ACME challenge tries to create record with dot(.) at the end

Hi there, completely new here
I hope this is proberly worded and formatted.

1. The problem I’m having:

I’m trying to use Caddy as a reverse proxy for my homelab. Because I do not want to expose anything (yet) to the internet, this means using ACME-challenges for the domain verification.

To this end I implemented the interfaces to complete the DNS-01 challenge with caddy and my DNS hosts. The sources are available at the end of the post.

Now I built caddy with the plugin but the challenge won’t complete. It seems like it tries to create a record for hmlb.ch. (note the point at the end). This won’t work with the provided, which doesn’t accept this as a valid domain name.

Can somebody elaborate on why it tries to do that instead of creating a record for hmlb.ch? Is this normal behavior?

2. Error messages and/or full log output:

See the last few lines. For completion I added the full log output (with the debug option enabled)

{"level":"error","ts":1680546702.713707,"logger":"http.acme_client","msg":"cleaning up solver","identifier":"test.hmlb.ch","challenge_type":"dns-01","error":"no memory of presenting a DNS record for \"_acme-challenge.test.hmlb.ch\" (usually OK if presenting also failed)"}
{"level":"error","ts":1680546702.8045483,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"test.hmlb.ch","issuer":"acme.zerossl.com-v2-DV90","error":"[test.hmlb.ch] solving challenges: presenting for challenge: adding temporary record for zone \"hmlb.ch.\": call to API was not successful, returned the status code '404 Not Found' (order=https://acme.zerossl.com/v2/DV90/order/qNta2BHWUcqKEbvZhpXQEQ) (ca=https://acme.zerossl.com/v2/DV90)"}
{"level":"error","ts":1680546702.8046439,"logger":"tls.obtain","msg":"will retry","error":"[test.hmlb.ch] Obtain: [test.hmlb.ch] solving challenges: presenting for challenge: adding temporary record for zone \"hmlb.ch.\": call to API was not successful, returned the status code '404 Not Found' (order=https://acme.zerossl.com/v2/DV90/order/qNta2BHWUcqKEbvZhpXQEQ) (ca=https://acme.zerossl.com/v2/DV90)","attempt":11,"retrying_in":10800,"elapsed":10832.19300478,"max_duration":2592000}
{"level":"info","ts":1680557502.8057237,"logger":"tls.obtain","msg":"obtaining certificate","identifier":"test.hmlb.ch"}
{"level":"info","ts":1680557503.7835312,"logger":"http.acme_client","msg":"trying to solve challenge","identifier":"test.hmlb.ch","challenge_type":"dns-01","ca":"https://acme-staging-v02.api.letsencrypt.org/directory"}
{"level":"error","ts":1680557504.2842324,"logger":"http.acme_client","msg":"cleaning up solver","identifier":"test.hmlb.ch","challenge_type":"dns-01","error":"no memory of presenting a DNS record for \"_acme-challenge.test.hmlb.ch\" (usually OK if presenting also failed)"}
{"level":"error","ts":1680557504.4519138,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"test.hmlb.ch","issuer":"acme-v02.api.letsencrypt.org-directory","error":"[test.hmlb.ch] solving challenges: presenting for challenge: adding temporary record for zone \"hmlb.ch.\": call to API was not successful, returned the status code '404 Not Found' (order=https://acme-staging-v02.api.letsencrypt.org/acme/order/86930013/8094688744) (ca=https://acme-staging-v02.api.letsencrypt.org/directory)"}
{"level":"info","ts":1680557505.4933522,"logger":"http.acme_client","msg":"trying to solve challenge","identifier":"test.hmlb.ch","challenge_type":"dns-01","ca":"https://acme.zerossl.com/v2/DV90"}
{"level":"error","ts":1680557505.592149,"logger":"http.acme_client","msg":"cleaning up solver","identifier":"test.hmlb.ch","challenge_type":"dns-01","error":"no memory of presenting a DNS record for \"_acme-challenge.test.hmlb.ch\" (usually OK if presenting also failed)"}
