search

caddyserver / caddy

Fast and extensible multi-platform HTTP/1-2-3 web server with automatic HTTPS
https://caddyserver.com
Apache License 2.0
58.4k stars 4.04k forks source link

use netmaker build caddy fail error info `could not get certificate from issuer` and `validating authorization` #5399

Closed baerwang closed 1 year ago

baerwang commented 1 year ago

use huaweicloud Ubuntu

lsb_release -a version info

Distributor ID: Ubuntu
Description:    Ubuntu 22.04.1 LTS
Release:    22.04
Codename:   jammy

caddyfile file

{
        # ZeroSSL account
        acme_ca https://acme.zerossl.com/v2/DV90
        email x@example.com
}

# Dashboard
https://dashboard.x.cool {
        # Apply basic security headers
        header {
                # Enable cross origin access to *.x.cool
                Access-Control-Allow-Origin *.x.cool
                # Enable HTTP Strict Transport Security (HSTS)
                Strict-Transport-Security "max-age=31536000;"
                # Enable cross-site filter (XSS) and tell browser to block detected attacks
                X-XSS-Protection "1; mode=block"
                # Disallow the site to be rendered within a frame on a foreign domain (clickjacking protection)
                X-Frame-Options "SAMEORIGIN"
                # Prevent search engines from indexing
                X-Robots-Tag "none"
                # Remove the server name
                -Server
        }

        reverse_proxy http://netmaker-ui
}

# API
https://api.x.cool {
        reverse_proxy http://netmaker:8081
}

# MQ
wss://broker.x.cool {
        reverse_proxy ws://mq:8883
}

error info

{"level":"error","ts":1677401585.7128282,"logger":"http.acme_client","msg":"challenge failed","identifier":"dashboard.xx,"challenge_type":"http-01","problem":{"type":"","title":"","detail":"","instance":"","subproblems":[]}}
{"level":"error","ts":1677401585.71285,"logger":"http.acme_client","msg":"validating authorization","identifier":"dashboard.xx","problem":{"type":"","title":"","detail":"","instance":"","subproblems":[]},"order":"https://acme.zerossl.com/v2/DV90/order/Pgqm-sLOlsYjHjt-rbVBHw","attempt":1,"max_attempts":3}
{"level":"error","ts":1677401585.712869,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"dashboard.xx","issuer":"acme.zerossl.com-v2-DV90","error":"HTTP 0  - "}
{"level":"error","ts":1677401585.7129052,"logger":"tls.obtain","msg":"will retry","error":"[dashboard.xx] Obtain: [dashboard.xx] solving challenge: dashboard.xx: [dashboard.xx] authorization failed: HTTP 0  -  (ca=https://acme.zerossl.com/v2/DV90)","attempt":1,"retrying_in":60,"elapsed":31.781516803,"max_duration":2592000}
francislavoie commented 1 year ago

I'm not seeing anything obviously wrong with your setup.

You'll probably need to reach out to ZeroSSL support. The error you showed doesn't make any sense, it looks like you got empty messages from them.

baerwang commented 1 year ago

Can caddy use its own certificate file? @francislavoie

baerwang commented 1 year ago

I'm not familiar with these yet, I'm a new person

mholt commented 1 year ago

Is x.cool your actual domain name? The error doesn't look like something Caddy would produce, so maybe ZeroSSL had a glitch. Try again and if it still happens, contact their support.