DV90)"} Aug 02 15:45:31 custom-domains-prod-br-01 caddy[259728]: {"level":"info","ts":1627919131.7532852,"logger":"tls.issuance.acme","msg":"waiting on internal rate limiter","identifiers":["fugolahome.publica.la"],"ca":"https://acme-v02.api.letsencrypt.org/directory","account":"fgilio@publica.la"} Aug 02 15:45:31 custom-domains-prod-br-01 caddy[259728]: {"level":"info","ts":1627919131.7533205,"logger":"tls.issuance.acme","msg":"done waiting on internal rate limiter","identifiers":["fugolahome.publica.la"],"ca":"https://acme-v02.api.letsencrypt.org/directory","account":"fgilio@publica.la"} Aug 02 15:45:31 custom-domains-prod-br-01 caddy[259728]: {"level":"warn","ts":1627919131.7533739,"logger":"tls.issuance.acme.acme_client","msg":"HTTP request failed; retrying","url":"https://acme-v02.api.letsencrypt.org/acme/new-nonce","error":"performing request: Head \"https://acme-v02.api.letsencrypt.org/acme/new-nonce\": context deadline exceeded"} Aug 02 15:45:31 custom-domains-prod-br-01 caddy[259728]: {"level":"error","ts":1627919131.7534099,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"fugolahome.publica.la","issuer":"acme-v02.api.letsencrypt.org-directory","error":"[fugolahome.publica.la] creating new order: fetching new nonce from server: context deadline exceeded (ca=https://acme-v02.api.letsencrypt.org/directory)"} Aug 02 15:45:31 custom-domains-prod-br-01 caddy[259728]: {"level":"error","ts":1627919131.753422,"logger":"tls.obtain","msg":"will retry","error":"[fugolahome.publica.la] Obtain: [fugolahome.publica.la] creating new order: fetching new nonce from server: context deadline exceeded (ca=https://acme-v02.api.letsencrypt.org/directory)","attempt":1,"retrying_in":60,"elapsed":89.201036326,"max_duration":2592000} Aug 02 15:45:31 custom-domains-prod-br-01 caddy[259728]: {"level":"info","ts":1627919131.7534325,"logger":"tls.obtain","msg":"releasing lock","identifier":"fugolahome.publica.la"} Aug 02 15:45:33 custom-domains-prod-br-01 caddy[259728]: {"level":"info","ts":1627919133.443431,"logger":"tls.on_demand","msg":"obtaining new certificate","server_name":"fugolahome.publica.la"} Aug 02 15:45:34 custom-domains-prod-br-01 caddy[259728]: {"level":"info","ts":1627919134.2830584,"logger":"tls.obtain","msg":"acquiring lock","identifier":"fugolahome.publica.la"} Aug 02 15:45:34 custom-domains-prod-br-01 caddy[259728]: {"level":"info","ts":1627919134.5245216,"logger":"tls.obtain","msg":"lock acquired","identifier":"fugolahome.publica.la"} Aug 02 15:45:35 custom-domains-prod-br-01 caddy[259728]: {"level":"info","ts":1627919135.2431037,"logger":"tls.issuance.acme","msg":"waiting on internal rate limiter","identifiers":["fugolahome.publica.la"],"ca":"https://acme.zerossl.com/v2/DV90","account":"fgilio@publica.la"} Aug 02 15:45:35 custom-domains-prod-br-01 caddy[259728]: {"level":"info","ts":1627919135.2431443,"logger":"tls.issuance.acme","msg":"done waiting on internal rate limiter","identifiers":["fugolahome.publica.la"],"ca":"https://acme.zerossl.com/v2/DV90","account":"fgilio@publica.la"} Aug 02 15:45:37 custom-domains-prod-br-01 caddy[259728]: {"level":"info","ts":1627919137.5983033,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"fugolahome.publica.la","challenge_type":"http-01","ca":"https://acme.zerossl.com/v2/DV90"} Aug 02 15:45:38 custom-domains-prod-br-01 caddy[259728]: {"level":"info","ts":1627919138.8331897,"logger":"tls.issuance.acme.acme_client","msg":"validations succeeded; finalizing order","order":"https://acme.zerossl.com/v2/DV90/order/OvOISTvWycfMLD89fTcT7A"} Aug 02 15:47:03 custom-domains-prod-br-01 caddy[259728]: {"level":"error","ts":1627919223.4437003,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"fugolahome.publica.la","issuer":"acme.zerossl.com-v2-DV90","error":"[fugolahome.publica.la] finalizing order https://acme.zerossl.com/v2/DV90/order/OvOISTvWycfMLD89fTcT7A: context deadline exceeded (ca=https://acme.zerossl.com/v2/DV90)"} Aug 02 15:47:03 custom-domains-prod-br-01 caddy[259728]: {"level":"info","ts":1627919223.6825764,"logger":"tls.issuance.acme","msg":"waiting on internal rate limiter","identifiers":["fugolahome.publica.la"],"ca":"https://acme-v02.api.letsencrypt.org/directory","account":"fgilio@publica.la"} Aug 02 15:47:03 custom-domains-prod-br-01 caddy[259728]: {"level":"error","ts":1627919223.6827006,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"fugolahome.publica.la","issuer":"acme-v02.api.letsencrypt.org-directory","error":"context canceled"} Aug 02 15:47:03 custom-domains-prod-br-01 caddy[259728]: {"level":"info","ts":1627919223.6827214,"logger":"tls.obtain","msg":"releasing lock","identifier":"fugolahome.publica.la"} Aug 02 15:47:08 custom-domains-prod-br-01 caddy[259728]: {"level":"info","ts":1627919228.581455,"logger":"tls.on_demand","msg":"obtaining new certificate","server_name":"fugolahome.publica.la"} Aug 02 15:47:09 custom-domains-prod-br-01 caddy[259728]: {"level":"info","ts":1627919229.3975694,"logger":"tls.obtain","msg":"acquiring lock","identifier":"fugolahome.publica.la"} Aug 02 15:47:09 custom-domains-prod-br-01 caddy[259728]: {"level":"info","ts":1627919229.632231,"logger":"tls.obtain","msg":"lock acquired","identifier":"fugolahome.publica.la"} Aug 02 15:47:10 custom-domains-prod-br-01 caddy[259728]: {"level":"info","ts":1627919230.3337657,"logger":"tls.issuance.acme","msg":"waiting on internal rate limiter","identifiers":["fugolahome.publica.la"],"ca":"https://acme.zerossl.com/v2/DV90","account":"fgilio@publica.la"} Aug 02 15:47:10 custom-domains-prod-br-01 caddy[259728]: {"level":"info","ts":1627919230.3338053,"logger":"tls.issuance.acme","msg":"done waiting on internal rate limiter","identifiers":["fugolahome.publica.la"],"ca":"https://acme.zerossl.com/v2/DV90","account":"fgilio@publica.la"} Aug 02 15:47:12 custom-domains-prod-br-01 caddy[259728]: {"level":"info","ts":1627919232.246661,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"fugolahome.publica.la","challenge_type":"http-01","ca":"https://acme.zerossl.com/v2/DV90"} Aug 02 15:47:13 custom-domains-prod-br-01 caddy[259728]: {"level":"info","ts":1627919233.0522816,"logger":"tls.issuance.acme.acme_client","msg":"validations succeeded; finalizing order","order":"https://acme.zerossl.com/v2/DV90/order/09iwldMOCJX3Uvc7D9TZSQ"} Aug 02 15:47:26 custom-domains-prod-br-01 caddy[259728]: {"level":"error","ts":1627919246.6686213,"logger":"http.handlers.reverse_proxy","msg":"reading from backend","error":"http2: server sent GOAWAY and closed the connection; LastStreamID=1999, ErrCode=NO_ERROR, debug=\"\""} Aug 02 15:47:26 custom-domains-prod-br-01 caddy[259728]: {"level":"error","ts":1627919246.669548,"logger":"http.handlers.reverse_proxy","msg":"aborting with incomplete response","error":"http2: server sent GOAWAY and closed the connection; LastStreamID=1999, ErrCode=NO_ERROR, debug=\"\""} Aug 02 15:48:38 custom-domains-prod-br-01 caddy[259728]: {"level":"error","ts":1627919318.5815992,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"fugolahome.publica.la","issuer":"acme.zerossl.com-v2-DV90","error":"[fugolahome.publica.la] finalizing order https://acme.zerossl.com/v2/DV90/order/09iwldMOCJX3Uvc7D9TZSQ: context deadline exceeded (ca=https://acme.zerossl.com/v2/DV90)"} Aug 02 15:48:38 custom-domains-prod-br-01 caddy[259728]: {"level":"info","ts":1627919318.8166306,"logger":"tls.issuance.acme","msg":"waiting on internal rate limiter","identifiers":["fugolahome.publica.la"],"ca":"https://acme-v02.api.letsencrypt.org/directory","account":"fgilio@publica.la"} Aug 02 15:48:38 custom-domains-prod-br-01 caddy[259728]: {"level":"info","ts":1627919318.81667,"logger":"tls.issuance.acme","msg":"done waiting on internal rate limiter","identifiers":["fugolahome.publica.la"],"ca":"https://acme-v02.api.letsencrypt.org/directory","account":"fgilio@publica.la"} Aug 02 15:48:38 custom-domains-prod-br-01 caddy[259728]: {"level":"warn","ts":1627919318.8167229,"logger":"tls.issuance.acme.acme_client","msg":"HTTP request failed; retrying","url":"https://acme-v02.api.letsencrypt.org/acme/new-nonce","error":"performing request: Head \"https://acme-v02.api.letsencrypt.org/acme/new-nonce\": context deadline exceeded"} Aug 02 15:48:38 custom-domains-prod-br-01 caddy[259728]: {"level":"error","ts":1627919318.8167589,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"fugolahome.publica.la","issuer":"acme-v02.api.letsencrypt.org-directory","error":"[fugolahome.publica.la] creating new order: fetching new nonce from server: context deadline exceeded (ca=https://acme-v02.api.letsencrypt.org/directory)"} Aug 02 15:48:38 custom-domains-prod-br-01 caddy[259728]: {"level":"error","ts":1627919318.816771,"logger":"tls.obtain","msg":"will retry","error":"[fugolahome.publica.la] Obtain: [fugolahome.publica.la] creating new order: fetching new nonce from server: context deadline exceeded (ca=https://acme-v02.api.letsencrypt.org/directory)","attempt":1,"retrying_in":60,"elapsed":89.184510857,"max_duration":2592000} Aug 02 15:48:38 custom-domains-prod-br-01 caddy[259728]: {"level":"info","ts":1627919318.8167813,"logger":"tls.obtain","msg":"releasing lock","identifier":"fugolahome.publica.la"} Aug 02 15:48:58 custom-domains-prod-br-01 caddy[259728]: {"level":"error","ts":1627919338.317243,"logger":"http.handlers.reverse_proxy","msg":"reading from backend","error":"http2: server sent GOAWAY and closed the connection; LastStreamID=1999, ErrCode=NO_ERROR, debug=\"\""} Aug 02 15:48:58 custom-domains-prod-br-01 caddy[259728]: {"level":"error","ts":1627919338.317832,"logger":"http.handlers.reverse_proxy","msg":"aborting with incomplete response","error":"http2: server sent GOAWAY and closed the connection; LastStreamID=1999, ErrCode=NO_ERROR, debug=\"\""} Aug 02 15:50:21 custom-domains-prod-br-01 caddy[259728]: {"level":"error","ts":1627919421.285698,"logger":"http.handlers.reverse_proxy","msg":"reading from backend","error":"http2: server sent GOAWAY and closed the connection; LastStreamID=1999, ErrCode=NO_ERROR, debug=\"\""} Aug 02 15:50:21 custom-domains-prod-br-01 caddy[259728]: {"level":"error","ts":1627919421.286958,"logger":"http.handlers.reverse_proxy","msg":"aborting with incomplete response","error":"http2: server sent GOAWAY and closed the connection; LastStreamID=1999, ErrCode=NO_ERROR, debug=\"\""}

