Hi @DavidFW1960,
I wasn’t sure myself, so I quickly checked. Yes, secrets are supported.
I used them the following way:
env_vars:
- name: api_key
value: '!secret api_key'
You can always check the env_vars and their values inside the logs, during the addon-startup.
So it’s not working… surprise…
Caddyfile:
{ email my@email
domain.com:port {
tls {
dns lego_deprecated namecheap
}
header / {
Strict-Transport-Security "max-age=31536000; includeSubdomains"
X-XSS-Protection "1; mode=block"
X-Content-Type-Options "nosniff"
X-Frame-Options "SAMEORIGIN"
Referrer-Policy "same-origin"
-Server
}
reverse_proxy / localhost:8123 {
}
sub.domain.com:port {
tls {
dns lego_deprecated namecheap
}
header / {
Strict-Transport-Security "max-age=31536000; includeSubdomains"
X-XSS-Protection "1; mode=block"
X-Content-Type-Options "nosniff"
X-Frame-Options "SAMEORIGIN"
Referrer-Policy "same-origin"
-Server
}
reverse_proxy / 10.90.11.150:8006 {
websocket
transparent
header_upstream Authorization {>Authorization}
}
}
I had to remove this in the reverse_proxy else it would not work at all
websocket
transparent
header_upstream Authorization {>Authorization}
Log:
2020/06/26 11:31:01 [INFO][domain.com] Obtain: Lock acquired; proceeding...
2020/06/26 11:31:01 [INFO][sub.domain.com] Obtain: Lock acquired; proceeding...
2020/06/26 11:31:02 [INFO] [domain.com] acme: Obtaining bundled SAN certificate given a CSR
2020/06/26 11:31:02 [INFO][domain.com] Waiting on rate limiter...
2020/06/26 11:31:02 [INFO][domain.com] Done waiting
2020/06/26 11:31:02 [INFO][sub.domain.com] Waiting on rate limiter...
2020/06/26 11:31:02 [INFO][sub.domain.com] Done waiting
2020/06/26 11:31:02 [INFO] [sub.domain.com] acme: Obtaining bundled SAN certificate given a CSR
2020/06/26 11:31:03 [INFO] [domain.com] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/5480097912
2020/06/26 11:31:03 [INFO] [domain.com] acme: Could not find solver for: tls-alpn-01
2020/06/26 11:31:03 [INFO] [domain.com] acme: Could not find solver for: http-01
2020/06/26 11:31:03 [INFO] [domain.com] acme: use dns-01 solver
2020/06/26 11:31:03 [INFO] [domain.com] acme: Preparing to solve DNS-01
2020/06/26 11:31:04 [INFO] [sub.domain.com] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/5480098140
2020/06/26 11:31:04 [INFO] [sub.domain.com] acme: Could not find solver for: tls-alpn-01
2020/06/26 11:31:04 [INFO] [sub.domain.com] acme: Could not find solver for: http-01
2020/06/26 11:31:04 [INFO] [sub.domain.com] acme: use dns-01 solver
2020/06/26 11:31:04 [INFO] [sub.domain.com] acme: Preparing to solve DNS-01
2020/06/26 11:31:05 [INFO] [domain.com] acme: Trying to solve DNS-01
2020/06/26 11:31:05 [INFO] [domain.com] acme: Checking DNS record propagation using [172.30.32.3:53]
2020/06/26 11:31:05 [INFO] Wait for propagation [timeout: 1m0s, interval: 2s]
2020/06/26 11:31:05 [INFO] [domain.com] acme: Waiting for DNS record propagation.
2020/06/26 11:31:05 [INFO] [sub.domain.com] acme: Trying to solve DNS-01
2020/06/26 11:31:05 [INFO] [sub.domain.com] acme: Checking DNS record propagation using [172.30.32.3:53]
2020/06/26 11:31:05 [INFO] Wait for propagation [timeout: 1m0s, interval: 2s]
2020/06/26 11:31:05 [INFO] [sub.domain.com] acme: Waiting for DNS record propagation.
2020/06/26 11:31:07 [INFO] [domain.com] acme: Waiting for DNS record propagation.
…
2020/06/26 11:32:04 [INFO] [domain.com] acme: Waiting for DNS record propagation.
2020/06/26 11:32:04 [INFO] [sub.domain.com] acme: Waiting for DNS record propagation.
