Hi,
I have started working with caddy setup since 7th of June. And I really like it so far. But now I have problems with the renew of the Certificate.
I’m started with a self compiled 1.0.0 and switch to official binary 1.0.1.
I’m using a wildcard Certificate with ACME for one domain, and the multiple subdomains underneath.
I run my own Nameserver and use RFC2136 for DNS Updates.
Of course RFC2136 is included in caddy.
caddy@HOSTNAME caddy]# caddy --plugins | grep rfc2136
tls.dns.rfc2136
caddy@HOSTNAME caddy]# caddy -version
Caddy v1.0.1 (h1:oor6ep+8NoJOabpFXhvjqjfeldtw1XSzfISVrbfqTKo=)
My env looks like this (and are also shown in /proc/PID/environ):
RFC2136_NAMESERVER=XXXX
RFC2136_TSIG_ALGORITHM=hmac-sha512
RFC2136_TSIG_KEY=XXXX.
RFC2136_TSIG_SECRET=XXXX
#RFC2136_PROPAGATION_TIMEOUT
I tried this settings with nsupdate and they are correct and working.
my caddy.conf looks like this:
http:// {
gzip
root /usr/share/caddy
}
import conf.d/*.conf
my wildcard domain settings are:
*.DOMAINNAME {
log /var/log/caddy/DOMAINNAME.log
errors /var/log/caddy/DOMAINNAME.error
root /usr/share/caddy/
tls {
dns rfc2136
}
}
the subdomain hosts are all look like this:
https://HOST.DOMAINNAME/ {
root /var/www/html/
tls {
wildcard
}
proxy / http://X.X.X.X:9000/ {
transparent
websocket
}
}
I worked great, but now it is time to renew the Cert and I get this error message:
Aug 11 09:02:58 HOSTNAME caddy[3372]: 2019/08/11 09:02:58 [INFO] [*.DOMAINNAME] acme: Trying renewal with 598 hours remaining
Aug 11 09:02:58 HOSTNAME caddy[3372]: 2019/08/11 09:02:58 [INFO] [*.DOMAINNAME] acme: Obtaining bundled SAN certificate
Aug 11 09:02:59 HOSTNAME caddy[3372]: 2019/08/11 09:02:59 [INFO] [*.DOMAINNAME] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz/XXXXX
Aug 11 09:02:59 HOSTNAME caddy[3372]: 2019/08/11 09:02:59 [INFO] [*.DOMAINNAME] acme: Could not find solver for: dns-01
Aug 11 09:02:59 HOSTNAME caddy[3372]: 2019/08/11 09:02:59 [ERROR][*.DOMAINNAME] failed to renew certificate: acme: Error -> One or more domains had a problem:
Aug 11 09:02:59 HOSTNAME caddy[3372]: [*.DOMAINNAME] [*.DOMAINNAME] acme: could not determine solvers
I run out of Ideas to check.
I tested the NS update setting. I checked the configuration, but it was working before.
I tried disable-{httpd,tls-alpn}-challenge.
I updated to 1.0.1 directly from caddy.
I googled and searched the forum, for DNS-01 problems. But nothing fits.
I don’t know how to enable debugging, there is no command parameter for that.
And hint how to get more debug or what could be wrong are appreciated.
Thanks
CU
Jens