d. My complete Caddyfile or JSON config:
servers {
protocol {
experimental_http3
tucablanca.narwhal-nominal.ts.net, metricas.pinayalcachofa.es {
encode zstd gzip
reverse_proxy localhost:3000
3. The problem I’m having:
I’m trying to add a new domain (metricas.pinayalcachofa.es) to my existing configuration that was working just fine.
4. Error messages and/or full log output:
May 04 12:59:16 tucaBlanca systemd[1]: Reloaded Caddy.
May 04 12:59:17 tucaBlanca caddy[123825]: {"level":"info","ts":1651669157.79132,"logger":"tls.obtain","msg":"lock acquired","identifier":"metricas.pinayalcachofa.es"}
May 04 12:59:17 tucaBlanca caddy[123825]: {"level":"info","ts":1651669157.7960844,"logger":"tls.issuance.acme","msg":"waiting on internal rate limiter","identifiers":["metricas.pinayalcachofa.es"],"ca":"h
ttps://acme-v02.api.letsencrypt.org/directory","account":"[email protected]"}
May 04 12:59:17 tucaBlanca caddy[123825]: {"level":"info","ts":1651669157.7962883,"logger":"tls.issuance.acme","msg":"done waiting on internal rate limiter","identifiers":["metricas.pinayalcachofa.es"],"c
a":"https://acme-v02.api.letsencrypt.org/directory","account":"[email protected]"}
May 04 12:59:19 tucaBlanca caddy[123825]: {"level":"info","ts":1651669159.1608107,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"metricas.pinayalcachofa.es","challenge_type":"tls-alpn-01","ca":"https://acme-v02.api.letsencrypt.org/directory"}
May 04 12:59:20 tucaBlanca caddy[123825]: {"level":"error","ts":1651669160.3862174,"logger":"tls.issuance.acme.acme_client","msg":"challenge failed","identifier":"metricas.pinayalcachofa.es","challenge_type":"tls-alpn-01","problem":{"type":"urn:ietf:params:acme:error:tls","title":"","detail":"156.249.12.173: remote error: tls: internal error","instance":"","subproblems":[]}}
May 04 12:59:20 tucaBlanca caddy[123825]: {"level":"error","ts":1651669160.3864515,"logger":"tls.issuance.acme.acme_client","msg":"validating authorization","identifier":"metricas.pinayalcachofa.es","problem":{"type":"urn:ietf:params:acme:error:tls","title":"","detail":"156.249.12.173: remote error: tls: internal error","instance":"","subproblems":[]},"order":"https://acme-v02.api.letsencrypt.org/acme/order/528443056/85731870216","attempt":1,"max_attempts":3}
May 04 12:59:21 tucaBlanca caddy[123825]: {"level":"info","ts":1651669161.9948442,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"metricas.pinayalcachofa.es","challenge_type":"http-01","ca":"https://acme-v02.api.letsencrypt.org/directory"}
May 04 12:59:23 tucaBlanca caddy[123825]: {"level":"error","ts":1651669163.6842563,"logger":"tls.issuance.acme.acme_client","msg":"challenge failed","identifier":"metricas.pinayalcachofa.es","challenge_type":"http-01","problem":{"type":"urn:ietf:params:acme:error:tls","title":"","detail":"156.249.12.173: Fetching https://metricas.pinayalcachofa.es/.well-known/acme-challenge/GsQdxxJpgWzDudQWUc_GHw9JzU5XlhzABaUeVQKhxT0: remote error: tls: internal error","instance":"","subproblems":[]}}
May 04 12:59:23 tucaBlanca caddy[123825]: {"level":"error","ts":1651669163.6845248,"logger":"tls.issuance.acme.acme_client","msg":"validating authorization","identifier":"metricas.pinayalcachofa.es","problem":{"type":"urn:ietf:params:acme:error:tls","title":"","detail":"156.249.12.173: Fetching https://metricas.pinayalcachofa.es/.well-known/acme-challenge/GsQdxxJpgWzDudQWUc_GHw9JzU5XlhzABaUeVQKhxT0: remote error: tls: internal error","instance":"","subproblems":[]},"order":"https://acme-v02.api.letsencrypt.org/acme/order/528443056/85731879576","attempt":2,"max_attempts":3}
