search

abiosoft / caddy-docker

Docker container for Caddy
https://hub.docker.com/r/abiosoft/caddy/
MIT License
768 stars 315 forks source link

"Cannot negotiate ALPN protocol" when run simple docker #192

Closed naviat closed 5 years ago

naviat commented 5 years ago

1. Which caddy docker version?

2. What are you trying to do?

I trying to run a simple caddy docker and get the https for my domain blogdemo.haidv.online

Run this docker on EC2 with Elastic IP (this IP already configured with domain blogdemo.haidv.online)

docker run -d --name caddy -p 80:80 -p 443:443 -v $(pwd)/Caddyfile:/etc/Caddyfile abiosoft/caddy

3. What is your Caddyfile?

My Caddyfile:

blogdemo.haidv.online

4. What did you see instead (give full error messages and/or log)?

Log from docker:

Activating privacy features... 2019/05/29 04:19:55 [INFO][cache:0xc000032730] Started certificate maintenance routine

Your sites will be served over HTTPS automatically using Let's Encrypt.
By continuing, you agree to the Let's Encrypt Subscriber Agreement at:
  https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf
Please enter your email address to signify agreement and to be notified
in case of issues. You can leave it blank, but we don't recommend it.
  Email address: 2019/05/29 04:19:56 [INFO] [blogdemo.haidv.online] acme: Obtaining bundled SAN certificate
2019/05/29 04:19:57 [INFO] [blogdemo.haidv.online] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz/aIZJm_RG6J7cR7CN5PZV8KjIT6jNZImVSogh1nfjnfQ
2019/05/29 04:19:57 [INFO] [blogdemo.haidv.online] acme: use tls-alpn-01 solver
2019/05/29 04:19:57 [INFO] [blogdemo.haidv.online] acme: Trying to solve TLS-ALPN-01
2019/05/29 04:19:58 [INFO] Unable to deactivated authorizations: https://acme-v02.api.letsencrypt.org/acme/authz/aIZJm_RG6J7cR7CN5PZV8KjIT6jNZImVSogh1nfjnfQ
2019/05/29 04:19:58 [blogdemo.haidv.online] failed to obtain certificate: acme: Error -> One or more domains had a problem:
[blogdemo.haidv.online] acme: error: 403 :: urn:ietf:params:acme:error:unauthorized :: Cannot negotiate ALPN protocol "acme-tls/1" for tls-alpn-01 challenge, url:
exit status 1

I hope it can be as simple as I need.

Thanks

naviat commented 5 years ago

Update: My domain served by Cloudflare with Full(strict) SSL

naviat commented 5 years ago

@abiosoft Can you please help me?

naviat commented 5 years ago

After investigating, the issue is gone away. There are my steps:

  1. Pause Cloudflare for my domain.
  2. Rerun caddy for domain
  3. After checking the docker logs and sure that the certificate is ok => enable Cloudflare for domain