2020/06/26 11:32:06 [INFO] [domain.com] acme: Cleaning DNS-01 challenge
2020/06/26 11:32:06 [INFO] [sub.domain.com] acme: Cleaning DNS-01 challenge
2020/06/26 11:32:06 [INFO] Deactivating auth: https://acme-v02.api.letsencrypt.org/acme/authz-v3/5480097912
2020/06/26 11:32:06 [ERROR] error: one or more domains had a problem:
[domain.com] time limit exceeded: last error: NS dns2.registrar-servers.com. did not return the expected TXT record [fqdn: domain.com., value: brtk6ZaGnQXkSqfYIr3yKVedgm3y1K7GSvbLp0bWobQ]:
(challenge=dns-01 remaining=[])
2020/06/26 11:32:07 [INFO] Deactivating auth: https://acme-v02.api.letsencrypt.org/acme/authz-v3/5480098140
2020/06/26 11:32:07 [ERROR] error: one or more domains had a problem:
[sub.domain.com] time limit exceeded: last error: NS dns2.registrar-servers.com. did not return the expected TXT record [fqdn: domain.com., value: dbfIcwZ3fvfHjgrAU0NwX5_Ec3Cs942ibJZ9F00Nw5k]:
(challenge=dns-01 remaining=[])
2020/06/26 11:32:08 [ERROR] attempt 1: [domain.com] Obtain: [domain.com] error: one or more domains had a problem:
[domain.com] time limit exceeded: last error: NS dns2.registrar-servers.com. did not return the expected TXT record [fqdn: domain.com., value: brtk6ZaGnQXkSqfYIr3yKVedgm3y1K7GSvbLp0bWobQ]:
- retrying in 1m0s (1m6.86601971s/720h0m0s elapsed)...
2020/06/26 11:32:09 [ERROR] attempt 1: [sub.domain.com] Obtain: [sub.domain.com] error: one or more domains had a problem:
[sub.domain.com] time limit exceeded: last error: NS dns2.registrar-servers.com. did not return the expected TXT record [fqdn: domain.com., value: dbfIcwZ3fvfHjgrAU0NwX5_Ec3Cs942ibJZ9F00Nw5k]:
- retrying in 1m0s (1m7.436515271s/720h0m0s elapsed)...
til is set to 1 minute on the domain.
I can see Namecheap is getting the txt record. I have forwarded the port on my router and allowed loopback for the domain - basically everything is identical to how my Caddy1 domain is setup.
also log here… had to redo since scrolling up
INFO: Found custom Caddy
v2.0.0 h1:pQSaIJGFluFvu8KDGDODV8u4/QRED/OPyIR+MWYYse8=
INFO: Caddyfile found
{"level":"info","ts":1593135833.0462363,"msg":"using provided configuration","config_file":"/share/caddy/Caddyfile","config_adapter":""}
{"level":"info","ts":1593135833.0491917,"logger":"admin","msg":"admin endpoint started","address":"tcp/localhost:2019","enforce_origin":false,"origins":["localhost:2019","[::1]:2019","127.0.0.1:2019"]}
2020/06/26 11:43:53 [INFO][cache:0xc0004ebc20] Started certificate maintenance routine
{"level":"info","ts":1593135834.0106363,"logger":"http","msg":"enabling automatic HTTP->HTTPS redirects","server_name":"srv0"}
{"level":"info","ts":1593135834.011336,"logger":"tls","msg":"cleaned up storage units"}
{"level":"info","ts":1593135834.0116677,"logger":"http","msg":"enabling automatic TLS certificate management","domains":["sub.domain.com","domain.com"]}
{"level":"info","ts":1593135834.0119517,"msg":"autosaved config","file":"/data/caddy/autosave.json"}
{"level":"info","ts":1593135834.011969,"msg":"serving initial configuration"}
{"level":"info","ts":1593135834.0120137,"logger":"watcher","msg":"watching config file for changes","config_file":"/share/caddy/Caddyfile"}
2020/06/26 11:43:54 [INFO][sub.domain.com] Obtain certificate; acquiring lock...
2020/06/26 11:43:54 [INFO][FileStorage:/ssl/caddy] Lock for 'cert_acme_sub.domain.com_acme-v02.api.letsencrypt.org-directory' is stale (created: 2020-06-26 11:31:01.913017368 +1000 AEST, last update: 2020-06-26 11:32:36.926846976 +1000 AEST); removing then retrying: /ssl/caddy/locks/cert_acme_sub.domain.com_acme-v02.api.letsencrypt.org-directory.lock
2020/06/26 11:43:54 [INFO][domain.com] Obtain certificate; acquiring lock...
