此文首發於我的Jekyll博客:zhang0peter的個人博客
早上嘗試使用caddy,啓動HTTPS服務,並自動配置TLS證書,結果在自動配證書的過程中報錯:
-> # sudo systemctl status caddy
● caddy.service - Caddy HTTP/2 web server
Loaded: loaded (/etc/systemd/system/caddy.service; enabled; vendor preset: enabled)
Active: failed (Result: exit-code) since Thu 2020-01-23 11:12:58 CST; 2h 20min ago
Docs: https://caddyserver.com/docs
Process: 31832 ExecStart=/usr/local/bin/caddy -log stdout -log-timestamps=false -agree=true -conf=/etc/caddy/Caddyfile -root=/var/tmp (code=exited, status=1/
Main PID: 31832 (code=exited, status=1/FAILURE)
Jan 23 11:08:57 VM-0-17-ubuntu caddy[31229]: 2020/01/23 11:08:57 [INFO] [xxxx.com] acme: use tls-alpn-01 solver
Jan 23 11:08:57 VM-0-17-ubuntu caddy[31229]: 2020/01/23 11:08:57 [INFO] [xxxx.com] acme: Trying to solve TLS-ALPN-01
Jan 23 11:08:58 VM-0-17-ubuntu caddy[31229]: 2020/01/23 11:08:58 [INFO] Deactivating auth: https://acme-v02.api.letsencrypt.org/acme/authz-v3/2426202924
Jan 23 11:08:58 VM-0-17-ubuntu caddy[31229]: 2020/01/23 11:08:58 [INFO] Unable to deactivate the authorization: https://acme-v02.api.letsencrypt.org/acme/authz
Jan 23 11:08:58 VM-0-17-ubuntu caddy[31229]: [ERROR][xxxx.com] failed to obtain certificate: acme: Error -> One or more domains had a problem:
Jan 23 11:08:58 VM-0-17-ubuntu caddy[31229]: [xxxx.com] acme: error: 403 :: urn:ietf:params:acme:error:unauthorized :: Cannot negotiate ALPN protocol
Jan 23 11:08:59 VM-0-17-ubuntu caddy[31229]: 2020/01/23 11:08:59 [INFO] [xxxx.com] acme: Obtaining bundled SAN certificate
Jan 23 11:09:00 VM-0-17-ubuntu caddy[31229]: 2020/01/23 11:09:00 [INFO] [xxxx.com] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/242620
Jan 23 11:09:00 VM-0-17-ubuntu caddy[31229]: 2020/01/23 11:09:00 [INFO] [xxxx.com] acme: use tls-alpn-01 solver
Jan 23 11:09:00 VM-0-17-ubuntu caddy[31229]: 2020/01/23 11:09:00 [INFO] [xxxx.com] acme: Trying to solve TLS-ALPN-01
Jan 23 11:12:50 VM-0-17-ubuntu systemd[1]: Started Caddy HTTP/2 web server.
Jan 23 11:12:50 VM-0-17-ubuntu caddy[31832]: [INFO] Caddy version: v1.0.4
Jan 23 11:12:50 VM-0-17-ubuntu caddy[31832]: Activating privacy features... [INFO][cache:0xc000096730] Started certificate maintenance routine
Jan 23 11:12:51 VM-0-17-ubuntu caddy[31832]: [INFO][xxxx.com] Obtain certificate
Jan 23 11:12:51 VM-0-17-ubuntu caddy[31832]: [INFO][xxxx.com] Obtain: Waiting on rate limiter...
Jan 23 11:12:51 VM-0-17-ubuntu caddy[31832]: [INFO][xxxx.com] Obtain: Done waiting
Jan 23 11:12:51 VM-0-17-ubuntu caddy[31832]: 2020/01/23 11:12:51 [INFO] [xxxx.com] acme: Obtaining bundled SAN certificate
Jan 23 11:12:51 VM-0-17-ubuntu caddy[31832]: [ERROR][xxxx.com] failed to obtain certificate: acme: error: 429 :: POST :: https://acme-v02.api.letsenc
Jan 23 11:12:53 VM-0-17-ubuntu caddy[31832]: [ERROR][xxxx.com] failed to obtain certificate: acme: error: 429 :: POST :: https://acme-v02.api.letsenc
Jan 23 11:12:54 VM-0-17-ubuntu caddy[31832]: 2020/01/23 11:12:54 [INFO] [xxxx.com] acme: Obtaining bundled SAN certificate
Jan 23 11:12:55 VM-0-17-ubuntu caddy[31832]: [ERROR][xxxx.com] failed to obtain certificate: acme: error: 429 :: POST :: https://acme-v02.api.letsenc
Jan 23 11:12:56 VM-0-17-ubuntu caddy[31832]: 2020/01/23 11:12:56 [INFO] [xxxx.com] acme: Obtaining bundled SAN certificate
Jan 23 11:12:56 VM-0-17-ubuntu caddy[31832]: [ERROR][xxxx.com] failed to obtain certificate: acme: error: 429 :: POST :: https://acme-v02.api.letsenc
Jan 23 11:12:57 VM-0-17-ubuntu caddy[31832]: 2020/01/23 11:12:57 [INFO] [xxxx.com] acme: Obtaining bundled SAN certificate
Jan 23 11:12:57 VM-0-17-ubuntu caddy[31832]: [ERROR][xxxx.com] failed to obtain certificate: acme: error: 429 :: POST :: https://acme-v02.api.letsenc
Jan 23 11:12:58 VM-0-17-ubuntu caddy[31832]: failed to obtain certificate: acme: error: 429 :: POST :: https://acme-v02.api.letsencrypt.org/acme/new-order :: u
Jan 23 11:12:58 VM-0-17-ubuntu systemd[1]: caddy.service: Main process exited, code=exited, status=1/FAILURE
Jan 23 11:12:58 VM-0-17-ubuntu systemd[1]: caddy.service: Failed with result 'exit-code'.
