Caddy web server - Error message with more then one domain


I am trying to register in this example two different domains with Caddy docker to letsencrypt an receiving this error message:

2017/10/27 19:11:52 [tls] failed to get certificate: acme: Error 400 - urn:acme:error:malformed - Error creating new authz :: DNS name does not have enough labels

What is the iddue? Can you help me please?

If I am doing it with only one domain it is working …

this is the Caddyfile {
proxy /
basicauth / homer redacted
} {
   proxy / {

Hi @Homer-S,

Sorry, I don’t use Caddy server nor Docker so I won’t be able to help you but Caddy developer @mholt is a member of this community so he could take a look to your issue.

Also, I’ve changed your title post to reflect that you are using Caddy web server so it could bring the attention to other community members just in case they use Caddy.

Note: First I thought your problem was the lack of A/AAAA records for your 2 subdomains and so I thought you were using the DNS challenge but checking seems a dynamic domain provided by twodns company and I can’t see Caddy supports this DNS provider. Then, checking issued certs for I can see some issued certs for ebooks.[your_user_name] and nextcloud.[your_user_name] What I mean is, always provide your real domains or you could get erroneus answers based on the wrong provided information.

I hope someone can help you to solve this issue.

Good luck.

Well, the issue is that the client is trying to get a certificate for a name with no dots in it, like "com" or "example" or "localhost".

I don't know why, though. I don't use Caddy, either.

Do you have an idea? Do you have names like that in the Caddy configuration? Or could it be something with Caddy's automatic certificate generation?

You pasted the basic auth password! :scream: You need to change it to something else.

1 Like

Hey @Homer-S,

I edited your post to remove the basic auth password, and hid the past edits to the post (mine, and the earlier topic change).

However, we can’t change the past, and this thread has at the very least already been indexed by Google, so you still need to change it.

If that was a random example password, I apologize for the fuss. :sweat:

1 Like

Thanks for editing it was a test pass but I missed it to delete …
I will remember the point with real domain.

Good information with matt, I thought it is a letsencrypt issue so I changed the forum :slight_smile:

This error is caused because the Caddyfile is malformed (the whole Caddyfile wasn’t pasted into the OP).


hi @Homer-S

You are in luck as I have actually set this kind of thing up for someone last week

Proxying to a Tomcat Backend Server (with an internal DNS name and not allowing management urls (hostmanager manager)

Proxying to an IP based backend

Connects to the backed on port 80
Uses HTTP protocol (not HTTPS)
Round Robin load balancing {

proxy / http://IP:80 {
policy round_robin


Proxying to a Tomcat Backend with FQDN

Management URLs excluded
redirection of HTTP to HTTPS
using HTTPS to connect to the backend
Ignoring cert errors (backed servers using self signed certs) {
redir {uri}

https://domain .xyz{
proxy / https://internal_fqdn:8080 {
policy round_robin
except /host-manager /manager

Thanks for putting the tech stack in the header :smiley:


there is also a forum for caddy where @mholt has helped me out a few times :smiley:


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.