Tutorial: Caddy (Reverse Proxy) + Let's Encrypt Certificates + Dynamic DNS

Started by Monviech (Cedrik), February 09, 2024, 01:31:44 PM

Previous topic - Next topic
Print
Go Down Pages 1 2 3 4 5 6 ... 18
User actions
June 03, 2024, 06:41:51 AM #45
I recently updated that section, its not live yet.

https://github.com/opnsense/docs/blob/master/source/manual/how-tos/caddy.rst#creating-a-simple-reverse-proxy

Also, the firewall rules as stated at the beginning of these docs are all that are needed.
Hardware:
DEC740
June 03, 2024, 06:54:52 AM #46
Thanks for the updated notes.

So, for the Upstream Domain in your notes:   192.168.10.1

Is this the IP of OPN you are using, or the ISP router IP?
June 03, 2024, 07:23:56 AM #47 Last Edit: June 03, 2024, 03:19:05 PM by Monviech
A reverse proxy works like this:

It is a webserver, that is the frontend part. You input your domains there, and it listens for these domain names.

At the same time it is also a client, like a browser. It needs to know where to send traffic to. This is the Upstream part, it will connect to an internal hosted service like a Nextcloud.

It combines both, to intercept all requests, and sending them to a different destination. Its a proxy from the internet to your internal services. (reverse proxy)

e.g.

nextcloud.example.com -> A Record points to external IP address (e.g. 1.1.1.1) of your OPNsenses WAN interface where Caddy listens.

1. Client (Your phone) tries to connect to --> example.com
2. It reaches the Opnsense, on which Caddy listens for the Domain nextcloud.example.com
3. Caddy then dials the Upstream (E.g. the internal IP address (192.168.1.1) of the Nextcloud in your private network behind the OPNsense)
4. The Nextcloud server receives the request from caddy, and sends it back to caddy, and caddy to your phone.

                      1.1.1.1          192.168.1.1
Phone Browser <-> Caddy <-> Nextcloud
Hardware:
DEC740
June 04, 2024, 01:47:50 PM #48
can i bind caddy on specific interface?

i have two wan interface and run nginx proxy on one. i want use caddy for the second, to test , but i see no options to bind caddy on a specific interface.
June 04, 2024, 02:30:03 PM #49 Last Edit: June 04, 2024, 02:52:18 PM by Monviech
Hello, there is no implementation for that in the GUI.

https://caddyserver.com/docs/caddyfile/directives/bind#syntax

It uses the standard wildcard interface. And it can only bind to a specific IP address, or hostname.

Since the directive "bind" does only accept "network addresses", including that is a little unreliable on a firewall (especially when the IP can vanish since its dynamic) I expect caddy to just crash then.

I mean potentially it could be there in global options, but I really don't know if I want to offer it. You could always create a custom configuration though in the import folders that includes this directive.

https://caddyserver.com/docs/caddyfile/options#default-bind

You can create these two files to override the interface globally for whole caddy:

Code Select
/usr/local/etc/caddy/caddy.d/defaultbind.global
Code Select
default_bind 1.1.1.1

Code Select
/usr/local/etc/caddy/caddy.d/defaultbind.conf
Code Select

http:// {
    bind 1.1.1.1
}


The http block is explained in the documentation about default_bind.

That will be imported into the Caddyfile and Caddy will bind globally to that IP. Now you can freely use the GUI to test out Caddy.
Hardware:
DEC740
June 04, 2024, 02:51:49 PM #50
nice , i will try.

then i have no conflicts with the nginx plugin , what used port 80/443 on the first wan port?
June 04, 2024, 02:53:48 PM #51
If nginx binds to e.g.:

1.1.1.1:80 and 1.1.1.1:443

And Caddy will bind to

1.1.1.2:80 and 1.1.1.2:443

there will be no socket overlap and no conflicts.
Hardware:
DEC740
June 04, 2024, 02:57:13 PM #52
i have it done, on first look, looks good.

but why are run caddy on root user? should it not www?

root     caddy      56705 8  tcp4   ip:443
June 04, 2024, 03:00:28 PM #53 Last Edit: June 04, 2024, 03:02:41 PM by Monviech
Ah yes, its possible but not easy. I wanted to implement it but I don't know what this kind of stuff will influence on the firewall.

It would have to use an /old/ subsystem in FreeBSD called "mac_portacl".

https://github.com/opnsense/core/issues/7419
https://github.com/opnsense/plugins/issues/3946
Hardware:
DEC740
June 14, 2024, 08:01:39 AM #54
Hello,

I have installed Caddy with LE, and have no issues with Opnsense access.

For some reason my Synology NAS worked fine for a while and then I am getting the error message.

This page isn't working nas.domain.com redirected you too many times.
Try deleting your cookies.
ERR_TOO_MANY_REDIRECTS.

Also I am not able. to setup reverse proxy for Portainer and Couchdb installed on docker in Synology NAS. I have used the same settings for all of the them. And only Opnsense is working for me.

Can someone help me to fix the issue and I can share more information if needed to understand the issue.

Thank you in advance.
June 14, 2024, 08:43:50 AM #55 Last Edit: June 14, 2024, 08:48:13 AM by Monviech
I think Synology has a forced redirect from port 80/443 to port 5000/5001 that has to be disabled to prevent a redirection loop.

https://forum.opnsense.org/index.php?topic=39942.msg195706#msg195706
Hardware:
DEC740
June 16, 2024, 12:06:28 AM #56
I tried changing the redirect for https tp port 4443, but still getting the same error.

This page isn't working synology.domain.com redirected you too many times.
Try deleting your cookies.
ERR_TOO_MANY_REDIRECTS
June 21, 2024, 11:04:16 PM #57
Because some questions have already arisen here regarding a Nextcloud installation behind an opnsense with reversproxy caddy plugin. A small guide:

1. Follow the Documentation of this great plugin of Monviech [do it exactly as described]
https://docs.opnsense.org/manual/how-tos/caddy.html#how-to-install
- 1. Installation
- 2. Prepare OPNsense for Caddy after installation

2. Create an A-Record with an external DNS Provider that points to the external IP Address of the OPNsense

3. Create a VM/SERVER/LXC/CONTAINER on your favorite hypervisor
- must be accessible from the opnsense via a static ip
- For example 192.168.10.1

4. Create a simple-reverse-proxy for nextcloud
https://docs.opnsense.org/manual/how-tos/caddy.html#creating-a-simple-reverse-proxy
For example:

[FRONTEND]
Domain: nextcloud.yourdomain.eu
Port: Leave empty to use port 443 with automatic redirection from port 80
Description: nextcloud.yourdomain.eu - frontend

[BACKEND]
Domain: nextcloud.yourdomain.eu
Description: nextcloud.yourdomain.eu - backend
Upstream Domain:192.168.10.1
Upstream Port: 11000 [IMPORTANT - you need to reach the apache web server in the nextcloud instance]