About this issue

  • Original URL
  • State: closed
  • Created 3 years ago
  • Comments: 18 (9 by maintainers)

Most upvoted comments

Not looking to revive this, just confirming that this is also happening for me when I had a bulk import of a few thousand domains over a couple of days.

I think ZeroSSL just has some performance issues (maybe only from time to time, unsure as of yet).

+1
carterbryden on Jan 11, 2022

Nothing I can think of. Thanks for reporting it to them. I’m not sure we can really do anything/much about it… open to ideas though.

+1
mholt on Dec 2, 2021

That’s already an absurdly long amount of time to hold a TLS handshake open, and I’ve even doubled it to 180 on tip

100% agree. Also the issue here is the huge amplitud of issuance time.

*I’ve already contacted ZeroSSL support, let’s see what they have to say 🤞

EDIT: I’m still waiting for their reply, hope it arrives soon EDIT 2: They are now actively looking into this issue 🙌 🤞

+1
fgilio on Nov 11, 2021

Thanks for the extra info Matt. We stand available in case there’s something we can do to gather more info.

+1
fgilio on Oct 26, 2021

Hi guys! This is happening again and now we have the logs 💪 We’re running v2.4.2 h1:chB106RlsIaY4mVEyq9OQM5g/9lHYVputo/LAX2ndFg=, and this is our Caddy config:

{
    # This enables `debug` log
    debug
    on_demand_tls {
        ask https://ourapp-https-guard.com/caddy-check-blablablabla
    }

    storage dynamodb caddy_ssl_certificates
        storage_clean_interval 32d
}

:80 {
    respond /health "Im healthy!" 200
}

:443 {
   tls {
       issuer zerossl blablablabla {
           email my@email.com
           dir https://acme.zerossl.com/v2/DV90
           eab blablablabla blablablablablablablablablablablablablablablabla
       }
       issuer acme {
         email my@email.com
       }
       on_demand
   }

    reverse_proxy * https://ourapp.com {
        header_up Host ourapp.com
        header_up X-Forwarded-Host {host}
        header_up X-Forwarded-For {remote_host}
        header_up X-Forwarded-Port {server_port}
        header_up X-Forwarded-Proto {scheme}
        health_timeout 5s
    }
}

And these are the logs with the debug level enabled:

Oct 25 19:50:45 custom-domains-staging-br-01 systemd[1]: Reloading Caddy.
Oct 25 19:50:45 custom-domains-staging-br-01 caddy[1088051]: {"level":"info","ts":1635191445.7659783,"msg":"using provided configuration","config_file":"/etc/caddy/Caddyfile","config_adapter":""}
Oct 25 19:50:45 custom-domains-staging-br-01 caddy[1088051]: 2021/10/25 19:50:45 [WARNING] Unnecessary header_up ('X-Forwarded-Proto' field): the reverse proxy's default behavior is to pass headers to the upstream
Oct 25 19:50:45 custom-domains-staging-br-01 caddy[1088051]: 2021/10/25 19:50:45 [WARNING] Unnecessary header_up ('X-Forwarded-Proto' field): the reverse proxy's default behavior is to pass headers to the upstream
Oct 25 19:50:45 custom-domains-staging-br-01 caddy[1088051]: {"level":"warn","ts":1635191445.7697878,"msg":"input is not formatted with 'caddy fmt'","adapter":"caddyfile","file":"/etc/caddy/Caddyfile","line":2}
Oct 25 19:50:45 custom-domains-staging-br-01 caddy[326595]: {"level":"info","ts":1635191445.772287,"logger":"admin.api","msg":"received request","method":"POST","host":"localhost:2019","uri":"/load","remote_addr":"127.0.0.1:51494","headers":{"Accept-Encoding":["gzip"],"Content-Length":["1824"],"Content-Type":["application/json"],"Origin":["localhost:2019"],"User-Agent":["Go-http-client/1.1"]}}
Oct 25 19:50:45 custom-domains-staging-br-01 caddy[326595]: {"level":"info","ts":1635191445.7734485,"logger":"admin","msg":"admin endpoint started","address":"tcp/localhost:2019","enforce_origin":false,"origins":["localhost:2019","[::1]:2019","127.0.0.1:2019"]}
Oct 25 19:50:45 custom-domains-staging-br-01 caddy[326595]: {"level":"info","ts":1635191445.7746146,"logger":"tls.cache.maintenance","msg":"started background certificate maintenance","cache":"0xc00011ac40"}
Oct 25 19:50:45 custom-domains-staging-br-01 caddy[326595]: {"level":"info","ts":1635191445.774674,"logger":"http","msg":"server is listening only on the HTTP port, so no automatic HTTPS will be applied to this server","server_name":"srv1","http_port":80}
Oct 25 19:50:45 custom-domains-staging-br-01 caddy[326595]: {"level":"info","ts":1635191445.774871,"logger":"http","msg":"server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS","server_name":"srv0","https_port":443}
Oct 25 19:50:45 custom-domains-staging-br-01 caddy[326595]: {"level":"info","ts":1635191445.7748866,"logger":"http","msg":"enabling automatic HTTP->HTTPS redirects","server_name":"srv0"}
Oct 25 19:50:45 custom-domains-staging-br-01 caddy[326595]: {"level":"debug","ts":1635191445.776187,"logger":"http","msg":"starting server loop","address":"[::]:443","http3":false,"tls":true}
Oct 25 19:50:45 custom-domains-staging-br-01 caddy[326595]: {"level":"debug","ts":1635191445.7762077,"logger":"http","msg":"starting server loop","address":"[::]:80","http3":false,"tls":false}
Oct 25 19:50:45 custom-domains-staging-br-01 caddy[326595]: {"level":"info","ts":1635191445.7763228,"logger":"tls","msg":"cleaning storage unit","description":"&{caddy_ssl_certificates <nil>   false 0 0}"}
Oct 25 19:50:45 custom-domains-staging-br-01 caddy[326595]: {"level":"info","ts":1635191445.845681,"logger":"tls.cache.maintenance","msg":"stopped background certificate maintenance","cache":"0xc000120770"}
Oct 25 19:50:45 custom-domains-staging-br-01 caddy[326595]: {"level":"info","ts":1635191445.8468363,"msg":"autosaved config (load with --resume flag)","file":"/var/lib/caddy/.config/caddy/autosave.json"}
Oct 25 19:50:45 custom-domains-staging-br-01 caddy[326595]: {"level":"info","ts":1635191445.8468578,"logger":"admin.api","msg":"load complete"}
Oct 25 19:50:45 custom-domains-staging-br-01 caddy[326595]: {"level":"info","ts":1635191445.8489323,"logger":"admin","msg":"stopped previous server","address":"tcp/localhost:2019"}
Oct 25 19:50:45 custom-domains-staging-br-01 systemd[1]: Reloaded Caddy.
Oct 25 19:50:50 custom-domains-staging-br-01 caddy[326595]: {"level":"debug","ts":1635191450.55012,"logger":"tls","msg":"loading managed certificate","domain":"staging-farfalla.publica.la","expiration":1641599999,"issuer_key":"acme.zerossl.com-v2-DV90","storage":{"table":"caddy_ssl_certificates","lock_timeout":300000000000,"lock_polling_interval":5000000000}}
Oct 25 19:50:59 custom-domains-staging-br-01 caddy[326595]: {"level":"info","ts":1635191459.7764788,"logger":"tls.on_demand","msg":"obtaining new certificate","server_name":"demofgiliotest20211025.publicala.me"}
Oct 25 19:51:00 custom-domains-staging-br-01 caddy[326595]: {"level":"info","ts":1635191460.7144182,"logger":"tls.obtain","msg":"acquiring lock","identifier":"demofgiliotest20211025.publicala.me"}
Oct 25 19:51:00 custom-domains-staging-br-01 caddy[326595]: {"level":"info","ts":1635191460.95853,"logger":"tls.obtain","msg":"lock acquired","identifier":"demofgiliotest20211025.publicala.me"}
Oct 25 19:51:01 custom-domains-staging-br-01 caddy[326595]: {"level":"debug","ts":1635191461.434814,"logger":"tls.obtain","msg":"trying issuer 1/2","issuer":"acme.zerossl.com-v2-DV90"}
Oct 25 19:51:01 custom-domains-staging-br-01 caddy[326595]: {"level":"info","ts":1635191461.6692853,"logger":"tls.issuance.acme","msg":"waiting on internal rate limiter","identifiers":["demofgiliotest20211025.publicala.me"],"ca":"https://acme.zerossl.com/v2/DV90","account":"fgilio@publica.la"}
Oct 25 19:51:01 custom-domains-staging-br-01 caddy[326595]: {"level":"info","ts":1635191461.669537,"logger":"tls.issuance.acme","msg":"done waiting on internal rate limiter","identifiers":["demofgiliotest20211025.publicala.me"],"ca":"https://acme.zerossl.com/v2/DV90","account":"fgilio@publica.la"}
Oct 25 19:51:02 custom-domains-staging-br-01 caddy[326595]: {"level":"debug","ts":1635191462.573778,"logger":"tls.issuance.acme.acme_client","msg":"http request","method":"HEAD","url":"https://acme.zerossl.com/v2/DV90/newNonce","headers":{"User-Agent":["Caddy/2.4.2 CertMagic acmez (linux; amd64)"]},"status_code":200,"response_headers":{"Access-Control-Allow-Origin":["*"],"Cache-Control":["max-age=-1"],"Content-Type":["application/octet-stream"],"Date":["Mon, 25 Oct 2021 19:51:02 GMT"],"Link":["<https://acme.zerossl.com/v2/DV90>;rel=\"index\""],"Replay-Nonce":["YDoTPRlh1-qHnmy21iTQfw2JtAHE71cZH4XHehfPk7Y"],"Server":["nginx"],"Strict-Transport-Security":["max-age=15552000"]}}
Oct 25 19:51:02 custom-domains-staging-br-01 caddy[326595]: {"level":"debug","ts":1635191462.8212652,"logger":"tls.issuance.acme.acme_client","msg":"http request","method":"POST","url":"https://acme.zerossl.com/v2/DV90/newOrder","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.4.2 CertMagic acmez (linux; amd64)"]},"status_code":201,"response_headers":{"Access-Control-Allow-Origin":["*"],"Cache-Control":["max-age=0, no-cache, no-store","max-age=-1"],"Content-Length":["297"],"Content-Type":["application/json"],"Date":["Mon, 25 Oct 2021 19:51:02 GMT"],"Location":["https://acme.zerossl.com/v2/DV90/order/Nc8u6X2dsf4i12EFZxO7zQ"],"Replay-Nonce":["qdBDJ32c92XMn4iVk3y2VPHLTCLgwXN4UdXzBGufa60"],"Server":["nginx"],"Status":[""],"Strict-Transport-Security":["max-age=15552000"]}}
Oct 25 19:51:03 custom-domains-staging-br-01 caddy[326595]: {"level":"debug","ts":1635191463.024055,"logger":"tls.issuance.acme.acme_client","msg":"http request","method":"POST","url":"https://acme.zerossl.com/v2/DV90/authz/11CxCt3R_tFKswKXaK_VWg","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.4.2 CertMagic acmez (linux; amd64)"]},"status_code":200,"response_headers":{"Access-Control-Allow-Origin":["*"],"Cache-Control":["max-age=-1"],"Content-Length":["465"],"Content-Type":["application/json"],"Date":["Mon, 25 Oct 2021 19:51:02 GMT"],"Link":["<https://acme.zerossl.com/v2/DV90>;rel=\"index\""],"Replay-Nonce":["PigsaXE4kBUg-kaB6_NF5Ny7WoAXCVRIlT3QZAkxPJw"],"Retry-After":["5"],"Server":["nginx"],"Strict-Transport-Security":["max-age=15552000"]}}
Oct 25 19:51:03 custom-domains-staging-br-01 caddy[326595]: {"level":"debug","ts":1635191463.0242057,"logger":"tls.issuance.acme.acme_client","msg":"no solver configured","challenge_type":"dns-01"}
Oct 25 19:51:03 custom-domains-staging-br-01 caddy[326595]: {"level":"info","ts":1635191463.0242183,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"demofgiliotest20211025.publicala.me","challenge_type":"http-01","ca":"https://acme.zerossl.com/v2/DV90"}
Oct 25 19:51:03 custom-domains-staging-br-01 caddy[326595]: {"level":"debug","ts":1635191463.3946435,"logger":"tls.issuance.acme.acme_client","msg":"http request","method":"POST","url":"https://acme.zerossl.com/v2/DV90/chall/z3Cw6JJZYHbrKiTBXEOjmA","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.4.2 CertMagic acmez (linux; amd64)"]},"status_code":200,"response_headers":{"Access-Control-Allow-Origin":["*"],"Cache-Control":["max-age=-1"],"Content-Length":["164"],"Content-Type":["application/json"],"Date":["Mon, 25 Oct 2021 19:51:03 GMT"],"Link":["<https://acme.zerossl.com/v2/DV90>;rel=\"index\"","<https://acme.zerossl.com/v2/DV90/authz/11CxCt3R_tFKswKXaK_VWg>;rel=\"up\""],"Replay-Nonce":["xaOOee_pwzgE3JT1USy2RvJirn_YfoAPnL2I4LrCO5E"],"Retry-After":["10"],"Server":["nginx"],"Strict-Transport-Security":["max-age=15552000"]}}
