Caddy: Unable to Renew Certificates

Created on 21 Apr 2020 · 1Comment · Source: caddyserver/caddy

1. What version of Caddy are you using (caddy -version)?

1.03

2. What are you trying to do?

Start caddy. Caddy is trying to renew a certificate that is expiring soon, and errors out.

3. What is your entire Caddyfile?

(add_logging) {
  log / /var/log/access.log "{remote} - {user} [{when}] \"{method} {uri} {proto}\" {status} {size} \"{>Referer}\" \"{>User-Agent}\" {hostonly}"
  errors /var/log/error.log {
    * /srv/forbidden.html
    rotate_size 50
    rotate_age 30
    rotate_keep 15
    rotate_compress
  }
}

host1.domain.com{
  import add_logging
  tls self-signed
  proxy / https://192.168.1.10:8443 {
    websocket
    insecure_skip_verify
    transparent
  }
  header / {
    Referrer-Policy "same-origin"
    Referrer ""
  }
}

4. How did you run Caddy (give the full command and describe the execution environment)?

Caddy is running in a docker container. Here is the entry point in the container:
/bin/parent,caddy '--conf' '/etc/Caddyfile' '--log' 'stdout' '--agree=$ACME_AGREE'

5. Please paste any relevant HTTP request(s) here.

n/a

6. What did you expect to see?

Success messages from certificate renewal. I have been running this config on Caddy for over 6 months, so certificates have previously been renewed.