DONT FORGET TO APPLY

5. Run a shell in the VM/SERVER/LXC/CONTAINER and prepare the nextcloud installation

Code Select
sudo apt update && apt upgrade && apt-get install unattended-upgrades && apt install curl -y

curl -fsSL https://get.docker.com | sudo sh

docker version

mkdir /nextcloud

mkdir /mnt/data

6. Create a docker-compose.yml file for the nextcloud container

Quote

nano /nextcloud/docker-compose.yml

[PASTE]
services:
  nextcloud-aio-mastercontainer:
    image: nextcloud/all-in-one:latest
    init: true
    restart: always
    container_name: nextcloud-aio-mastercontainer
    volumes:
      - nextcloud_aio_mastercontainer:/mnt/docker-aio-config
      - /var/run/docker.sock:/var/run/docker.sock:ro
    ports:
      - 8080:8080   
    environment:
      AIO_DISABLE_BACKUP_SECTION: false
      APACHE_PORT: 11000
      APACHE_IP_BINDING: 0.0.0.0
      NEXTCLOUD_DATADIR: /mnt/data
      NEXTCLOUD_MOUNT: /mnt/
      NEXTCLOUD_UPLOAD_LIMIT: 20G
      NEXTCLOUD_MAX_TIME: 7200
      NEXTCLOUD_MEMORY_LIMIT: 4096M
      NEXTCLOUD_TRUSTED_CACERTS_DIR: /path/to/my/cacerts
      NEXTCLOUD_STARTUP_APPS: deck twofactor_totp tasks calendar contacts notes
      TALK_PORT: 3478
      WATCHTOWER_DOCKER_SOCKET_PATH: /var/run/docker.sock

volumes:
  nextcloud_aio_mastercontainer:
    name: nextcloud_aio_mastercontainer

7. Go to https://192.168.10.1:8080
- Login the AIO installer with pw seed
- Enter nextcloud.yourdomain.eu
- Follow the Nextcloud AIO installer as shown

8. Go to https://nextcloud.yourdomain.eu
- reverse proxy and ssl-cert via caddy plugin
- If you wish restrict access to only internal IPs
- https://scan.nextcloud.com
- https://www.ssllabs.com/ssltest/


For further reading: https://github.com/nextcloud/all-in-one
July 10, 2024, 02:15:09 PM #58 Last Edit: July 10, 2024, 02:18:53 PM by Monviech
Quote from: wirehire on June 04, 2024, 02:57:13 PM
i have it done, on first look, looks good.

but why are run caddy on root user? should it not www?

root     caddy      56705 8  tcp4   ip:443

Soon it can be enabled optionally to run as www user, with restriction to upper-ports.

https://github.com/opnsense/plugins/pull/4081

This means, you can run caddy on any upper ports, e.g. 8080 and 8443, and use the port forwarding of PF to bind port 80 and 443, using Port address translation to send them to 8080 and 8443.
Hardware:
DEC740
July 11, 2024, 10:20:42 AM #59 Last Edit: July 11, 2024, 11:26:02 AM by felixao
Hey, first of all: thank you for this plugin!

I switched from deSEC to Cloudflare and now I'm getting Error's and it stopped working. I configured Cloudflare's API as mentioned in the caddy docs (https://github.com/caddy-dns/cloudflare). It looked like an API problem, but the API is working correctly. Anyone an Idea what I'm missing here? Drives me crazy, because it worked fine through deSEC...