Oct 25 19:51:03 custom-domains-staging-br-01 caddy[326595]: {"level":"debug","ts":1635191463.394733,"logger":"tls.issuance.acme.acme_client","msg":"challenge accepted","identifier":"demofgiliotest20211025.publicala.me","challenge_type":"http-01"}
Oct 25 19:51:03 custom-domains-staging-br-01 caddy[326595]: {"level":"debug","ts":1635191463.9322329,"logger":"tls.issuance.acme.acme_client","msg":"http request","method":"POST","url":"https://acme.zerossl.com/v2/DV90/authz/11CxCt3R_tFKswKXaK_VWg","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.4.2 CertMagic acmez (linux; amd64)"]},"status_code":200,"response_headers":{"Access-Control-Allow-Origin":["*"],"Cache-Control":["max-age=-1"],"Content-Length":["468"],"Content-Type":["application/json"],"Date":["Mon, 25 Oct 2021 19:51:03 GMT"],"Link":["<https://acme.zerossl.com/v2/DV90>;rel=\"index\""],"Replay-Nonce":["UCpkKlUG8uEy-ZMz-oLaLp1GK3Xf8_cW44NOTDlFaG0"],"Retry-After":["5"],"Server":["nginx"],"Strict-Transport-Security":["max-age=15552000"]}}
Oct 25 19:51:09 custom-domains-staging-br-01 caddy[326595]: {"level":"debug","ts":1635191469.1185324,"logger":"tls.issuance.acme.acme_client","msg":"http request","method":"POST","url":"https://acme.zerossl.com/v2/DV90/authz/11CxCt3R_tFKswKXaK_VWg","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.4.2 CertMagic acmez (linux; amd64)"]},"status_code":200,"response_headers":{"Access-Control-Allow-Origin":["*"],"Cache-Control":["max-age=-1"],"Content-Length":["468"],"Content-Type":["application/json"],"Date":["Mon, 25 Oct 2021 19:51:09 GMT"],"Link":["<https://acme.zerossl.com/v2/DV90>;rel=\"index\""],"Replay-Nonce":["N3zMKUBCwDK-3ssj-9kVbr88JVDx8UzIPIxomqw_uZ8"],"Retry-After":["5"],"Server":["nginx"],"Strict-Transport-Security":["max-age=15552000"]}}
Oct 25 19:51:14 custom-domains-staging-br-01 caddy[326595]: {"level":"debug","ts":1635191474.3100483,"logger":"tls.issuance.acme.acme_client","msg":"http request","method":"POST","url":"https://acme.zerossl.com/v2/DV90/authz/11CxCt3R_tFKswKXaK_VWg","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.4.2 CertMagic acmez (linux; amd64)"]},"status_code":200,"response_headers":{"Access-Control-Allow-Origin":["*"],"Cache-Control":["max-age=-1"],"Content-Length":["468"],"Content-Type":["application/json"],"Date":["Mon, 25 Oct 2021 19:51:14 GMT"],"Link":["<https://acme.zerossl.com/v2/DV90>;rel=\"index\""],"Replay-Nonce":["iW_r_ZTntJXw50Z3JFGjjTCD00v3HVHGtSVEZh5jNFI"],"Retry-After":["5"],"Server":["nginx"],"Strict-Transport-Security":["max-age=15552000"]}}
Oct 25 19:51:19 custom-domains-staging-br-01 caddy[326595]: {"level":"debug","ts":1635191479.5178995,"logger":"tls.issuance.acme.acme_client","msg":"http request","method":"POST","url":"https://acme.zerossl.com/v2/DV90/authz/11CxCt3R_tFKswKXaK_VWg","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.4.2 CertMagic acmez (linux; amd64)"]},"status_code":200,"response_headers":{"Access-Control-Allow-Origin":["*"],"Cache-Control":["max-age=-1"],"Content-Length":["468"],"Content-Type":["application/json"],"Date":["Mon, 25 Oct 2021 19:51:19 GMT"],"Link":["<https://acme.zerossl.com/v2/DV90>;rel=\"index\""],"Replay-Nonce":["EIwWXh3JTlgqK8Gn2gcYS5bApJVo0DdJeILerZkEKOY"],"Retry-After":["5"],"Server":["nginx"],"Strict-Transport-Security":["max-age=15552000"]}}
Oct 25 19:51:24 custom-domains-staging-br-01 caddy[326595]: {"level":"debug","ts":1635191484.6796386,"logger":"tls.issuance.acme.acme_client","msg":"http request","method":"POST","url":"https://acme.zerossl.com/v2/DV90/authz/11CxCt3R_tFKswKXaK_VWg","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.4.2 CertMagic acmez (linux; amd64)"]},"status_code":200,"response_headers":{"Access-Control-Allow-Origin":["*"],"Cache-Control":["max-age=-1"],"Content-Length":["468"],"Content-Type":["application/json"],"Date":["Mon, 25 Oct 2021 19:51:24 GMT"],"Link":["<https://acme.zerossl.com/v2/DV90>;rel=\"index\""],"Replay-Nonce":["AwrHbfeB_kVkB8BzaGojzcIxQLh-vYno_ggAVNGXt8M"],"Retry-After":["5"],"Server":["nginx"],"Strict-Transport-Security":["max-age=15552000"]}}
Oct 25 19:51:29 custom-domains-staging-br-01 caddy[326595]: {"level":"debug","ts":1635191489.852036,"logger":"tls.issuance.acme.acme_client","msg":"http request","method":"POST","url":"https://acme.zerossl.com/v2/DV90/authz/11CxCt3R_tFKswKXaK_VWg","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.4.2 CertMagic acmez (linux; amd64)"]},"status_code":200,"response_headers":{"Access-Control-Allow-Origin":["*"],"Cache-Control":["max-age=-1"],"Content-Length":["468"],"Content-Type":["application/json"],"Date":["Mon, 25 Oct 2021 19:51:29 GMT"],"Link":["<https://acme.zerossl.com/v2/DV90>;rel=\"index\""],"Replay-Nonce":["VfEeBU8t0aOqQBHXrb0-3XmYupAO6_mGFxCc2oNu-T4"],"Retry-After":["5"],"Server":["nginx"],"Strict-Transport-Security":["max-age=15552000"]}}
Oct 25 19:51:35 custom-domains-staging-br-01 caddy[326595]: {"level":"debug","ts":1635191495.0641243,"logger":"tls.issuance.acme.acme_client","msg":"http request","method":"POST","url":"https://acme.zerossl.com/v2/DV90/authz/11CxCt3R_tFKswKXaK_VWg","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.4.2 CertMagic acmez (linux; amd64)"]},"status_code":200,"response_headers":{"Access-Control-Allow-Origin":["*"],"Cache-Control":["max-age=-1"],"Content-Length":["468"],"Content-Type":["application/json"],"Date":["Mon, 25 Oct 2021 19:51:34 GMT"],"Link":["<https://acme.zerossl.com/v2/DV90>;rel=\"index\""],"Replay-Nonce":["kEfmDi9PxaNLjvMXdX_WpAFfA2jPHAnuo19FPAdWDIY"],"Retry-After":["5"],"Server":["nginx"],"Strict-Transport-Security":["max-age=15552000"]}}
Oct 25 19:51:40 custom-domains-staging-br-01 caddy[326595]: {"level":"debug","ts":1635191500.244451,"logger":"tls.issuance.acme.acme_client","msg":"http request","method":"POST","url":"https://acme.zerossl.com/v2/DV90/authz/11CxCt3R_tFKswKXaK_VWg","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.4.2 CertMagic acmez (linux; amd64)"]},"status_code":200,"response_headers":{"Access-Control-Allow-Origin":["*"],"Cache-Control":["max-age=-1"],"Content-Length":["468"],"Content-Type":["application/json"],"Date":["Mon, 25 Oct 2021 19:51:40 GMT"],"Link":["<https://acme.zerossl.com/v2/DV90>;rel=\"index\""],"Replay-Nonce":["TX2H8SKfcOjkYl02_8jknWlGHO9JbXSFp84MXqVfLiE"],"Retry-After":["5"],"Server":["nginx"],"Strict-Transport-Security":["max-age=15552000"]}}
Oct 25 19:51:45 custom-domains-staging-br-01 caddy[326595]: {"level":"debug","ts":1635191505.4565187,"logger":"tls.issuance.acme.acme_client","msg":"http request","method":"POST","url":"https://acme.zerossl.com/v2/DV90/authz/11CxCt3R_tFKswKXaK_VWg","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.4.2 CertMagic acmez (linux; amd64)"]},"status_code":200,"response_headers":{"Access-Control-Allow-Origin":["*"],"Cache-Control":["max-age=-1"],"Content-Length":["468"],"Content-Type":["application/json"],"Date":["Mon, 25 Oct 2021 19:51:45 GMT"],"Link":["<https://acme.zerossl.com/v2/DV90>;rel=\"index\""],"Replay-Nonce":["u30DLaMqPG0E8oTx5_mPWWuVVc3c-VBaRwgT-QBkHME"],"Retry-After":["5"],"Server":["nginx"],"Strict-Transport-Security":["max-age=15552000"]}}
Oct 25 19:51:50 custom-domains-staging-br-01 caddy[326595]: {"level":"debug","ts":1635191510.6674209,"logger":"tls.issuance.acme.acme_client","msg":"http request","method":"POST","url":"https://acme.zerossl.com/v2/DV90/authz/11CxCt3R_tFKswKXaK_VWg","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.4.2 CertMagic acmez (linux; amd64)"]},"status_code":200,"response_headers":{"Access-Control-Allow-Origin":["*"],"Cache-Control":["max-age=-1"],"Content-Length":["335"],"Content-Type":["application/json"],"Date":["Mon, 25 Oct 2021 19:51:50 GMT"],"Link":["<https://acme.zerossl.com/v2/DV90>;rel=\"index\""],"Replay-Nonce":["gnGzVGQ7SBQJxXtVfW4vCusBsvAxbwfrOR7lpwSQ4C0"],"Retry-After":["5"],"Server":["nginx"],"Strict-Transport-Security":["max-age=15552000"]}}
Oct 25 19:51:50 custom-domains-staging-br-01 caddy[326595]: {"level":"info","ts":1635191510.7889047,"logger":"tls.issuance.acme.acme_client","msg":"validations succeeded; finalizing order","order":"https://acme.zerossl.com/v2/DV90/order/Nc8u6X2dsf4i12EFZxO7zQ"}
Oct 25 19:51:51 custom-domains-staging-br-01 caddy[326595]: {"level":"debug","ts":1635191511.1681097,"logger":"tls.issuance.acme.acme_client","msg":"http request","method":"POST","url":"https://acme.zerossl.com/v2/DV90/order/Nc8u6X2dsf4i12EFZxO7zQ/finalize","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.4.2 CertMagic acmez (linux; amd64)"]},"status_code":200,"response_headers":{"Access-Control-Allow-Origin":["*"],"Cache-Control":["max-age=-1"],"Content-Length":["300"],"Content-Type":["application/json"],"Date":["Mon, 25 Oct 2021 19:51:51 GMT"],"Location":["https://acme.zerossl.com/v2/DV90/order/Nc8u6X2dsf4i12EFZxO7zQ"],"Replay-Nonce":["ibglOVN7I9VI-4SgQo0MkXky56_ccsJ02QqbQ0ZdW9g"],"Retry-After":["15"],"Server":["nginx"],"Status":[""],"Strict-Transport-Security":["max-age=15552000"]}}