May 04 12:59:23 tucaBlanca caddy[123825]: {"level":"error","ts":1651669163.6847627,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"metricas.pinayalcachofa.es","issuer":"acme-v02.api.letsencrypt.org-directory","error":"HTTP 400 urn:ietf:params:acme:error:tls - 156.249.12.173: Fetching https://metricas.pinayalcachofa.es/.well-known/acme-challenge/GsQdxxJpgWzDudQWUc_GHw9JzU5XlhzABaUeVQKhxT0: remote error: tls: internal error"}
May 04 12:59:23 tucaBlanca caddy[123825]: {"level":"info","ts":1651669163.687205,"logger":"tls.issuance.acme","msg":"waiting on internal rate limiter","identifiers":["metricas.pinayalcachofa.es"],"ca":"https://acme.zerossl.com/v2/DV90","account":"[email protected]"}
May 04 12:59:23 tucaBlanca caddy[123825]: {"level":"info","ts":1651669163.6873858,"logger":"tls.issuance.acme","msg":"done waiting on internal rate limiter","identifiers":["metricas.pinayalcachofa.es"],"ca":"https://acme.zerossl.com/v2/DV90","account":"[email protected]"}
May 04 12:59:24 tucaBlanca caddy[123825]: {"level":"error","ts":1651669164.9179,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"metricas.pinayalcachofa.es","issuer":"acme.zerossl.com-v2-DV90","error":"[metricas.pinayalcachofa.es] creating new order: fetching new nonce from server: HTTP 500: (ca=https://acme.zerossl.com/v2/DV90)"}
May 04 12:59:24 tucaBlanca caddy[123825]: {"level":"error","ts":1651669164.9181328,"logger":"tls.obtain","msg":"will retry","error":"[metricas.pinayalcachofa.es] Obtain: [metricas.pinayalcachofa.es] creating new order: fetching new nonce from server: HTTP 500: (ca=https://acme.zerossl.com/v2/DV90)","attempt":1,"retrying_in":60,"elapsed":7.126639868,"max_duration":2592000}
May 04 13:00:26 tucaBlanca caddy[123825]: {"level":"info","ts":1651669226.0745986,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"metricas.pinayalcachofa.es","challenge_type":"tls-alpn-01","ca":"https://acme-staging-v02.api.letsencrypt.org/directory"}
May 04 13:00:27 tucaBlanca caddy[123825]: {"level":"error","ts":1651669227.2416818,"logger":"tls.issuance.acme.acme_client","msg":"challenge failed","identifier":"metricas.pinayalcachofa.es","challenge_type":"tls-alpn-01","problem":{"type":"urn:ietf:params:acme:error:tls","title":"","detail":"156.249.12.173: remote error: tls: internal error","instance":"","subproblems":[]}}
May 04 13:00:27 tucaBlanca caddy[123825]: {"level":"error","ts":1651669227.2419264,"logger":"tls.issuance.acme.acme_client","msg":"validating authorization","identifier":"metricas.pinayalcachofa.es","problem":{"type":"urn:ietf:params:acme:error:tls","title":"","detail":"156.249.12.173: remote error: tls: internal error","instance":"","subproblems":[]},"order":"https://acme-staging-v02.api.letsencrypt.org/acme/order/53007614/2483555194","attempt":1,"max_attempts":3}
May 04 13:00:28 tucaBlanca caddy[123825]: {"level":"info","ts":1651669228.6962085,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"metricas.pinayalcachofa.es","challenge_type":"http-01","ca":"https://acme-staging-v02.api.letsencrypt.org/directory"}
May 04 13:00:29 tucaBlanca caddy[123825]: {"level":"error","ts":1651669229.8588178,"logger":"tls.issuance.acme.acme_client","msg":"challenge failed","identifier":"metricas.pinayalcachofa.es","challenge_type":"http-01","problem":{"type":"urn:ietf:params:acme:error:tls","title":"","detail":"156.249.12.173: Fetching https://metricas.pinayalcachofa.es/.well-known/acme-challenge/PcHwDS4kpVwVDIMf90Js1N3jKq0OUA3
dT8K8JWsIQuI: remote error: tls: internal error","instance":"","subproblems":[]}}
May 04 13:00:29 tucaBlanca caddy[123825]: {"level":"error","ts":1651669229.8590786,"logger":"tls.issuance.acme.acme_client","msg":"validating authorization","identifier":"metricas.pinayalcachofa.es","prob