7. What did you see instead (give full error messages and/or log)?

Activating privacy features... 2020/04/21 06:47:05 [INFO][cache:0xc0001b66e0] Started certificate maintenance routine
2020/04/21 06:47:05 [WARNING] Stapling OCSP: invalid: OCSP response for [host1.domain.com] valid after certificate expiration (-96h48m29s)
2020/04/21 06:47:05 [INFO] Certificate for [host1.domain.com] expires in 9h24m25.11071204s; attempting renewal
2020/04/21 06:47:06 [INFO] acme: Registering account for self-signed
2020/04/21 06:47:06 [ERROR] Making new certificate manager: registration error: acme: error: 400 :: POST :: https://acme-v02.api.letsencrypt.org/acme/new-acct :: urn:ietf:params:acme:error:invalidEmail :: Error creating new account :: "self-signed" is not a valid e-mail address, url:  (attempt 1/3)
2020/04/21 06:47:06 [INFO] acme: Registering account for self-signed
2020/04/21 06:47:06 [ERROR] Making new certificate manager: registration error: acme: error: 400 :: POST :: https://acme-v02.api.letsencrypt.org/acme/new-acct :: urn:ietf:params:acme:error:invalidEmail :: Error creating new account :: "self-signed" is not a valid e-mail address, url:  (attempt 2/3)
2020/04/21 06:47:06 [INFO] acme: Registering account for self-signed
2020/04/21 06:47:06 [ERROR] Making new certificate manager: registration error: acme: error: 400 :: POST :: https://acme-v02.api.letsencrypt.org/acme/new-acct :: urn:ietf:params:acme:error:invalidEmail :: Error creating new account :: "self-signed" is not a valid e-mail address, url:  (attempt 3/3)
2020/04/21 06:47:06 registration error: acme: error: 400 :: POST :: https://acme-v02.api.letsencrypt.org/acme/new-acct :: urn:ietf:params:acme:error:invalidEmail :: Error creating new account :: "self-signed" is not a valid e-mail address, url: 
exit status 1
Activating privacy features... 2020/04/21 06:47:08 [INFO][cache:0xc0001c06e0] Started certificate maintenance routine
2020/04/21 06:47:08 [WARNING] Stapling OCSP: invalid: OCSP response for [host1.domain.com] valid after certificate expiration (-96h48m29s)
2020/04/21 06:47:08 [INFO] Certificate for [host1.domain.com] expires in 9h24m22.572688461s; attempting renewal
2020/04/21 06:47:08 [INFO] acme: Registering account for self-signed
2020/04/21 06:47:08 [ERROR] Making new certificate manager: registration error: acme: error: 400 :: POST :: https://acme-v02.api.letsencrypt.org/acme/new-acct :: urn:ietf:params:acme:error:invalidEmail :: Error creating new account :: "self-signed" is not a valid e-mail address, url:  (attempt 1/3)
2020/04/21 06:47:08 [INFO] acme: Registering account for self-signed
2020/04/21 06:47:08 [ERROR] Making new certificate manager: registration error: acme: error: 400 :: POST :: https://acme-v02.api.letsencrypt.org/acme/new-acct :: urn:ietf:params:acme:error:invalidEmail :: Error creating new account :: "self-signed" is not a valid e-mail address, url:  (attempt 2/3)
2020/04/21 06:47:09 [INFO] acme: Registering account for self-signed
2020/04/21 06:47:09 [ERROR] Making new certificate manager: registration error: acme: error: 400 :: POST :: https://acme-v02.api.letsencrypt.org/acme/new-acct :: urn:ietf:params:acme:error:invalidEmail :: Error creating new account :: "self-signed" is not a valid e-mail address, url:  (attempt 3/3)
2020/04/21 06:47:09 registration error: acme: error: 400 :: POST :: https://acme-v02.api.letsencrypt.org/acme/new-acct :: urn:ietf:params:acme:error:invalidEmail :: Error creating new account :: "self-signed" is not a valid e-mail address, url: 
exit status 1
Activating privacy features... 2020/04/21 06:47:10 [INFO][cache:0xc0001ae6e0] Started certificate maintenance routine
2020/04/21 06:47:10 [WARNING] Stapling OCSP: invalid: OCSP response for [host1.domain.com] valid after certificate expiration (-96h48m29s)
2020/04/21 06:47:10 [INFO] Certificate for [host1.domain.com] expires in 9h24m20.256440692s; attempting renewal
2020/04/21 06:47:10 [INFO] acme: Registering account for self-signed
2020/04/21 06:47:11 [ERROR] Making new certificate manager: registration error: acme: error: 400 :: POST :: https://acme-v02.api.letsencrypt.org/acme/new-acct :: urn:ietf:params:acme:error:invalidEmail :: Error creating new account :: "self-signed" is not a valid e-mail address, url:  (attempt 1/3)