Code Select

2024-07-11T11:20:20 Debug caddy "debug","ts":"2024-07-11T09:20:20Z","logger":"tls.issuance.acme.acme_client","msg":"http request","method":"POST","url":"https://acme.zerossl.com/v2/DV90/authz/NPCUGkSt_wD2IWe237P8Ug","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.8.4 CertMagic acmez (freebsd; amd64)"]},"response_headers":{"Access-Control-Allow-Origin":["*"],"Cache-Control":["max-age=0, no-cache, no-store"],"Content-Length":["449"],"Content-Type":["application/json"],"Date":["Thu, 11 Jul 2024 09:20:20 GMT"],"Link":["<https://acme.zerossl.com/v2/DV90>;rel=\"index\""],"Replay-Nonce":["RFqgHTYGSgLDQn5zyQus3TlVAA0dV_AgfEfYCSqlEbE"],"Retry-After":["86400"],"Server":["nginx"],"Strict-Transport-Security":["max-age=15724800; includeSubDomains"]},"status_code":200}
2024-07-11T11:20:17 Debug caddy "debug","ts":"2024-07-11T09:20:17Z","logger":"tls.issuance.acme.acme_client","msg":"challenge accepted","identifier":"vault.domain.xyz","challenge_type":"http-01"}
2024-07-11T11:20:17 Debug caddy "debug","ts":"2024-07-11T09:20:17Z","logger":"tls.issuance.acme.acme_client","msg":"http request","method":"POST","url":"https://acme.zerossl.com/v2/DV90/chall/klxrvi7gfralxj_sO71jWg","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.8.4 CertMagic acmez (freebsd; amd64)"]},"response_headers":{"Access-Control-Allow-Origin":["*"],"Cache-Control":["max-age=0, no-cache, no-store"],"Content-Length":["164"],"Content-Type":["application/json"],"Date":["Thu, 11 Jul 2024 09:20:17 GMT"],"Link":["<https://acme.zerossl.com/v2/DV90/authz/NPCUGkSt_wD2IWe237P8Ug>;rel=\"up\""],"Replay-Nonce":["6E5wD7Bn28fzZFdRIhxY-kHq1V7Pib5lfX1hjTipyjI"],"Retry-After":["60"],"Server":["nginx"],"Strict-Transport-Security":["max-age=15724800; includeSubDomains"]},"status_code":200}
2024-07-11T11:20:15 Debug caddy "debug","ts":"2024-07-11T09:20:15Z","logger":"tls.issuance.acme.acme_client","msg":"done waiting for solver","identifier":"vault.domain.xyz","challenge_type":"http-01"}
2024-07-11T11:20:15 Debug caddy "debug","ts":"2024-07-11T09:20:15Z","logger":"tls.issuance.acme.acme_client","msg":"waiting for solver before continuing","identifier":"vault.domain.xyz","challenge_type":"http-01"}
2024-07-11T11:20:15 Informational caddy "info","ts":"2024-07-11T09:20:15Z","logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"vault.domain.xyz","challenge_type":"http-01","ca":"https://acme.zerossl.com/v2/DV90"}
2024-07-11T11:20:15 Debug caddy "debug","ts":"2024-07-11T09:20:15Z","logger":"tls.issuance.acme.acme_client","msg":"no solver configured","challenge_type":"dns-01"}
2024-07-11T11:20:15 Debug caddy "debug","ts":"2024-07-11T09:20:15Z","logger":"tls.issuance.acme.acme_client","msg":"http request","method":"POST","url":"https://acme.zerossl.com/v2/DV90/authz/NPCUGkSt_wD2IWe237P8Ug","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.8.4 CertMagic acmez (freebsd; amd64)"]},"response_headers":{"Access-Control-Allow-Origin":["*"],"Cache-Control":["max-age=0, no-cache, no-store"],"Content-Length":["449"],"Content-Type":["application/json"],"Date":["Thu, 11 Jul 2024 09:20:15 GMT"],"Link":["<https://acme.zerossl.com/v2/DV90>;rel=\"index\""],"Replay-Nonce":["mc4smWXSmABMoANYjQXXXzYPNBKrPnIS8Mg6fx_0J6Y"],"Retry-After":["86400"],"Server":["nginx"],"Strict-Transport-Security":["max-age=15724800; includeSubDomains"]},"status_code":200}
2024-07-11T11:20:12 Debug caddy "debug","ts":"2024-07-11T09:20:12Z","logger":"tls.issuance.acme.acme_client","msg":"http request","method":"POST","url":"https://acme.zerossl.com/v2/DV90/newOrder","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.8.4 CertMagic acmez (freebsd; amd64)"]},"response_headers":{"Access-Control-Allow-Origin":["*"],"Cache-Control":["max-age=0, no-cache, no-store"],"Content-Length":["278"],"Content-Type":["application/json"],"Date":["Thu, 11 Jul 2024 09:20:12 GMT"],"Location":["https://acme.zerossl.com/v2/DV90/order/ePdppdFxHGxCGbOdAvumEQ"],"Replay-Nonce":["N0RQNWJzpxpg9jw-t0w10AV1et-TIz90-K-awUNs-2A"],"Server":["nginx"],"Strict-Transport-Security":["max-age=15724800; includeSubDomains"]},"status_code":201}
2024-07-11T11:20:11 Debug caddy "debug","ts":"2024-07-11T09:20:11Z","logger":"tls.issuance.acme.acme_client","msg":"http request","method":"HEAD","url":"https://acme.zerossl.com/v2/DV90/newNonce","headers":{"User-Agent":["Caddy/2.8.4 CertMagic acmez (freebsd; amd64)"]},"response_headers":{"Access-Control-Allow-Origin":["*"],"Cache-Control":["max-age=0, no-cache, no-store"],"Content-Type":["application/octet-stream"],"Date":["Thu, 11 Jul 2024 09:20:11 GMT"],"Link":["<https://acme.zerossl.com/v2/DV90>;rel=\"index\""],"Replay-Nonce":["dubyvT4QrKuMzUWj3QzTladPHhmL43wwc9PWuhz7z4U"],"Server":["nginx"],"Strict-Transport-Security":["max-age=15724800; includeSubDomains"]},"status_code":200}
2024-07-11T11:20:10 Debug caddy "debug","ts":"2024-07-11T09:20:10Z","logger":"tls.issuance.acme.acme_client","msg":"creating order","account":"https://acme.zerossl.com/v2/DV90/account/zI17MJiuzZy2KCCeoxuxow","identifiers":["vault.domain.xyz"]}
2024-07-11T11:20:10 Debug caddy "debug","ts":"2024-07-11T09:20:10Z","logger":"tls.issuance.acme.acme_client","msg":"http request","method":"GET","url":"https://acme.zerossl.com/v2/DV90","headers":{"User-Agent":["Caddy/2.8.4 CertMagic acmez (freebsd; amd64)"]},"response_headers":{"Access-Control-Allow-Origin":["*"],"Content-Length":["645"],"Content-Type":["application/json"],"Date":["Thu, 11 Jul 2024 09:20:10 GMT"],"Server":["nginx"],"Strict-Transport-Security":["max-age=15724800; includeSubDomains"]},"status_code":200}
2024-07-11T11:20:10 Informational caddy "info","ts":"2024-07-11T09:20:10Z","logger":"tls.issuance.acme","msg":"using ACME account","account_id":"https://acme.zerossl.com/v2/DV90/account/zI17MJiuzZy2KCCeoxuxow","account_contact":["mailto:abc@abc.de"]}
2024-07-11T11:20:10 Informational caddy "info","ts":"2024-07-11T09:20:10Z","logger":"tls.issuance.acme","msg":"done waiting on internal rate limiter","identifiers":["vault.domain.xyz"],"ca":"https://acme.zerossl.com/v2/DV90","account":"abc@abc.de"}