{"level":"error","ts":1680557505.7082686,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"test.hmlb.ch","issuer":"acme.zerossl.com-v2-DV90","error":"[test.hmlb.ch] solving challenges: presenting for challenge: adding temporary record for zone \"hmlb.ch.\": call to API was not successful, returned the status code '404 Not Found' (order=https://acme.zerossl.com/v2/DV90/order/3t2_7VV7tRNZuQmJql4qXg) (ca=https://acme.zerossl.com/v2/DV90)"}
{"level":"error","ts":1680557505.7083588,"logger":"tls.obtain","msg":"will retry","error":"[test.hmlb.ch] Obtain: [test.hmlb.ch] solving challenges: presenting for challenge: adding temporary record for zone \"hmlb.ch.\": call to API was not successful, returned the status code '404 Not Found' (order=https://acme.zerossl.com/v2/DV90/order/3t2_7VV7tRNZuQmJql4qXg) (ca=https://acme.zerossl.com/v2/DV90)","attempt":12,"retrying_in":21600,"elapsed":21635.096719827,"max_duration":2592000}
{"level":"info","ts":1680579106.1287556,"logger":"tls.obtain","msg":"obtaining certificate","identifier":"test.hmlb.ch"}
{"level":"info","ts":1680579107.0477126,"logger":"http.acme_client","msg":"trying to solve challenge","identifier":"test.hmlb.ch","challenge_type":"dns-01","ca":"https://acme-staging-v02.api.letsencrypt.org/directory"}
{"level":"error","ts":1680579107.4695523,"logger":"http.acme_client","msg":"cleaning up solver","identifier":"test.hmlb.ch","challenge_type":"dns-01","error":"no memory of presenting a DNS record for \"_acme-challenge.test.hmlb.ch\" (usually OK if presenting also failed)"}
{"level":"error","ts":1680579107.6404324,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"test.hmlb.ch","issuer":"acme-v02.api.letsencrypt.org-directory","error":"[test.hmlb.ch] solving challenges: presenting for challenge: adding temporary record for zone \"hmlb.ch.\": call to API was not successful, returned the status code '404 Not Found' (order=https://acme-staging-v02.api.letsencrypt.org/acme/order/86930013/8098513194) (ca=https://acme-staging-v02.api.letsencrypt.org/directory)"}
{"level":"info","ts":1680579110.3183582,"logger":"http.acme_client","msg":"trying to solve challenge","identifier":"test.hmlb.ch","challenge_type":"dns-01","ca":"https://acme.zerossl.com/v2/DV90"}
{"level":"error","ts":1680579110.4475493,"logger":"http.acme_client","msg":"cleaning up solver","identifier":"test.hmlb.ch","challenge_type":"dns-01","error":"no memory of presenting a DNS record for \"_acme-challenge.test.hmlb.ch\" (usually OK if presenting also failed)"}
{"level":"error","ts":1680579111.0644011,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"test.hmlb.ch","issuer":"acme.zerossl.com-v2-DV90","error":"[test.hmlb.ch] solving challenges: presenting for challenge: adding temporary record for zone \"hmlb.ch.\": call to API was not successful, returned the status code '404 Not Found' (order=https://acme.zerossl.com/v2/DV90/order/unR6fYhIhvZq7CtZMPi-QA) (ca=https://acme.zerossl.com/v2/DV90)"}
{"level":"error","ts":1680579111.0644686,"logger":"tls.obtain","msg":"will retry","error":"[test.hmlb.ch] Obtain: [test.hmlb.ch] solving challenges: presenting for challenge: adding temporary record for zone \"hmlb.ch.\": call to API was not successful, returned the status code '404 Not Found' (order=https://acme.zerossl.com/v2/DV90/order/unR6fYhIhvZq7CtZMPi-QA) (ca=https://acme.zerossl.com/v2/DV90)","attempt":13,"retrying_in":21600,"elapsed":43240.452829877,"max_duration":2592000}
{"level":"info","ts":1680600711.0653396,"logger":"tls.obtain","msg":"obtaining certificate","identifier":"test.hmlb.ch"}
{"level":"info","ts":1680600712.1755462,"logger":"http.acme_client","msg":"trying to solve challenge","identifier":"test.hmlb.ch","challenge_type":"dns-01","ca":"https://acme-staging-v02.api.letsencrypt.org/directory"}
