Caddy: Certificate error: One or more domains had a problem

Thanks for the report! Which version did you upgrade from? And do you know if there was any space after the problem: at the end of the log output?

I'm having the same problem with Caddy version 0.10.13 and the Gandi v5 dns provider. There is no output after problem: except for a newline. I have another server that is running 0.10.11 and had no problem obtaining certificates using the same method for that server and same domain name. Maybe switching to the leg acmev2 branch has introduced this problem? I did not get a chance to try 0.10.12. Is there a way to download previous versions including the plugins?

$ GANDIV5_API_KEY=redacted /usr/local/bin/caddy -log stdout -agree=true -conf=/etc/caddy/Caddyfile -ca=https://acme-staging-v02.api.letsencrypt.org/directory
Activating privacy features... 2018/04/19 05:57:39 [INFO] acme: Registering account for [email protected]
2018/04/19 05:57:40 [INFO][redacted.com] acme: Obtaining bundled SAN certificate
2018/04/19 05:57:40 [INFO][redacted.com] AuthURL: https://acme-staging-v02.api.letsencrypt.org/acme/authz/<>
2018/04/19 05:57:40 [INFO][redacted.com] acme: Could not find solver for: http-01
2018/04/19 05:57:40 [INFO][redacted.com] acme: Trying to solve DNS-01
Gandi DNS: DNS Record Created
2018/04/19 05:57:41 [INFO][redacted.com] Checking DNS record propagation using [8.8.8.8:53]
2018/04/19 05:57:47 [INFO][redacted.com] The server validated our request
Gandi DNS: Zone record deleted
2018/04/19 05:57:48 [INFO][redacted.com] acme: Validations succeeded; requesting certificates
2018/04/19 05:57:49 [INFO][redacted.com] Server responded with a certificate.
2018/04/19 05:57:49 [redacted.com] failed to obtain certificate: acme: Error -> One or more domains had a problem:

$ caddy -version
Caddy 0.10.13 (non-commercial use only)

I am facing similar issues:

Caddyfile:

my.domain {
    proxy / localhost:3000
}

Trying to start caddy:

# /usr/local/bin/caddy -log stdout -agree=true -conf=/etc/caddy/Caddyfile -root=/var/tmp
Activating privacy features... 

Your sites will be served over HTTPS automatically using Let's Encrypt.
By continuing, you agree to the Let's Encrypt Subscriber Agreement at:
  https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf
Please enter your email address to signify agreement and to be notified
in case of issues. You can leave it blank, but we don't recommend it.
  Email address: xxxxxxxxxxxxxxxxx           
2018/04/19 08:44:05 [INFO] acme: Registering account for xxxxxxxxxxxxxxxxx
2018/04/19 08:44:06 [INFO][my.domain] acme: Obtaining bundled SAN certificate
2018/04/19 08:44:07 [INFO][my.domain] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz/H2MuqHMGUtKUm0qpUj3ARnnz8x_XD0jCH39WaDWanf8
2018/04/19 08:44:07 [INFO][my.domain] acme: Could not find solver for: dns-01
2018/04/19 08:44:07 [INFO][my.domain] acme: Trying to solve HTTP-01
2018/04/19 08:44:07 [INFO][my.domain] Served key authentication
2018/04/19 08:44:12 [INFO][my.domain] The server validated our request
2018/04/19 08:44:12 [INFO][my.domain] acme: Validations succeeded; requesting certificates
2018/04/19 08:44:13 [INFO][my.domain] Server responded with a certificate.
2018/04/19 08:44:13 [my.domain] failed to obtain certificate: acme: Error -> One or more domains had a problem:
# caddy -version
Caddy 0.10.13 (non-commercial use only)

@mholt I upgraded from 0.10.11. There was no space after problem:.