2020/06/26 11:43:54 [INFO][FileStorage:/ssl/caddy] Lock for 'cert_acme_domain.com_acme-v02.api.letsencrypt.org-directory' is stale (created: 2020-06-26 11:31:01.912995905 +1000 AEST, last update: 2020-06-26 11:32:36.926884598 +1000 AEST); removing then retrying: /ssl/caddy/locks/cert_acme_domain.com_acme-v02.api.letsencrypt.org-directory.lock
2020/06/26 11:43:54 [INFO][sub.domain.com] Obtain: Lock acquired; proceeding...
2020/06/26 11:43:54 [INFO][domain.com] Obtain: Lock acquired; proceeding...
2020/06/26 11:43:54 [INFO][domain.com] Waiting on rate limiter...
2020/06/26 11:43:54 [INFO][domain.com] Done waiting
2020/06/26 11:43:54 [INFO] [domain.com] acme: Obtaining bundled SAN certificate given a CSR
2020/06/26 11:43:54 [INFO] [sub.domain.com] acme: Obtaining bundled SAN certificate given a CSR
2020/06/26 11:43:54 [INFO][sub.domain.com] Waiting on rate limiter...
2020/06/26 11:43:54 [INFO][sub.domain.com] Done waiting
2020/06/26 11:43:55 [INFO] [domain.com] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/5480266595
2020/06/26 11:43:55 [INFO] [domain.com] acme: Could not find solver for: tls-alpn-01
2020/06/26 11:43:55 [INFO] [domain.com] acme: Could not find solver for: http-01
2020/06/26 11:43:55 [INFO] [domain.com] acme: use dns-01 solver
2020/06/26 11:43:55 [INFO] [domain.com] acme: Preparing to solve DNS-01
2020/06/26 11:43:56 [INFO] [sub.domain.com] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/5480266661
2020/06/26 11:43:56 [INFO] [sub.domain.com] acme: Could not find solver for: tls-alpn-01
2020/06/26 11:43:56 [INFO] [sub.domain.com] acme: Could not find solver for: http-01
2020/06/26 11:43:56 [INFO] [sub.domain.com] acme: use dns-01 solver
2020/06/26 11:43:56 [INFO] [sub.domain.com] acme: Preparing to solve DNS-01
2020/06/26 11:43:57 [INFO] [domain.com] acme: Trying to solve DNS-01
2020/06/26 11:43:57 [INFO] [domain.com] acme: Checking DNS record propagation using [172.30.32.3:53]
2020/06/26 11:43:57 [INFO] Wait for propagation [timeout: 1m0s, interval: 2s]
2020/06/26 11:43:57 [INFO] [domain.com] acme: Waiting for DNS record propagation.
2020/06/26 11:43:57 [INFO] [sub.domain.com] acme: Trying to solve DNS-01
2020/06/26 11:43:57 [INFO] [sub.domain.com] acme: Checking DNS record propagation using [172.30.32.3:53]
2020/06/26 11:43:57 [INFO] Wait for propagation [timeout: 1m0s, interval: 2s]
I just tried to update the addon (I built the new binary)
Error:
20-06-27 03:09:31 ERROR (SyncWorker_6) [supervisor.docker.interface] Can't install berichta/caddy-2-amd64:0.0.3 -> 404 Client Error: Not Found ("manifest for berichta/caddy-2-amd64:0.0.3 not found: manifest unknown: manifest unknown").
Thanks for the note.
The build for the amd64 image failed for whatever reason. I am rebuilding and uploading the image right now.
Can you try again?
I can but it won’t make any difference.
I built my own docker container today and it fails with same errors I reported above yesterday
Hi @DavidFW1960,
It seems your problem is related to your Caddyfile config.
I had a quick look at your Caddyfile and found several (outdated) commands. Following the caddy documentation I tried to clean up your file, also removed some commands which are no longer necessary.