{"level":"error","ts":1680600712.5471365,"logger":"http.acme_client","msg":"cleaning up solver","identifier":"test.hmlb.ch","challenge_type":"dns-01","error":"no memory of presenting a DNS record for \"_acme-challenge.test.hmlb.ch\" (usually OK if presenting also failed)"}
{"level":"error","ts":1680600712.7166743,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"test.hmlb.ch","issuer":"acme-v02.api.letsencrypt.org-directory","error":"[test.hmlb.ch] solving challenges: presenting for challenge: adding temporary record for zone \"hmlb.ch.\": call to API was not successful, returned the status code '404 Not Found' (order=https://acme-staging-v02.api.letsencrypt.org/acme/order/86930013/8102513364) (ca=https://acme-staging-v02.api.letsencrypt.org/directory)"}
{"level":"info","ts":1680600713.569467,"logger":"http.acme_client","msg":"trying to solve challenge","identifier":"test.hmlb.ch","challenge_type":"dns-01","ca":"https://acme.zerossl.com/v2/DV90"}
{"level":"error","ts":1680600713.6735294,"logger":"http.acme_client","msg":"cleaning up solver","identifier":"test.hmlb.ch","challenge_type":"dns-01","error":"no memory of presenting a DNS record for \"_acme-challenge.test.hmlb.ch\" (usually OK if presenting also failed)"}
{"level":"error","ts":1680600713.9628808,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"test.hmlb.ch","issuer":"acme.zerossl.com-v2-DV90","error":"[test.hmlb.ch] solving challenges: presenting for challenge: adding temporary record for zone \"hmlb.ch.\": call to API was not successful, returned the status code '404 Not Found' (order=https://acme.zerossl.com/v2/DV90/order/cUwNAQDaibbKITlX0xRWog) (ca=https://acme.zerossl.com/v2/DV90)"}
{"level":"error","ts":1680600713.962987,"logger":"tls.obtain","msg":"will retry","error":"[test.hmlb.ch] Obtain: [test.hmlb.ch] solving challenges: presenting for challenge: adding temporary record for zone \"hmlb.ch.\": call to API was not successful, returned the status code '404 Not Found' (order=https://acme.zerossl.com/v2/DV90/order/cUwNAQDaibbKITlX0xRWog) (ca=https://acme.zerossl.com/v2/DV90)","attempt":14,"retrying_in":21600,"elapsed":64843.351347758,"max_duration":2592000}
{"level":"info","ts":1680622270.6040103,"logger":"tls","msg":"cleaning storage unit","description":"FileStorage:/data/caddy"}
{"level":"info","ts":1680622270.7459264,"logger":"tls","msg":"finished cleaning storage units"}
{"level":"info","ts":1680622313.9647136,"logger":"tls.obtain","msg":"obtaining certificate","identifier":"test.hmlb.ch"}
{"level":"info","ts":1680622314.87393,"logger":"http.acme_client","msg":"trying to solve challenge","identifier":"test.hmlb.ch","challenge_type":"dns-01","ca":"https://acme-staging-v02.api.letsencrypt.org/directory"}
{"level":"error","ts":1680622315.3474083,"logger":"http.acme_client","msg":"cleaning up solver","identifier":"test.hmlb.ch","challenge_type":"dns-01","error":"no memory of presenting a DNS record for \"_acme-challenge.test.hmlb.ch\" (usually OK if presenting also failed)"}
{"level":"error","ts":1680622315.5141387,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"test.hmlb.ch","issuer":"acme-v02.api.letsencrypt.org-directory","error":"[test.hmlb.ch] solving challenges: presenting for challenge: adding temporary record for zone \"hmlb.ch.\": call to API was not successful, returned the status code '404 Not Found' (order=https://acme-staging-v02.api.letsencrypt.org/acme/order/86930013/8106840334) (ca=https://acme-staging-v02.api.letsencrypt.org/directory)"}
{"level":"info","ts":1680622316.3330667,"logger":"http.acme_client","msg":"trying to solve challenge","identifier":"test.hmlb.ch","challenge_type":"dns-01","ca":"https://acme.zerossl.com/v2/DV90"}
