Hi there, completely new here
I hope this is proberly worded and formatted.
1. The problem I’m having:
I’m trying to use Caddy as a reverse proxy for my homelab. Because I do not want to expose anything (yet) to the internet, this means using ACME-challenges for the domain verification.
To this end I implemented the interfaces to complete the DNS-01 challenge with caddy and my DNS hosts. The sources are available at the end of the post.
Now I built caddy with the plugin but the challenge won’t complete. It seems like it tries to create a record for hmlb.ch.
(note the point at the end). This won’t work with the provided, which doesn’t accept this as a valid domain name.
Can somebody elaborate on why it tries to do that instead of creating a record for hmlb.ch
? Is this normal behavior?
2. Error messages and/or full log output:
See the last few lines. For completion I added the full log output (with the debug option enabled)
{"level":"error","ts":1680546702.713707,"logger":"http.acme_client","msg":"cleaning up solver","identifier":"test.hmlb.ch","challenge_type":"dns-01","error":"no memory of presenting a DNS record for \"_acme-challenge.test.hmlb.ch\" (usually OK if presenting also failed)"}
{"level":"error","ts":1680546702.8045483,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"test.hmlb.ch","issuer":"acme.zerossl.com-v2-DV90","error":"[test.hmlb.ch] solving challenges: presenting for challenge: adding temporary record for zone \"hmlb.ch.\": call to API was not successful, returned the status code '404 Not Found' (order=https://acme.zerossl.com/v2/DV90/order/qNta2BHWUcqKEbvZhpXQEQ) (ca=https://acme.zerossl.com/v2/DV90)"}
{"level":"error","ts":1680546702.8046439,"logger":"tls.obtain","msg":"will retry","error":"[test.hmlb.ch] Obtain: [test.hmlb.ch] solving challenges: presenting for challenge: adding temporary record for zone \"hmlb.ch.\": call to API was not successful, returned the status code '404 Not Found' (order=https://acme.zerossl.com/v2/DV90/order/qNta2BHWUcqKEbvZhpXQEQ) (ca=https://acme.zerossl.com/v2/DV90)","attempt":11,"retrying_in":10800,"elapsed":10832.19300478,"max_duration":2592000}
{"level":"info","ts":1680557502.8057237,"logger":"tls.obtain","msg":"obtaining certificate","identifier":"test.hmlb.ch"}
{"level":"info","ts":1680557503.7835312,"logger":"http.acme_client","msg":"trying to solve challenge","identifier":"test.hmlb.ch","challenge_type":"dns-01","ca":"https://acme-staging-v02.api.letsencrypt.org/directory"}
{"level":"error","ts":1680557504.2842324,"logger":"http.acme_client","msg":"cleaning up solver","identifier":"test.hmlb.ch","challenge_type":"dns-01","error":"no memory of presenting a DNS record for \"_acme-challenge.test.hmlb.ch\" (usually OK if presenting also failed)"}
{"level":"error","ts":1680557504.4519138,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"test.hmlb.ch","issuer":"acme-v02.api.letsencrypt.org-directory","error":"[test.hmlb.ch] solving challenges: presenting for challenge: adding temporary record for zone \"hmlb.ch.\": call to API was not successful, returned the status code '404 Not Found' (order=https://acme-staging-v02.api.letsencrypt.org/acme/order/86930013/8094688744) (ca=https://acme-staging-v02.api.letsencrypt.org/directory)"}
{"level":"info","ts":1680557505.4933522,"logger":"http.acme_client","msg":"trying to solve challenge","identifier":"test.hmlb.ch","challenge_type":"dns-01","ca":"https://acme.zerossl.com/v2/DV90"}
