Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Caddy 2.11.1: socket activation problems with ACME #7525

New issue
New issue
Open
Open
Caddy 2.11.1: socket activation problems with ACME#7525
@TNorthover

Description

@TNorthover
TNorthover
opened on Feb 25, 2026

Issue Details

Since updating to 2.11, the ACME path seems to have problems with socket activation. The (slightly sanitized) error log is:

Feb 25 06:36:14 caddy caddy[1037]: {"level":"info","ts":1772001374.5532987,"logger":"tls.obtain","msg":"obtaining certificate","identifier":"XYZ.mydomain.com"}
Feb 25 06:36:14 caddy caddy[1037]: {"level":"info","ts":1772001374.5535624,"logger":"tls.issuance.acme","msg":"waiting on internal rate limiter","identifiers":["XYZ.mydomain.com"],"ca":"https://acme-v02.api.letsencrypt.org/directory","account":"email@address"}
Feb 25 06:36:14 caddy caddy[1037]: {"level":"info","ts":1772001374.5535676,"logger":"tls.issuance.acme","msg":"done waiting on internal rate limiter","identifiers":["XYZ.mydomain.com"],"ca":"https://acme-v02.api.letsencrypt.org/directory","account":"email@address"}
Feb 25 06:36:15 caddy caddy[1037]: {"level":"info","ts":1772001375.363842,"msg":"trying to solve challenge","identifier":"XYZ.mydomain.com","challenge_type":"http-01","ca":"https://acme-v02.api.letsencrypt.org/directory"}
Feb 25 06:36:15 caddy caddy[1037]: {"level":"error","ts":1772001375.644645,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"XYZ.mydomain.com","issuer":"acme-v02.api.letsencrypt.org-directory","error":"[XYZ.mydomain.com] solving challenges: presenting for challenge: presenting with embedded solver: could not start listener for challenge server at fd/4:80: listen tcp: lookup fd/4: no such host (order=https://acme-v02.api.letsencrypt.org/acme/order/SENSITIVE) (ca=https://acme-v02.api.letsencrypt.org/directory)"}

which suggests the Caddyfile bind argument of fd/4 is making its way to ACME library and being fed to an important DNS query.

A reasonably minimal Caddyfile I can use to reproduce the issue is:

{
        auto_https disable_redirects
	default_bind fd/4 {
                protocols h1 h2
        }
        acme_ca https://acme-staging-v02.api.letsencrypt.org/directory
}

http://
        bind fd/3 {
                protocols h1
        }
        redir https://{host}{uri} 308
}

wibble.mydomain.com {
	respond "Hello"
}

In this scheme I'm using systemd+Podman to feed port 80 in as fd/3 and port 443 as fd/4.

Assistance Disclosure

No response

If AI was used, describe the extent to which it was used.

No response

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions