Acme: error presenting token: googlecloud: no matching domain found for domain

Strykar · September 4, 2019, 3:16pm

I had caddy working with multiple sites and I came back to caddy.service not started.
Seems caddy won’t start with acme: error presenting token: googlecloud: no matching domain found for domain errors.

I double checked to see if the environment vars and GCP json was correct and it is, here’s the log -

systemd[1]: Started Caddy HTTP/2 web server.
caddy[6813]: 2019/09/04 14:52:03 [INFO][FileStorage:/var/lib/caddy] Started certificate maintenance routine
caddy[6813]: Activating privacy features... 2019/09/04 14:52:04 [WARNING] Stapling OCSP: invalid: OCSP response for [munin.hostname.org] valid after certificate expiration (-24h51>
caddy[6813]: 2019/09/04 14:52:04 [WARNING] Stapling OCSP: invalid: OCSP response for [munin.hostname.org] valid after certificate expiration (-24h51m18s)
caddy[6813]: 2019/09/04 14:52:04 [WARNING] Stapling OCSP: invalid: OCSP response for [munin.hostname.org] valid after certificate expiration (-24h51m18s)
caddy[6813]: 2019/09/04 14:52:04 [WARNING] Stapling OCSP: invalid: OCSP response for [bom.hostname.org] valid after certificate expiration (-24h51m8s)
caddy[6813]: 2019/09/04 14:52:04 [WARNING] Stapling OCSP: invalid: OCSP response for [bom.hostname.org] valid after certificate expiration (-24h51m8s)
caddy[6813]: 2019/09/04 14:52:04 [WARNING] Stapling OCSP: invalid: OCSP response for [bom.hostname.org] valid after certificate expiration (-24h51m8s)
caddy[6813]: 2019/09/04 14:52:04 [WARNING] Stapling OCSP: invalid: OCSP response for [bom.hostname.org] valid after certificate expiration (-24h51m8s)
caddy[6813]: 2019/09/04 14:52:04 [INFO] Certificate for [munin.hostname.org] expires in 121h16m37.732350624s; attempting renewal
caddy[6813]: 2019/09/04 14:52:05 [INFO] [munin.hostname.org] acme: Trying renewal with 121 hours remaining
caddy[6813]: 2019/09/04 14:52:05 [INFO] [munin.hostname.org] acme: Obtaining bundled SAN certificate
caddy[6813]: 2019/09/04 14:52:06 [INFO] [munin.hostname.org] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/149986731
caddy[6813]: 2019/09/04 14:52:06 [INFO] [munin.hostname.org] acme: Could not find solver for: tls-alpn-01
caddy[6813]: 2019/09/04 14:52:06 [INFO] [munin.hostname.org] acme: Could not find solver for: http-01
caddy[6813]: 2019/09/04 14:52:06 [INFO] [munin.hostname.org] acme: use dns-01 solver
caddy[6813]: 2019/09/04 14:52:06 [INFO] [munin.hostname.org] acme: Preparing to solve DNS-01
caddy[6813]: 2019/09/04 14:52:08 [INFO] [munin.hostname.org] acme: Cleaning DNS-01 challenge
caddy[6813]: 2019/09/04 14:52:08 [WARN] [munin.hostname.org] acme: error cleaning up: googlecloud: no matching domain found for domain hostname.org.
caddy[6813]: 2019/09/04 14:52:08 [ERROR] Renewing [munin.hostname.org]: acme: Error -> One or more domains had a problem:
caddy[6813]: [munin.hostname.org] [munin.hostname.org] acme: error presenting token: googlecloud: no matching domain found for domain hostname.org.
caddy[6813]: ; trying again in 10s
caddy[6813]: 2019/09/04 14:52:18 [INFO] [munin.hostname.org] acme: Trying renewal with 121 hours remaining
caddy[6813]: 2019/09/04 14:52:18 [INFO] [munin.hostname.org] acme: Obtaining bundled SAN certificate
caddy[6813]: 2019/09/04 14:52:19 [INFO] [munin.hostname.org] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/149986731
caddy[6813]: 2019/09/04 14:52:19 [INFO] [munin.hostname.org] acme: Could not find solver for: tls-alpn-01
caddy[6813]: 2019/09/04 14:52:19 [INFO] [munin.hostname.org] acme: Could not find solver for: http-01
caddy[6813]: 2019/09/04 14:52:19 [INFO] [munin.hostname.org] acme: use dns-01 solver
caddy[6813]: 2019/09/04 14:52:19 [INFO] [munin.hostname.org] acme: Preparing to solve DNS-01
caddy[6813]: 2019/09/04 14:52:19 [INFO] [munin.hostname.org] acme: Cleaning DNS-01 challenge
caddy[6813]: 2019/09/04 14:52:19 [WARN] [munin.hostname.org] acme: error cleaning up: googlecloud: no matching domain found for domain hostname.org.
caddy[6813]: 2019/09/04 14:52:19 [ERROR] Renewing [munin.hostname.org]: acme: Error -> One or more domains had a problem:
caddy[6813]: [munin.hostname.org] [munin.hostname.org] acme: error presenting token: googlecloud: no matching domain found for domain hostname.org.
caddy[6813]: ; trying again in 10s
caddy[6813]: 2019/09/04 14:52:29 too many renewal attempts; last error: acme: Error -> One or more domains had a problem:
caddy[6813]: [munin.hostname.org] [munin.hostname.org] acme: error presenting token: googlecloud: no matching domain found for domain hostname.org.
systemd[1]: caddy.service: Main process exited, code=exited, status=1/FAILURE
systemd[1]: caddy.service: Failed with result 'exit-code'.