{"level":"error","ts":1680557505.592149,"logger":"http.acme_client","msg":"cleaning up solver","identifier":"test.hmlb.ch","challenge_type":"dns-01","error":"no memory of presenting a DNS record for \"_acme-challenge.test.hmlb.ch\" (usually OK if presenting also failed)"}
{"level":"error","ts":1680557505.7082686,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"test.hmlb.ch","issuer":"acme.zerossl.com-v2-DV90","error":"[test.hmlb.ch] solving challenges: presenting for challenge: adding temporary record for zone \"hmlb.ch.\": call to API was not successful, returned the status code '404 Not Found' (order=https://acme.zerossl.com/v2/DV90/order/3t2_7VV7tRNZuQmJql4qXg) (ca=https://acme.zerossl.com/v2/DV90)"}
{"level":"error","ts":1680557505.7083588,"logger":"tls.obtain","msg":"will retry","error":"[test.hmlb.ch] Obtain: [test.hmlb.ch] solving challenges: presenting for challenge: adding temporary record for zone \"hmlb.ch.\": call to API was not successful, returned the status code '404 Not Found' (order=https://acme.zerossl.com/v2/DV90/order/3t2_7VV7tRNZuQmJql4qXg) (ca=https://acme.zerossl.com/v2/DV90)","attempt":12,"retrying_in":21600,"elapsed":21635.096719827,"max_duration":2592000}
{"level":"info","ts":1680579106.1287556,"logger":"tls.obtain","msg":"obtaining certificate","identifier":"test.hmlb.ch"}
{"level":"info","ts":1680579107.0477126,"logger":"http.acme_client","msg":"trying to solve challenge","identifier":"test.hmlb.ch","challenge_type":"dns-01","ca":"https://acme-staging-v02.api.letsencrypt.org/directory"}
{"level":"error","ts":1680579107.4695523,"logger":"http.acme_client","msg":"cleaning up solver","identifier":"test.hmlb.ch","challenge_type":"dns-01","error":"no memory of presenting a DNS record for \"_acme-challenge.test.hmlb.ch\" (usually OK if presenting also failed)"}
{"level":"error","ts":1680579107.6404324,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"test.hmlb.ch","issuer":"acme-v02.api.letsencrypt.org-directory","error":"[test.hmlb.ch] solving challenges: presenting for challenge: adding temporary record for zone \"hmlb.ch.\": call to API was not successful, returned the status code '404 Not Found' (order=https://acme-staging-v02.api.letsencrypt.org/acme/order/86930013/8098513194) (ca=https://acme-staging-v02.api.letsencrypt.org/directory)"}
{"level":"info","ts":1680579110.3183582,"logger":"http.acme_client","msg":"trying to solve challenge","identifier":"test.hmlb.ch","challenge_type":"dns-01","ca":"https://acme.zerossl.com/v2/DV90"}
{"level":"error","ts":1680579110.4475493,"logger":"http.acme_client","msg":"cleaning up solver","identifier":"test.hmlb.ch","challenge_type":"dns-01","error":"no memory of presenting a DNS record for \"_acme-challenge.test.hmlb.ch\" (usually OK if presenting also failed)"}
{"level":"error","ts":1680579111.0644011,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"test.hmlb.ch","issuer":"acme.zerossl.com-v2-DV90","error":"[test.hmlb.ch] solving challenges: presenting for challenge: adding temporary record for zone \"hmlb.ch.\": call to API was not successful, returned the status code '404 Not Found' (order=https://acme.zerossl.com/v2/DV90/order/unR6fYhIhvZq7CtZMPi-QA) (ca=https://acme.zerossl.com/v2/DV90)"}
