Closed krezovic closed 3 years ago
Could it be a problem that I started two caddy2 replicas when the order was initially created?
Yes, that could be the problem, if they don't share the same storage. Caddy requires all instances to use the same storage backend to properly coordinate.
https://caddyserver.com/docs/automatic-https#storage
When using the Docker image, the default storage is the /data
directory.
I've scaled down replicas to 1 after I got the message the first time, but it still won't go away ... Any ideas how to proceed?
Well, the error is coming from your acme server, no? It doesn't actually sound like a problem with Caddy to me.
Caddy's ACME implementation is https://github.com/mholt/acmez if you wanted to dig around. @mholt may have more insight when he has a minute.
It's 99% unlikely to be a bug in Caddy or CertMagic or acmez. There's not nearly enough information here to reproduce the bug, unfortunately, and I'm almost certain it's a bug in some home-brewed ACME server implementation.
Thank you both for your input. We will contact our ACME team. I was just surprised that it works just fine with cert-manager, but not with caddy2 so I thought it to be a bug.
Best regards.
Keep us posted. Happy to reopen if it can be narrowed down as a bug in our stack somewhere. But with the limited information here so far, the only thing I can tell is different is the homebrewed acme server, so that's my current suspicion.
I've configured ACME in caddy2 running inside kubernetes and exposed both ports 80 and 443 on external load balancer. Hostname is configured to the load balancer IP, and we use in-house acme server (links are redacted) which seems to complete the order before caddy calls "complete order" endpoint.
Could it be a problem that I started two caddy2 replicas when the order was initially created?
The following is seen in the log:
I also found a similar bug in cert-manager, so not sure if they use same library:
https://github.com/jetstack/cert-manager/issues/2765
We're using caddy2 2.2.1.