Acme: Could not find solver for: dns-01

Hi,

I have started working with caddy setup since 7th of June. And I really like it so far. But now I have problems with the renew of the Certificate.

I’m started with a self compiled 1.0.0 and switch to official binary 1.0.1.
I’m using a wildcard Certificate with ACME for one domain, and the multiple subdomains underneath.
I run my own Nameserver and use RFC2136 for DNS Updates.
Of course RFC2136 is included in caddy.

caddy@HOSTNAME caddy]# caddy --plugins | grep rfc2136
  tls.dns.rfc2136
 caddy@HOSTNAME caddy]# caddy -version
Caddy v1.0.1 (h1:oor6ep+8NoJOabpFXhvjqjfeldtw1XSzfISVrbfqTKo=)

My env looks like this (and are also shown in /proc/PID/environ):

RFC2136_NAMESERVER=XXXX
RFC2136_TSIG_ALGORITHM=hmac-sha512
RFC2136_TSIG_KEY=XXXX.
RFC2136_TSIG_SECRET=XXXX
#RFC2136_PROPAGATION_TIMEOUT

I tried this settings with nsupdate and they are correct and working.

my caddy.conf looks like this:

http:// {
    gzip
    root /usr/share/caddy
}

import conf.d/*.conf

my wildcard domain settings are:

*.DOMAINNAME {
  log /var/log/caddy/DOMAINNAME.log
  errors /var/log/caddy/DOMAINNAME.error
  root /usr/share/caddy/

  tls {
    dns rfc2136
  }
}

the subdomain hosts are all look like this:

https://HOST.DOMAINNAME/ {
root /var/www/html/
tls {
  wildcard
}

proxy / http://X.X.X.X:9000/ {
        transparent
	websocket
  }
}

I worked great, but now it is time to renew the Cert and I get this error message:

Aug 11 09:02:58 HOSTNAME caddy[3372]: 2019/08/11 09:02:58 [INFO] [*.DOMAINNAME] acme: Trying renewal with 598 hours remaining
Aug 11 09:02:58 HOSTNAME caddy[3372]: 2019/08/11 09:02:58 [INFO] [*.DOMAINNAME] acme: Obtaining bundled SAN certificate
Aug 11 09:02:59 HOSTNAME caddy[3372]: 2019/08/11 09:02:59 [INFO] [*.DOMAINNAME] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz/XXXXX
Aug 11 09:02:59 HOSTNAME caddy[3372]: 2019/08/11 09:02:59 [INFO] [*.DOMAINNAME] acme: Could not find solver for: dns-01
Aug 11 09:02:59 HOSTNAME caddy[3372]: 2019/08/11 09:02:59 [ERROR][*.DOMAINNAME] failed to renew certificate: acme: Error -> One or more domains had a problem:
Aug 11 09:02:59 HOSTNAME caddy[3372]: [*.DOMAINNAME] [*.DOMAINNAME] acme: could not determine solvers

I run out of Ideas to check.

I tested the NS update setting. I checked the configuration, but it was working before.
I tried disable-{httpd,tls-alpn}-challenge.
I updated to 1.0.1 directly from caddy.
I googled and searched the forum, for DNS-01 problems. But nothing fits.
I don’t know how to enable debugging, there is no command parameter for that.

And hint how to get more debug or what could be wrong are appreciated.
Thanks

CU
Jens

Hi @JensKuehnel, I’ve been looking at this occasionally for the last four days or so, hoping something’ll hit me, but nothing obvious stands out.

So in an attempt to simplify as much as possible, what happens when you try:

env CADDYPATH=$(mktemp -d) caddy -log stdout -host *.DOMAINNAME "tls {" "dns rfc2136" "}"

(after setting DNS env vars as well, and replacing *.DOMAINNAME as appropriate)

1 Like

Hi @Whitestrake,

thanks for the help.
This works:

[caddy@HOSTNAME ~]$ env CADDYPATH=$(mktemp -d) caddy -agree -email cert@DOMAIN -log stdout -host .DOMAIN “tls {” “dns rfc2136” “}”
Activating privacy features… 2019/08/15 10:17:32 [INFO][cache:0xc000087040] Started certificate maintenance routine
2019/08/15 10:17:32 [INFO] acme: Registering account for cert@DOMAIN
2019/08/15 10:17:33 [INFO][
.DOMAIN Obtain certificate
2019/08/15 10:17:33 [INFO] [.DOMAIN acme: Obtaining bundled SAN certificate
2019/08/15 10:17:33 [INFO] [
.DOMAIN] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz/EzEHuhrLR14_V_EJxy2YxtyFNsgGd5vuxrgXvMVtgSc
2019/08/15 10:17:33 [INFO] [.DOMAIN] acme: use dns-01 solver
2019/08/15 10:17:33 [INFO] [
.DOMAIN] acme: Preparing to solve DNS-01
2019/08/15 10:17:34 [INFO] [.DOMAIN] acme: Trying to solve DNS-01
2019/08/15 10:17:34 [INFO] [
.DOMAIN] acme: Checking DNS record propagation using [X.X.X.250:53 [fd00::d9e8]:53]
2019/08/15 10:17:34 [INFO] Wait for propagation [timeout: 1m0s, interval: 2s]
2019/08/15 10:17:34 [INFO] [.DOMAIN] acme: Waiting for DNS record propagation.
2019/08/15 10:17:40 [INFO] [
.DOMAIN] The server validated our request
2019/08/15 10:17:40 [INFO] [.DOMAIN] acme: Cleaning DNS-01 challenge
2019/08/15 10:17:40 [INFO] [
.DOMAIN] acme: Validations succeeded; requesting certificates
2019/08/15 10:17:42 [INFO] [*.DOMAIN] Server responded with a certificate.

I have cleaned up my caddy dir and now it is working again. I will check again in November. We will see if it was really my “mess” in the caddy dir or RFC2136 has a bug in renew.

Thank for the help.

CU
Jens

1 Like

Hi,
and it is November and I have the same problem.
This time I did not delete the whole caddy Dir, but only
acme/acme-v02.api.letsencrypt.org/sites/$CERTNAME/$CERTNAME*
and it works again. The renewal of RFC2136 does not work apparently.

CU
Jens

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.