{"level":"error","ts":1680579111.0644686,"logger":"tls.obtain","msg":"will retry","error":"[test.hmlb.ch] Obtain: [test.hmlb.ch] solving challenges: presenting for challenge: adding temporary record for zone \"hmlb.ch.\": call to API was not successful, returned the status code '404 Not Found' (order=https://acme.zerossl.com/v2/DV90/order/unR6fYhIhvZq7CtZMPi-QA) (ca=https://acme.zerossl.com/v2/DV90)","attempt":13,"retrying_in":21600,"elapsed":43240.452829877,"max_duration":2592000}
{"level":"info","ts":1680600711.0653396,"logger":"tls.obtain","msg":"obtaining certificate","identifier":"test.hmlb.ch"}
{"level":"info","ts":1680600712.1755462,"logger":"http.acme_client","msg":"trying to solve challenge","identifier":"test.hmlb.ch","challenge_type":"dns-01","ca":"https://acme-staging-v02.api.letsencrypt.org/directory"}
{"level":"error","ts":1680600712.5471365,"logger":"http.acme_client","msg":"cleaning up solver","identifier":"test.hmlb.ch","challenge_type":"dns-01","error":"no memory of presenting a DNS record for \"_acme-challenge.test.hmlb.ch\" (usually OK if presenting also failed)"}
{"level":"error","ts":1680600712.7166743,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"test.hmlb.ch","issuer":"acme-v02.api.letsencrypt.org-directory","error":"[test.hmlb.ch] solving challenges: presenting for challenge: adding temporary record for zone \"hmlb.ch.\": call to API was not successful, returned the status code '404 Not Found' (order=https://acme-staging-v02.api.letsencrypt.org/acme/order/86930013/8102513364) (ca=https://acme-staging-v02.api.letsencrypt.org/directory)"}
{"level":"info","ts":1680600713.569467,"logger":"http.acme_client","msg":"trying to solve challenge","identifier":"test.hmlb.ch","challenge_type":"dns-01","ca":"https://acme.zerossl.com/v2/DV90"}
{"level":"error","ts":1680600713.6735294,"logger":"http.acme_client","msg":"cleaning up solver","identifier":"test.hmlb.ch","challenge_type":"dns-01","error":"no memory of presenting a DNS record for \"_acme-challenge.test.hmlb.ch\" (usually OK if presenting also failed)"}
{"level":"error","ts":1680600713.9628808,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"test.hmlb.ch","issuer":"acme.zerossl.com-v2-DV90","error":"[test.hmlb.ch] solving challenges: presenting for challenge: adding temporary record for zone \"hmlb.ch.\": call to API was not successful, returned the status code '404 Not Found' (order=https://acme.zerossl.com/v2/DV90/order/cUwNAQDaibbKITlX0xRWog) (ca=https://acme.zerossl.com/v2/DV90)"}
{"level":"error","ts":1680600713.962987,"logger":"tls.obtain","msg":"will retry","error":"[test.hmlb.ch] Obtain: [test.hmlb.ch] solving challenges: presenting for challenge: adding temporary record for zone \"hmlb.ch.\": call to API was not successful, returned the status code '404 Not Found' (order=https://acme.zerossl.com/v2/DV90/order/cUwNAQDaibbKITlX0xRWog) (ca=https://acme.zerossl.com/v2/DV90)","attempt":14,"retrying_in":21600,"elapsed":64843.351347758,"max_duration":2592000}
{"level":"info","ts":1680622270.6040103,"logger":"tls","msg":"cleaning storage unit","description":"FileStorage:/data/caddy"}
{"level":"info","ts":1680622270.7459264,"logger":"tls","msg":"finished cleaning storage units"}
{"level":"info","ts":1680622313.9647136,"logger":"tls.obtain","msg":"obtaining certificate","identifier":"test.hmlb.ch"}
{"level":"info","ts":1680622314.87393,"logger":"http.acme_client","msg":"trying to solve challenge","identifier":"test.hmlb.ch","challenge_type":"dns-01","ca":"https://acme-staging-v02.api.letsencrypt.org/directory"}