{"level":"error","ts":1680622316.4388452,"logger":"http.acme_client","msg":"cleaning up solver","identifier":"test.hmlb.ch","challenge_type":"dns-01","error":"no memory of presenting a DNS record for \"_acme-challenge.test.hmlb.ch\" (usually OK if presenting also failed)"}
{"level":"error","ts":1680622316.6375043,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"test.hmlb.ch","issuer":"acme.zerossl.com-v2-DV90","error":"[test.hmlb.ch] solving challenges: presenting for challenge: adding temporary record for zone \"hmlb.ch.\": call to API was not successful, returned the status code '404 Not Found' (order=https://acme.zerossl.com/v2/DV90/order/SNGS9ahFfP84cPBFPi4QXw) (ca=https://acme.zerossl.com/v2/DV90)"}
{"level":"error","ts":1680622316.6375642,"logger":"tls.obtain","msg":"will retry","error":"[test.hmlb.ch] Obtain: [test.hmlb.ch] solving challenges: presenting for challenge: adding temporary record for zone \"hmlb.ch.\": call to API was not successful, returned the status code '404 Not Found' (order=https://acme.zerossl.com/v2/DV90/order/SNGS9ahFfP84cPBFPi4QXw) (ca=https://acme.zerossl.com/v2/DV90)","attempt":15,"retrying_in":21600,"elapsed":86446.025925589,"max_duration":2592000}
{"level":"info","ts":1680629879.3294303,"msg":"shutting down apps, then terminating","signal":"SIGTERM"}
{"level":"warn","ts":1680629879.4444106,"msg":"exiting; byeee!! 👋","signal":"SIGTERM"}
{"level":"info","ts":1680629879.8514125,"logger":"tls.cache.maintenance","msg":"stopped background certificate maintenance","cache":"0xc00051ee70"}
{"level":"info","ts":1680629879.8514595,"logger":"tls.obtain","msg":"releasing lock","identifier":"test.hmlb.ch"}
{"level":"info","ts":1680629879.8524005,"logger":"admin","msg":"stopped previous server","address":"localhost:2019"}
{"level":"info","ts":1680629879.8524444,"msg":"shutdown complete","signal":"SIGTERM","exit_code":0}
{"level":"info","ts":1680629890.491062,"msg":"using provided configuration","config_file":"/etc/caddy/Caddyfile","config_adapter":"caddyfile"}
{"level":"warn","ts":1680629890.4936693,"msg":"Caddyfile input is not formatted; run the 'caddy fmt' command to fix inconsistencies","adapter":"caddyfile","file":"/etc/caddy/Caddyfile","line":3}
{"level":"info","ts":1680629890.4956534,"logger":"admin","msg":"admin endpoint started","address":"localhost:2019","enforce_origin":false,"origins":["//localhost:2019","//[::1]:2019","//127.0.0.1:2019"]}
{"level":"info","ts":1680629890.4960797,"logger":"tls.cache.maintenance","msg":"started background certificate maintenance","cache":"0xc00038b570"}
{"level":"info","ts":1680629890.4962585,"logger":"http","msg":"server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS","server_name":"srv0","https_port":443}
{"level":"info","ts":1680629890.496285,"logger":"http","msg":"enabling automatic HTTP->HTTPS redirects","server_name":"srv0"}
{"level":"info","ts":1680629890.4969122,"logger":"tls","msg":"cleaning storage unit","description":"FileStorage:/data/caddy"}
{"level":"debug","ts":1680629890.4969404,"logger":"http","msg":"starting server loop","address":"[::]:80","tls":false,"http3":false}
{"level":"info","ts":1680629890.496977,"logger":"http.log","msg":"server running","name":"remaining_auto_https_redirects","protocols":["h1","h2","h3"]}
{"level":"info","ts":1680629890.497048,"logger":"http","msg":"enabling HTTP/3 listener","addr":":443"}
{"level":"debug","ts":1680629890.4972284,"logger":"http","msg":"starting server loop","address":"[::]:443","tls":true,"http3":true}
{"level":"info","ts":1680629890.4972486,"logger":"http.log","msg":"server running","name":"srv0","protocols":["h1","h2","h3"]}
{"level":"info","ts":1680629890.4972572,"logger":"http","msg":"enabling automatic TLS certificate management","domains":["hmlb.ch"]}
{"level":"info","ts":1680629890.4975138,"logger":"tls","msg":"finished cleaning storage units"}
