可以先看一下这篇帖子,适合我这种踩背阅读

https://caddy.community/t/letsencrypt-error-when-caddy-is-behind-cloudflare/14100/3

在建好了Wordpress的博客之后,想折腾一下mapbox,需要用到一个子域名map.umiarchive.moe以方便访问地图静态网页,在运行Caddy的过程中遇到了以下问题。

1.

2025/08/01 11:35:55.890"ERROR tls.obtain could not get certificate from issuer {"identifier": "map.umiarchive.moe", "issuer": "acme-v02.api.letsencrypt.org-directory", "error": "HTTP 429 urn:ietf:params:acme:error:rateLimited - too many failed authorizations (5) for \"map.umiarchive.moe\" in the last 1h0m0s, retry after 2025-08-01 11:43:40 UTC: see https://letsencrypt.org/docs/rate-limits/#authorization-failures-per-hostname-per-account"}"

证书质询失败太多次了稍后再试。

2.

报错1

2025/08/01 12:25:54.186 ERROR validating authorization {"problem": {"type": "urn:ietf:params:acme:error:malformed", "title": "", "detail": "No such authorization", "instance": "", "subproblems": null}, "order": "https://acme-
v02.api.letsencrypt.org/acme/order/2564751241/413253639151", "attempt": 1, "max_attempts": 3}
…………(后面还有好长的)

报错2

2025/08/01 12:25:54.189 ERROR tls.obtain could not get certificate from issuer {"identifier": "map.umiarchive.moe", "issuer": "acme-v02.api.letsencrypt.org-directory", "error": "HTTP 404 urn:ietf:params:acme:error:malformed - No such authorization"}

报错3

2025/08/01 12:25:54.190 ERROR tls.obtain will retry {"error": "[map.umiarchive.moe] Obtain: [map.umiarchive.moe] solving challenge: getting authorization at https://acme-v02.api.letsencrypt.org/acme/authz/2564751241/562293931971: attempt 1: https://acme-v02.api.letsencrypt.org/acme/authz/2564751241/562293931971: HTTP 404 urn:ietf:params:acme:error:malformed - No such authorization (ca=https://acme-v02.api.letsencrypt.org/directory)", "attempt": 1, "retrying_in": 60, "elapsed": 0.255793462, "max_duration": 2592000}

这些都是质询(Challenge)失败的报错

解决尝试

a.ufw中把80端口打开(?)不确定是否有效但是这么做了。。。

ufw allow 80

b.将Cloudflare的SSL/TLS加密模式改成 灵活(Flexible)

然后你会发现再访问曾经正常的网站会报错

“网站umiarchive.moe将你重定向次数过多”

此时不用管它 把Caddyfile改好

map.umiarchive.moe:443 {
        file_server
        root * /mapbox
}

然后再重启caddy

一切正常的话 你不会在日志里看见ERROR而是INFO和一些WARN

之后 再把SSL/TLS加密模式改成「完全」这样问题就解决了并且Caddy理应就可以实现自动续签了。

另外,在Caddyfile里添加 "tls internal"可以使用自签名(?大概是这么叫,而不是让let's encrypt签发证书) 不过访问的时候会显示网站不安全,可用于临时测试。

map.umiarchive.moe:443 {
        file_server
        tls internal
        root * /mapbox
}

此作者没有提供个人介绍。
最后更新于 2025-08-02