Errors Directive causes some problems when in global scope with active domain TLS

[Starz0r]

Caddy: 0.11.0

Description

It seems when I attempt to log errors with the errors directive in global scope while a domain is active with TLS Caddy decides to continue pinging Let's Encrypt for more certificates (probably for 0.0.0.0, no way to tell since Let's Encrypt won't give us any info and Caddy doesn't have a way to log this either). This bug wouldn't be so much of an issue if Caddy just attempt to grab the certs for whatever invalid domain, then just failed silently, instead of crashing the whole process. Instead in a Dockerized environment where I have it set to autorestart, it just continues running in a loop of failure, keeping my site inaccessible and offline.

Caddyfile

sub.domain.tld {
     tls email@domain.tld

     proxy / localhost:9001 {
          transparent
          websocket
     }
}

errors stdout

log stdout

The Caddyfile it's self is rather inconspicuous, when running Caddy the desired certificates are grabbed (they can be found inside the folder where certs are stored), but then Caddy continues to ping the Let's Encrypt servers, for some reason, getting me Rate Limited in the process.

Starting Caddy

The manner and method in which I executed Caddy doesn't matter as I've managed to reproduce this same bug inside two different Windows and Linux based machines, both Locally and Remote.

Expected Behavior

The relevant certificates are gathered from Let's Encrypt and Caddy does not attempt to register a certificate for a busted or broken domain/tld pair that isn't even listed in the Caddyfile.

Logs

https://paste.rs/qoe

Minimal Reproduction

Take the Caddyfile in this post and attach an actual domain and email to it, remove the Proxy Directive if necessary. Run Caddy in any method that has it find this specific configuration and watch it mysteriously continue pinging Let's Encrypt.

[francislavoie]

I think what you're trying to do is not supported. See https://caddyserver.com/docs/caddyfile

If you use the bracketed syntax for site blocks, then I don't think you can use global directives. What I suggest you do is to make use of snippets (see https://caddyserver.com/docs/caddyfile#snippets) to make a reusable block of directives you can reference for each site. That way it'll effectively be global.

[elcore]

Correct!

"A Caddyfile with more than one entry must enclose each definition in curly braces { }"

Directives are considered as definitions.
Currently, global directives are not supported.

[Starz0r]

Really odd that this wouldn't just cause a parsing issue instead of behavior that causes Let's Encrypt to be pinged multiple times. Nonetheless, thank you for pointing out the flaws in the Caddyfile. I have since then, fixed the directive being out of scope, and the issue has been resolved.

[mholt]

Really odd that this wouldn't just cause a parsing issue instead of behavior that causes Let's Encrypt to be pinged multiple times.

Perhaps in this case it should be. But what if your Caddyfile was flipped around:

errors stdout

log stdout

sub.domain.tld {
     tls email@domain.tld

     proxy / localhost:9001 {
          transparent
          websocket
     }
}

To Caddy, this looks like the hostnames to serve are errors and stdout and the rest of the lines are directives.

I'm not sure a good way to consistently and reliably detect these inconsistencies in Caddyfile construction as parse errors regardless of the order of the lines...