2024-07-11T11:20:10 Informational caddy "info","ts":"2024-07-11T09:20:10Z","logger":"tls.issuance.acme","msg":"waiting on internal rate limiter","identifiers":["vault.domain.xyz"],"ca":"https://acme.zerossl.com/v2/DV90","account":"abc@abc.de"}
2024-07-11T11:20:10 Debug caddy "debug","ts":"2024-07-11T09:20:10Z","logger":"tls.obtain","msg":"trying issuer 2/2","issuer":"acme.zerossl.com-v2-DV90"}
2024-07-11T11:20:10 Error caddy "error","ts":"2024-07-11T09:20:10Z","logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"vault.domain.xyz","issuer":"acme-v02.api.letsencrypt.org-directory","error":"HTTP 403 urn:ietf:params:acme:error:unauthorized - Cannot negotiate ALPN protocol \"acme-tls/1\" for tls-alpn-01 challenge"}
2024-07-11T11:20:10 Error caddy "error","ts":"2024-07-11T09:20:10Z","logger":"tls.issuance.acme.acme_client","msg":"validating authorization","identifier":"vault.domain.xyz","problem":{"type":"urn:ietf:params:acme:error:unauthorized","title":"","detail":"Cannot negotiate ALPN protocol \"acme-tls/1\" for tls-alpn-01 challenge","instance":"","subproblems":[]},"order":"https://acme-v02.api.letsencrypt.org/acme/order/1830756237/286284483307","attempt":2,"max_attempts":3}
2024-07-11T11:20:10 Error caddy "error","ts":"2024-07-11T09:20:10Z","logger":"tls.issuance.acme.acme_client","msg":"challenge failed","identifier":"vault.domain.xyz","challenge_type":"tls-alpn-01","problem":{"type":"urn:ietf:params:acme:error:unauthorized","title":"","detail":"Cannot negotiate ALPN protocol \"acme-tls/1\" for tls-alpn-01 challenge","instance":"","subproblems":[]}}
2024-07-11T11:20:10 Debug caddy "debug","ts":"2024-07-11T09:20:10Z","logger":"tls.issuance.acme.acme_client","msg":"http request","method":"POST","url":"https://acme-v02.api.letsencrypt.org/acme/authz-v3/375540185137","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.8.4 CertMagic acmez (freebsd; amd64)"]},"response_headers":{"Boulder-Requester":["1830756237"],"Cache-Control":["public, max-age=0, no-cache"],"Content-Length":["979"],"Content-Type":["application/json"],"Date":["Thu, 11 Jul 2024 09:20:10 GMT"],"Link":["<https://acme-v02.api.letsencrypt.org/directory>;rel=\"index\""],"Replay-Nonce":["zgT1AlV-e62lhajWnK7NFktNLv_vxDvmyIHriusfwdEbgwDHJBI"],"Server":["nginx"],"Strict-Transport-Security":["max-age=604800"],"X-Frame-Options":["DENY"]},"status_code":200}
2024-07-11T11:20:10 Debug caddy "debug","ts":"2024-07-11T09:20:10Z","logger":"tls.issuance.acme.acme_client","msg":"challenge accepted","identifier":"vault.domain.xyz","challenge_type":"tls-alpn-01"}
2024-07-11T11:20:10 Debug caddy "debug","ts":"2024-07-11T09:20:10Z","logger":"tls.issuance.acme.acme_client","msg":"http request","method":"POST","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/375540185137/6dCOjw","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.8.4 CertMagic acmez (freebsd; amd64)"]},"response_headers":{"Boulder-Requester":["1830756237"],"Cache-Control":["public, max-age=0, no-cache"],"Content-Length":["191"],"Content-Type":["application/json"],"Date":["Thu, 11 Jul 2024 09:20:10 GMT"],"Link":["<https://acme-v02.api.letsencrypt.org/directory>;rel=\"index\"","<https://acme-v02.api.letsencrypt.org/acme/authz-v3/375540185137>;rel=\"up\""],"Location":["https://acme-v02.api.letsencrypt.org/acme/chall-v3/375540185137/6dCOjw"],"Replay-Nonce":["zgT1AlV-ZNjqD20ClwybZ8eDxXrUqmgEm1TZobqpM9QB218Jj-w"],"Server":["nginx"],"Strict-Transport-Security":["max-age=604800"],"X-Frame-Options":["DENY"]},"status_code":200}
2024-07-11T11:20:09 Error caddy "debug","ts":"2024-07-11T09:20:09Z","logger":"http.stdlib","msg":"http: TLS handshake error from 127.0.0.1:23624: EOF"}
2024-07-11T11:20:09 Debug caddy "debug","ts":"2024-07-11T09:20:09Z","logger":"tls.issuance.acme.acme_client","msg":"done waiting for solver","identifier":"vault.domain.xyz","challenge_type":"tls-alpn-01"}
2024-07-11T11:20:09 Debug caddy "debug","ts":"2024-07-11T09:20:09Z","logger":"tls.issuance.acme.acme_client","msg":"waiting for solver before continuing","identifier":"vault.domain.xyz","challenge_type":"tls-alpn-01"}
2024-07-11T11:20:09 Informational caddy "info","ts":"2024-07-11T09:20:09Z","logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"vault.domain.xyz","challenge_type":"tls-alpn-01","ca":"https://acme-v02.api.letsencrypt.org/directory"}
2024-07-11T11:20:09 Debug caddy "debug","ts":"2024-07-11T09:20:09Z","logger":"tls.issuance.acme.acme_client","msg":"no solver configured","challenge_type":"dns-01"}
2024-07-11T11:20:09 Debug caddy "debug","ts":"2024-07-11T09:20:09Z","logger":"tls.issuance.acme.acme_client","msg":"http request","method":"POST","url":"https://acme-v02.api.letsencrypt.org/acme/authz-v3/375540185137","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.8.4 CertMagic acmez (freebsd; amd64)"]},"response_headers":{"Boulder-Requester":["1830756237"],"Cache-Control":["public, max-age=0, no-cache"],"Content-Length":["800"],"Content-Type":["application/json"],"Date":["Thu, 11 Jul 2024 09:20:09 GMT"],"Link":["<https://acme-v02.api.letsencrypt.org/directory>;rel=\"index\""],"Replay-Nonce":["eFSVlf8U4xWcZeKJWc2ZPIjm64cHusyQhzX7_35gDM3LNRN3kJE"],"Server":["nginx"],"Strict-Transport-Security":["max-age=604800"],"X-Frame-Options":["DENY"]},"status_code":200}
2024-07-11T11:20:09 Debug caddy "debug","ts":"2024-07-11T09:20:09Z","logger":"tls.issuance.acme.acme_client","msg":"http request","method":"POST","url":"https://acme-v02.api.letsencrypt.org/acme/new-order","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.8.4 CertMagic acmez (freebsd; amd64)"]},"response_headers":{"Boulder-Requester":["1830756237"],"Cache-Control":["public, max-age=0, no-cache"],"Content-Length":["342"],"Content-Type":["application/json"],"Date":["Thu, 11 Jul 2024 09:20:09 GMT"],"Link":["<https://acme-v02.api.letsencrypt.org/directory>;rel=\"index\""],"Location":["https://acme-v02.api.letsencrypt.org/acme/order/1830756237/286284483307"],"Replay-Nonce":["zgT1AlV-BI6xmFywkTmeWStBmnzrHpVzGovRTMo3kXra6Adr0ak"],"Server":["nginx"],"Strict-Transport-Security":["max-age=604800"],"X-Frame-Options":["DENY"]},"status_code":201}
2024-07-11T11:20:09 Debug caddy "debug","ts":"2024-07-11T09:20:09Z","logger":"tls.issuance.acme.acme_client","msg":"creating order","account":"https://acme-v02.api.letsencrypt.org/acme/acct/1830756237","identifiers":["vault.domain.xyz"]}