In case it helps, the custom built binary I was using can be found here: https://cdn.filiosoft.com/artifacts/caddy/caddy-0.10.13

I'm experiencing the same problem using 0.10.13 and the Cloudflare DNS provider.

root@donnager /var/www ~ sudo CLOUDFLARE_EMAIL=redacted CLOUDFLARE_API_KEY=redacted -H -u www-data /usr/local/bin/caddy -agree -email redacted -pidfile=/var/run/caddy/caddy.pid
Activating privacy features... 2018/04/19 14:21:31 [redacted] failed to obtain certificate: acme: Error -> One or more domains had a problem:
root@donnager /var/www ~ caddy -version
Caddy 0.10.13 (non-commercial use only)

Using 0.10.3 works fine though (the only oder binary I still had lying around).

So all of you are having this trouble with 0.10.13 but upgraded from a version _older_ than 0.10.12? I ask, because 0.10.12 is the first version to use the ACMEv2 endpoint, which means Caddy must get all new certificates, even if it is not yet time to renew. That is one reason why older versions of Caddy are probably working better for you.

Can you all tell me if there are non-empty certificates in the tree at ~/.caddy/acme/acmev2-.../sites? (If there are certificates there, you can specify them manually for now as a workaround, using the tls directive. They won't auto-renew and there won't be any auto-HTTP->HTTPS redirects - you'll have to configure that yourself--but it's something to get you going.)

Also, when testing, until we can fix the bug, use the staging endpoint: -ca https://acme-staging-v02.api.letsencrypt.org/directory - to ensure you don't hit rate limits.

There is an empty folder ~/.caddy/acme/acme-v02.api.letsencrypt.org/sites/status.filiosoft.com. I downgraded to 0.10.12 which worked.

If I go from 0.10.12 to 0.10.13 would it possible work?

upgraded from a version older than 0.10.12

@mholt I received the error on a completely fresh installation, so caddy was never used on that server before.
~/.caddy/acme/acme-v02.api.letsencrypt.org/sites exists, but is completely empty.

what we are doing this problem????

I have the same error, but i updated from version 0.10.12:

Apr 19 21:09:22 cos7-main caddy: Activating privacy features... 2018/04/19 21:09:22 [INFO][www.my-domain.com] acme: Obtaining bundled SAN certificate
Apr 19 21:09:23 cos7-main caddy: 2018/04/19 21:09:23 [INFO][www.my-domain.com] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz/xxxxxxxxxxxxxxxxxxxx
Apr 19 21:09:23 cos7-main caddy: 2018/04/19 21:09:23 [INFO][www.my-domain.com] acme: Trying to solve DNS-01
Apr 19 21:09:24 cos7-main caddy: 2018/04/19 21:09:24 [INFO][www.my-domain.com] Checking DNS record propagation using [9.9.9.9:53 8.8.8.8:53]
Apr 19 21:09:38 cos7-main caddy: 2018/04/19 21:09:38 [INFO][www.my-domain.com] The server validated our request
Apr 19 21:09:39 cos7-main caddy: 2018/04/19 21:09:39 [INFO][www.my-domain.com] acme: Validations succeeded; requesting certificates
Apr 19 21:09:40 cos7-main caddy: 2018/04/19 21:09:40 [INFO][www.my-domain.com] Server responded with a certificate.
Apr 19 21:09:40 cos7-main caddy: 2018/04/19 21:09:40 [www.my-domain.com] failed to obtain certificate: acme: Error -> One or more domains had a problem:
Apr 19 21:09:40 cos7-main systemd: caddy.service: main process exited, code=exited, status=1/FAILURE

I have a final group project due in one of my classes soon that I am working on today, but I'm going to try to reproduce this bug ASAP.

Okay, just reproduced it during lunch break, and identified the cause. Geez, it's subtle. Fix is coming soon.

Pushed a fix: https://github.com/xenolf/lego/commit/fad2257e11ae4ff31ed03739386873aa405dec2d

Updating vendor and committing new release shortly.

I can confirm that 0.10.14 fixes the issue! Thanks!

I have updated to 0.10.14 and I still appear to be experiencing this bug. I'm running Ubuntu 16.04.4 LTS on Linode.