lem":{"type":"urn:ietf:params:acme:error:tls","title":"","detail":"156.249.12.173: Fetching https://metricas.pinayalcachofa.es/.well-known/acme-challenge/PcHwDS4kpVwVDIMf90Js1N3jKq0OUA3dT8K8JWsIQuI: remot
e error: tls: internal error","instance":"","subproblems":[]},"order":"https://acme-staging-v02.api.letsencrypt.org/acme/order/53007614/2483555584","attempt":2,"max_attempts":3}
May 04 13:00:29 tucaBlanca caddy[123825]: {"level":"error","ts":1651669229.8593311,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"metricas.pinayalcachofa.es","issuer":"a
cme-v02.api.letsencrypt.org-directory","error":"HTTP 400 urn:ietf:params:acme:error:tls - 156.249.12.173: Fetching https://metricas.pinayalcachofa.es/.well-known/acme-challenge/PcHwDS4kpVwVDIMf90Js1N3jKq0
OUA3dT8K8JWsIQuI: remote error: tls: internal error"}
May 04 13:01:01 tucaBlanca caddy[123825]: {"level":"info","ts":1651669261.5975342,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"metricas.pinayalcachofa.es","chal
lenge_type":"http-01","ca":"https://acme.zerossl.com/v2/DV90"}
5. What I already tried:
I’ve tried to reload the config and wait for a while to avoid rate limiters, I’ve also tried to split the block in 2 like:
tucablanca.narwhal-nominal.ts.net {
encode zstd gzip
reverse_proxy localhost:3000
metricas.pinayalcachofa.es {
encode zstd gzip
reverse_proxy localhost:3000
Same result, certificated is not fetched, previous domain (tucablanca.narwhal-nominal.ts.net) works just fine.
I feel like the issue may be here:
May 04 12:59:20 tucaBlanca caddy[123825]: {"level":"error","ts":1651669160.3862174,"logger":"tls.issuance.acme.acme_client","msg":"challenge failed","identifier":"metricas.pinayalcachofa.es","challenge_type":"tls-alpn-01","problem":{"type":"urn:ietf:params:acme:error:tls","title":"","detail":"156.249.12.173: remote error: tls: internal error","instance":"","subproblems":[]}}
I’m not sure if it’s normal for "title":"" and "subproblems":[] to be empty.
Maybe has something to do with trying to serve a Tailscale domain and a normal domain on the same block ?
Any help is welcome 
Update: now the certificate for the old domain (tucablanca.narwhal-nominal.ts.net) is gone.
May 04 14:19:05 tucaBlanca caddy[125376]: {"level":"debug","ts":1651673945.7146585,"logger":"http.stdlib","msg":"http: TLS handshake error from 100.106.90.42:61450: no certificate available for 'tucablanca.narwhal-nominal.ts.net'"}
And even reverting the Caddyfile to the original state and restarting Caddy won’t get new ones.
May 04 14:20:58 tucaBlanca caddy[125376]: {"level":"info","ts":1651674058.7480574,"msg":"shutting down apps, then terminating","signal":"SIGTERM"}
May 04 14:20:58 tucaBlanca caddy[125376]: {"level":"warn","ts":1651674058.748234,"msg":"exiting; byeee!! 👋","signal":"SIGTERM"}
May 04 14:20:58 tucaBlanca systemd[1]: Stopping Caddy...
May 04 14:20:58 tucaBlanca caddy[125376]: {"level":"info","ts":1651674058.772287,"logger":"tls.cache.maintenance","msg":"stopped background certificate maintenance","cache":"0x4000210770"}
May 04 14:20:58 tucaBlanca caddy[125376]: {"level":"info","ts":1651674058.7942314,"logger":"admin","msg":"stopped previous server","address":"tcp/localhost:2019"}
May 04 14:20:58 tucaBlanca caddy[125376]: {"level":"info","ts":1651674058.7944574,"msg":"shutdown complete","signal":"SIGTERM","exit_code":0}
May 04 14:20:58 tucaBlanca systemd[1]: caddy.service: Deactivated successfully.
May 04 14:20:58 tucaBlanca systemd[1]: Stopped Caddy.
May 04 14:20:58 tucaBlanca systemd[1]: caddy.service: Consumed 1.356s CPU time.
May 04 14:20:58 tucaBlanca systemd[1]: Starting Caddy...