Oct 25 19:52:06 custom-domains-staging-br-01 caddy[326595]: {"level":"debug","ts":1635191526.4611456,"logger":"tls.issuance.acme.acme_client","msg":"http request","method":"POST","url":"https://acme.zerossl.com/v2/DV90/order/Nc8u6X2dsf4i12EFZxO7zQ","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.4.2 CertMagic acmez (linux; amd64)"]},"status_code":200,"response_headers":{"Access-Control-Allow-Origin":["*"],"Cache-Control":["max-age=-1"],"Content-Length":["300"],"Content-Type":["application/json"],"Date":["Mon, 25 Oct 2021 19:52:06 GMT"],"Location":["https://acme.zerossl.com/v2/DV90/order/Nc8u6X2dsf4i12EFZxO7zQ"],"Replay-Nonce":["V_7jyio-vb3FVdV4z2wlYzB2IoNIEc_cN810OtbvgdY"],"Retry-After":["15"],"Server":["nginx"],"Status":[""],"Strict-Transport-Security":["max-age=15552000"]}}
Oct 25 19:52:21 custom-domains-staging-br-01 caddy[326595]: {"level":"debug","ts":1635191541.714607,"logger":"tls.issuance.acme.acme_client","msg":"http request","method":"POST","url":"https://acme.zerossl.com/v2/DV90/order/Nc8u6X2dsf4i12EFZxO7zQ","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.4.2 CertMagic acmez (linux; amd64)"]},"status_code":200,"response_headers":{"Access-Control-Allow-Origin":["*"],"Cache-Control":["max-age=-1"],"Content-Length":["300"],"Content-Type":["application/json"],"Date":["Mon, 25 Oct 2021 19:52:21 GMT"],"Location":["https://acme.zerossl.com/v2/DV90/order/Nc8u6X2dsf4i12EFZxO7zQ"],"Replay-Nonce":["sUozd0B4QXXAtVuC0A5ehwBZfcK6ExteVZhL46iDGvk"],"Retry-After":["15"],"Server":["nginx"],"Status":[""],"Strict-Transport-Security":["max-age=15552000"]}}
Oct 25 19:52:29 custom-domains-staging-br-01 caddy[326595]: {"level":"error","ts":1635191549.7770689,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"demofgiliotest20211025.publicala.me","issuer":"acme.zerossl.com-v2-DV90","error":"[demofgiliotest20211025.publicala.me] finalizing order https://acme.zerossl.com/v2/DV90/order/Nc8u6X2dsf4i12EFZxO7zQ: context deadline exceeded (ca=https://acme.zerossl.com/v2/DV90)"}
Oct 25 19:52:29 custom-domains-staging-br-01 caddy[326595]: {"level":"debug","ts":1635191549.7771528,"logger":"tls.obtain","msg":"trying issuer 2/2","issuer":"acme-v02.api.letsencrypt.org-directory"}
Oct 25 19:52:30 custom-domains-staging-br-01 caddy[326595]: {"level":"info","ts":1635191550.014238,"logger":"tls.issuance.acme","msg":"waiting on internal rate limiter","identifiers":["demofgiliotest20211025.publicala.me"],"ca":"https://acme-v02.api.letsencrypt.org/directory","account":"fgilio@publica.la"}
Oct 25 19:52:30 custom-domains-staging-br-01 caddy[326595]: {"level":"info","ts":1635191550.0142884,"logger":"tls.issuance.acme","msg":"done waiting on internal rate limiter","identifiers":["demofgiliotest20211025.publicala.me"],"ca":"https://acme-v02.api.letsencrypt.org/directory","account":"fgilio@publica.la"}
Oct 25 19:52:30 custom-domains-staging-br-01 caddy[326595]: {"level":"warn","ts":1635191550.0143466,"logger":"tls.issuance.acme.acme_client","msg":"HTTP request failed; retrying","url":"https://acme-v02.api.letsencrypt.org/directory","error":"performing request: Get \"https://acme-v02.api.letsencrypt.org/directory\": context deadline exceeded"}
Oct 25 19:52:30 custom-domains-staging-br-01 caddy[326595]: {"level":"error","ts":1635191550.0143867,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"demofgiliotest20211025.publicala.me","issuer":"acme-v02.api.letsencrypt.org-directory","error":"[demofgiliotest20211025.publicala.me] creating new order: provisioning client: context deadline exceeded (ca=https://acme-v02.api.letsencrypt.org/directory)"}
Oct 25 19:52:30 custom-domains-staging-br-01 caddy[326595]: {"level":"error","ts":1635191550.0144014,"logger":"tls.obtain","msg":"will retry","error":"[demofgiliotest20211025.publicala.me] Obtain: [demofgiliotest20211025.publicala.me] creating new order: provisioning client: context deadline exceeded (ca=https://acme-v02.api.letsencrypt.org/directory)","attempt":1,"retrying_in":60,"elapsed":89.055843708,"max_duration":2592000}
Oct 25 19:52:30 custom-domains-staging-br-01 caddy[326595]: {"level":"info","ts":1635191550.014412,"logger":"tls.obtain","msg":"releasing lock","identifier":"demofgiliotest20211025.publicala.me"}
Oct 25 19:52:30 custom-domains-staging-br-01 caddy[326595]: {"level":"debug","ts":1635191550.1329362,"logger":"http.stdlib","msg":"http: TLS handshake error from 190.245.59.70:55122: context canceled"}
Oct 25 19:53:06 custom-domains-staging-br-01 caddy[326595]: {"level":"info","ts":1635191586.7669406,"logger":"tls.on_demand","msg":"obtaining new certificate","server_name":"demofgiliotest20211025.publicala.me"}
Oct 25 19:53:07 custom-domains-staging-br-01 caddy[326595]: {"level":"info","ts":1635191587.6330338,"logger":"tls.obtain","msg":"acquiring lock","identifier":"demofgiliotest20211025.publicala.me"}
Oct 25 19:53:07 custom-domains-staging-br-01 caddy[326595]: {"level":"info","ts":1635191587.871315,"logger":"tls.obtain","msg":"lock acquired","identifier":"demofgiliotest20211025.publicala.me"}
Oct 25 19:53:08 custom-domains-staging-br-01 caddy[326595]: {"level":"debug","ts":1635191588.3419158,"logger":"tls.obtain","msg":"trying issuer 1/2","issuer":"acme.zerossl.com-v2-DV90"}
Oct 25 19:53:08 custom-domains-staging-br-01 caddy[326595]: {"level":"info","ts":1635191588.5800972,"logger":"tls.issuance.acme","msg":"waiting on internal rate limiter","identifiers":["demofgiliotest20211025.publicala.me"],"ca":"https://acme.zerossl.com/v2/DV90","account":"fgilio@publica.la"}
Oct 25 19:53:08 custom-domains-staging-br-01 caddy[326595]: {"level":"info","ts":1635191588.5812044,"logger":"tls.issuance.acme","msg":"done waiting on internal rate limiter","identifiers":["demofgiliotest20211025.publicala.me"],"ca":"https://acme.zerossl.com/v2/DV90","account":"fgilio@publica.la"}
Oct 25 19:53:09 custom-domains-staging-br-01 caddy[326595]: {"level":"debug","ts":1635191589.1687744,"logger":"tls.issuance.acme.acme_client","msg":"http request","method":"HEAD","url":"https://acme.zerossl.com/v2/DV90/newNonce","headers":{"User-Agent":["Caddy/2.4.2 CertMagic acmez (linux; amd64)"]},"status_code":200,"response_headers":{"Access-Control-Allow-Origin":["*"],"Cache-Control":["max-age=-1"],"Content-Type":["application/octet-stream"],"Date":["Mon, 25 Oct 2021 19:53:09 GMT"],"Link":["<https://acme.zerossl.com/v2/DV90>;rel=\"index\""],"Replay-Nonce":["0dh8iykLRJEgdsog2XLslsiYq9drCPoJMiSsrYQ5kus"],"Server":["nginx"],"Strict-Transport-Security":["max-age=15552000"]}}
Oct 25 19:53:09 custom-domains-staging-br-01 caddy[326595]: {"level":"debug","ts":1635191589.4605386,"logger":"tls.issuance.acme.acme_client","msg":"http request","method":"POST","url":"https://acme.zerossl.com/v2/DV90/newOrder","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.4.2 CertMagic acmez (linux; amd64)"]},"status_code":201,"response_headers":{"Access-Control-Allow-Origin":["*"],"Cache-Control":["max-age=0, no-cache, no-store","max-age=-1"],"Content-Length":["297"],"Content-Type":["application/json"],"Date":["Mon, 25 Oct 2021 19:53:09 GMT"],"Location":["https://acme.zerossl.com/v2/DV90/order/q1DjDnv8t0SndgnF9XbLJA"],"Replay-Nonce":["4OIO4OAZKeTYOVgNJ3iSr6k1V9cygtbghKA51AFEMDY"],"Server":["nginx"],"Status":[""],"Strict-Transport-Security":["max-age=15552000"]}}
Oct 25 19:53:09 custom-domains-staging-br-01 caddy[326595]: {"level":"debug","ts":1635191589.689198,"logger":"tls.issuance.acme.acme_client","msg":"http request","method":"POST","url":"https://acme.zerossl.com/v2/DV90/authz/sC26awn34WxJOT0K8KH0cQ","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.4.2 CertMagic acmez (linux; amd64)"]},"status_code":200,"response_headers":{"Access-Control-Allow-Origin":["*"],"Cache-Control":["max-age=-1"],"Content-Length":["465"],"Content-Type":["application/json"],"Date":["Mon, 25 Oct 2021 19:53:09 GMT"],"Link":["<https://acme.zerossl.com/v2/DV90>;rel=\"index\""],"Replay-Nonce":["chu11uxUzb3hc23EtDu8cK1brtOuoCQlfTAurdW2B2g"],"Retry-After":["5"],"Server":["nginx"],"Strict-Transport-Security":["max-age=15552000"]}}
Oct 25 19:53:09 custom-domains-staging-br-01 caddy[326595]: {"level":"debug","ts":1635191589.6893125,"logger":"tls.issuance.acme.acme_client","msg":"no solver configured","challenge_type":"dns-01"}
Oct 25 19:53:09 custom-domains-staging-br-01 caddy[326595]: {"level":"info","ts":1635191589.6893222,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"demofgiliotest20211025.publicala.me","challenge_type":"http-01","ca":"https://acme.zerossl.com/v2/DV90"}