裏面有報錯failed to obtain certificate: acme: error: 429 :: POST ::和failed to obtain certificate: acme: Error -> One or more domains had a problem:
在網上查資料後發現這是因爲不能確認域名與DNS對應的關係,所以申請不了證書。
我把域名託管在cloudflare上,域名的解析默認是開着保護,也就是proxied,申請域名的時候需要設置爲DNS only。
等DNS生效後,重啓caddy即可自動申請證書,正常使用:
● caddy.service - Caddy HTTP/2 web server
Loaded: loaded (/etc/systemd/system/caddy.service; enabled; vendor preset: enabled)
Active: active (running) since Thu 2020-01-23 13:41:31 CST; 1s ago
Docs: https://caddyserver.com/docs
Main PID: 19736 (caddy)
Tasks: 8 (limit: 1108)
CGroup: /system.slice/caddy.service
└─19736 /usr/local/bin/caddy -log stdout -log-timestamps=false -agree=true -conf=/etc/caddy/Caddyfile -root=/var/tmp
Jan 23 13:41:31 VM-0-17-ubuntu caddy[19736]: [INFO] Caddy version: v1.0.4
Jan 23 13:41:31 VM-0-17-ubuntu caddy[19736]: Activating privacy features... [INFO][cache:0xc000096730] Started certificate maintenance routine
Jan 23 13:41:32 VM-0-17-ubuntu caddy[19736]: [INFO][xxxx.com] Obtain certificate
Jan 23 13:41:32 VM-0-17-ubuntu caddy[19736]: [INFO][xxxx.com] Obtain: Waiting on rate limiter...
Jan 23 13:41:32 VM-0-17-ubuntu caddy[19736]: [INFO][xxxx.com] Obtain: Done waiting
Jan 23 13:41:32 VM-0-17-ubuntu caddy[19736]: 2020/01/23 13:41:32 [INFO] [xxxx.com] acme: Obtaining bundled SAN certificate
Jan 23 13:41:33 VM-0-17-ubuntu caddy[19736]: 2020/01/23 13:41:33 [INFO] [xxxx.com] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/242795
Jan 23 13:41:33 VM-0-17-ubuntu caddy[19736]: 2020/01/23 13:41:33 [INFO] [xxxx.com] acme: Could not find solver for: tls-alpn-01
Jan 23 13:41:33 VM-0-17-ubuntu caddy[19736]: 2020/01/23 13:41:33 [INFO] [xxxx.com] acme: use http-01 solver
Jan 23 13:41:33 VM-0-17-ubuntu caddy[19736]: 2020/01/23 13:41:33 [INFO] [xxxx.com] acme: Trying to solve HTTP-01
Jan 23 13:41:33 VM-0-17-ubuntu caddy[19736]: 2020/01/23 13:41:33 [INFO] [xxxx.com] acme: Could not find solver for: tls-alpn-01
Jan 23 13:41:33 VM-0-17-ubuntu caddy[19736]: 2020/01/23 13:41:33 [INFO] [xxxx.com] acme: use http-01 solver
Jan 23 13:41:33 VM-0-17-ubuntu caddy[19736]: 2020/01/23 13:41:33 [INFO] [xxxx.com] acme: Trying to solve HTTP-01
Jan 23 13:41:34 VM-0-17-ubuntu caddy[19736]: 2020/01/23 13:41:34 [INFO] [xxxx.com] Served key authentication
Jan 23 13:41:34 VM-0-17-ubuntu caddy[19736]: 2020/01/23 13:41:34 [INFO] [xxxx.com] Served key authentication
Jan 23 13:41:34 VM-0-17-ubuntu caddy[19736]: 2020/01/23 13:41:34 [INFO] [xxxx.com] Served key authentication
Jan 23 13:41:34 VM-0-17-ubuntu caddy[19736]: 2020/01/23 13:41:34 [INFO] [xxxx.com] Served key authentication
Jan 23 13:41:38 VM-0-17-ubuntu caddy[19736]: 2020/01/23 13:41:38 [INFO] [xxxx.com] The server validated our request
Jan 23 13:41:38 VM-0-17-ubuntu caddy[19736]: 2020/01/23 13:41:38 [INFO] [xxxx.com] acme: Validations succeeded; requesting certificates
Jan 23 13:41:38 VM-0-17-ubuntu caddy[19736]: 2020/01/23 13:41:38 [INFO] [xxxx.com] Server responded with a certificate.
Jan 23 13:41:39 VM-0-17-ubuntu caddy[19736]: done.
Jan 23 13:41:39 VM-0-17-ubuntu caddy[19736]: Serving HTTPS on port 443
Jan 23 13:41:39 VM-0-17-ubuntu caddy[19736]: https://xxxx.com
Jan 23 13:41:39 VM-0-17-ubuntu caddy[19736]: [INFO] Serving https://xxxx.com
Jan 23 13:41:39 VM-0-17-ubuntu caddy[19736]: Serving HTTP on port 80
Jan 23 13:41:39 VM-0-17-ubuntu caddy[19736]: http://xxxx.com
Jan 23 13:41:39 VM-0-17-ubuntu caddy[19736]: [INFO] Serving http://xxxx.com
現在可以打開https://xxxx.com 訪問網站了。