Wildcard domain throttled block valid definitions

[Pyvonix]

Issue Details

It has been observed that as long as Caddy is unable to retrieve a certificate, in my case the wildcard because it has reached its limit, the service cannot serve other domains that have a valid certificate.

• /etc/caddy/Caddyfile

domain.com, *.domain.com {
    root * /var/www/html

    rewrite * /default.html
    file_server
}

import conf.d/*.caddy

-/etc/caddy/conf.d/eg1.caddy

eg1.domain.com {
    reverse_proxy 127.0.0.1:8001
}

• /etc/caddy/conf.d/eg2.caddy

eg2.domain.com {
    reverse_proxy 127.0.0.1:8002
}

• Service log: journalctl -u caddy --no-pager

Nov 25 14:55:09 talos systemd[1]: Started caddy.service - Caddy.
Nov 25 14:55:09 talos caddy[167522]: {"level":"info","ts":1764078909.4350936,"logger":"tls.obtain","msg":"acquiring lock","identifier":"*.domain.com"}
Nov 25 14:55:09 talos caddy[167522]: {"level":"info","ts":1764078909.4381018,"logger":"tls.obtain","msg":"lock acquired","identifier":"*.domain.com"}
Nov 25 14:55:09 talos caddy[167522]: {"level":"info","ts":1764078909.438182,"logger":"tls.obtain","msg":"obtaining certificate","identifier":"*.domain.com"}
Nov 25 14:55:09 talos caddy[167522]: {"level":"info","ts":1764078909.4388652,"logger":"http","msg":"waiting on internal rate limiter","identifiers":["*.domain.com"],"ca":"https://acme-v02.api.letsencrypt.org/directory","account":""}
Nov 25 14:55:09 talos caddy[167522]: {"level":"info","ts":1764078909.4388914,"logger":"http","msg":"done waiting on internal rate limiter","identifiers":["*.domain.com"],"ca":"https://acme-v02.api.letsencrypt.org/directory","account":""}
Nov 25 14:55:09 talos caddy[167522]: {"level":"info","ts":1764078909.4389036,"logger":"http","msg":"using ACME account","account_id":"https://acme-v02.api.letsencrypt.org/acme/acct/0000000000","account_contact":[]}
Nov 25 14:55:10 talos caddy[167522]: {"level":"error","ts":1764078910.5658615,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"*.domain.com","issuer":"acme-v02.api.letsencrypt.org-directory","error":"[*.domain.com] solving challenges: *.domain.com: no solvers available for remaining challenges (configured=[http-01 tls-alpn-01] offered=[dns-01] remaining=[dns-01]) (order=https://acme-v02.api.letsencrypt.org/acme/order/0000000000/0000000000) (ca=https://acme-v02.api.letsencrypt.org/directory)"}
Nov 25 14:55:10 talos caddy[167522]: {"level":"error","ts":1764078910.5659215,"logger":"tls.obtain","msg":"will retry","error":"[*.domain.com] Obtain: [*.domain.com] solving challenges: *.domain.com: no solvers available for remaining challenges (configured=[http-01 tls-alpn-01] offered=[dns-01] remaining=[dns-01]) (order=https://acme-v02.api.letsencrypt.org/acme/order/0000000000/0000000000) (ca=https://acme-v02.api.letsencrypt.org/directory)","attempt":1,"retrying_in":60,"elapsed":1.127805806,"max_duration":2592000}
Nov 25 14:56:10 talos caddy[167522]: {"level":"info","ts":1764078970.5671198,"logger":"tls.obtain","msg":"obtaining certificate","identifier":"*.domain.com"}
Nov 25 14:56:10 talos caddy[167522]: {"level":"info","ts":1764078970.5683472,"logger":"http","msg":"using ACME account","account_id":"https://acme-staging-v02.api.letsencrypt.org/acme/acct/0000000000","account_contact":[]}
Nov 25 14:56:11 talos caddy[167522]: {"level":"error","ts":1764078971.6402583,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"*.domain.com","issuer":"acme-v02.api.letsencrypt.org-directory","error":"[*.domain.com] solving challenges: *.domain.com: no solvers available for remaining challenges (configured=[http-01 tls-alpn-01] offered=[dns-01] remaining=[dns-01]) (order=https://acme-staging-v02.api.letsencrypt.org/acme/order/0000000000/0000000000) (ca=https://acme-staging-v02.api.letsencrypt.org/directory)"}
Nov 25 14:56:11 talos caddy[167522]: {"level":"error","ts":1764078971.6403286,"logger":"tls.obtain","msg":"will retry","error":"[*.domain.com] Obtain: [*.domain.com] solving challenges: *.domain.com: no solvers available for remaining challenges (configured=[http-01 tls-alpn-01] offered=[dns-01] remaining=[dns-01]) (order=https://acme-staging-v02.api.letsencrypt.org/acme/order/0000000000/0000000000) (ca=https://acme-staging-v02.api.letsencrypt.org/directory)","attempt":2,"retrying_in":120,"elapsed":62.202212762,"max_duration":2592000}

If I remove , *.domain.com from the /etc/caddy/Caddyfile file and restart the service, the service works correctly.

What I understand, the loop for obtaining domain certificates is blocking the service from starting serving/proxifing connections. Is it possible to change this behavior?

Assistance Disclosure

AI not used

If AI was used, describe the extent to which it was used.

No response