Can't revalidate my Let's Encrypt certificates Caddy

My domain is: naseweis.io

I ran this command: docker start caddy

It produced this output:

xcaddy   | {"level":"error","ts":1725197497.6123316,"logger":"http.acme_client","msg":"challenge failed","identifier":"naseweis.io","challenge_type":"tls-alpn-01","problem":{"type":"urn:ietf:params:acme:error:connection","title":"","detail":"217.160.224.25: Error getting validation data","instance":"","subproblems":[]}}
xcaddy   | {"level":"error","ts":1725197497.612376,"logger":"http.acme_client","msg":"validating authorization","identifier":"naseweis.io","problem":{"type":"urn:ietf:params:acme:error:connection","title":"","detail":"217.160.224.25: Error getting validation data","instance":"","subproblems":[]},"order":"https://acme-staging-v02.api.letsencrypt.org/acme/order/161610513/18796206673","attempt":2,"max_attempts":3}
xcaddy   | {"level":"error","ts":1725197497.61252,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"naseweis.io","issuer":"acme-v02.api.letsencrypt.org-directory","error":"HTTP 400 urn:ietf:params:acme:error:connection - 217.160.224.25: Error getting validation data"}

My web server is (include version): VPS Webserver

The operating system my web server runs on is (include version): Alma Linux 9.4

My hosting provider, if applicable, is: IONOS

I can login to a root shell on my machine (yes or no, or I don't know): YES

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): NO

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): Nothing of it using caddy

Help would be nice all my services are down.

The "No route to host" error points to a comms config problem. HTTP requests on port 80 fail to reach your server. This is likely a docker or other comms equipment setup problem.

The caddy community forum may be a better place for help. Having caddy inside a docker container will take special care to work well with your other servers.

You need to focus on the Let's Debug test failure. You could also try connecting from outside your local network. Even try a mobile phone with wifi disabled to use your carrier's public network. I can readily reproduce the connection failure and you should be able to as well.

curl http://naseweis.io
curl: (7) Failed to connect to naseweis.io port 80 after 106 ms: 
No route to host
4 Likes

Hi @naseweis,

This is what I see using sudo traceroute -T -p 80 naseweis.io

$ sudo traceroute -T -p 80  naseweis.io
traceroute to naseweis.io (217.160.224.25), 30 hops max, 60 byte packets
 1  192.168.1.1 (192.168.1.1)  0.270 ms  0.252 ms  0.243 ms
 2  100.93.173.194 (100.93.173.194)  11.770 ms  11.708 ms  11.750 ms
 3  po-330-351-rur201.beaverton.or.bverton.comcast.net (162.151.215.17)  11.687 ms po-330-352-rur202.beaverton.or.bverton.comcast.net (162.151.215.25)  6.864 ms  11.667 ms
 4  po-2-rur202.beaverton.or.bverton.comcast.net (24.124.129.106)  11.781 ms  11.772 ms  11.762 ms
 5  ae-69-ar01.troutdale.or.bverton.comcast.net (68.85.243.197)  13.226 ms  12.449 ms  12.439 ms
 6  ae5.bar4.por1.sp.lumen.tech (4.68.37.245)  23.002 ms  22.431 ms ae-69-ar01.troutdale.or.bverton.comcast.net (68.85.243.197)  11.840 ms
 7  ae2.3601.edge5.ber1.neo.colt.net (171.75.8.27)  184.136 ms  177.875 ms  168.701 ms
 8  ae2.3601.edge5.ber1.neo.colt.net (171.75.8.27)  168.680 ms  168.670 ms 212.162.9.98 (212.162.9.98)  167.633 ms
 9  lo-0-0.rc-a.rs.ber.de.net.ionos.com (212.227.117.204)  166.872 ms 212.162.9.98 (212.162.9.98)  169.864 ms  171.185 ms
10  212.227.120.165 (212.227.120.165)  171.975 ms lo-0-0.rc-a.rs.ber.de.net.ionos.com (212.227.117.204)  170.380 ms  170.530 ms
11  * * *
12  * * *
13  ip217-160-224-25.pbiaas.com (217.160.224.25)  166.027 ms !X  166.004 ms !X  174.309 ms !X

And with traceroute naseweis.io

$ traceroute naseweis.io
traceroute to naseweis.io (217.160.224.25), 30 hops max, 60 byte packets
 1  EdgeRouter-4 (192.168.1.1)  0.204 ms  0.257 ms  0.168 ms
 2  100.93.173.195 (100.93.173.195)  6.785 ms  6.767 ms 100.93.173.194 (100.93.173.194)  11.305 ms
 3  po-330-351-rur201.beaverton.or.bverton.comcast.net (162.151.215.17)  11.291 ms  11.278 ms  11.262 ms
 4  96.216.60.165 (96.216.60.165)  11.247 ms po-2-rur202.beaverton.or.bverton.comcast.net (24.124.129.106)  11.232 ms 96.216.60.165 (96.216.60.165)  11.219 ms
 5  ae-69-ar01.troutdale.or.bverton.comcast.net (68.85.243.197)  18.142 ms 96.216.60.165 (96.216.60.165)  11.190 ms  11.223 ms
 6  ae5.bar4.por1.sp.lumen.tech (4.68.37.245)  13.910 ms ae-69-ar01.troutdale.or.bverton.comcast.net (68.85.243.197)  17.762 ms  21.716 ms
 7  ae5.bar4.por1.sp.lumen.tech (4.68.37.245)  13.413 ms  9.414 ms  9.393 ms
 8  212.162.9.98 (212.162.9.98)  169.806 ms  169.782 ms  170.179 ms
 9  lo-0-0.rc-a.rs.ber.de.net.ionos.com (212.227.117.204)  171.177 ms 212.162.9.98 (212.162.9.98)  170.925 ms lo-0-0.rc-a.rs.ber.de.net.ionos.com (212.227.117.204)  169.621 ms
10  lo-0-0.rc-a.rs.ber.de.net.ionos.com (212.227.117.204)  170.898 ms 212.227.120.165 (212.227.120.165)  170.884 ms lo-0-0.rc-a.rs.ber.de.net.ionos.com (212.227.117.204)  171.441 ms
11  * * 212.227.120.165 (212.227.120.165)  171.664 ms
12  * * *
 . . .
30  * * *

I would check with IONOS on routing issues.

1 Like