My domain is:
mattiebit.space
I ran this command:
caddy
sudo caddy
It produced this output:
https://mattiebit.space/ is being proxied by Cloudflare now, so TLS-ALPN won’t work.
Caddy also supports DNS validation with Cloudflare, so you could switch to that.
https://caddyserver.com/docs/tls.dns.cloudflare
HTTP validation would probably also work, but I’m not sure if Caddy supports that.
If your site will always be proxied by Cloudflare, you could instead stop using Let’s Encrypt and start using Cloudflare’s Origin CA.
Yeah, putting Cloudflare (“with the orange cloud” enabled) or any CDN in a similar fashion in front of your site will break the TLS-ALPN challenge, so renewals will fail with that in Caddy 0.11.5.
Caddy 0.11.5 has a known bug from an upstream dependency, go-acme/lego, which does not try the other challenge types (such as HTTP) even though they are enabled - which was introduced in a change that had like a quarter million lines updated so it went unnoticed in a review, but the bug report is still open. The latest version of Caddy (v1.0.1) works around this limitation and now the latest Caddy again has the most robust, reliable ACME challenge implementation of any server: it randomizes challenge selection among enabled challenges, and will retry if one fails. (It used to do this but that was when lego was working correctly.)
In any case, you should upgrade your Caddy version to benefit from this. Once the rate limit expires, you can get a certificate. To be absolutely correct, though, should also disable the TLS-ALPN challenge since it will not work behind Cloudflare anyway: https://caddyserver.com/docs/cli#disable-tls-alpn-challenge
Thank you, i will try with the solutions provided.
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.