What am I missing here, did something change with DNS challenges recently?

tobya · September 4, 2019, 8:17pm

IS this your real domain? If possible please dont react domain names it makes debugging more difficult.

tobya · September 4, 2019, 8:18pm

Could you provide your full caddyfile? Even your tls config in your caddyfile?

Whitestrake · September 5, 2019, 12:39am

Also might be worth checking that your DNS provider (googlecloud) has a zone for that hostname… The error appears to be coming from the provider.

Strykar · September 21, 2019, 9:16am

@tobya Sorry about that, the domain is wrtpoona.in

$ sudo cat /etc/caddy/caddy.conf
*:80 {
	gzip
	root /usr/share/caddy
}

import caddy.conf.d/*.conf

Smokeping config:
$ sudo cat /etc/caddy/caddy.conf.d/smokeping.conf
bom.wrtpoona.in {

	header / {
	-Server
        Strict-Transport-Security "max-age=31536000;"
        X-XSS-Protection "1; mode=block"
        X-Content-Type-Options "nosniff"
        X-Frame-Options "DENY"
        Expect-CT "enforce; max-age=3600"
        X-POP-Tag "GCP-MUM-SEA1"
        Referrer-Policy "no-referrer-when-downgrade"
	Feature-Policy "accelerometer 'none' ; ambient-light-sensor 'none' ; autoplay 'self' ; camera 'none' ; encrypted-media 'none' ; fullscreen 'self' ; geolocation 'none' ; gyroscope 'none' ; magnetometer 'none' ; microphone 'none' ; midi 'none' ; payment 'self' ; picture-in-picture * ; speaker 'self' ; sync-xhr 'none' ; usb 'none' ; notifications 'self' ; vibrate 'self' ; push 'self' ; vr 'none'"
        Content-Security-Policy "
            default-src 'self';
            style-src 'self' bootstrapcdn.com *.bootstrapcdn.com wrtpoona.in *.wrtpoona.in;
            script-src 'self' bootstrapcdn.com *.bootstrapcdn.com googleapis.com *.googleapis.com wrtpoona.in *.wrtpoona.in;
            font-src 'self' bootstrapcdn.com *.bootstrapcdn.com wrtpoona.in *.wrtpoona.in;
            img-src data: 'self' imgur.com *.imgur.com wrtpoona.in *.wrtpoona.in;
            form-action 'self';
            connect-src 'self' pokeapi.co wrtpoona.in *.wrtpoona.in;
            frame-ancestors 'none';
            report-uri {$CSP_REPORT_URI}
        "
}	