May 04 14:20:59 tucaBlanca caddy[126138]: caddy.HomeDir=/var/lib/caddy
May 04 14:20:59 tucaBlanca caddy[126138]: caddy.AppDataDir=/var/lib/caddy/.local/share/caddy
May 04 14:20:59 tucaBlanca caddy[126138]: caddy.AppConfigDir=/var/lib/caddy/.config/caddy
May 04 14:20:59 tucaBlanca caddy[126138]: caddy.ConfigAutosavePath=/var/lib/caddy/.config/caddy/autosave.json
May 04 14:20:59 tucaBlanca caddy[126138]: caddy.Version=v2.5.0 h1:eRHzZ4l3X6Ag3kUt8nj5IxATprhqKq/wToP7OHlXWA0=
May 04 14:20:59 tucaBlanca caddy[126138]: runtime.GOOS=linux
May 04 14:20:59 tucaBlanca caddy[126138]: runtime.GOARCH=arm64
May 04 14:20:59 tucaBlanca caddy[126138]: runtime.Compiler=gc
May 04 14:20:59 tucaBlanca caddy[126138]: runtime.NumCPU=4
May 04 14:20:59 tucaBlanca caddy[126138]: runtime.GOMAXPROCS=4
May 04 14:20:59 tucaBlanca caddy[126138]: runtime.Version=go1.18.1
May 04 14:20:59 tucaBlanca caddy[126138]: os.Getwd=/
May 04 14:20:59 tucaBlanca caddy[126138]: LANG=C.UTF-8
May 04 14:20:59 tucaBlanca caddy[126138]: PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin
May 04 14:20:59 tucaBlanca caddy[126138]: NOTIFY_SOCKET=/run/systemd/notify
May 04 14:20:59 tucaBlanca caddy[126138]: HOME=/var/lib/caddy
May 04 14:20:59 tucaBlanca caddy[126138]: LOGNAME=caddy
May 04 14:20:59 tucaBlanca caddy[126138]: USER=caddy
May 04 14:20:59 tucaBlanca caddy[126138]: INVOCATION_ID=dd6c23e3a2aa4b5aa1b40a52c7d9d2b4
May 04 14:20:59 tucaBlanca caddy[126138]: JOURNAL_STREAM=8:892963
May 04 14:20:59 tucaBlanca caddy[126138]: SYSTEMD_EXEC_PID=126138
May 04 14:20:59 tucaBlanca caddy[126138]: {"level":"info","ts":1651674059.2444057,"msg":"using provided configuration","config_file":"/etc/caddy/Caddyfile","config_adapter":""}
May 04 14:20:59 tucaBlanca caddy[126138]: {"level":"info","ts":1651674059.2635627,"logger":"admin","msg":"admin endpoint started","address":"tcp/localhost:2019","enforce_origin":false,"origins":["//[::1]:2019","//127.0.0.1:2019","//localhost:2019"]}
May 04 14:20:59 tucaBlanca caddy[126138]: {"level":"info","ts":1651674059.2648993,"logger":"http","msg":"server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS","server_name":"srv0","https_port":443}
May 04 14:20:59 tucaBlanca caddy[126138]: {"level":"info","ts":1651674059.2651174,"logger":"http","msg":"enabling automatic HTTP->HTTPS redirects","server_name":"srv0"}
May 04 14:20:59 tucaBlanca caddy[126138]: {"level":"info","ts":1651674059.2683725,"logger":"tls","msg":"cleaning storage unit","description":"FileStorage:/var/lib/caddy/.local/share/caddy"}
May 04 14:20:59 tucaBlanca caddy[126138]: {"level":"info","ts":1651674059.268594,"logger":"http","msg":"enabling experimental HTTP/3 listener","addr":":443"}
May 04 14:20:59 tucaBlanca caddy[126138]: {"level":"info","ts":1651674059.2686489,"logger":"tls","msg":"finished cleaning storage units"}
May 04 14:20:59 tucaBlanca caddy[126138]: {"level":"debug","ts":1651674059.2705564,"logger":"http","msg":"starting server loop","address":"[::]:443","http3":true,"tls":true}
May 04 14:20:59 tucaBlanca caddy[126138]: {"level":"debug","ts":1651674059.2711685,"logger":"http","msg":"starting server loop","address":"[::]:80","http3":false,"tls":false}
May 04 14:20:59 tucaBlanca caddy[126138]: {"level":"info","ts":1651674059.272643,"msg":"autosaved config (load with --resume flag)","file":"/var/lib/caddy/.config/caddy/autosave.json"}
May 04 14:20:59 tucaBlanca caddy[126138]: {"level":"info","ts":1651674059.2733967,"msg":"serving initial configuration"}
May 04 14:20:59 tucaBlanca systemd[1]: Started Caddy.