{"level":"info","ts":1680629890.4987338,"msg":"autosaved config (load with --resume flag)","file":"/config/caddy/autosave.json"}
{"level":"info","ts":1680629890.4993904,"msg":"serving initial configuration"}
{"level":"info","ts":1680629890.501522,"logger":"tls.obtain","msg":"acquiring lock","identifier":"hmlb.ch"}
{"level":"info","ts":1680629890.5071707,"logger":"tls.obtain","msg":"lock acquired","identifier":"hmlb.ch"}
{"level":"info","ts":1680629890.5077903,"logger":"tls.obtain","msg":"obtaining certificate","identifier":"hmlb.ch"}
{"level":"debug","ts":1680629890.5079117,"logger":"events","msg":"event","name":"cert_obtaining","id":"383fc817-7480-490a-affd-601c9aa39ed3","origin":"tls","data":{"identifier":"hmlb.ch"}}
{"level":"debug","ts":1680629890.5088124,"logger":"tls.obtain","msg":"trying issuer 1/2","issuer":"acme-v02.api.letsencrypt.org-directory"}
{"level":"info","ts":1680629890.5155382,"logger":"http","msg":"waiting on internal rate limiter","identifiers":["hmlb.ch"],"ca":"https://acme-v02.api.letsencrypt.org/directory","account":""}
{"level":"info","ts":1680629890.5155668,"logger":"http","msg":"done waiting on internal rate limiter","identifiers":["hmlb.ch"],"ca":"https://acme-v02.api.letsencrypt.org/directory","account":""}
{"level":"debug","ts":1680629891.3758073,"logger":"http.acme_client","msg":"http request","method":"GET","url":"https://acme-v02.api.letsencrypt.org/directory","headers":{"User-Agent":["Caddy/2.6.4 CertMagic acmez (linux; amd64)"]},"response_headers":{"Cache-Control":["public, max-age=0, no-cache"],"Content-Length":["756"],"Content-Type":["application/json"],"Date":["Tue, 04 Apr 2023 17:38:11 GMT"],"Server":["nginx"],"Strict-Transport-Security":["max-age=604800"],"X-Frame-Options":["DENY"]},"status_code":200}
{"level":"debug","ts":1680629891.508565,"logger":"http.acme_client","msg":"http request","method":"HEAD","url":"https://acme-v02.api.letsencrypt.org/acme/new-nonce","headers":{"User-Agent":["Caddy/2.6.4 CertMagic acmez (linux; amd64)"]},"response_headers":{"Cache-Control":["public, max-age=0, no-cache"],"Date":["Tue, 04 Apr 2023 17:38:11 GMT"],"Link":["<https://acme-v02.api.letsencrypt.org/directory>;rel=\"index\""],"Replay-Nonce":["1DFATAWu5hul3IZQWAW5llYUqQUl9oXhrzZHwzjMaMhue54"],"Server":["nginx"],"Strict-Transport-Security":["max-age=604800"],"X-Frame-Options":["DENY"]},"status_code":200}
{"level":"debug","ts":1680629891.78345,"logger":"http.acme_client","msg":"http request","method":"POST","url":"https://acme-v02.api.letsencrypt.org/acme/new-order","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.6.4 CertMagic acmez (linux; amd64)"]},"response_headers":{"Boulder-Requester":["954014226"],"Cache-Control":["public, max-age=0, no-cache"],"Content-Length":["332"],"Content-Type":["application/json"],"Date":["Tue, 04 Apr 2023 17:38:11 GMT"],"Link":["<https://acme-v02.api.letsencrypt.org/directory>;rel=\"index\""],"Location":["https://acme-v02.api.letsencrypt.org/acme/order/954014226/174192363567"],"Replay-Nonce":["1AAD89fYd6auATXjkQy-i5DnrPJOmetRVP_QkgRD7kqkiEQ"],"Server":["nginx"],"Strict-Transport-Security":["max-age=604800"],"X-Frame-Options":["DENY"]},"status_code":201}
{"level":"debug","ts":1680629891.918479,"logger":"http.acme_client","msg":"http request","method":"POST","url":"https://acme-v02.api.letsencrypt.org/acme/authz-v3/216681458527","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.6.4 CertMagic acmez (linux; amd64)"]},"response_headers":{"Boulder-Requester":["954014226"],"Cache-Control":["public, max-age=0, no-cache"],"Content-Length":["791"],"Content-Type":["application/json"],"Date":["Tue, 04 Apr 2023 17:38:11 GMT"],"Link":["<https://acme-v02.api.letsencrypt.org/directory>;rel=\"index\""],"Replay-Nonce":["C8786D1Xi32SRq6aZSy5u81TZwyBW5Fnb92KI0x-ObKSQzM"],"Server":["nginx"],"Strict-Transport-Security":["max-age=604800"],"X-Frame-Options":["DENY"]},"status_code":200}
