Challenge fails with Caddy 2.7.5

Hi,

I'm having trouble with the ACME challenge with Caddy. Don't know what I messed up, I suspect this might be because I tried using certbot + nginx first to register a certificate before switching to Caddy. As required here's the form info.

My domain is: prod.codereckons.fr

I ran this command: # caddy run --config Caddyfile

It produced this output:

root@reckons-prod /e/caddy# caddy run --config Caddyfile
2023/12/01 11:03:31.169	INFO	using provided configuration	{"config_file": "Caddyfile", "config_adapter": ""}
2023/12/01 11:03:31.170	INFO	admin	admin endpoint started	{"address": "unix//run/caddy/admin.socket", "enforce_origin": false, "origins": ["//127.0.0.1", "//::1", ""]}
2023/12/01 11:03:31.170	INFO	http.auto_https	server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS	{"server_name": "srv0", "https_port": 443}
2023/12/01 11:03:31.170	INFO	http.auto_https	enabling automatic HTTP->HTTPS redirects	{"server_name": "srv0"}
2023/12/01 11:03:31.170	INFO	tls.cache.maintenance	started background certificate maintenance	{"cache": "0xc0005f1900"}
2023/12/01 11:03:31.170	INFO	http	enabling HTTP/3 listener	{"addr": ":443"}
2023/12/01 11:03:31.170	INFO	tls	cleaning storage unit	{"description": "FileStorage:/root/.local/share/caddy"}
2023/12/01 11:03:31.170	INFO	tls	finished cleaning storage units
2023/12/01 11:03:31.170	INFO	http.log	server running	{"name": "srv0", "protocols": ["h1", "h2", "h3"]}
2023/12/01 11:03:31.170	INFO	http.log	server running	{"name": "remaining_auto_https_redirects", "protocols": ["h1", "h2", "h3"]}
2023/12/01 11:03:31.170	INFO	http	enabling automatic TLS certificate management	{"domains": ["prod.codereckons.fr"]}
2023/12/01 11:03:31.171	INFO	autosaved config (load with --resume flag)	{"file": "/root/.local/share/caddy/autosave.json"}
2023/12/01 11:03:31.171	INFO	serving initial configuration
2023/12/01 11:03:31.171	INFO	tls.obtain	acquiring lock	{"identifier": "prod.codereckons.fr"}
2023/12/01 11:03:31.176	INFO	tls.obtain	lock acquired	{"identifier": "prod.codereckons.fr"}
2023/12/01 11:03:31.176	INFO	tls.obtain	obtaining certificate	{"identifier": "prod.codereckons.fr"}
2023/12/01 11:03:31.176	INFO	tls.issuance.acme	waiting on internal rate limiter	{"identifiers": ["prod.codereckons.fr"], "ca": "https://acme-v02.api.letsencrypt.org/directory", "account": "jpenuchot@codereckons.com"}
2023/12/01 11:03:31.176	INFO	tls.issuance.acme	done waiting on internal rate limiter	{"identifiers": ["prod.codereckons.fr"], "ca": "https://acme-v02.api.letsencrypt.org/directory", "account": "jpenuchot@codereckons.com"}
2023/12/01 11:03:31.910	ERROR	tls.obtain	could not get certificate from issuer	{"identifier": "prod.codereckons.fr", "issuer": "acme-v02.api.letsencrypt.org-directory", "error": "HTTP 429 urn:ietf:params:acme:error:rateLimited - Error creating new order :: too many failed authorizations recently: see https://letsencrypt.org/docs/failed-validation-limit/"}
2023/12/01 11:03:31.910	INFO	tls.issuance.zerossl	waiting on internal rate limiter	{"identifiers": ["prod.codereckons.fr"], "ca": "https://acme.zerossl.com/v2/DV90", "account": "jpenuchot@codereckons.com"}
2023/12/01 11:03:31.910	INFO	tls.issuance.zerossl	done waiting on internal rate limiter	{"identifiers": ["prod.codereckons.fr"], "ca": "https://acme.zerossl.com/v2/DV90", "account": "jpenuchot@codereckons.com"}
2023/12/01 11:03:54.860	INFO	tls.issuance.zerossl.acme_client	trying to solve challenge	{"identifier": "prod.codereckons.fr", "challenge_type": "http-01", "ca": "https://acme.zerossl.com/v2/DV90"}
2023/12/01 11:04:25.807	ERROR	tls.issuance.zerossl.acme_client	challenge failed	{"identifier": "prod.codereckons.fr", "challenge_type": "http-01", "problem": {"type": "", "title": "", "detail": "", "instance": "", "subproblems": []}}
2023/12/01 11:04:25.807	ERROR	tls.issuance.zerossl.acme_client	validating authorization	{"identifier": "prod.codereckons.fr", "problem": {"type": "", "title": "", "detail": "", "instance": "", "subproblems": []}, "order": "https://acme.zerossl.com/v2/DV90/order/-tWp2bbE-En1ZzbWvxsVfg", "attempt": 1, "max_attempts": 3}
2023/12/01 11:04:25.807	ERROR	tls.obtain	could not get certificate from issuer	{"identifier": "prod.codereckons.fr", "issuer": "acme.zerossl.com-v2-DV90", "error": "HTTP 0  - "}
2023/12/01 11:04:25.807	ERROR	tls.obtain	will retry	{"error": "[prod.codereckons.fr] Obtain: [prod.codereckons.fr] solving challenge: prod.codereckons.fr: [prod.codereckons.fr] authorization failed: HTTP 0  -  (ca=https://acme.zerossl.com/v2/DV90)", "attempt": 1, "retrying_in": 60, "elapsed": 54.631177251, "max_duration": 2592000}

My web server is (include version): Caddy 2.7.5

The operating system my web server runs on is (include version): Arch Linux

My hosting provider, if applicable, is: Self-hosted

I can login to a root shell on my machine (yes or no, or I don't know): Yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): No

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): N/A

Since Caddy is trying to get a cert from ZeroSSL, seems a better support channel would be either the Caddy forum or whatever channels ZeroSSL offers.

Oh! That's right. Thanks for your answer

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.