2024-07-11T11:20:08 Error caddy "error","ts":"2024-07-11T09:20:08Z","logger":"tls.issuance.acme.acme_client","msg":"validating authorization","identifier":"vault.domain.xyz","problem":{"type":"urn:ietf:params:acme:error:unauthorized","title":"","detail":"2606:4700:3036::ac43:d41a: Invalid response from http://vault.domain.xyz/.well-known/acme-challenge/7l0JbJU_ZyHGmhvKl75evbljzzBgdrwE6H7OWNDGReo: 521","instance":"","subproblems":[]},"order":"https://acme-v02.api.letsencrypt.org/acme/order/1830756237/286284439187","attempt":1,"max_attempts":3}
2024-07-11T11:20:08 Error caddy "error","ts":"2024-07-11T09:20:08Z","logger":"tls.issuance.acme.acme_client","msg":"challenge failed","identifier":"vault.domain.xyz","challenge_type":"http-01","problem":{"type":"urn:ietf:params:acme:error:unauthorized","title":"","detail":"2606:4700:3036::ac43:d41a: Invalid response from http://vault.domain.xyz/.well-known/acme-challenge/7l0JbJU_ZyHGmhvKl75evbljzzBgdrwE6H7OWNDGReo: 521","instance":"","subproblems":[]}}
2024-07-11T11:20:08 Debug caddy "debug","ts":"2024-07-11T09:20:08Z","logger":"tls.issuance.acme.acme_client","msg":"http request","method":"POST","url":"https://acme-v02.api.letsencrypt.org/acme/authz-v3/375540126317","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.8.4 CertMagic acmez (freebsd; amd64)"]},"response_headers":{"Boulder-Requester":["1830756237"],"Cache-Control":["public, max-age=0, no-cache"],"Content-Length":["1166"],"Content-Type":["application/json"],"Date":["Thu, 11 Jul 2024 09:20:08 GMT"],"Link":["<https://acme-v02.api.letsencrypt.org/directory>;rel=\"index\""],"Replay-Nonce":["eFSVlf8U7eKR1AlXtU9lRLDgHnVy6EN2gqEZVm9KRytegcxucrg"],"Server":["nginx"],"Strict-Transport-Security":["max-age=604800"],"X-Frame-Options":["DENY"]},"status_code":200}
2024-07-11T11:20:08 Debug caddy "debug","ts":"2024-07-11T09:20:08Z","logger":"tls.issuance.acme.acme_client","msg":"http request","method":"POST","url":"https://acme-v02.api.letsencrypt.org/acme/authz-v3/375540126317","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.8.4 CertMagic acmez (freebsd; amd64)"]},"response_headers":{"Boulder-Requester":["1830756237"],"Cache-Control":["public, max-age=0, no-cache"],"Content-Length":["800"],"Content-Type":["application/json"],"Date":["Thu, 11 Jul 2024 09:20:08 GMT"],"Link":["<https://acme-v02.api.letsencrypt.org/directory>;rel=\"index\""],"Replay-Nonce":["zgT1AlV-euTwn1vhs0TH98VKYpMMKLgHg3M6TgZdhDenSu9HmYg"],"Server":["nginx"],"Strict-Transport-Security":["max-age=604800"],"X-Frame-Options":["DENY"]},"status_code":200}
2024-07-11T11:20:07 Debug caddy "debug","ts":"2024-07-11T09:20:07Z","logger":"tls.issuance.acme.acme_client","msg":"http request","method":"POST","url":"https://acme-v02.api.letsencrypt.org/acme/authz-v3/375540126317","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.8.4 CertMagic acmez (freebsd; amd64)"]},"response_headers":{"Boulder-Requester":["1830756237"],"Cache-Control":["public, max-age=0, no-cache"],"Content-Length":["800"],"Content-Type":["application/json"],"Date":["Thu, 11 Jul 2024 09:20:07 GMT"],"Link":["<https://acme-v02.api.letsencrypt.org/directory>;rel=\"index\""],"Replay-Nonce":["eFSVlf8UYhJhC44nClV9RV6nvIIzaK2DAjImU5JGJdz44gWUncU"],"Server":["nginx"],"Strict-Transport-Security":["max-age=604800"],"X-Frame-Options":["DENY"]},"status_code":200}
2024-07-11T11:20:07 Debug caddy "debug","ts":"2024-07-11T09:20:07Z","logger":"tls.issuance.acme.acme_client","msg":"http request","method":"POST","url":"https://acme-v02.api.letsencrypt.org/acme/authz-v3/375540126317","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.8.4 CertMagic acmez (freebsd; amd64)"]},"response_headers":{"Boulder-Requester":["1830756237"],"Cache-Control":["public, max-age=0, no-cache"],"Content-Length":["800"],"Content-Type":["application/json"],"Date":["Thu, 11 Jul 2024 09:20:07 GMT"],"Link":["<https://acme-v02.api.letsencrypt.org/directory>;rel=\"index\""],"Replay-Nonce":["eFSVlf8USQKy9NDO6JcHhf_MBteZI361LL4GYaDlA5z_9xyAuFM"],"Server":["nginx"],"Strict-Transport-Security":["max-age=604800"],"X-Frame-Options":["DENY"]},"status_code":200}
2024-07-11T11:20:06 Debug caddy "debug","ts":"2024-07-11T09:20:06Z","logger":"tls.issuance.acme.acme_client","msg":"http request","method":"POST","url":"https://acme-v02.api.letsencrypt.org/acme/authz-v3/375540126317","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.8.4 CertMagic acmez (freebsd; amd64)"]},"response_headers":{"Boulder-Requester":["1830756237"],"Cache-Control":["public, max-age=0, no-cache"],"Content-Length":["800"],"Content-Type":["application/json"],"Date":["Thu, 11 Jul 2024 09:20:06 GMT"],"Link":["<https://acme-v02.api.letsencrypt.org/directory>;rel=\"index\""],"Replay-Nonce":["eFSVlf8UxmzVHyJhwPe9eEQ6tvQV01TrVht81-oIAqP7mhai5OM"],"Server":["nginx"],"Strict-Transport-Security":["max-age=604800"],"X-Frame-Options":["DENY"]},"status_code":200}
2024-07-11T11:20:06 Debug caddy "debug","ts":"2024-07-11T09:20:06Z","logger":"tls.issuance.acme.acme_client","msg":"http request","method":"POST","url":"https://acme-v02.api.letsencrypt.org/acme/authz-v3/375540126317","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.8.4 CertMagic acmez (freebsd; amd64)"]},"response_headers":{"Boulder-Requester":["1830756237"],"Cache-Control":["public, max-age=0, no-cache"],"Content-Length":["800"],"Content-Type":["application/json"],"Date":["Thu, 11 Jul 2024 09:20:06 GMT"],"Link":["<https://acme-v02.api.letsencrypt.org/directory>;rel=\"index\""],"Replay-Nonce":["zgT1AlV-OJT-LyggcLxiAMMSFuyoLzmCBEOLBXPQxBeybPGmESo"],"Server":["nginx"],"Strict-Transport-Security":["max-age=604800"],"X-Frame-Options":["DENY"]},"status_code":200}
2024-07-11T11:20:06 Debug caddy "debug","ts":"2024-07-11T09:20:06Z","logger":"tls.issuance.acme.acme_client","msg":"http request","method":"POST","url":"https://acme-v02.api.letsencrypt.org/acme/authz-v3/375540126317","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.8.4 CertMagic acmez (freebsd; amd64)"]},"response_headers":{"Boulder-Requester":["1830756237"],"Cache-Control":["public, max-age=0, no-cache"],"Content-Length":["800"],"Content-Type":["application/json"],"Date":["Thu, 11 Jul 2024 09:20:05 GMT"],"Link":["<https://acme-v02.api.letsencrypt.org/directory>;rel=\"index\""],"Replay-Nonce":["eFSVlf8U6obW-QWTqVmyaxPKEVACLYUXFXFxCHYe-O4PAFHjYkY"],"Server":["nginx"],"Strict-Transport-Security":["max-age=604800"],"X-Frame-Options":["DENY"]},"status_code":200}