Apr 19 21:07:03 caprice systemd[1]: Reloaded Caddy HTTP/2 web server.
Apr 19 21:07:04 caprice caddy[3358]: 2018/04/19 21:07:04 [INFO][example.com] acme: Obtaining bundled SAN certificate
Apr 19 21:07:04 caprice caddy[3358]: 2018/04/19 21:07:04 [INFO][example.com] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz/xxxxx
Apr 19 21:07:04 caprice caddy[3358]: 2018/04/19 21:07:04 [INFO][example.com] acme: Authorization already valid; skipping challenge
Apr 19 21:07:04 caprice caddy[3358]: 2018/04/19 21:07:04 [INFO][example.com] acme: Validations succeeded; requesting certificates
Apr 19 21:07:05 caprice caddy[3358]: 2018/04/19 21:07:05 [INFO][example.com] Server responded with a certificate.
Apr 19 21:07:05 caprice caddy[3358]: 2018/04/19 21:07:05 [ERROR] SIGUSR1: [example.com] failed to obtain certificate: acme: Error -> One or more domains had a problem:
nelson@caprice:/srv/example.com$ caddy --version
Caddy 0.10.14 (non-commercial use only)

I can also confirm that 0.10.14 is working for me, thanks!

@skyfaller It's _got_ to be something with your installation (you're the only one still experiencing the issue) -- I guarantee that what systemd is running must not be the same as what you ran on the command line. Get rid of systemd and try again. :wink:

My bad, you were right. When I ran caddy on the command line, everything worked fine. (Then I ran it through systemd again, and I was rate limited. So I copied over the certificate from my home directory and then it worked fine in systemd.) Sorry for complaining both here and on the forum!

No problem, thanks for figuring it out!

caddy --version
Caddy v1.0.3 (h1:i9gRhBgvc5ifchwWtSe7pDpsdS9+Q0Rw9oYQmYUTw1w=)

caddy.service - Caddy HTTP/2 web server
Loaded: loaded (/etc/systemd/system/caddy.service; enabled; vendor preset: enabled)
Active: active (running) since Sat 2019-09-21 00:40:07 EDT; 20s ago
Docs: https://caddyserver.com/docs
Main PID: 1276 (caddy)
CGroup: /system.slice/caddy.service
└─1276 /usr/local/bin/caddy -log stdout -agree=true -conf=/etc/caddy/Caddyfile -root=/var/tmp

Sep 21 00:40:24 tiny caddy[1276]: 2019/09/21 00:40:24 [ERROR][xx.xx.xx] failed to obtain certificate: acme: Error -> One or more domains had a problem:
Sep 21 00:40:24 tiny caddy[1276]: [xx.xx.xx] [xx.xx.xx] acme: error presenting token: presenting with standard provider server: could not start HTTPS server for chall
Sep 21 00:40:24 tiny caddy[1276]: (attempt 2/3; challenge=tls-alpn-01)
Sep 21 00:40:25 tiny caddy[1276]: 2019/09/21 00:40:25 [INFO] [xx.xx.xx] acme: Obtaining bundled SAN certificate
Sep 21 00:40:26 tiny caddy[1276]: 2019/09/21 00:40:26 [INFO] [xx.xx.xx] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/435955722
Sep 21 00:40:26 tiny caddy[1276]: 2019/09/21 00:40:26 [INFO] [xx.xx.xx] acme: use tls-alpn-01 solver
Sep 21 00:40:26 tiny caddy[1276]: 2019/09/21 00:40:26 [INFO] [xx.xx.xx] acme: Trying to solve TLS-ALPN-01
Sep 21 00:40:27 tiny caddy[1276]: 2019/09/21 00:40:27 [ERROR][xx.xx.xx] failed to obtain certificate: acme: Error -> One or more domains had a problem:
Sep 21 00:40:27 tiny caddy[1276]: [xx.xx.xx] [xx.xx.xx] acme: error presenting token: presenting with standard provider server: could not start HTTPS server for chall
Sep 21 00:40:27 tiny caddy[1276]: (attempt 3/3; challenge=tls-alpn-01)

systemctl failed. but if I run /usr/local/bin/caddy -log stdout -agree=true -conf=/etc/caddy/Caddyfile -root=/var/tmp as root its ok

fresh installation on debian 9