Oct 25 19:53:10 custom-domains-staging-br-01 caddy[326595]: {"level":"debug","ts":1635191590.0838847,"logger":"tls.issuance.acme.acme_client","msg":"http request","method":"POST","url":"https://acme.zerossl.com/v2/DV90/chall/4ThSVn5l_RTsZehqxbIFtA","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.4.2 CertMagic acmez (linux; amd64)"]},"status_code":200,"response_headers":{"Access-Control-Allow-Origin":["*"],"Cache-Control":["max-age=-1"],"Content-Length":["164"],"Content-Type":["application/json"],"Date":["Mon, 25 Oct 2021 19:53:10 GMT"],"Link":["<https://acme.zerossl.com/v2/DV90>;rel=\"index\"","<https://acme.zerossl.com/v2/DV90/authz/sC26awn34WxJOT0K8KH0cQ>;rel=\"up\""],"Replay-Nonce":["SOMosWVXlBlfaliviulBbQDDcWUhqXvktLK3SKxFqKg"],"Retry-After":["10"],"Server":["nginx"],"Strict-Transport-Security":["max-age=15552000"]}}
Oct 25 19:53:10 custom-domains-staging-br-01 caddy[326595]: {"level":"debug","ts":1635191590.0842097,"logger":"tls.issuance.acme.acme_client","msg":"challenge accepted","identifier":"demofgiliotest20211025.publicala.me","challenge_type":"http-01"}
Oct 25 19:53:10 custom-domains-staging-br-01 caddy[326595]: {"level":"debug","ts":1635191590.6076076,"logger":"tls.issuance.acme.acme_client","msg":"http request","method":"POST","url":"https://acme.zerossl.com/v2/DV90/authz/sC26awn34WxJOT0K8KH0cQ","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.4.2 CertMagic acmez (linux; amd64)"]},"status_code":200,"response_headers":{"Access-Control-Allow-Origin":["*"],"Cache-Control":["max-age=-1"],"Content-Length":["335"],"Content-Type":["application/json"],"Date":["Mon, 25 Oct 2021 19:53:10 GMT"],"Link":["<https://acme.zerossl.com/v2/DV90>;rel=\"index\""],"Replay-Nonce":["Qjl5WjHBK1nRfekMs74U1XMfmG3NRtXS0DTGZnn7cKA"],"Retry-After":["5"],"Server":["nginx"],"Strict-Transport-Security":["max-age=15552000"]}}
Oct 25 19:53:10 custom-domains-staging-br-01 caddy[326595]: {"level":"info","ts":1635191590.72736,"logger":"tls.issuance.acme.acme_client","msg":"validations succeeded; finalizing order","order":"https://acme.zerossl.com/v2/DV90/order/q1DjDnv8t0SndgnF9XbLJA"}
Oct 25 19:53:11 custom-domains-staging-br-01 caddy[326595]: {"level":"debug","ts":1635191591.1284513,"logger":"tls.issuance.acme.acme_client","msg":"http request","method":"POST","url":"https://acme.zerossl.com/v2/DV90/order/q1DjDnv8t0SndgnF9XbLJA/finalize","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.4.2 CertMagic acmez (linux; amd64)"]},"status_code":200,"response_headers":{"Access-Control-Allow-Origin":["*"],"Cache-Control":["max-age=-1"],"Content-Length":["300"],"Content-Type":["application/json"],"Date":["Mon, 25 Oct 2021 19:53:11 GMT"],"Location":["https://acme.zerossl.com/v2/DV90/order/q1DjDnv8t0SndgnF9XbLJA"],"Replay-Nonce":["vWl4qMBEOyq_WD6QQmwESuaep6PBO-WMj75erB6rAlE"],"Retry-After":["15"],"Server":["nginx"],"Status":[""],"Strict-Transport-Security":["max-age=15552000"]}}
Oct 25 19:53:26 custom-domains-staging-br-01 caddy[326595]: {"level":"debug","ts":1635191606.3751113,"logger":"tls.issuance.acme.acme_client","msg":"http request","method":"POST","url":"https://acme.zerossl.com/v2/DV90/order/q1DjDnv8t0SndgnF9XbLJA","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.4.2 CertMagic acmez (linux; amd64)"]},"status_code":200,"response_headers":{"Access-Control-Allow-Origin":["*"],"Cache-Control":["max-age=-1"],"Content-Length":["300"],"Content-Type":["application/json"],"Date":["Mon, 25 Oct 2021 19:53:26 GMT"],"Location":["https://acme.zerossl.com/v2/DV90/order/q1DjDnv8t0SndgnF9XbLJA"],"Replay-Nonce":["ff17Uyd9N4mLvKCP_weztBWv6NgsrCNBUjVvtf9aSm4"],"Retry-After":["15"],"Server":["nginx"],"Status":[""],"Strict-Transport-Security":["max-age=15552000"]}}
Oct 25 19:53:41 custom-domains-staging-br-01 caddy[326595]: {"level":"debug","ts":1635191621.5647938,"logger":"tls.issuance.acme.acme_client","msg":"http request","method":"POST","url":"https://acme.zerossl.com/v2/DV90/order/q1DjDnv8t0SndgnF9XbLJA","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.4.2 CertMagic acmez (linux; amd64)"]},"status_code":200,"response_headers":{"Access-Control-Allow-Origin":["*"],"Cache-Control":["max-age=-1"],"Content-Length":["300"],"Content-Type":["application/json"],"Date":["Mon, 25 Oct 2021 19:53:41 GMT"],"Location":["https://acme.zerossl.com/v2/DV90/order/q1DjDnv8t0SndgnF9XbLJA"],"Replay-Nonce":["VbYdCdeqSQlyJ1Hv_v54mh5DaFU16bVP_r4D6FEfLNE"],"Retry-After":["15"],"Server":["nginx"],"Status":[""],"Strict-Transport-Security":["max-age=15552000"]}}
Oct 25 19:53:56 custom-domains-staging-br-01 caddy[326595]: {"level":"debug","ts":1635191636.89529,"logger":"tls.issuance.acme.acme_client","msg":"http request","method":"POST","url":"https://acme.zerossl.com/v2/DV90/order/q1DjDnv8t0SndgnF9XbLJA","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.4.2 CertMagic acmez (linux; amd64)"]},"status_code":200,"response_headers":{"Access-Control-Allow-Origin":["*"],"Cache-Control":["max-age=-1"],"Content-Length":["300"],"Content-Type":["application/json"],"Date":["Mon, 25 Oct 2021 19:53:56 GMT"],"Location":["https://acme.zerossl.com/v2/DV90/order/q1DjDnv8t0SndgnF9XbLJA"],"Replay-Nonce":["yFP7uOa_II2AP_bKIL4rjQUiCOOEObCmPCDWDIzAas0"],"Retry-After":["15"],"Server":["nginx"],"Status":[""],"Strict-Transport-Security":["max-age=15552000"]}}
Oct 25 19:54:12 custom-domains-staging-br-01 caddy[326595]: {"level":"debug","ts":1635191652.0751743,"logger":"tls.issuance.acme.acme_client","msg":"http request","method":"POST","url":"https://acme.zerossl.com/v2/DV90/order/q1DjDnv8t0SndgnF9XbLJA","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.4.2 CertMagic acmez (linux; amd64)"]},"status_code":200,"response_headers":{"Access-Control-Allow-Origin":["*"],"Cache-Control":["max-age=-1"],"Content-Length":["300"],"Content-Type":["application/json"],"Date":["Mon, 25 Oct 2021 19:54:12 GMT"],"Location":["https://acme.zerossl.com/v2/DV90/order/q1DjDnv8t0SndgnF9XbLJA"],"Replay-Nonce":["zA9RLK9H4Zds2K_a4rWJTu7EgdGwssDJmD6ZaUpcKWM"],"Retry-After":["15"],"Server":["nginx"],"Status":[""],"Strict-Transport-Security":["max-age=15552000"]}}
Oct 25 19:54:27 custom-domains-staging-br-01 caddy[326595]: {"level":"debug","ts":1635191667.2728748,"logger":"tls.issuance.acme.acme_client","msg":"http request","method":"POST","url":"https://acme.zerossl.com/v2/DV90/order/q1DjDnv8t0SndgnF9XbLJA","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.4.2 CertMagic acmez (linux; amd64)"]},"status_code":200,"response_headers":{"Access-Control-Allow-Origin":["*"],"Cache-Control":["max-age=-1"],"Content-Length":["300"],"Content-Type":["application/json"],"Date":["Mon, 25 Oct 2021 19:54:27 GMT"],"Location":["https://acme.zerossl.com/v2/DV90/order/q1DjDnv8t0SndgnF9XbLJA"],"Replay-Nonce":["m8iQffKLQR0V3xr9QapqBqwThpZ0IiHXgqoT2GK9oOg"],"Retry-After":["15"],"Server":["nginx"],"Status":[""],"Strict-Transport-Security":["max-age=15552000"]}}
Oct 25 19:54:36 custom-domains-staging-br-01 caddy[326595]: {"level":"error","ts":1635191676.7675414,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"demofgiliotest20211025.publicala.me","issuer":"acme.zerossl.com-v2-DV90","error":"[demofgiliotest20211025.publicala.me] finalizing order https://acme.zerossl.com/v2/DV90/order/q1DjDnv8t0SndgnF9XbLJA: context deadline exceeded (ca=https://acme.zerossl.com/v2/DV90)"}
Oct 25 19:54:36 custom-domains-staging-br-01 caddy[326595]: {"level":"debug","ts":1635191676.7681208,"logger":"tls.obtain","msg":"trying issuer 2/2","issuer":"acme-v02.api.letsencrypt.org-directory"}
Oct 25 19:54:37 custom-domains-staging-br-01 caddy[326595]: {"level":"info","ts":1635191677.0064538,"logger":"tls.issuance.acme","msg":"waiting on internal rate limiter","identifiers":["demofgiliotest20211025.publicala.me"],"ca":"https://acme-v02.api.letsencrypt.org/directory","account":"fgilio@publica.la"}
Oct 25 19:54:37 custom-domains-staging-br-01 caddy[326595]: {"level":"error","ts":1635191677.006508,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"demofgiliotest20211025.publicala.me","issuer":"acme-v02.api.letsencrypt.org-directory","error":"context canceled"}
Oct 25 19:54:37 custom-domains-staging-br-01 caddy[326595]: {"level":"info","ts":1635191677.006521,"logger":"tls.obtain","msg":"releasing lock","identifier":"demofgiliotest20211025.publicala.me"}
Oct 25 19:54:37 custom-domains-staging-br-01 caddy[326595]: {"level":"debug","ts":1635191677.1253417,"logger":"http.stdlib","msg":"http: TLS handshake error from 190.245.59.70:55130: [demofgiliotest20211025.publicala.me] Obtain: context canceled"}
Oct 25 19:54:37 custom-domains-staging-br-01 caddy[326595]: {"level":"debug","ts":1635191677.5960405,"logger":"http.stdlib","msg":"http: TLS handshake error from 190.245.59.70:55137: no certificate available for 'demofgiliotest20211025.publicala.me'"}
Oct 25 19:55:05 custom-domains-staging-br-01 caddy[326595]: {"level":"info","ts":1635191705.225738,"logger":"tls.on_demand","msg":"obtaining new certificate","server_name":"demofgiliotest20211025.publicala.me"}
Oct 25 19:55:06 custom-domains-staging-br-01 caddy[326595]: {"level":"info","ts":1635191706.053277,"logger":"tls.obtain","msg":"acquiring lock","identifier":"demofgiliotest20211025.publicala.me"}