2024-07-11T11:20:05 Debug caddy "debug","ts":"2024-07-11T09:20:05Z","logger":"tls.issuance.acme.acme_client","msg":"http request","method":"POST","url":"https://acme-v02.api.letsencrypt.org/acme/authz-v3/375540126317","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.8.4 CertMagic acmez (freebsd; amd64)"]},"response_headers":{"Boulder-Requester":["1830756237"],"Cache-Control":["public, max-age=0, no-cache"],"Content-Length":["800"],"Content-Type":["application/json"],"Date":["Thu, 11 Jul 2024 09:20:05 GMT"],"Link":["<https://acme-v02.api.letsencrypt.org/directory>;rel=\"index\""],"Replay-Nonce":["eFSVlf8USJMpZQkltYIVjT5-CjgsbvQkBKO0KvsY626muUBfs6s"],"Server":["nginx"],"Strict-Transport-Security":["max-age=604800"],"X-Frame-Options":["DENY"]},"status_code":200}
2024-07-11T11:20:05 Informational caddy "info","ts":"2024-07-11T09:20:05Z","logger":"dynamic_dns","msg":"finished updating DNS","current_ips":["IPv4","IPv6"]}
2024-07-11T11:20:05 Error caddy "error","ts":"2024-07-11T09:20:05Z","logger":"dynamic_dns","msg":"failed setting DNS record(s) with new IP address(es)","zone":"vault.domain.xyz","error":"expected 1 zone, got 0 for vault.domain.xyz"}
2024-07-11T11:20:05 Debug caddy "debug","ts":"2024-07-11T09:20:05Z","logger":"tls.issuance.acme.acme_client","msg":"http request","method":"POST","url":"https://acme-v02.api.letsencrypt.org/acme/authz-v3/375540126317","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.8.4 CertMagic acmez (freebsd; amd64)"]},"response_headers":{"Boulder-Requester":["1830756237"],"Cache-Control":["public, max-age=0, no-cache"],"Content-Length":["800"],"Content-Type":["application/json"],"Date":["Thu, 11 Jul 2024 09:20:05 GMT"],"Link":["<https://acme-v02.api.letsencrypt.org/directory>;rel=\"index\""],"Replay-Nonce":["zgT1AlV-CvYAXwpXuF1shAoALOl7uw1a2tfIsDvEFPZQXx47cdY"],"Server":["nginx"],"Strict-Transport-Security":["max-age=604800"],"X-Frame-Options":["DENY"]},"status_code":200}
2024-07-11T11:20:04 Debug caddy "debug","ts":"2024-07-11T09:20:04Z","logger":"tls.issuance.acme.acme_client","msg":"http request","method":"POST","url":"https://acme-v02.api.letsencrypt.org/acme/authz-v3/375540126317","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.8.4 CertMagic acmez (freebsd; amd64)"]},"response_headers":{"Boulder-Requester":["1830756237"],"Cache-Control":["public, max-age=0, no-cache"],"Content-Length":["800"],"Content-Type":["application/json"],"Date":["Thu, 11 Jul 2024 09:20:04 GMT"],"Link":["<https://acme-v02.api.letsencrypt.org/directory>;rel=\"index\""],"Replay-Nonce":["eFSVlf8UY_XLOY2Bx8vljY4TUUxGIWBp6I1TPViNFndKjcC-4Ck"],"Server":["nginx"],"Strict-Transport-Security":["max-age=604800"],"X-Frame-Options":["DENY"]},"status_code":200}
2024-07-11T11:20:04 Debug caddy "debug","ts":"2024-07-11T09:20:04Z","logger":"tls.issuance.acme.acme_client","msg":"http request","method":"POST","url":"https://acme-v02.api.letsencrypt.org/acme/authz-v3/375540126317","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.8.4 CertMagic acmez (freebsd; amd64)"]},"response_headers":{"Boulder-Requester":["1830756237"],"Cache-Control":["public, max-age=0, no-cache"],"Content-Length":["800"],"Content-Type":["application/json"],"Date":["Thu, 11 Jul 2024 09:20:04 GMT"],"Link":["<https://acme-v02.api.letsencrypt.org/directory>;rel=\"index\""],"Replay-Nonce":["zgT1AlV-LYsOEdE5lzwAGFIFauFJxas65qd56rV33pJfPFQIves"],"Server":["nginx"],"Strict-Transport-Security":["max-age=604800"],"X-Frame-Options":["DENY"]},"status_code":200}
2024-07-11T11:20:03 Debug caddy "debug","ts":"2024-07-11T09:20:03Z","logger":"tls.issuance.acme.acme_client","msg":"http request","method":"POST","url":"https://acme-v02.api.letsencrypt.org/acme/authz-v3/375540126317","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.8.4 CertMagic acmez (freebsd; amd64)"]},"response_headers":{"Boulder-Requester":["1830756237"],"Cache-Control":["public, max-age=0, no-cache"],"Content-Length":["800"],"Content-Type":["application/json"],"Date":["Thu, 11 Jul 2024 09:20:03 GMT"],"Link":["<https://acme-v02.api.letsencrypt.org/directory>;rel=\"index\""],"Replay-Nonce":["zgT1AlV-xLtdkY8POAtrKQ9a4t3v_xHSQNG3UhG6BnZnfADaK1M"],"Server":["nginx"],"Strict-Transport-Security":["max-age=604800"],"X-Frame-Options":["DENY"]},"status_code":200}
2024-07-11T11:20:03 Informational caddy "info","ts":"2024-07-11T09:20:03Z","logger":"dynamic_dns","msg":"updating DNS record","zone":"vault.domain.xyz","type":"AAAA","name":"@","value":"IPv6","ttl":0}
2024-07-11T11:20:03 Informational caddy "info","ts":"2024-07-11T09:20:03Z","logger":"dynamic_dns","msg":"updating DNS record","zone":"vault.domain.xyz","type":"A","name":"@","value":"IPv4","ttl":0}
2024-07-11T11:20:03 Debug caddy "debug","ts":"2024-07-11T09:20:03Z","logger":"dynamic_dns.ip_sources.simple_http","msg":"lookup","type":"IPv6","endpoint":"https://api64.ipify.org","ip":"IPv6"}
2024-07-11T11:20:03 Debug caddy "debug","ts":"2024-07-11T09:20:03Z","logger":"tls.issuance.acme.acme_client","msg":"http request","method":"POST","url":"https://acme-v02.api.letsencrypt.org/acme/authz-v3/375540126317","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.8.4 CertMagic acmez (freebsd; amd64)"]},"response_headers":{"Boulder-Requester":["1830756237"],"Cache-Control":["public, max-age=0, no-cache"],"Content-Length":["800"],"Content-Type":["application/json"],"Date":["Thu, 11 Jul 2024 09:20:03 GMT"],"Link":["<https://acme-v02.api.letsencrypt.org/directory>;rel=\"index\""],"Replay-Nonce":["eFSVlf8Ush8AvtRobCEsVGwqCUm2GexI1Hp2bWusYFHkTRgjsuw"],"Server":["nginx"],"Strict-Transport-Security":["max-age=604800"],"X-Frame-Options":["DENY"]},"status_code":200}