{"level":"error","ts":1680622315.3474083,"logger":"http.acme_client","msg":"cleaning up solver","identifier":"test.hmlb.ch","challenge_type":"dns-01","error":"no memory of presenting a DNS record for \"_acme-challenge.test.hmlb.ch\" (usually OK if presenting also failed)"}
{"level":"error","ts":1680622315.5141387,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"test.hmlb.ch","issuer":"acme-v02.api.letsencrypt.org-directory","error":"[test.hmlb.ch] solving challenges: presenting for challenge: adding temporary record for zone \"hmlb.ch.\": call to API was not successful, returned the status code '404 Not Found' (order=https://acme-staging-v02.api.letsencrypt.org/acme/order/86930013/8106840334) (ca=https://acme-staging-v02.api.letsencrypt.org/directory)"}
{"level":"info","ts":1680622316.3330667,"logger":"http.acme_client","msg":"trying to solve challenge","identifier":"test.hmlb.ch","challenge_type":"dns-01","ca":"https://acme.zerossl.com/v2/DV90"}
{"level":"error","ts":1680622316.4388452,"logger":"http.acme_client","msg":"cleaning up solver","identifier":"test.hmlb.ch","challenge_type":"dns-01","error":"no memory of presenting a DNS record for \"_acme-challenge.test.hmlb.ch\" (usually OK if presenting also failed)"}
{"level":"error","ts":1680622316.6375043,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"test.hmlb.ch","issuer":"acme.zerossl.com-v2-DV90","error":"[test.hmlb.ch] solving challenges: presenting for challenge: adding temporary record for zone \"hmlb.ch.\": call to API was not successful, returned the status code '404 Not Found' (order=https://acme.zerossl.com/v2/DV90/order/SNGS9ahFfP84cPBFPi4QXw) (ca=https://acme.zerossl.com/v2/DV90)"}
{"level":"error","ts":1680622316.6375642,"logger":"tls.obtain","msg":"will retry","error":"[test.hmlb.ch] Obtain: [test.hmlb.ch] solving challenges: presenting for challenge: adding temporary record for zone \"hmlb.ch.\": call to API was not successful, returned the status code '404 Not Found' (order=https://acme.zerossl.com/v2/DV90/order/SNGS9ahFfP84cPBFPi4QXw) (ca=https://acme.zerossl.com/v2/DV90)","attempt":15,"retrying_in":21600,"elapsed":86446.025925589,"max_duration":2592000}
{"level":"info","ts":1680629879.3294303,"msg":"shutting down apps, then terminating","signal":"SIGTERM"}
{"level":"warn","ts":1680629879.4444106,"msg":"exiting; byeee!! 👋","signal":"SIGTERM"}
{"level":"info","ts":1680629879.8514125,"logger":"tls.cache.maintenance","msg":"stopped background certificate maintenance","cache":"0xc00051ee70"}
{"level":"info","ts":1680629879.8514595,"logger":"tls.obtain","msg":"releasing lock","identifier":"test.hmlb.ch"}
{"level":"info","ts":1680629879.8524005,"logger":"admin","msg":"stopped previous server","address":"localhost:2019"}
{"level":"info","ts":1680629879.8524444,"msg":"shutdown complete","signal":"SIGTERM","exit_code":0}
{"level":"info","ts":1680629890.491062,"msg":"using provided configuration","config_file":"/etc/caddy/Caddyfile","config_adapter":"caddyfile"}
{"level":"warn","ts":1680629890.4936693,"msg":"Caddyfile input is not formatted; run the 'caddy fmt' command to fix inconsistencies","adapter":"caddyfile","file":"/etc/caddy/Caddyfile","line":3}
{"level":"info","ts":1680629890.4956534,"logger":"admin","msg":"admin endpoint started","address":"localhost:2019","enforce_origin":false,"origins":["//localhost:2019","//[::1]:2019","//127.0.0.1:2019"]}
{"level":"info","ts":1680629890.4960797,"logger":"tls.cache.maintenance","msg":"started background certificate maintenance","cache":"0xc00038b570"}
