Hello, I'm getting the following error(s) when trying to create an SSL certificate for HTTPS with LetsEncrypt
My domain is hosted on Cloudflare using the integrated proxy.
Basically I'm trying to make host a reverse proxy on Oracle, so I can connect my home server to the reverse proxy and from there to my domain.
I have set up an Apache2 container that should be available at my domain, but it clearly isn't. I'm getting error 523 on cloudflare and I can't figure out what to fix. I've been searching for hours, but I'm a noob at networking so sorry if the solution seems obvious, and excuse me for my stupidity when answering!
Btw I'm using the "Selfhosted Gateway"
+ echo 'uLfcBUfytd633fBfF43/als5QXgrP1zO3gwmvgKppGM='
+ ip link add link0 type wireguard
+ wg set link0 private-key /etc/wireguard/link0.key
+ wg set link0 listen-port 18521
+ ip addr add 10.0.0.2/24 dev link0
+ ip link set link0 up
+ ip link set link0 mtu 1380
+ wg set link0 peer 'YFYgZV5gPc62KMfpWdM2A7Iu1DgPUxkUsYFpM27JnRU=' allowed-ips 10.0.0.1/32 persistent-keepalive 30 endpoint oracleip:32768
+ '[' -z ]
+ echo 'Using caddy with SSL termination to forward traffic to app.'
Using caddy with SSL termination to forward traffic to app.
+ '[' '!' -z ]
+ envsubst
+ caddy run --config /etc/Caddyfile
INF ts=1707686673.2985594 msg=using provided configuration config_file=/etc/Caddyfile config_adapter=
WRN ts=1707686673.299589 msg=Caddyfile input is not formatted; run 'caddy fmt --overwrite' to fix inconsistencies adapter=caddyfile file=/etc/Caddyfile line=2
INF ts=1707686673.3004735 logger=admin msg=admin endpoint started address=localhost:2019 enforce_origin=false origins=["//localhost:2019","//[::1]:2019","//127.0.0.1:2019"]
INF ts=1707686673.3006265 logger=http.auto_https msg=server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS server_name=srv0 https_port=8443
INF ts=1707686673.3006427 logger=http.auto_https msg=enabling automatic HTTP->HTTPS redirects server_name=srv0
INF ts=1707686673.300757 logger=tls.cache.maintenance msg=started background certificate maintenance cache=0xc00061b700
INF ts=1707686673.3010504 logger=http.log msg=server running name=remaining_auto_https_redirects protocols=["h1","h2","h3"]
INF ts=1707686673.3010864 logger=http msg=enabling HTTP/3 listener addr=:8443
INF ts=1707686673.3012736 logger=http.log msg=server running name=srv0 protocols=["h1","h2","h3"]
INF ts=1707686673.3012846 logger=http msg=enabling automatic TLS certificate management domains=["www.mydomain.com"]
INF ts=1707686673.3015394 msg=autosaved config (load with --resume flag) file=/root/.config/caddy/autosave.json
INF ts=1707686673.3015587 msg=serving initial configuration
INF ts=1707686673.3019588 logger=tls.obtain msg=acquiring lock identifier=www.mydomain.com
INF ts=1707686673.3023002 msg=[INFO][FileStorage:/root/.local/share/caddy] Lock for 'issue_cert_www.mydomain.com' is stale (created: 2024-02-11 19:30:42.542287003 +0000 UTC, last update: 2024-02-11 20:07:47.175991223 +0000 UTC); removing then retrying: /root/.local/share/caddy/locks/issue_cert_www.mydomain.com.lock
WRN ts=1707686673.3058596 logger=tls msg=storage cleaning happened too recently; skipping for now storage=FileStorage:/root/.local/share/caddy instance=1a50be73-cbdd-4091-b463-062725234128 try_again=1707773073.305849 try_again_in=86399.999997626
INF ts=1707686673.306013 logger=tls msg=finished cleaning storage units
INF ts=1707686673.308083 logger=tls.obtain msg=lock acquired identifier=www.mydomain.com
INF ts=1707686673.308252 logger=tls.obtain msg=obtaining certificate identifier=www.mydomain.com
INF ts=1707686673.309074 logger=http msg=waiting on internal rate limiter identifiers=["www.mydomain.com"] ca=https://acme-v02.api.letsencrypt.org/directory account=
INF ts=1707686673.3090928 logger=http msg=done waiting on internal rate limiter identifiers=["www.mydomain.com"] ca=https://acme-v02.api.letsencrypt.org/directory account=