2024-07-11T11:20:03 Debug caddy "debug","ts":"2024-07-11T09:20:03Z","logger":"tls.issuance.acme.acme_client","msg":"http request","method":"POST","url":"https://acme-v02.api.letsencrypt.org/acme/authz-v3/375540126317","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.8.4 CertMagic acmez (freebsd; amd64)"]},"response_headers":{"Boulder-Requester":["1830756237"],"Cache-Control":["public, max-age=0, no-cache"],"Content-Length":["800"],"Content-Type":["application/json"],"Date":["Thu, 11 Jul 2024 09:20:02 GMT"],"Link":["<https://acme-v02.api.letsencrypt.org/directory>;rel=\"index\""],"Replay-Nonce":["zgT1AlV-8ayFaFcJYlewB8vBEfzHuzQBzzf2uB0mGWAAgIX_qRY"],"Server":["nginx"],"Strict-Transport-Security":["max-age=604800"],"X-Frame-Options":["DENY"]},"status_code":200}
2024-07-11T11:20:03 Debug caddy "debug","ts":"2024-07-11T09:20:03Z","logger":"dynamic_dns.ip_sources.simple_http","msg":"lookup","type":"IPv4","endpoint":"https://api64.ipify.org","ip":"IPv4"}
2024-07-11T11:20:02 Debug caddy "debug","ts":"2024-07-11T09:20:02Z","logger":"tls.issuance.acme.acme_client","msg":"http request","method":"POST","url":"https://acme-v02.api.letsencrypt.org/acme/authz-v3/375540126317","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.8.4 CertMagic acmez (freebsd; amd64)"]},"response_headers":{"Boulder-Requester":["1830756237"],"Cache-Control":["public, max-age=0, no-cache"],"Content-Length":["800"],"Content-Type":["application/json"],"Date":["Thu, 11 Jul 2024 09:20:02 GMT"],"Link":["<https://acme-v02.api.letsencrypt.org/directory>;rel=\"index\""],"Replay-Nonce":["zgT1AlV-iPhTWKwNrOl_pJclv7FEUfeIEqzZ5H_5hZ7OHWz4RbI"],"Server":["nginx"],"Strict-Transport-Security":["max-age=604800"],"X-Frame-Options":["DENY"]},"status_code":200}
2024-07-11T11:20:02 Debug caddy "debug","ts":"2024-07-11T09:20:02Z","logger":"dynamic_dns","msg":"looked up current IPs from DNS","lastIPs":null}
2024-07-11T11:20:02 Error caddy "error","ts":"2024-07-11T09:20:02Z","logger":"dynamic_dns","msg":"unable to lookup current IPs from DNS records","error":"expected 1 zone, got 0 for vault.domain.xyz"}
2024-07-11T11:20:02 Debug caddy "debug","ts":"2024-07-11T09:20:02Z","logger":"tls.issuance.acme.acme_client","msg":"challenge accepted","identifier":"vault.domain.xyz","challenge_type":"http-01"}
2024-07-11T11:20:02 Debug caddy "debug","ts":"2024-07-11T09:20:02Z","logger":"tls.issuance.acme.acme_client","msg":"http request","method":"POST","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/375540126317/1Lewag","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.8.4 CertMagic acmez (freebsd; amd64)"]},"response_headers":{"Boulder-Requester":["1830756237"],"Cache-Control":["public, max-age=0, no-cache"],"Content-Length":["187"],"Content-Type":["application/json"],"Date":["Thu, 11 Jul 2024 09:20:02 GMT"],"Link":["<https://acme-v02.api.letsencrypt.org/directory>;rel=\"index\"","<https://acme-v02.api.letsencrypt.org/acme/authz-v3/375540126317>;rel=\"up\""],"Location":["https://acme-v02.api.letsencrypt.org/acme/chall-v3/375540126317/1Lewag"],"Replay-Nonce":["eFSVlf8UyZXdEZd8mwkJB6yFDyoZ-wVUZbRYH-OsfEukg-tTT9I"],"Server":["nginx"],"Strict-Transport-Security":["max-age=604800"],"X-Frame-Options":["DENY"]},"status_code":200}
2024-07-11T11:20:02 Debug caddy "debug","ts":"2024-07-11T09:20:02Z","logger":"tls.issuance.acme.acme_client","msg":"done waiting for solver","identifier":"vault.domain.xyz","challenge_type":"http-01"}
2024-07-11T11:20:02 Debug caddy "debug","ts":"2024-07-11T09:20:02Z","logger":"tls.issuance.acme.acme_client","msg":"waiting for solver before continuing","identifier":"vault.domain.xyz","challenge_type":"http-01"}
2024-07-11T11:20:02 Informational caddy "info","ts":"2024-07-11T09:20:02Z","logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"vault.domain.xyz","challenge_type":"http-01","ca":"https://acme-v02.api.letsencrypt.org/directory"}
2024-07-11T11:20:02 Debug caddy "debug","ts":"2024-07-11T09:20:02Z","logger":"tls.issuance.acme.acme_client","msg":"http request","method":"POST","url":"https://acme-v02.api.letsencrypt.org/acme/authz-v3/375540126317","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.8.4 CertMagic acmez (freebsd; amd64)"]},"response_headers":{"Boulder-Requester":["1830756237"],"Cache-Control":["public, max-age=0, no-cache"],"Content-Length":["800"],"Content-Type":["application/json"],"Date":["Thu, 11 Jul 2024 09:20:01 GMT"],"Link":["<https://acme-v02.api.letsencrypt.org/directory>;rel=\"index\""],"Replay-Nonce":["eFSVlf8UnTzZAxtF3xpZJCTUeU2Ps5MRqmWxZClrlIGYYwpLiyI"],"Server":["nginx"],"Strict-Transport-Security":["max-age=604800"],"X-Frame-Options":["DENY"]},"status_code":200}
2024-07-11T11:20:01 Debug caddy "debug","ts":"2024-07-11T09:20:01Z","logger":"tls.issuance.acme.acme_client","msg":"http request","method":"POST","url":"https://acme-v02.api.letsencrypt.org/acme/new-order","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.8.4 CertMagic acmez (freebsd; amd64)"]},"response_headers":{"Boulder-Requester":["1830756237"],"Cache-Control":["public, max-age=0, no-cache"],"Content-Length":["342"],"Content-Type":["application/json"],"Date":["Thu, 11 Jul 2024 09:20:01 GMT"],"Link":["<https://acme-v02.api.letsencrypt.org/directory>;rel=\"index\""],"Location":["https://acme-v02.api.letsencrypt.org/acme/order/1830756237/286284439187"],"Replay-Nonce":["eFSVlf8UgxC3Ov5ci2luZFH8tZxr_XJq2m-T3zKw4ZccQBsd0PI"],"Server":["nginx"],"Strict-Transport-Security":["max-age=604800"],"X-Frame-Options":["DENY"]},"status_code":201}
2024-07-11T11:20:01 Debug caddy "debug","ts":"2024-07-11T09:20:01Z","logger":"tls.issuance.acme.acme_client","msg":"http request","method":"HEAD","url":"https://acme-v02.api.letsencrypt.org/acme/new-nonce","headers":{"User-Agent":["Caddy/2.8.4 CertMagic acmez (freebsd; amd64)"]},"response_headers":{"Cache-Control":["public, max-age=0, no-cache"],"Date":["Thu, 11 Jul 2024 09:20:01 GMT"],"Link":["<https://acme-v02.api.letsencrypt.org/directory>;rel=\"index\""],"Replay-Nonce":["eFSVlf8UldoMJHBdgupStVclatMJ6jwCSZ6H_08oajcJghaPbxY"],"Server":["nginx"],"Strict-Transport-Security":["max-age=604800"],"X-Frame-Options":["DENY"]},"status_code":200}
2024-07-11T11:20:01 Debug caddy "debug","ts":"2024-07-11T09:20:01Z","logger":"tls.issuance.acme.acme_client","msg":"creating order","account":"https://acme-v02.api.letsencrypt.org/acme/acct/1830756237","identifiers":["vault.domain.xyz"]}
