Caddy did not refresh certificate automatically

Hi, I’m using docker to self-host Baserow. I’m pretty inexperienced in it, so I’d be really grateful to get some help here.

My whole config consists of an ubuntu machine running Baserow and n8n, each one using docker.

When installing them both on the same machine, I ran into some conflicts because of using Caddy to expose them both with SSL enabled. The only way I managed to run them at the same time, was by using two Caddys on different ports.

My final configuration ended up being:

  • Running Caddy on the main machine, without a container, pointing to port 443.
  • n8n’s SSL pointing to port 443
  • n8n’s http running on port 80
  • Running Baserow, with the preconfigured Caddy that comes in Baserow’s container, with SSL on port 4443, and port 8080 for http.

Here’s the command I’m using to run baserow:

docker run -e BASEROW_PUBLIC_URL=https://<website_url>:4443 \
-e BASEROW_CADDY_ADDRESSES=https://<website_url> \
--name baserow \
-d \
--restart unless-stopped \
-v baserow_data:/baserow/data \
-p 8080:80 \
-p 4443:443 \

Some of the errors I’m getting from caddy from inside the Baserow’s container:

 [CADDY][2023-03-16 13:40:40] {"level":"error","ts":1678974039.0985837,"logger":"tls.issuance.acme.acme_client","msg":"validating authorization","identifier":"REDACTED","problem":{"type":"urn:ietf:params:acme:error:tls","title":"","detail":" remote error: tls: internal error","instance":"","subproblems":[]},"order":"","attempt":2,"max_attempts":3} [CADDY][2023-03-16 13:40:40] {"level":"error","ts":1678974040.3031187,"logger":"tls.renew","msg":"could not get certificate from issuer","identifier":"REDACTED","issuer":"","error":"[REDACTED] solving challenges: REDACTED: no solvers available for remaining challenges (configured=[http-01 tls-alpn-01] offered=[http-01 dns-01 tls-alpn-01] remaining=[dns-01]) (order= (ca="} [CADDY][2023-03-16 13:40:41] {"level":"warn","ts":1678974040.303319,"logger":"tls.issuance.zerossl","msg":"missing email address for ZeroSSL; it is strongly recommended to set one for next time"} [CADDY][2023-03-16 13:40:42] {"level":"info","ts":1678974041.0191596,"logger":"tls.issuance.zerossl","msg":"generated EAB credentials","key_id":"XZ1tOcunKGzJ5geEey2bzg"} [CADDY][2023-03-16 13:40:48] {"level":"info","ts":1678974042.3053575,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"REDACTED","challenge_type":"http-01","ca":""} [CADDY][2023-03-16 13:40:48] {"level":"error","ts":1678974048.0801446,"logger":"tls.issuance.acme.acme_client","msg":"challenge failed","identifier":"REDACTED","challenge_type":"http-01","problem":{"type":"","title":"","detail":"","instance":"","subproblems":[]}}

Hi @felizolinha, I’m sorry to hear that you’re having problems with the certificate renewal. It seems like this is due to the alternative port that Baserow is exposed to. Caddy uses Let’s Encrypt to issue an SSL certificate. Let’s Encrypt needs to verify that you own the domain, and they do that by running a challenge. This challenge is basically making an HTTP request to your server and confirming that some temporary files, that Let’s Encrypt generated, are present. According to this topic in the community of Caddy, it’s not possible to change the external ports (Is it possible to do the challenge with a different port? - Help - Caddy Community).

What you could do it run n8n and Baserow on subdomains. If you haven’t already, you must get a domain, for this example, I’ll be using Then you can run n8n HTTP on port 81, and Baserow HTTP on port 82 for example. Of course, you can choose the ports. Those ports don’t have to be publicly exposed to the internet. Then you need to create two subdomains, and Last, you need to install a web server that proxies the traffic of to and to

Apart from Baserow running on Caddy in Baserow, you can install Caddy on your server as well, and make that work as a proxy. The benefit is that it can get an SSL certificate for you automatically. You probably need to have a caddy config file to make it work, but a basic example for one domain can be found here Reverse proxy quick-start — Caddy Documentation.

I hope that helps!