2020/04/21 06:47:11 [INFO] acme: Registering account for self-signed
2020/04/21 06:47:11 [ERROR] Making new certificate manager: registration error: acme: error: 400 :: POST :: https://acme-v02.api.letsencrypt.org/acme/new-acct :: urn:ietf:params:acme:error:invalidEmail :: Error creating new account :: "self-signed" is not a valid e-mail address, url:  (attempt 2/3)
2020/04/21 06:47:11 [INFO] acme: Registering account for self-signed
2020/04/21 06:47:11 registration error: acme: error: 400 :: POST :: https://acme-v02.api.letsencrypt.org/acme/new-acct :: urn:ietf:params:acme:error:invalidEmail :: Error creating new account :: "self-signed" is not a valid e-mail address, url: 
2020/04/21 06:47:11 [ERROR] Making new certificate manager: registration error: acme: error: 400 :: POST :: https://acme-v02.api.letsencrypt.org/acme/new-acct :: urn:ietf:params:acme:error:invalidEmail :: Error creating new account :: "self-signed" is not a valid e-mail address, url:  (attempt 3/3)
exit status 1
Activating privacy features... 2020/04/21 06:47:13 [INFO][cache:0xc0000cad70] Started certificate maintenance routine
2020/04/21 06:47:13 [WARNING] Stapling OCSP: invalid: OCSP response for [host1.domain.com] valid after certificate expiration (-96h48m29s)
2020/04/21 06:47:13 [INFO] Certificate for [host1.domain.com] expires in 9h24m17.84260325s; attempting renewal
2020/04/21 06:47:13 [INFO] acme: Registering account for self-signed
2020/04/21 06:47:13 [ERROR] Making new certificate manager: registration error: acme: error: 400 :: POST :: https://acme-v02.api.letsencrypt.org/acme/new-acct :: urn:ietf:params:acme:error:invalidEmail :: Error creating new account :: "self-signed" is not a valid e-mail address, url:  (attempt 1/3)
2020/04/21 06:47:13 [INFO] acme: Registering account for self-signed
2020/04/21 06:47:13 [ERROR] Making new certificate manager: registration error: acme: error: 400 :: POST :: https://acme-v02.api.letsencrypt.org/acme/new-acct :: urn:ietf:params:acme:error:invalidEmail :: Error creating new account :: "self-signed" is not a valid e-mail address, url:  (attempt 2/3)
2020/04/21 06:47:13 [INFO] acme: Registering account for self-signed
2020/04/21 06:47:13 registration error: acme: error: 400 :: POST :: https://acme-v02.api.letsencrypt.org/acme/new-acct :: urn:ietf:params:acme:error:invalidEmail :: Error creating new account :: "self-signed" is not a valid e-mail address, url: 
2020/04/21 06:47:13 [ERROR] Making new certificate manager: registration error: acme: error: 400 :: POST :: https://acme-v02.api.letsencrypt.org/acme/new-acct :: urn:ietf:params:acme:error:invalidEmail :: Error creating new account :: "self-signed" is not a valid e-mail address, url:  (attempt 3/3)
exit status 1
Activating privacy features... 2020/04/21 06:47:15 [INFO][cache:0xc0000cad70] Started certificate maintenance routine
2020/04/21 06:47:15 [WARNING] Stapling OCSP: invalid: OCSP response for [host1.domain.com] valid after certificate expiration (-96h48m29s)
2020/04/21 06:47:15 [INFO] Certificate for [host1.domain.com] expires in 9h24m15.17479314s; attempting renewal
2020/04/21 06:47:16 [INFO] acme: Registering account for self-signed
2020/04/21 06:47:16 [ERROR] Making new certificate manager: registration error: acme: error: 400 :: POST :: https://acme-v02.api.letsencrypt.org/acme/new-acct :: urn:ietf:params:acme:error:invalidEmail :: Error creating new account :: "self-signed" is not a valid e-mail address, url:  (attempt 1/3)
2020/04/21 06:47:16 [INFO] acme: Registering account for self-signed
2020/04/21 06:47:16 [ERROR] Making new certificate manager: registration error: acme: error: 400 :: POST :: https://acme-v02.api.letsencrypt.org/acme/new-acct :: urn:ietf:params:acme:error:invalidEmail :: Error creating new account :: "self-signed" is not a valid e-mail address, url:  (attempt 2/3)
2020/04/21 06:47:16 [INFO] acme: Registering account for self-signed
2020/04/21 06:47:16 [ERROR] Making new certificate manager: registration error: acme: error: 400 :: POST :: https://acme-v02.api.letsencrypt.org/acme/new-acct :: urn:ietf:params:acme:error:invalidEmail :: Error creating new account :: "self-signed" is not a valid e-mail address, url:  (attempt 3/3)
2020/04/21 06:47:16 registration error: acme: error: 400 :: POST :: https://acme-v02.api.letsencrypt.org/acme/new-acct :: urn:ietf:params:acme:error:invalidEmail :: Error creating new account :: "self-signed" is not a valid e-mail address, url: 
exit status 1
Activating privacy features... 2020/04/21 06:47:19 [INFO][cache:0xc0001de6e0] Started certificate maintenance routine
2020/04/21 06:47:19 [WARNING] Stapling OCSP: invalid: OCSP response for [host1.domain.com] valid after certificate expiration (-96h48m29s)
2020/04/21 06:47:19 [INFO] Certificate for [host1.domain.com] expires in 9h24m11.767619644s; attempting renewal
2020/04/21 06:47:19 [INFO] acme: Registering account for self-signed
2020/04/21 06:47:19 [ERROR] Making new certificate manager: registration error: acme: error: 400 :: POST :: https://acme-v02.api.letsencrypt.org/acme/new-acct :: urn:ietf:params:acme:error:invalidEmail :: Error creating new account :: "self-signed" is not a valid e-mail address, url:  (attempt 1/3)
2020/04/21 06:47:19 [INFO] acme: Registering account for self-signed
2020/04/21 06:47:19 [ERROR] Making new certificate manager: registration error: acme: error: 400 :: POST :: https://acme-v02.api.letsencrypt.org/acme/new-acct :: urn:ietf:params:acme:error:invalidEmail :: Error creating new account :: "self-signed" is not a valid e-mail address, url:  (attempt 2/3)
2020/04/21 06:47:19 [INFO] acme: Registering account for self-signed
2020/04/21 06:47:19 registration error: acme: error: 400 :: POST :: https://acme-v02.api.letsencrypt.org/acme/new-acct :: urn:ietf:params:acme:error:invalidEmail :: Error creating new account :: "self-signed" is not a valid e-mail address, url: 
2020/04/21 06:47:19 [ERROR] Making new certificate manager: registration error: acme: error: 400 :: POST :: https://acme-v02.api.letsencrypt.org/acme/new-acct :: urn:ietf:params:acme:error:invalidEmail :: Error creating new account :: "self-signed" is not a valid e-mail address, url:  (attempt 3/3)
exit status 1
Activating privacy features... 2020/04/21 06:47:24 [INFO][cache:0xc0001c66e0] Started certificate maintenance routine
2020/04/21 06:47:24 [WARNING] Stapling OCSP: invalid: OCSP response for [host1.domain.com] valid after certificate expiration (-96h48m29s)
2020/04/21 06:47:24 [INFO] Certificate for [host1.domain.com] expires in 9h24m6.716561848s; attempting renewal
2020/04/21 06:47:24 [INFO] acme: Registering account for self-signed
2020/04/21 06:47:24 [ERROR] Making new certificate manager: registration error: acme: error: 400 :: POST :: https://acme-v02.api.letsencrypt.org/acme/new-acct :: urn:ietf:params:acme:error:invalidEmail :: Error creating new account :: "self-signed" is not a valid e-mail address, url:  (attempt 1/3)
2020/04/21 06:47:24 [INFO] acme: Registering account for self-signed
2020/04/21 06:47:24 [ERROR] Making new certificate manager: registration error: acme: error: 400 :: POST :: https://acme-v02.api.letsencrypt.org/acme/new-acct :: urn:ietf:params:acme:error:invalidEmail :: Error creating new account :: "self-signed" is not a valid e-mail address, url:  (attempt 2/3)
2020/04/21 06:47:24 [INFO] acme: Registering account for self-signed
2020/04/21 06:47:24 [ERROR] Making new certificate manager: registration error: acme: error: 400 :: POST :: https://acme-v02.api.letsencrypt.org/acme/new-acct :: urn:ietf:params:acme:error:invalidEmail :: Error creating new account :: "self-signed" is not a valid e-mail address, url:  (attempt 3/3)
2020/04/21 06:47:24 registration error: acme: error: 400 :: POST :: https://acme-v02.api.letsencrypt.org/acme/new-acct :: urn:ietf:params:acme:error:invalidEmail :: Error creating new account :: "self-signed" is not a valid e-mail address, url: 
exit status 1
Activating privacy features... 2020/04/21 06:47:32 [INFO][cache:0xc0001b46e0] Started certificate maintenance routine