mime {
    .atom application/atom+xml
    .json application/json
    .map application/json
    .topojson application/json
    .jsonld application/ld+json
    .rss application/rss+xml
    .geojson application/vnd.geo+json
    .rdf application/xml
    .xml application/xml
    .js application/javascript
    .webmanifest application/manifest+json
    .webapp application/x-web-app-manifest+json
    .appcache text/cache-manifest
    .mid audio/midi
    .midi audio/midi
    .kar audio/midi
    .aac audio/mp4
    .f4a audio/mp4
    .f4b audio/mp4
    .m4a audio/mp4
    .mp3 audio/mpeg
    .oga audio/ogg
    .ogg audio/ogg
    .opus audio/ogg
    .ra audio/x-realaudio
    .wav audio/x-wav
    .bmp image/bmp
    .gif image/gif
    .jpeg image/jpeg
    .jpg image/jpeg
    .png image/png
    .svg image/svg+xml
    .svgz image/svg+xml
    .tif image/tiff
    .tiff image/tiff
    .wbmp image/vnd.wap.wbmp
    .webp image/webp
    .jng image/x-jng
    .3gp video/3gpp
    .3gpp video/3gpp
    .f4p video/mp4
    .f4v video/mp4
    .m4v video/mp4
    .mp4 video/mp4
    .mpeg video/mpeg
    .mpg video/mpeg
    .ogv video/ogg
    .mov video/quicktime
    .webm video/webm
    .flv video/x-flv
    .mng video/x-mng
    .asf video/x-ms-asf
    .asx video/x-ms-asf
    .wmv video/x-ms-wmv
    .avi video/x-msvideo
    .cur image/x-icon
    .ico image/x-icon
    .doc application/msword
    .xls application/vnd.ms-excel
    .ppt application/vnd.ms-powerpoint
    .docx application/vnd.openxmlformats-officedocument.wordprocessingml.document
    .xlsx application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
    .pptx application/vnd.openxmlformats-officedocument.presentationml.presentation
    .woff application/font-woff
    .woff2 application/font-woff2
    .eot application/vnd.ms-fontobject
    .ttc application/x-font-ttf
    .ttf application/x-font-ttf
    .otf font/opentype
    .ear application/java-archive
    .jar application/java-archive
    .war application/java-archive
    .hqx application/mac-binhex40
    .bin application/octet-stream
    .deb application/octet-stream
    .dll application/octet-stream
    .dmg application/octet-stream
    .exe application/octet-stream
    .img application/octet-stream
    .iso application/octet-stream
    .msi application/octet-stream
    .msm application/octet-stream
    .msp application/octet-stream
    .safariextz application/octet-stream
    .pdf application/pdf
    .ai application/postscript
    .eps application/postscript
    .ps application/postscript
    .rtf application/rtf
    .kml application/vnd.google-earth.kml+xml
    .kmz application/vnd.google-earth.kmz
    .wmlc application/vnd.wap.wmlc
    .7z application/x-7z-compressed
    .bbaw application/x-bb-appworld
    .torrent application/x-bittorrent
    .crx application/x-chrome-extension
    .cco application/x-cocoa
    .jardiff application/x-java-archive-diff
    .jnlp application/x-java-jnlp-file
    .run application/x-makeself
    .oex application/x-opera-extension
    .pl application/x-perl
    .pm application/x-perl
    .pdb application/x-pilot
    .prc application/x-pilot
    .rar application/x-rar-compressed
    .rpm application/x-redhat-package-manager
    .sea application/x-sea
    .swf application/x-shockwave-flash
    .sit application/x-stuffit
    .tcl application/x-tcl
    .tk application/x-tcl
    .crt application/x-x509-ca-cert
    .der application/x-x509-ca-cert
    .pem application/x-x509-ca-cert
    .xpi application/x-xpinstall
    .xhtml application/xhtml+xml
    .xsl application/xslt+xml
    .zip application/zip
    .css text/css
    .htm text/html
    .html text/html
    .shtml text/html
    .mml text/mathml
    .txt text/plain
    .vcard text/vcard
    .vcf text/vcard
    .xloc text/vnd.rim.location.xloc
    .jad text/vnd.sun.j2me.app-descriptor
    .wml text/vnd.wap.wml
    .vtt text/vtt
    .htc text/x-component
}

	tls {
	    dns googlecloud
	}
	log / /var/log/caddy/smokeping_combined.log "{combined}" {
}	
	errors
        root /srv/http/smokeping
        fastcgi / unix:/var/run/fcgiwrap.sock {
        env SCRIPT_FILENAME /srv/http/smokeping/smokeping.cgi
        }
}

bom.wrtpoona.in/js {
        root /srv/http/smokeping/js
}


bom.wrtpoona.in/css {
        root /srv/http/smokeping/css
}


bom.wrtpoona.in/imgcache {
	root /srv/smokeping/imgcache
}

@Whitestrake That was the first thing I checked since it was working fine before. Cropped pic from my Google console:
googleconsole

Whitestrake · September 21, 2019, 10:23am

This looks like the panel for a VPS.

A DNS zone doesn’t have a hostname, or a network interface, or a PTR record. What I meant was, is Google Cloud actually configured to respond authoritatively to DNS requests for your domain - is there actually an API object for your zone that the DNS provider plugin can manipulate to add records to, etc.

Strykar · September 21, 2019, 11:27am

@Whitestrake It’s the Google Cloud Console, let me check the DNS again.

system · December 20, 2019, 11:27am

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.