{"level":"info","ts":1680629890.4962585,"logger":"http","msg":"server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS","server_name":"srv0","https_port":443}
{"level":"info","ts":1680629890.496285,"logger":"http","msg":"enabling automatic HTTP->HTTPS redirects","server_name":"srv0"}
{"level":"info","ts":1680629890.4969122,"logger":"tls","msg":"cleaning storage unit","description":"FileStorage:/data/caddy"}
{"level":"debug","ts":1680629890.4969404,"logger":"http","msg":"starting server loop","address":"[::]:80","tls":false,"http3":false}
{"level":"info","ts":1680629890.496977,"logger":"http.log","msg":"server running","name":"remaining_auto_https_redirects","protocols":["h1","h2","h3"]}
{"level":"info","ts":1680629890.497048,"logger":"http","msg":"enabling HTTP/3 listener","addr":":443"}
{"level":"debug","ts":1680629890.4972284,"logger":"http","msg":"starting server loop","address":"[::]:443","tls":true,"http3":true}
{"level":"info","ts":1680629890.4972486,"logger":"http.log","msg":"server running","name":"srv0","protocols":["h1","h2","h3"]}
{"level":"info","ts":1680629890.4972572,"logger":"http","msg":"enabling automatic TLS certificate management","domains":["hmlb.ch"]}
{"level":"info","ts":1680629890.4975138,"logger":"tls","msg":"finished cleaning storage units"}
{"level":"info","ts":1680629890.4987338,"msg":"autosaved config (load with --resume flag)","file":"/config/caddy/autosave.json"}
{"level":"info","ts":1680629890.4993904,"msg":"serving initial configuration"}
{"level":"info","ts":1680629890.501522,"logger":"tls.obtain","msg":"acquiring lock","identifier":"hmlb.ch"}
{"level":"info","ts":1680629890.5071707,"logger":"tls.obtain","msg":"lock acquired","identifier":"hmlb.ch"}
{"level":"info","ts":1680629890.5077903,"logger":"tls.obtain","msg":"obtaining certificate","identifier":"hmlb.ch"}
{"level":"debug","ts":1680629890.5079117,"logger":"events","msg":"event","name":"cert_obtaining","id":"383fc817-7480-490a-affd-601c9aa39ed3","origin":"tls","data":{"identifier":"hmlb.ch"}}
{"level":"debug","ts":1680629890.5088124,"logger":"tls.obtain","msg":"trying issuer 1/2","issuer":"acme-v02.api.letsencrypt.org-directory"}
{"level":"info","ts":1680629890.5155382,"logger":"http","msg":"waiting on internal rate limiter","identifiers":["hmlb.ch"],"ca":"https://acme-v02.api.letsencrypt.org/directory","account":""}
{"level":"info","ts":1680629890.5155668,"logger":"http","msg":"done waiting on internal rate limiter","identifiers":["hmlb.ch"],"ca":"https://acme-v02.api.letsencrypt.org/directory","account":""}
{"level":"debug","ts":1680629891.3758073,"logger":"http.acme_client","msg":"http request","method":"GET","url":"https://acme-v02.api.letsencrypt.org/directory","headers":{"User-Agent":["Caddy/2.6.4 CertMagic acmez (linux; amd64)"]},"response_headers":{"Cache-Control":["public, max-age=0, no-cache"],"Content-Length":["756"],"Content-Type":["application/json"],"Date":["Tue, 04 Apr 2023 17:38:11 GMT"],"Server":["nginx"],"Strict-Transport-Security":["max-age=604800"],"X-Frame-Options":["DENY"]},"status_code":200}
{"level":"debug","ts":1680629891.508565,"logger":"http.acme_client","msg":"http request","method":"HEAD","url":"https://acme-v02.api.letsencrypt.org/acme/new-nonce","headers":{"User-Agent":["Caddy/2.6.4 CertMagic acmez (linux; amd64)"]},"response_headers":{"Cache-Control":["public, max-age=0, no-cache"],"Date":["Tue, 04 Apr 2023 17:38:11 GMT"],"Link":["<https://acme-v02.api.letsencrypt.org/directory>;rel=\"index\""],"Replay-Nonce":["1DFATAWu5hul3IZQWAW5llYUqQUl9oXhrzZHwzjMaMhue54"],"Server":["nginx"],"Strict-Transport-Security":["max-age=604800"],"X-Frame-Options":["DENY"]},"status_code":200}