{"level":"debug","ts":1680629891.9188201,"logger":"http.acme_client","msg":"no solver configured","challenge_type":"tls-alpn-01"}
{"level":"debug","ts":1680629891.9188359,"logger":"http.acme_client","msg":"no solver configured","challenge_type":"http-01"}
{"level":"info","ts":1680629891.9188423,"logger":"http.acme_client","msg":"trying to solve challenge","identifier":"hmlb.ch","challenge_type":"dns-01","ca":"https://acme-v02.api.letsencrypt.org/directory"}
{"level":"error","ts":1680629892.160904,"logger":"http.acme_client","msg":"cleaning up solver","identifier":"hmlb.ch","challenge_type":"dns-01","error":"no memory of presenting a DNS record for \"_acme-challenge.hmlb.ch\" (usually OK if presenting also failed)"}
{"level":"debug","ts":1680629892.3591752,"logger":"http.acme_client","msg":"http request","method":"POST","url":"https://acme-v02.api.letsencrypt.org/acme/authz-v3/216681458527","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.6.4 CertMagic acmez (linux; amd64)"]},"response_headers":{"Boulder-Requester":["954014226"],"Cache-Control":["public, max-age=0, no-cache"],"Content-Length":["795"],"Content-Type":["application/json"],"Date":["Tue, 04 Apr 2023 17:38:12 GMT"],"Link":["<https://acme-v02.api.letsencrypt.org/directory>;rel=\"index\""],"Replay-Nonce":["1AADcIXFF05ajU_SwYEShlMOhSiygOjcLIYLqEt9Ny-72mk"],"Server":["nginx"],"Strict-Transport-Security":["max-age=604800"],"X-Frame-Options":["DENY"]},"status_code":200}
{"level":"error","ts":1680629892.3593512,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"hmlb.ch","issuer":"acme-v02.api.letsencrypt.org-directory","error":"[hmlb.ch] solving challenges: presenting for challenge: adding temporary record for zone \"hmlb.ch.\": call to API was not successful, returned the status code '404 Not Found' (order=https://acme-v02.api.letsencrypt.org/acme/order/954014226/174192363567) (ca=https://acme-v02.api.letsencrypt.org/directory)"}
{"level":"debug","ts":1680629892.3593795,"logger":"tls.obtain","msg":"trying issuer 2/2","issuer":"acme.zerossl.com-v2-DV90"}
{"level":"info","ts":1680629892.369777,"logger":"http","msg":"waiting on internal rate limiter","identifiers":["hmlb.ch"],"ca":"https://acme.zerossl.com/v2/DV90","account":"caddy@zerossl.com"}
{"level":"info","ts":1680629892.3697991,"logger":"http","msg":"done waiting on internal rate limiter","identifiers":["hmlb.ch"],"ca":"https://acme.zerossl.com/v2/DV90","account":"caddy@zerossl.com"}
{"level":"debug","ts":1680629892.538414,"logger":"http.acme_client","msg":"http request","method":"GET","url":"https://acme.zerossl.com/v2/DV90","headers":{"User-Agent":["Caddy/2.6.4 CertMagic acmez (linux; amd64)"]},"response_headers":{"Access-Control-Allow-Origin":["*"],"Content-Length":["645"],"Content-Type":["application/json"],"Date":["Tue, 04 Apr 2023 17:38:12 GMT"],"Server":["nginx"],"Strict-Transport-Security":["max-age=15724800; includeSubDomains"]},"status_code":200}
{"level":"debug","ts":1680629892.6455324,"logger":"http.acme_client","msg":"http request","method":"HEAD","url":"https://acme.zerossl.com/v2/DV90/newNonce","headers":{"User-Agent":["Caddy/2.6.4 CertMagic acmez (linux; amd64)"]},"response_headers":{"Access-Control-Allow-Origin":["*"],"Cache-Control":["max-age=0, no-cache, no-store"],"Content-Type":["application/octet-stream"],"Date":["Tue, 04 Apr 2023 17:38:12 GMT"],"Link":["<https://acme.zerossl.com/v2/DV90>;rel=\"index\""],"Replay-Nonce":["uWlF667YaFhVJX_e6jx6smAXgFTeCZmrIJUw408yg98"],"Server":["nginx"],"Strict-Transport-Security":["max-age=15724800; includeSubDomains"]},"status_code":200}