May 04 14:20:59 tucaBlanca caddy[126138]: {"level":"info","ts":1651674059.274118,"logger":"tls.cache.maintenance","msg":"started background certificate maintenance","cache":"0x40003b9e30"}
May 04 14:21:10 tucaBlanca caddy[126138]: {"level":"debug","ts":1651674070.5502234,"logger":"admin.api","msg":"received request","method":"GET","host":"localhost:2019","uri":"/metrics","remote_ip":"127.0.
0.1","remote_port":"36214","headers":{"Accept":["application/openmetrics-text; version=0.0.1,text/plain;version=0.0.4;q=0.5,*/*;q=0.1"],"Accept-Encoding":["gzip"],"User-Agent":["Prometheus/2.33.5"],"X-Pro
metheus-Scrape-Timeout-Seconds":["10"]}}
May 04 14:21:21 tucaBlanca caddy[126138]: {"level":"debug","ts":1651674081.0562875,"logger":"tls.handshake","msg":"no matching certificates and no custom selection logic","identifier":"tucablanca.narwhal-
nominal.ts.net"}
May 04 14:21:21 tucaBlanca caddy[126138]: {"level":"debug","ts":1651674081.056424,"logger":"tls.handshake","msg":"no matching certificates and no custom selection logic","identifier":"*.narwhal-nominal.ts
.net"}
May 04 14:21:21 tucaBlanca caddy[126138]: {"level":"debug","ts":1651674081.0564725,"logger":"tls.handshake","msg":"no matching certificates and no custom selection logic","identifier":"*.*.ts.net"}
May 04 14:21:21 tucaBlanca caddy[126138]: {"level":"debug","ts":1651674081.05651,"logger":"tls.handshake","msg":"no matching certificates and no custom selection logic","identifier":"*.*.*.net"}
May 04 14:21:21 tucaBlanca caddy[126138]: {"level":"debug","ts":1651674081.056554,"logger":"tls.handshake","msg":"no matching certificates and no custom selection logic","identifier":"*.*.*.*"}
update 2: now I’m extremely confused
Because of what you mentioned @matt I went to see the Caddy logs for my other server and I found a ton of tls errors from Caddy trying to get a certificate for metrics.pinayalcachofa.es which is not configured in this server 
May 04 08:53:27 azabache caddy[16234]: {"level":"info","ts":1651654407.7590532,"logger":"tls","msg":"cleaning storage unit","description":"FileStorage:/var/lib/caddy/.local/share/caddy"}
May 04 08:53:27 azabache caddy[16234]: {"level":"info","ts":1651654407.7820816,"logger":"tls","msg":"finished cleaning storage units"}
May 04 12:29:43 azabache caddy[16234]: {"level":"error","ts":1651667383.7601256,"logger":"tls.issuance.acme","msg":"looking up info for HTTP challenge","host":"metricas.pinayalcachofa.es","error":"no info
rmation found to solve challenge for identifier: metricas.pinayalcachofa.es"}
May 04 12:29:43 azabache caddy[16234]: {"level":"error","ts":1651667383.761205,"logger":"tls.issuance.acme","msg":"looking up info for HTTP challenge","host":"metricas.pinayalcachofa.es","error":"no infor
mation found to solve challenge for identifier: metricas.pinayalcachofa.es"}
May 04 12:29:43 azabache caddy[16234]: {"level":"error","ts":1651667383.7834108,"logger":"tls.issuance.acme","msg":"looking up info for HTTP challenge","host":"metricas.pinayalcachofa.es","error":"no info
rmation found to solve challenge for identifier: metricas.pinayalcachofa.es"}
May 04 12:29:43 azabache caddy[16234]: {"level":"error","ts":1651667383.7837973,"logger":"tls.issuance.acme","msg":"looking up info for HTTP challenge","host":"metricas.pinayalcachofa.es","error":"no info
rmation found to solve challenge for identifier: metricas.pinayalcachofa.es"}
May 04 12:29:43 azabache caddy[16234]: {"level":"error","ts":1651667383.7927444,"logger":"tls.issuance.acme","msg":"looking up info for HTTP challenge","host":"metricas.pinayalcachofa.es","error":"no info
rmation found to solve challenge for identifier: metricas.pinayalcachofa.es"}
May 04 12:29:43 azabache caddy[16234]: {"level":"error","ts":1651667383.7932332,"logger":"tls.issuance.acme","msg":"looking up info for HTTP challenge","host":"metricas.pinayalcachofa.es","error":"no info
rmation found to solve challenge for identifier: metricas.pinayalcachofa.es"}
May 04 12:29:44 azabache caddy[16234]: {"level":"error","ts":1651667384.0178933,"logger":"tls.issuance.acme","msg":"looking up info for HTTP challenge","host":"metricas.pinayalcachofa.es","error":"no info