{"level":"debug","ts":1680629891.78345,"logger":"http.acme_client","msg":"http request","method":"POST","url":"https://acme-v02.api.letsencrypt.org/acme/new-order","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.6.4 CertMagic acmez (linux; amd64)"]},"response_headers":{"Boulder-Requester":["954014226"],"Cache-Control":["public, max-age=0, no-cache"],"Content-Length":["332"],"Content-Type":["application/json"],"Date":["Tue, 04 Apr 2023 17:38:11 GMT"],"Link":["<https://acme-v02.api.letsencrypt.org/directory>;rel=\"index\""],"Location":["https://acme-v02.api.letsencrypt.org/acme/order/954014226/174192363567"],"Replay-Nonce":["1AAD89fYd6auATXjkQy-i5DnrPJOmetRVP_QkgRD7kqkiEQ"],"Server":["nginx"],"Strict-Transport-Security":["max-age=604800"],"X-Frame-Options":["DENY"]},"status_code":201}
{"level":"debug","ts":1680629891.918479,"logger":"http.acme_client","msg":"http request","method":"POST","url":"https://acme-v02.api.letsencrypt.org/acme/authz-v3/216681458527","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.6.4 CertMagic acmez (linux; amd64)"]},"response_headers":{"Boulder-Requester":["954014226"],"Cache-Control":["public, max-age=0, no-cache"],"Content-Length":["791"],"Content-Type":["application/json"],"Date":["Tue, 04 Apr 2023 17:38:11 GMT"],"Link":["<https://acme-v02.api.letsencrypt.org/directory>;rel=\"index\""],"Replay-Nonce":["C8786D1Xi32SRq6aZSy5u81TZwyBW5Fnb92KI0x-ObKSQzM"],"Server":["nginx"],"Strict-Transport-Security":["max-age=604800"],"X-Frame-Options":["DENY"]},"status_code":200}
{"level":"debug","ts":1680629891.9188201,"logger":"http.acme_client","msg":"no solver configured","challenge_type":"tls-alpn-01"}
{"level":"debug","ts":1680629891.9188359,"logger":"http.acme_client","msg":"no solver configured","challenge_type":"http-01"}
{"level":"info","ts":1680629891.9188423,"logger":"http.acme_client","msg":"trying to solve challenge","identifier":"hmlb.ch","challenge_type":"dns-01","ca":"https://acme-v02.api.letsencrypt.org/directory"}
{"level":"error","ts":1680629892.160904,"logger":"http.acme_client","msg":"cleaning up solver","identifier":"hmlb.ch","challenge_type":"dns-01","error":"no memory of presenting a DNS record for \"_acme-challenge.hmlb.ch\" (usually OK if presenting also failed)"}
{"level":"debug","ts":1680629892.3591752,"logger":"http.acme_client","msg":"http request","method":"POST","url":"https://acme-v02.api.letsencrypt.org/acme/authz-v3/216681458527","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.6.4 CertMagic acmez (linux; amd64)"]},"response_headers":{"Boulder-Requester":["954014226"],"Cache-Control":["public, max-age=0, no-cache"],"Content-Length":["795"],"Content-Type":["application/json"],"Date":["Tue, 04 Apr 2023 17:38:12 GMT"],"Link":["<https://acme-v02.api.letsencrypt.org/directory>;rel=\"index\""],"Replay-Nonce":["1AADcIXFF05ajU_SwYEShlMOhSiygOjcLIYLqEt9Ny-72mk"],"Server":["nginx"],"Strict-Transport-Security":["max-age=604800"],"X-Frame-Options":["DENY"]},"status_code":200}
{"level":"error","ts":1680629892.3593512,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"hmlb.ch","issuer":"acme-v02.api.letsencrypt.org-directory","error":"[hmlb.ch] solving challenges: presenting for challenge: adding temporary record for zone \"hmlb.ch.\": call to API was not successful, returned the status code '404 Not Found' (order=https://acme-v02.api.letsencrypt.org/acme/order/954014226/174192363567) (ca=https://acme-v02.api.letsencrypt.org/directory)"}