{"level":"debug","ts":1680629893.2488391,"logger":"http.acme_client","msg":"http request","method":"POST","url":"https://acme.zerossl.com/v2/DV90/newOrder","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.6.4 CertMagic acmez (linux; amd64)"]},"response_headers":{"Access-Control-Allow-Origin":["*"],"Cache-Control":["max-age=0, no-cache, no-store"],"Content-Length":["269"],"Content-Type":["application/json"],"Date":["Tue, 04 Apr 2023 17:38:13 GMT"],"Location":["https://acme.zerossl.com/v2/DV90/order/vWJKSLFiXiVLkDXGUj69jA"],"Replay-Nonce":["vhCPM4Pq28Vts46CkVZrYTWOBFp8m-dxR2ciFEIR4HQ"],"Server":["nginx"],"Strict-Transport-Security":["max-age=15724800; includeSubDomains"]},"status_code":201}
{"level":"debug","ts":1680629893.411887,"logger":"http.acme_client","msg":"http request","method":"POST","url":"https://acme.zerossl.com/v2/DV90/authz/W0PpvTde1pA8t-TnEuU3bg","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.6.4 CertMagic acmez (linux; amd64)"]},"response_headers":{"Access-Control-Allow-Origin":["*"],"Cache-Control":["max-age=0, no-cache, no-store"],"Content-Length":["437"],"Content-Type":["application/json"],"Date":["Tue, 04 Apr 2023 17:38:13 GMT"],"Link":["<https://acme.zerossl.com/v2/DV90>;rel=\"index\""],"Replay-Nonce":["x6nOWFVcYx4Jp4wYAGTjCd17uBoEGBYgv0OT-MnKV1k"],"Retry-After":["5"],"Server":["nginx"],"Strict-Transport-Security":["max-age=15724800; includeSubDomains"]},"status_code":200}
{"level":"debug","ts":1680629893.4120586,"logger":"http.acme_client","msg":"no solver configured","challenge_type":"http-01"}
{"level":"info","ts":1680629893.4120765,"logger":"http.acme_client","msg":"trying to solve challenge","identifier":"hmlb.ch","challenge_type":"dns-01","ca":"https://acme.zerossl.com/v2/DV90"}
{"level":"error","ts":1680629893.509242,"logger":"http.acme_client","msg":"cleaning up solver","identifier":"hmlb.ch","challenge_type":"dns-01","error":"no memory of presenting a DNS record for \"_acme-challenge.hmlb.ch\" (usually OK if presenting also failed)"}
{"level":"debug","ts":1680629893.5890803,"logger":"http.acme_client","msg":"http request","method":"POST","url":"https://acme.zerossl.com/v2/DV90/authz/W0PpvTde1pA8t-TnEuU3bg","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.6.4 CertMagic acmez (linux; amd64)"]},"response_headers":{"Access-Control-Allow-Origin":["*"],"Cache-Control":["max-age=0, no-cache, no-store"],"Content-Length":["119"],"Content-Type":["application/json"],"Date":["Tue, 04 Apr 2023 17:38:13 GMT"],"Link":["<https://acme.zerossl.com/v2/DV90>;rel=\"index\""],"Replay-Nonce":["f1cWclj_BWU1IbxfD9rQn3DMlMH6pgYdd1AT4eOn_c4"],"Retry-After":["86400"],"Server":["nginx"],"Strict-Transport-Security":["max-age=15724800; includeSubDomains"]},"status_code":200}
{"level":"error","ts":1680629893.589252,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"hmlb.ch","issuer":"acme.zerossl.com-v2-DV90","error":"[hmlb.ch] solving challenges: presenting for challenge: adding temporary record for zone \"hmlb.ch.\": call to API was not successful, returned the status code '404 Not Found' (order=https://acme.zerossl.com/v2/DV90/order/vWJKSLFiXiVLkDXGUj69jA) (ca=https://acme.zerossl.com/v2/DV90)"}
{"level":"debug","ts":1680629893.589298,"logger":"events","msg":"event","name":"cert_failed","id":"397a0f18-9409-4662-b326-87b835806502","origin":"tls","data":{"error":{},"identifier":"hmlb.ch","issuers":["acme-v02.api.letsencrypt.org-directory","acme.zerossl.com-v2-DV90"],"renewal":false}}
{"level":"error","ts":1680629893.5893579,"logger":"tls.obtain","msg":"will retry","error":"[hmlb.ch] Obtain: [hmlb.ch] solving challenges: presenting for challenge: adding temporary record for zone \"hmlb.ch.\": call to API was not successful, returned the status code '404 Not Found' (order=https://acme.zerossl.com/v2/DV90/order/vWJKSLFiXiVLkDXGUj69jA) (ca=https://acme.zerossl.com/v2/DV90)","attempt":1,"retrying_in":60,"elapsed":3.082170125,"max_duration":2592000}