rmation found to solve challenge for identifier: metricas.pinayalcachofa.es"}
May 04 12:29:44 azabache caddy[16234]: {"level":"error","ts":1651667384.0182006,"logger":"tls.issuance.acme","msg":"looking up info for HTTP challenge","host":"metricas.pinayalcachofa.es","error":"no info
rmation found to solve challenge for identifier: metricas.pinayalcachofa.es"}
May 04 12:29:46 azabache caddy[16234]: {"level":"error","ts":1651667386.8850777,"logger":"tls","msg":"tls-alpn challenge","server_name":"metricas.pinayalcachofa.es","error":"no information found to solve
challenge for identifier: metricas.pinayalcachofa.es"}
May 04 12:29:46 azabache caddy[16234]: {"level":"error","ts":1651667386.9079728,"logger":"tls","msg":"tls-alpn challenge","server_name":"metricas.pinayalcachofa.es","error":"no information found to solve
challenge for identifier: metricas.pinayalcachofa.es"}
May 04 12:29:46 azabache caddy[16234]: {"level":"error","ts":1651667386.9692585,"logger":"tls","msg":"tls-alpn challenge","server_name":"metricas.pinayalcachofa.es","error":"no information found to solve
challenge for identifier: metricas.pinayalcachofa.es"}
May 04 12:29:47 azabache caddy[16234]: {"level":"error","ts":1651667387.2045543,"logger":"tls","msg":"tls-alpn challenge","server_name":"metricas.pinayalcachofa.es","error":"no information found to solve
challenge for identifier: metricas.pinayalcachofa.es"}
May 04 12:30:47 azabache caddy[16234]: {"level":"error","ts":1651667447.7451453,"logger":"tls.issuance.acme","msg":"looking up info for HTTP challenge","host":"metricas.pinayalcachofa.es","error":"no info
rmation found to solve challenge for identifier: metricas.pinayalcachofa.es"}
May 04 12:30:47 azabache caddy[16234]: {"level":"error","ts":1651667447.7454636,"logger":"tls.issuance.acme","msg":"looking up info for HTTP challenge","host":"metricas.pinayalcachofa.es","error":"no info
rmation found to solve challenge for identifier: metricas.pinayalcachofa.es"}
May 04 12:30:56 azabache caddy[16234]: {"level":"error","ts":1651667456.8117285,"logger":"tls","msg":"tls-alpn challenge","server_name":"metricas.pinayalcachofa.es","error":"no information found to solve
challenge for identifier: metricas.pinayalcachofa.es"}
May 04 12:30:56 azabache caddy[16234]: {"level":"error","ts":1651667456.825632,"logger":"tls","msg":"tls-alpn challenge","server_name":"metricas.pinayalcachofa.es","error":"no information found to solve c
hallenge for identifier: metricas.pinayalcachofa.es"}
May 04 12:30:57 azabache caddy[16234]: {"level":"error","ts":1651667457.009415,"logger":"tls","msg":"tls-alpn challenge","server_name":"metricas.pinayalcachofa.es","error":"no information found to solve c
hallenge for identifier: metricas.pinayalcachofa.es"}
May 04 12:30:59 azabache caddy[16234]: {"level":"error","ts":1651667459.113516,"logger":"tls.issuance.acme","msg":"looking up info for HTTP challenge","host":"metricas.pinayalcachofa.es","error":"no infor
mation found to solve challenge for identifier: metricas.pinayalcachofa.es"}
May 04 12:30:59 azabache caddy[16234]: {"level":"error","ts":1651667459.1140215,"logger":"tls.issuance.acme","msg":"looking up info for HTTP challenge","host":"metricas.pinayalcachofa.es","error":"no info
rmation found to solve challenge for identifier: metricas.pinayalcachofa.es"}
May 04 12:30:59 azabache caddy[16234]: {"level":"error","ts":1651667459.1449306,"logger":"tls.issuance.acme","msg":"looking up info for HTTP challenge","host":"metricas.pinayalcachofa.es","error":"no info
rmation found to solve challenge for identifier: metricas.pinayalcachofa.es"}
May 04 12:30:59 azabache caddy[16234]: {"level":"error","ts":1651667459.1455016,"logger":"tls.issuance.acme","msg":"looking up info for HTTP challenge","host":"metricas.pinayalcachofa.es","error":"no info
rmation found to solve challenge for identifier: metricas.pinayalcachofa.es"}
May 04 12:30:59 azabache caddy[16234]: {"level":"error","ts":1651667459.2091477,"logger":"tls.issuance.acme","msg":"looking up info for HTTP challenge","host":"metricas.pinayalcachofa.es","error":"no info
rmation found to solve challenge for identifier: metricas.pinayalcachofa.es"}
am I missing something here? is this normal?