{"level":"debug","ts":1680629892.3593795,"logger":"tls.obtain","msg":"trying issuer 2/2","issuer":"acme.zerossl.com-v2-DV90"}
{"level":"info","ts":1680629892.369777,"logger":"http","msg":"waiting on internal rate limiter","identifiers":["hmlb.ch"],"ca":"https://acme.zerossl.com/v2/DV90","account":"caddy@zerossl.com"}
{"level":"info","ts":1680629892.3697991,"logger":"http","msg":"done waiting on internal rate limiter","identifiers":["hmlb.ch"],"ca":"https://acme.zerossl.com/v2/DV90","account":"caddy@zerossl.com"}
{"level":"debug","ts":1680629892.538414,"logger":"http.acme_client","msg":"http request","method":"GET","url":"https://acme.zerossl.com/v2/DV90","headers":{"User-Agent":["Caddy/2.6.4 CertMagic acmez (linux; amd64)"]},"response_headers":{"Access-Control-Allow-Origin":["*"],"Content-Length":["645"],"Content-Type":["application/json"],"Date":["Tue, 04 Apr 2023 17:38:12 GMT"],"Server":["nginx"],"Strict-Transport-Security":["max-age=15724800; includeSubDomains"]},"status_code":200}
{"level":"debug","ts":1680629892.6455324,"logger":"http.acme_client","msg":"http request","method":"HEAD","url":"https://acme.zerossl.com/v2/DV90/newNonce","headers":{"User-Agent":["Caddy/2.6.4 CertMagic acmez (linux; amd64)"]},"response_headers":{"Access-Control-Allow-Origin":["*"],"Cache-Control":["max-age=0, no-cache, no-store"],"Content-Type":["application/octet-stream"],"Date":["Tue, 04 Apr 2023 17:38:12 GMT"],"Link":["<https://acme.zerossl.com/v2/DV90>;rel=\"index\""],"Replay-Nonce":["uWlF667YaFhVJX_e6jx6smAXgFTeCZmrIJUw408yg98"],"Server":["nginx"],"Strict-Transport-Security":["max-age=15724800; includeSubDomains"]},"status_code":200}
{"level":"debug","ts":1680629893.2488391,"logger":"http.acme_client","msg":"http request","method":"POST","url":"https://acme.zerossl.com/v2/DV90/newOrder","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.6.4 CertMagic acmez (linux; amd64)"]},"response_headers":{"Access-Control-Allow-Origin":["*"],"Cache-Control":["max-age=0, no-cache, no-store"],"Content-Length":["269"],"Content-Type":["application/json"],"Date":["Tue, 04 Apr 2023 17:38:13 GMT"],"Location":["https://acme.zerossl.com/v2/DV90/order/vWJKSLFiXiVLkDXGUj69jA"],"Replay-Nonce":["vhCPM4Pq28Vts46CkVZrYTWOBFp8m-dxR2ciFEIR4HQ"],"Server":["nginx"],"Strict-Transport-Security":["max-age=15724800; includeSubDomains"]},"status_code":201}
{"level":"debug","ts":1680629893.411887,"logger":"http.acme_client","msg":"http request","method":"POST","url":"https://acme.zerossl.com/v2/DV90/authz/W0PpvTde1pA8t-TnEuU3bg","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.6.4 CertMagic acmez (linux; amd64)"]},"response_headers":{"Access-Control-Allow-Origin":["*"],"Cache-Control":["max-age=0, no-cache, no-store"],"Content-Length":["437"],"Content-Type":["application/json"],"Date":["Tue, 04 Apr 2023 17:38:13 GMT"],"Link":["<https://acme.zerossl.com/v2/DV90>;rel=\"index\""],"Replay-Nonce":["x6nOWFVcYx4Jp4wYAGTjCd17uBoEGBYgv0OT-MnKV1k"],"Retry-After":["5"],"Server":["nginx"],"Strict-Transport-Security":["max-age=15724800; includeSubDomains"]},"status_code":200}
{"level":"debug","ts":1680629893.4120586,"logger":"http.acme_client","msg":"no solver configured","challenge_type":"http-01"}