2020/04/21 06:47:32 [WARNING] Stapling OCSP: invalid: OCSP response for [host1.domain.com] valid after certificate expiration (-96h48m29s)
2020/04/21 06:47:32 [INFO] Certificate for [host1.domain.com] expires in 9h23m58.388037115s; attempting renewal
2020/04/21 06:47:32 [INFO] acme: Registering account for self-signed
2020/04/21 06:47:33 [ERROR] Making new certificate manager: registration error: acme: error: 400 :: POST :: https://acme-v02.api.letsencrypt.org/acme/new-acct :: urn:ietf:params:acme:error:invalidEmail :: Error creating new account :: "self-signed" is not a valid e-mail address, url:  (attempt 1/3)
2020/04/21 06:47:33 [INFO] acme: Registering account for self-signed
2020/04/21 06:47:33 [ERROR] Making new certificate manager: registration error: acme: error: 400 :: POST :: https://acme-v02.api.letsencrypt.org/acme/new-acct :: urn:ietf:params:acme:error:invalidEmail :: Error creating new account :: "self-signed" is not a valid e-mail address, url:  (attempt 2/3)
2020/04/21 06:47:33 [INFO] acme: Registering account for self-signed
2020/04/21 06:47:33 [ERROR] Making new certificate manager: registration error: acme: error: 400 :: POST :: https://acme-v02.api.letsencrypt.org/acme/new-acct :: urn:ietf:params:acme:error:invalidEmail :: Error creating new account :: "self-signed" is not a valid e-mail address, url:  (attempt 3/3)
2020/04/21 06:47:33 registration error: acme: error: 400 :: POST :: https://acme-v02.api.letsencrypt.org/acme/new-acct :: urn:ietf:params:acme:error:invalidEmail :: Error creating new account :: "self-signed" is not a valid e-mail address, url: 
exit status 1
Activating privacy features... 2020/04/21 06:47:47 [INFO][cache:0xc0001ba6e0] Started certificate maintenance routine
2020/04/21 06:47:47 [WARNING] Stapling OCSP: invalid: OCSP response for [host1.domain.com] valid after certificate expiration (-96h48m29s)
2020/04/21 06:47:47 [INFO] Certificate for [host1.domain.com] expires in 9h23m43.548799076s; attempting renewal
2020/04/21 06:47:47 [INFO] acme: Registering account for self-signed
2020/04/21 06:47:47 [ERROR] Making new certificate manager: registration error: acme: error: 400 :: POST :: https://acme-v02.api.letsencrypt.org/acme/new-acct :: urn:ietf:params:acme:error:invalidEmail :: Error creating new account :: "self-signed" is not a valid e-mail address, url:  (attempt 1/3)
2020/04/21 06:47:47 [INFO] acme: Registering account for self-signed
2020/04/21 06:47:48 [ERROR] Making new certificate manager: registration error: acme: error: 400 :: POST :: https://acme-v02.api.letsencrypt.org/acme/new-acct :: urn:ietf:params:acme:error:invalidEmail :: Error creating new account :: "self-signed" is not a valid e-mail address, url:  (attempt 2/3)
2020/04/21 06:47:48 [INFO] acme: Registering account for self-signed
2020/04/21 06:47:48 [ERROR] Making new certificate manager: registration error: acme: error: 400 :: POST :: https://acme-v02.api.letsencrypt.org/acme/new-acct :: urn:ietf:params:acme:error:invalidEmail :: Error creating new account :: "self-signed" is not a valid e-mail address, url:  (attempt 3/3)
2020/04/21 06:47:48 registration error: acme: error: 400 :: POST :: https://acme-v02.api.letsencrypt.org/acme/new-acct :: urn:ietf:params:acme:error:invalidEmail :: Error creating new account :: "self-signed" is not a valid e-mail address, url: 
exit status 1

8. How can someone who is starting from scratch reproduce the bug as minimally as possible?

Not sure

question v1

Source

kbarter

Most helpful comment

Your usage of the tls directive is incorrect. The error message you're getting is:

urn:ietf:params:acme:error:invalidEmail :: Error creating new account :: "self-signed" is not a valid e-mail address, url:

If you require self-signed certificates, then the tls directive takes self_signed (note the underscore) rather than self-signed. If the tls directive is given only a single argument and it's neither off nor self_signed, then it assumes the argument to be an email address to be used for Let's Encrypt certificates. In your case, Let's Encrypt rejected the given email address because it isn't an email address.

Here's the documentation for the tls directive.