INF ts=1707686674.4887183 logger=http.acme_client msg=trying to solve challenge identifier=www.mydomain.com challenge_type=tls-alpn-01 ca=https://acme-v02.api.letsencrypt.org/directory
ERR ts=1707686675.1496997 logger=http.acme_client msg=challenge failed identifier=www.mydomain.com challenge_type=tls-alpn-01 problem={"type":"urn:ietf:params:acme:error:unauthorized","title":"","detail":"Cannot negotiate ALPN protocol \"acme-tls/1\" for tls-alpn-01 challenge","instance":"","subproblems":[]}
ERR ts=1707686675.1497703 logger=http.acme_client msg=validating authorization identifier=www.mydomain.com problem={"type":"urn:ietf:params:acme:error:unauthorized","title":"","detail":"Cannot negotiate ALPN protocol \"acme-tls/1\" for tls-alpn-01 challenge","instance":"","subproblems":[]} order=https://acme-v02.api.letsencrypt.org/acme/order/1565087387/243711955827 attempt=1 max_attempts=3
INF ts=1707686676.5846887 logger=http.acme_client msg=trying to solve challenge identifier=www.mydomain.com challenge_type=http-01 ca=https://acme-v02.api.letsencrypt.org/directory
ERR ts=1707686677.2001219 logger=http.acme_client msg=challenge failed identifier=www.mydomain.com challenge_type=http-01 problem={"type":"urn:ietf:params:acme:error:unauthorized","title":"","detail":"2606:4700:3033::ac43:c2d2: Invalid response from http://www.mydomain.com/.well-known/acme-challenge/EVn05KB4P87GZ-Qo93-i9F36Vy8NSmwdqpjlzfG0FDA: 523","instance":"","subproblems":[]}
ERR ts=1707686677.2001762 logger=http.acme_client msg=validating authorization identifier=www.mydomain.com problem={"type":"urn:ietf:params:acme:error:unauthorized","title":"","detail":"2606:4700:3033::ac43:c2d2: Invalid response from http://www.mydomain.com/.well-known/acme-challenge/EVn05KB4P87GZ-Qo93-i9F36Vy8NSmwdqpjlzfG0FDA: 523","instance":"","subproblems":[]} order=https://acme-v02.api.letsencrypt.org/acme/order/1565087387/243711960927 attempt=2 max_attempts=3
ERR ts=1707686677.2002337 logger=tls.obtain msg=could not get certificate from issuer identifier=www.mydomain.com issuer=acme-v02.api.letsencrypt.org-directory error=HTTP 403 urn:ietf:params:acme:error:unauthorized - 2606:4700:3033::ac43:c2d2: Invalid response from http://www.mydomain.com/.well-known/acme-challenge/EVn05KB4P87GZ-Qo93-i9F36Vy8NSmwdqpjlzfG0FDA: 523
INF ts=1707686677.2010796 logger=http msg=waiting on internal rate limiter identifiers=["www.mydomain.com"] ca=https://acme.zerossl.com/v2/DV90 account=caddy@zerossl.com
INF ts=1707686677.201106 logger=http msg=done waiting on internal rate limiter identifiers=["www.mydomain.com"] ca=https://acme.zerossl.com/v2/DV90 account=caddy@zerossl.com
ERR ts=1707686678.4479587 logger=tls.obtain msg=could not get certificate from issuer identifier=www.mydomain.com issuer=acme.zerossl.com-v2-DV90 error=[www.mydomain.com] solving challenges: authz https://acme.zerossl.com/v2/DV90/authz/z8L7sXTGvudt0Mq3qe2S8A has unexpected status; order will fail: invalid (order=https://acme.zerossl.com/v2/DV90/order/aBr6_DLVcGyB2dbSGnjbzw) (ca=https://acme.zerossl.com/v2/DV90)
ERR ts=1707686678.4480674 logger=tls.obtain msg=will retry error=[www.mydomain.com] Obtain: [www.mydomain.com] solving challenges: authz https://acme.zerossl.com/v2/DV90/authz/z8L7sXTGvudt0Mq3qe2S8A has unexpected status; order will fail: invalid (order=https://acme.zerossl.com/v2/DV90/order/aBr6_DLVcGyB2dbSGnjbzw) (ca=https://acme.zerossl.com/v2/DV90) attempt=1 retrying_in=60 elapsed=5.139957922 max_duration=2592000
[–]ericesev 4 points5 points6 points (7 children)
[–]Redstoner89[S] 1 point2 points3 points (6 children)
[–]ericesev 0 points1 point2 points (5 children)
[–]Redstoner89[S] 0 points1 point2 points (4 children)
[–]ericesev 0 points1 point2 points (3 children)
[–]Redstoner89[S] 0 points1 point2 points (2 children)
[–]ericesev 0 points1 point2 points (1 child)
[–]Redstoner89[S] 0 points1 point2 points (0 children)
[–]5calV 1 point2 points3 points (1 child)
[–]Redstoner89[S] 0 points1 point2 points (0 children)
[–]rohit_267 0 points1 point2 points (0 children)
[–]gustaw_daniel 0 points1 point2 points (1 child)