Oct 25 19:56:07 custom-domains-staging-br-01 caddy[326595]: {"level":"info","ts":1635191767.717552,"logger":"tls.obtain","msg":"lock acquired","identifier":"demofgiliotest20211025.publicala.me"}
Oct 25 19:56:08 custom-domains-staging-br-01 caddy[326595]: {"level":"debug","ts":1635191768.187909,"logger":"tls.obtain","msg":"trying issuer 1/2","issuer":"acme.zerossl.com-v2-DV90"}
Oct 25 19:56:08 custom-domains-staging-br-01 caddy[326595]: {"level":"info","ts":1635191768.4232187,"logger":"tls.issuance.acme","msg":"waiting on internal rate limiter","identifiers":["demofgiliotest20211025.publicala.me"],"ca":"https://acme.zerossl.com/v2/DV90","account":"fgilio@publica.la"}
Oct 25 19:56:08 custom-domains-staging-br-01 caddy[326595]: {"level":"info","ts":1635191768.423264,"logger":"tls.issuance.acme","msg":"done waiting on internal rate limiter","identifiers":["demofgiliotest20211025.publicala.me"],"ca":"https://acme.zerossl.com/v2/DV90","account":"fgilio@publica.la"}
Oct 25 19:56:09 custom-domains-staging-br-01 caddy[326595]: {"level":"debug","ts":1635191769.081165,"logger":"tls.issuance.acme.acme_client","msg":"http request","method":"HEAD","url":"https://acme.zerossl.com/v2/DV90/newNonce","headers":{"User-Agent":["Caddy/2.4.2 CertMagic acmez (linux; amd64)"]},"status_code":200,"response_headers":{"Access-Control-Allow-Origin":["*"],"Cache-Control":["max-age=-1"],"Content-Type":["application/octet-stream"],"Date":["Mon, 25 Oct 2021 19:56:09 GMT"],"Link":["<https://acme.zerossl.com/v2/DV90>;rel=\"index\""],"Replay-Nonce":["aUBEL5uDebF2_j8V7OWauOgISt025bl8xiknaomxmzk"],"Server":["nginx"],"Strict-Transport-Security":["max-age=15552000"]}}
Oct 25 19:56:09 custom-domains-staging-br-01 caddy[326595]: {"level":"debug","ts":1635191769.2536356,"logger":"tls.issuance.acme.acme_client","msg":"http request","method":"POST","url":"https://acme.zerossl.com/v2/DV90/newOrder","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.4.2 CertMagic acmez (linux; amd64)"]},"status_code":201,"response_headers":{"Access-Control-Allow-Origin":["*"],"Cache-Control":["max-age=0, no-cache, no-store","max-age=-1"],"Content-Length":["297"],"Content-Type":["application/json"],"Date":["Mon, 25 Oct 2021 19:56:09 GMT"],"Location":["https://acme.zerossl.com/v2/DV90/order/HR0WouyxpXxQa5CmqaqllQ"],"Replay-Nonce":["x3XpWbLQ7HVpUjhIe4uAAqY2QPdDGZCw9qXCuovoJAY"],"Server":["nginx"],"Status":[""],"Strict-Transport-Security":["max-age=15552000"]}}
Oct 25 19:56:09 custom-domains-staging-br-01 caddy[326595]: {"level":"debug","ts":1635191769.3988042,"logger":"tls.issuance.acme.acme_client","msg":"http request","method":"POST","url":"https://acme.zerossl.com/v2/DV90/authz/m-cOpAQ_GEtU7gfFHJq1Hw","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.4.2 CertMagic acmez (linux; amd64)"]},"status_code":200,"response_headers":{"Access-Control-Allow-Origin":["*"],"Cache-Control":["max-age=-1"],"Content-Length":["465"],"Content-Type":["application/json"],"Date":["Mon, 25 Oct 2021 19:56:09 GMT"],"Link":["<https://acme.zerossl.com/v2/DV90>;rel=\"index\""],"Replay-Nonce":["qeKkPlh2Gt5sMok6so3Ik4S_j1Fcob6zPvCSuIB6xfE"],"Retry-After":["5"],"Server":["nginx"],"Strict-Transport-Security":["max-age=15552000"]}}
Oct 25 19:56:09 custom-domains-staging-br-01 caddy[326595]: {"level":"debug","ts":1635191769.3989742,"logger":"tls.issuance.acme.acme_client","msg":"no solver configured","challenge_type":"dns-01"}
Oct 25 19:56:09 custom-domains-staging-br-01 caddy[326595]: {"level":"info","ts":1635191769.398987,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"demofgiliotest20211025.publicala.me","challenge_type":"http-01","ca":"https://acme.zerossl.com/v2/DV90"}
Oct 25 19:56:09 custom-domains-staging-br-01 caddy[326595]: {"level":"debug","ts":1635191769.7203524,"logger":"tls.issuance.acme.acme_client","msg":"http request","method":"POST","url":"https://acme.zerossl.com/v2/DV90/chall/0a-lCl-MMqXOXoZLmYcRgA","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.4.2 CertMagic acmez (linux; amd64)"]},"status_code":200,"response_headers":{"Access-Control-Allow-Origin":["*"],"Cache-Control":["max-age=-1"],"Content-Length":["164"],"Content-Type":["application/json"],"Date":["Mon, 25 Oct 2021 19:56:09 GMT"],"Link":["<https://acme.zerossl.com/v2/DV90>;rel=\"index\"","<https://acme.zerossl.com/v2/DV90/authz/m-cOpAQ_GEtU7gfFHJq1Hw>;rel=\"up\""],"Replay-Nonce":["nWiya1skWh5cU3ErXOHv_FSEx-oFq19mc8KnNBXpRUo"],"Retry-After":["10"],"Server":["nginx"],"Strict-Transport-Security":["max-age=15552000"]}}
Oct 25 19:56:09 custom-domains-staging-br-01 caddy[326595]: {"level":"debug","ts":1635191769.7204297,"logger":"tls.issuance.acme.acme_client","msg":"challenge accepted","identifier":"demofgiliotest20211025.publicala.me","challenge_type":"http-01"}
Oct 25 19:56:10 custom-domains-staging-br-01 caddy[326595]: {"level":"debug","ts":1635191770.1756642,"logger":"tls.issuance.acme.acme_client","msg":"http request","method":"POST","url":"https://acme.zerossl.com/v2/DV90/authz/m-cOpAQ_GEtU7gfFHJq1Hw","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.4.2 CertMagic acmez (linux; amd64)"]},"status_code":200,"response_headers":{"Access-Control-Allow-Origin":["*"],"Cache-Control":["max-age=-1"],"Content-Length":["335"],"Content-Type":["application/json"],"Date":["Mon, 25 Oct 2021 19:56:10 GMT"],"Link":["<https://acme.zerossl.com/v2/DV90>;rel=\"index\""],"Replay-Nonce":["vc83s2uVDcb6OYR1I_ZuPK-iorN9uRQ7QoDqPukgwqo"],"Retry-After":["5"],"Server":["nginx"],"Strict-Transport-Security":["max-age=15552000"]}}
Oct 25 19:56:10 custom-domains-staging-br-01 caddy[326595]: {"level":"info","ts":1635191770.2961998,"logger":"tls.issuance.acme.acme_client","msg":"validations succeeded; finalizing order","order":"https://acme.zerossl.com/v2/DV90/order/HR0WouyxpXxQa5CmqaqllQ"}
Oct 25 19:56:10 custom-domains-staging-br-01 caddy[326595]: {"level":"debug","ts":1635191770.5669835,"logger":"tls.issuance.acme.acme_client","msg":"http request","method":"POST","url":"https://acme.zerossl.com/v2/DV90/order/HR0WouyxpXxQa5CmqaqllQ/finalize","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.4.2 CertMagic acmez (linux; amd64)"]},"status_code":200,"response_headers":{"Access-Control-Allow-Origin":["*"],"Cache-Control":["max-age=-1"],"Content-Length":["300"],"Content-Type":["application/json"],"Date":["Mon, 25 Oct 2021 19:56:10 GMT"],"Location":["https://acme.zerossl.com/v2/DV90/order/HR0WouyxpXxQa5CmqaqllQ"],"Replay-Nonce":["iQybeRTqNuUGcLD_YyYlEklJ9aVDXUaa0wXlSkK_Ys4"],"Retry-After":["15"],"Server":["nginx"],"Status":[""],"Strict-Transport-Security":["max-age=15552000"]}}
^[Oct 25 19:56:25 custom-domains-staging-br-01 caddy[326595]: {"level":"debug","ts":1635191785.7490797,"logger":"tls.issuance.acme.acme_client","msg":"http request","method":"POST","url":"https://acme.zerossl.com/v2/DV90/order/HR0WouyxpXxQa5CmqaqllQ","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.4.2 CertMagic acmez (linux; amd64)"]},"status_code":200,"response_headers":{"Access-Control-Allow-Origin":["*"],"Cache-Control":["max-age=-1"],"Content-Length":["300"],"Content-Type":["application/json"],"Date":["Mon, 25 Oct 2021 19:56:25 GMT"],"Location":["https://acme.zerossl.com/v2/DV90/order/HR0WouyxpXxQa5CmqaqllQ"],"Replay-Nonce":["iSFMy-lDgwM3rH-lExumF6azYevHrzst8tfvzWvIBcI"],"Retry-After":["15"],"Server":["nginx"],"Status":[""],"Strict-Transport-Security":["max-age=15552000"]}}
Oct 25 19:56:35 custom-domains-staging-br-01 caddy[326595]: {"level":"error","ts":1635191795.2265968,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"demofgiliotest20211025.publicala.me","issuer":"acme.zerossl.com-v2-DV90","error":"[demofgiliotest20211025.publicala.me] finalizing order https://acme.zerossl.com/v2/DV90/order/HR0WouyxpXxQa5CmqaqllQ: context deadline exceeded (ca=https://acme.zerossl.com/v2/DV90)"}
Oct 25 19:56:35 custom-domains-staging-br-01 caddy[326595]: {"level":"debug","ts":1635191795.227279,"logger":"tls.obtain","msg":"trying issuer 2/2","issuer":"acme-v02.api.letsencrypt.org-directory"}
Oct 25 19:56:35 custom-domains-staging-br-01 caddy[326595]: {"level":"info","ts":1635191795.4636214,"logger":"tls.issuance.acme","msg":"waiting on internal rate limiter","identifiers":["demofgiliotest20211025.publicala.me"],"ca":"https://acme-v02.api.letsencrypt.org/directory","account":"fgilio@publica.la"}
Oct 25 19:56:35 custom-domains-staging-br-01 caddy[326595]: {"level":"error","ts":1635191795.4636722,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"demofgiliotest20211025.publicala.me","issuer":"acme-v02.api.letsencrypt.org-directory","error":"context canceled"}
Oct 25 19:56:35 custom-domains-staging-br-01 caddy[326595]: {"level":"info","ts":1635191795.4636865,"logger":"tls.obtain","msg":"releasing lock","identifier":"demofgiliotest20211025.publicala.me"}
Oct 25 19:56:35 custom-domains-staging-br-01 caddy[326595]: {"level":"debug","ts":1635191795.583506,"logger":"http.stdlib","msg":"http: TLS handshake error from 190.245.59.70:55143: [demofgiliotest20211025.publicala.me] Obtain: context canceled"}