My attempt would look more like this:
{
email my@email
}
domain.com:port {
tls {
dns lego_deprecated namecheap
}
header {
Strict-Transport-Security "max-age=31536000; includeSubdomains"
X-XSS-Protection "1; mode=block"
X-Content-Type-Options "nosniff"
X-Frame-Options "SAMEORIGIN"
Referrer-Policy "same-origin"
-Server
}
reverse_proxy localhost:8123
}
sub.domain.com:port {
tls {
dns lego_deprecated namecheap
}
header {
Strict-Transport-Security "max-age=31536000; includeSubdomains"
X-XSS-Protection "1; mode=block"
X-Content-Type-Options "nosniff"
X-Frame-Options "SAMEORIGIN"
Referrer-Policy "same-origin"
-Server
}
reverse_proxy 10.90.11.150:8006 {
header_up Authorization {>Authorization}
}
}
Note: The above example is just my attempt of fixing your Caddyfile. Please check each command and compare with the Caddy documentation!
For further help, please reach out to Caddy developers, or the Caddy forums, as it extends the support I can deliver.
Yeah that is identical to my Caddyfile now… I do have an open thread over there.
Thing is if there are errors in the Caddyfile you get errors off the bat before it tries to get the certificates. It is attempting to get the certs and I can see Caddy creating the text record at Namecheap - it’s just not getting a response back. I suspect the lego-deprecated isn’t working correctly.
Have you tried using the lego-deprecated plugin? (Even for duckdns?) Must say I’m surprised you didn’t just build it with that anyway…
Instead of reverse_proxy / localhost:8123 do reverse_proxy /* localhost:8123.
You’re welcome.
Actually I was using reverse_proxy localhost:8123 which seems compliant with the docs. Reverse proxy quick-start — Caddy Documentation
In any case the issue is the SSL certificate isn’t being obtained.
My home assistant was accessible via caddy v1 using ‘/’ and didn’t work with caddy v2 until i changed it to ‘/*’
Hi guys,
Have any of you managed to perform access logging to a file? If so, can you share your Caddyfile?
log {
output stdout
}
This works, I can find the access log under the addon->log. But I would prefer to log to a file. I tried this, but no file is generated
log {
output file access.log {
roll_size 10MiB
roll_keep 10
roll_keep_for 2160h
}
}
BR,
Jorgensen
Hi @Jorgensen,
You could try and define a full path instead of a filename.
log {
output file /share/caddy/access.log {
roll_size 10MiB
roll_keep 10
roll_keep_for 2160h
}
}
Update
The above example won’t work in my example, as the addon has no rights to write anything inside the ‘share’ folder.
At this moment, the addon has only write rights for the SSL folder. So, for testing purposes, try the following:
log {
output file /ssl/caddy/access.log {
roll_size 10MiB
roll_keep 10
roll_keep_for 2160h
}
}
Let me know if that works. When needed I can add write rights to the share folder. For the moment the addon has no such rights because they were not neaded and I wanted to keep the impact on the system as small as possible. But things may change. 
Has the addon been updated for caddy 2.3 yet?
Version 0.1.0, which is available for a week or so, has Caddy 2.3 included.
Thanks, that path works for logging.
I apologize in advance for my english. I use translator.
On a clean Debian GNU / Linux 10 (buster) system, I install an add-on, add a repository, click the install button and get an error
404 Client Error for http+docker://localhost/v1.40/images/create?tag=0.1.0&fromImage=berichta%2Fcaddy-2-amd64: Not Found ("manifest for berichta/caddy-2-amd64:0.1.0 not found: manifest unknown: manifest unknown")
Help solve the problem.
is your disk full? that is often what a 404 error indicates
There is enough disk space. But yesterday, after another reinstallation of hass.io, we managed to install Caddy 2. I don’t know how it happened.
Update 3: when I use https://github.com/einschmidt/hassio-addons-dev then Caddy 2 Edge does install…
Update 2: looks like this line in config.json is not correct: "image": "berichta/caddy-2-{arch}"
Update: I tried fixing the below meantioned issue via a forked and updated repo but the error is still there:
404 Client Error for http+docker://localhost/v1.40/images/create?tag=0.1.0&fromImage=berichta%2Fcaddy-2-amd64: Not Found ("manifest for berichta/caddy-2-amd64:0.1.0 not found: manifest unknown: manifest unknown")
I’m having the same problem, I noticed the github has changed to https://github.com/einschmidt/hassio-addons
See also the issue that is created on this gitthub.
@berichta Please fix the links to your new github, in your new github (repository.json and config.json files). And please fix the first post as well.