2024-07-11T11:20:01 Debug caddy "debug","ts":"2024-07-11T09:20:01Z","logger":"tls.issuance.acme.acme_client","msg":"http request","method":"GET","url":"https://acme-v02.api.letsencrypt.org/directory","headers":{"User-Agent":["Caddy/2.8.4 CertMagic acmez (freebsd; amd64)"]},"response_headers":{"Cache-Control":["public, max-age=0, no-cache"],"Content-Length":["746"],"Content-Type":["application/json"],"Date":["Thu, 11 Jul 2024 09:20:01 GMT"],"Server":["nginx"],"Strict-Transport-Security":["max-age=604800"],"X-Frame-Options":["DENY"]},"status_code":200}
2024-07-11T11:20:00 Informational caddy "info","ts":"2024-07-11T09:20:00Z","logger":"tls.issuance.acme","msg":"using ACME account","account_id":"https://acme-v02.api.letsencrypt.org/acme/acct/1830756237","account_contact":["mailto:abc@abc.de"]}
2024-07-11T11:20:00 Informational caddy "info","ts":"2024-07-11T09:20:00Z","logger":"tls.issuance.acme","msg":"done waiting on internal rate limiter","identifiers":["vault.domain.xyz"],"ca":"https://acme-v02.api.letsencrypt.org/directory","account":"abc@abc.de"}
2024-07-11T11:20:00 Informational caddy "info","ts":"2024-07-11T09:20:00Z","logger":"tls.issuance.acme","msg":"waiting on internal rate limiter","identifiers":["vault.domain.xyz"],"ca":"https://acme-v02.api.letsencrypt.org/directory","account":"abc@abc.de"}
2024-07-11T11:20:00 Debug caddy "debug","ts":"2024-07-11T09:20:00Z","logger":"tls.obtain","msg":"trying issuer 1/2","issuer":"acme-v02.api.letsencrypt.org-directory"}
2024-07-11T11:20:00 Debug caddy "debug","ts":"2024-07-11T09:20:00Z","logger":"events","msg":"event","name":"cert_obtaining","id":"a3ed979c-3d86-499c-92ad-5ae7deba6b1e","origin":"tls","data":{"identifier":"vault.domain.xyz"}}
2024-07-11T11:20:00 Informational caddy "info","ts":"2024-07-11T09:20:00Z","logger":"tls.obtain","msg":"obtaining certificate","identifier":"vault.domain.xyz"}
2024-07-11T11:20:00 Informational caddy "info","ts":"2024-07-11T09:20:00Z","logger":"tls.obtain","msg":"lock acquired","identifier":"vault.domain.xyz"}
2024-07-11T11:20:00 Informational caddy "info","ts":"2024-07-11T09:20:00Z","logger":"tls","msg":"finished cleaning storage units"}
2024-07-11T11:20:00 Informational caddy "info","ts":"2024-07-11T09:20:00Z","logger":"tls","msg":"storage cleaning happened too recently; skipping for now","storage":"FileStorage:/var/db/caddy/data/caddy","instance":"68f4b45b-f584-42d9-bafa-99c122f2bda3","try_again":"2024-07-12T09:20:00Z","try_again_in":86399.999997449}
2024-07-11T11:20:00 Informational caddy "info","ts":"2024-07-11T09:20:00Z","logger":"tls.obtain","msg":"acquiring lock","identifier":"vault.domain.xyz"}
2024-07-11T11:20:00 Informational caddy "info","ts":"2024-07-11T09:20:00Z","msg":"serving initial configuration"}
2024-07-11T11:20:00 Informational caddy "info","ts":"2024-07-11T09:20:00Z","msg":"autosaved config (load with --resume flag)","file":"/var/db/caddy/config/caddy/autosave.json"}
2024-07-11T11:20:00 Informational caddy "info","ts":"2024-07-11T09:20:00Z","logger":"http","msg":"enabling automatic TLS certificate management","domains":["vault.domain.xyz"]}
2024-07-11T11:20:00 Informational caddy "info","ts":"2024-07-11T09:20:00Z","logger":"http.log","msg":"server running","name":"remaining_auto_https_redirects","protocols":["h1","h2","h3"]}
2024-07-11T11:20:00 Debug caddy "debug","ts":"2024-07-11T09:20:00Z","logger":"http","msg":"starting server loop","address":"[::]:80","tls":false,"http3":false}
2024-07-11T11:20:00 Informational caddy "info","ts":"2024-07-11T09:20:00Z","logger":"http.log","msg":"server running","name":"srv0","protocols":["h1","h2","h3"]}
2024-07-11T11:20:00 Debug caddy "debug","ts":"2024-07-11T09:20:00Z","logger":"http","msg":"starting server loop","address":"[::]:443","tls":true,"http3":true}
2024-07-11T11:20:00 Debug caddy "debug","ts":"2024-07-11T09:20:00Z","logger":"dynamic_dns","msg":"beginning IP address check"}
2024-07-11T11:20:00 Informational caddy "info","ts":"2024-07-11T09:20:00Z","logger":"http","msg":"enabling HTTP/3 listener","addr":":443"}
2024-07-11T11:20:00 Debug caddy "debug","ts":"2024-07-11T09:20:00Z","logger":"http.auto_https","msg":"adjusted config","tls":{"automation":{"policies":[{"subjects":["vault.domain.xyz"]},{}]}},"http":{"grace_period":10000000000,"servers":{"remaining_auto_https_redirects":{"listen":[":80"],"routes":[{},{}]},"srv0":{"listen":[":443"],"routes":[{"handle":[{"handler":"subroute","routes":[{"handle":[{"handler":"subroute","routes":[{"handle":[{"handler":"reverse_proxy","upstreams":[{"dial":"192.168.178.6:8000"}]}]}]}]}]}],"terminal":true}],"tls_connection_policies":[{}],"automatic_https":{}}}}}
2024-07-11T11:20:00 Informational caddy "info","ts":"2024-07-11T09:20:00Z","logger":"http.auto_https","msg":"enabling automatic HTTP->HTTPS redirects","server_name":"srv0"}
2024-07-11T11:20:00 Informational caddy "info","ts":"2024-07-11T09:20:00Z","logger":"http.auto_https","msg":"server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS","server_name":"srv0","https_port":443}
2024-07-11T11:20:00 Informational caddy "info","ts":"2024-07-11T09:20:00Z","logger":"tls.cache.maintenance","msg":"started background certificate maintenance","cache":"0x870981180"}
2024-07-11T11:20:00 Informational caddy "info","ts":"2024-07-11T09:20:00Z","logger":"admin","msg":"admin endpoint started","address":"unix//var/run/caddy/caddy.sock","enforce_origin":false,"origins":["","//127.0.0.1","//::1"]}
   


Caddy-Config:
Code Select

# Global Options
{
log {
output net unixgram//var/caddy/var/run/log {
}
format json {
time_format rfc3339
}
level DEBUG
}

dynamic_dns {
provider cloudflare API-Token
domains {
vault.domain.xyz @
}
}

email abc@abc.com
grace_period 10s
import /usr/local/etc/caddy/caddy.d/*.global
}

# Reverse Proxy Configuration


# Reverse Proxy Domain: "8e333c2b-cff5-465f-b899-d89f446438c5"
vault.domain.xyz {
handle {
reverse_proxy 192.168.178.6:8000 {
}
}
}

import /usr/local/etc/caddy/caddy.d/*.conf


Thanks in advance, hope its not a totally dumb mistake  ::) ;D
Print
Go Up Pages 1 2 3 4 5 6 ... 18
User actions