I hope this helps, please let me know if you need more information.

+1
fgilio on Oct 25, 2021

Hi @francislavoie! No updates, this has not happened again. We’ll reopen and update in case it does happen again, and we’ll use the debug flag straight away.

+1
fgilio on Aug 23, 2021

Hi @mholt!

When you enable debug logs, what do they show?

Never did it. According to the docs it’s just a matter of adding debug to the caddyfile at the same level as the on_demand_tls or storage directives. I’m going to try this and let you know.

UPDATE: I tested the debug flag and can now see a ton more info. But the issue is no longer happening right now, I’ll keep this in mind for the next time something weird happens with our Caddy instances. I’m leaving the issue open in case the questions below can point us in any direction.

Edit: Also, it’s weird that it happens with both ZeroSSL and Let’s Encrypt, very different providers.

Yes, it’s very strange.

How many operations are taking place at the time?

What do you mean by “operations”? If it’s only certificates generation, then it’s usually about 1 to 4 per hour.

How are we sure that it’s not a hiccup in your network? Just trying to narrow down possibilities.

Good question, I’d love to give you a solid answer but I’ve no idea. These servers are 100% dedicated to Caddy, nothing else is running on them. And both servers usually stay below 10% CPU usage.

+1
fgilio on Aug 2, 2021
Read more comments on GitHub
← caddy: context canceled and 502
caddy: Could not start HTTPS server for challenge, bind: address already in use →