3. Caddy version:

Version 2.6.4

4. How I installed and ran Caddy:

I made a custom Docker container with my DNS plugin (see the Dockerfile).

a. System environment:

Unraid OS 6.11.1 with Caddy as a Docker Container

b. Command:

docker run
  -d
  --name='CaddyV2'
  --net='bridge'
  -e TZ="Europe/Berlin"
  -e HOST_OS="Unraid"
  -e HOST_HOSTNAME="Tower"
  -e HOST_CONTAINERNAME="CaddyV2"
  -l net.unraid.docker.managed=dockerman
  -l net.unraid.docker.icon='https://d1q6f0aelx0por.cloudfront.net/product-logos/library-caddy-logo.png'
  -p '80:80/tcp'
  -p '2443:443/tcp'
  -v '/mnt/user/appdata/CaddyV2/conf/data/':'/data':'rw'
  -v '/mnt/user/appdata/CaddyV2/conf/config':'/config':'rw'
  -v '/mnt/user/appdata/CaddyV2/Caddyfile':'/etc/caddy/Caddyfile':'rw' 'self/caddy-with-plugins:latest' 

c. Service/unit/compose file:

The entire thing is build with a docker file.

FROM caddy:2.6.4-builder AS builder

RUN xcaddy build \
    --with github.com/caddy-dns/hosttech@v1.0.2

FROM caddy:2.6.4

COPY --from=builder /usr/bin/caddy /usr/bin/caddy

d. My complete Caddy config:

{
        acme_dns hosttech {
                api_token secret_token 
        }
        debug
}

hmlb.ch {
        reverse_proxy 192.168.68.56:8085
}

5. Links to relevant resources:

Libdns implementation
Caddy DNS plugin

Thanks for the question!

Sounds like a bug in the (libdns implementation of the) DNS provider. I saw your bug report here:

That’s probably the best way to get a fix. (We don’t maintain DNS plugins ourselves.)

Sounds like a bug in the (libdns implementation of the) DNS provider.

That was exactly the thing I was afraid of . The maintainer of the plugin is me, so I will buckle down and see if I can fix it this way.

Thanks for your input

Take a look at other similar libdns plugins and compare the steps taken. You might need to strip the trailing dot from the zone so that it’s compatible with that vendor’s API. Some other vendors may require a fully qualified zone including the trailing dot.

The thing is I’m already stripping the trailing dot from the zone. Where I am not stripping the dot is at the record value. I could but I am not sure if the DNS challenge would still work. It might look for a record with hmlb.ch. but only be able to find hmlb.ch.

So after some debugging and two new releases it works . Thanks for your help.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.