My bad, indeed both :80 and :443 are being forwarded to the other server, so I just reverse_proxy from there and now it’s working just fine. Thanks for the pointers!
Anyway, now I wonder how the Tailscale domain managed to get the certificate in the first place… I always had the 2 servers and I’ve never touched the network configuration
sorry to open this again, but now the my main server (the one :80 and :443 are forwarded to) stop having a certificate for my Tailscale domain, but other 3 domains I’m serving from the the same Caddy instance are working just fine.
May 06 13:40:14 azabache caddy[328148]: {"level":"debug","ts":1651844414.714738,"logger":"tls.handshake","msg":"no matching certificates and no custom selection logic","identifier":"azabache.narwhal-nominal.ts.net"}
May 06 13:40:14 azabache caddy[328148]: {"level":"debug","ts":1651844414.7148476,"logger":"tls.handshake","msg":"no matching certificates and no custom selection logic","identifier":"*.narwhal-nominal.ts.net"}
May 06 13:40:14 azabache caddy[328148]: {"level":"debug","ts":1651844414.7149622,"logger":"tls.handshake","msg":"no matching certificates and no custom selection logic","identifier":"*.*.ts.net"}
May 06 13:40:14 azabache caddy[328148]: {"level":"debug","ts":1651844414.7150018,"logger":"tls.handshake","msg":"no matching certificates and no custom selection logic","identifier":"*.*.*.net"}
May 06 13:40:14 azabache caddy[328148]: {"level":"debug","ts":1651844414.7150383,"logger":"tls.handshake","msg":"no matching certificates and no custom selection logic","identifier":"*.*.*.*"}
May 06 13:40:14 azabache caddy[328148]: {"level":"debug","ts":1651844414.715091,"logger":"tls.handshake","msg":"no certificate matching TLS ClientHello","server_name":"azabache.narwhal-nominal.ts.net","remote":"100.106.90.42:50309","identifier":"azabache.narwhal-nominal.ts.net","cipher_suites":[4865,4867,4866,49195,49199,52393,52392,49196,49200,49162,49161,49171,49172,156,157,47,53],"cert_cache_fill":0.0003,"load_if_necessary":true,"obtain_if_necessary":true,"on_demand":false}
May 06 13:40:14 azabache caddy[328148]: {"level":"debug","ts":1651844414.7153354,"logger":"http.stdlib","msg":"http: TLS handshake error from 100.106.90.42:50309: no certificate available for 'azabache.narwhal-nominal.ts.net'"}
Update to include Caddyfile
debug
servers {
protocol {
experimental_http3
azabache.narwhal-nominal.ts.net {
encode zstd gzip
rewrite * /admin{uri}
reverse_proxy localhost:1080
log {
output file /var/log/caddy/pihole.log
chat.pinayalcachofa.es {
encode zstd gzip
reverse_proxy localhost:3000
log {
output file /var/log/caddy/rocket-chat.log
manual.pinayalcachofa.es {
encode zstd gzip
reverse_proxy unix//var/discourse/shared/standalone/nginx.http.sock
log {
output file /var/log/caddy/discourse.log
metricas.pinayalcachofa.es {
encode zstd gzip
reverse_proxy 192.168.10.65:3000
log {
output file /var/log/caddy/grafana.log
Update 2:
after being stuck on this for a while I’ve decide to open a new topic, as it’s a different issue: No matching certificate for Tailscale domain