{"level":"info","ts":1680629893.4120765,"logger":"http.acme_client","msg":"trying to solve challenge","identifier":"hmlb.ch","challenge_type":"dns-01","ca":"https://acme.zerossl.com/v2/DV90"}
{"level":"error","ts":1680629893.509242,"logger":"http.acme_client","msg":"cleaning up solver","identifier":"hmlb.ch","challenge_type":"dns-01","error":"no memory of presenting a DNS record for \"_acme-challenge.hmlb.ch\" (usually OK if presenting also failed)"}
{"level":"debug","ts":1680629893.5890803,"logger":"http.acme_client","msg":"http request","method":"POST","url":"https://acme.zerossl.com/v2/DV90/authz/W0PpvTde1pA8t-TnEuU3bg","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.6.4 CertMagic acmez (linux; amd64)"]},"response_headers":{"Access-Control-Allow-Origin":["*"],"Cache-Control":["max-age=0, no-cache, no-store"],"Content-Length":["119"],"Content-Type":["application/json"],"Date":["Tue, 04 Apr 2023 17:38:13 GMT"],"Link":["<https://acme.zerossl.com/v2/DV90>;rel=\"index\""],"Replay-Nonce":["f1cWclj_BWU1IbxfD9rQn3DMlMH6pgYdd1AT4eOn_c4"],"Retry-After":["86400"],"Server":["nginx"],"Strict-Transport-Security":["max-age=15724800; includeSubDomains"]},"status_code":200}
{"level":"error","ts":1680629893.589252,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"hmlb.ch","issuer":"acme.zerossl.com-v2-DV90","error":"[hmlb.ch] solving challenges: presenting for challenge: adding temporary record for zone \"hmlb.ch.\": call to API was not successful, returned the status code '404 Not Found' (order=https://acme.zerossl.com/v2/DV90/order/vWJKSLFiXiVLkDXGUj69jA) (ca=https://acme.zerossl.com/v2/DV90)"}
{"level":"debug","ts":1680629893.589298,"logger":"events","msg":"event","name":"cert_failed","id":"397a0f18-9409-4662-b326-87b835806502","origin":"tls","data":{"error":{},"identifier":"hmlb.ch","issuers":["acme-v02.api.letsencrypt.org-directory","acme.zerossl.com-v2-DV90"],"renewal":false}}
{"level":"error","ts":1680629893.5893579,"logger":"tls.obtain","msg":"will retry","error":"[hmlb.ch] Obtain: [hmlb.ch] solving challenges: presenting for challenge: adding temporary record for zone \"hmlb.ch.\": call to API was not successful, returned the status code '404 Not Found' (order=https://acme.zerossl.com/v2/DV90/order/vWJKSLFiXiVLkDXGUj69jA) (ca=https://acme.zerossl.com/v2/DV90)","attempt":1,"retrying_in":60,"elapsed":3.082170125,"max_duration":2592000}
3. Caddy version:
Version 2.6.4
4. How I installed and ran Caddy:
I made a custom Docker container with my DNS plugin (see the Dockerfile).
a. System environment:
Unraid OS 6.11.1 with Caddy as a Docker Container
b. Command:
docker run
-d
--name='CaddyV2'
--net='bridge'
-e TZ="Europe/Berlin"
-e HOST_OS="Unraid"
-e HOST_HOSTNAME="Tower"
-e HOST_CONTAINERNAME="CaddyV2"
-l net.unraid.docker.managed=dockerman
-l net.unraid.docker.icon='https://d1q6f0aelx0por.cloudfront.net/product-logos/library-caddy-logo.png'
-p '80:80/tcp'
-p '2443:443/tcp'
-v '/mnt/user/appdata/CaddyV2/conf/data/':'/data':'rw'
-v '/mnt/user/appdata/CaddyV2/conf/config':'/config':'rw'
-v '/mnt/user/appdata/CaddyV2/Caddyfile':'/etc/caddy/Caddyfile':'rw' 'self/caddy-with-plugins:latest'
c. Service/unit/compose file:
The entire thing is build with a docker file.
FROM caddy:2.6.4-builder AS builder
RUN xcaddy build \
--with github.com/caddy-dns/hosttech@v1.0.2
FROM caddy:2.6.4
COPY --from=builder /usr/bin/caddy /usr/bin/caddy
d. My complete Caddy config:
{
acme_dns hosttech {
api_token secret_token
}
debug
}
hmlb.ch {
reverse_proxy 192.168.68.56:8085
}