Autostart Caddy with the netcup plugin

peterge98 · December 4, 2023, 11:42am

1. The problem I’m having:

I would like to have ./caddy_linux_amd64_custom start run after booting my server.

Would the best way to set up a cron job with @reboot?

3. Caddy version:

root@paperless-ngx:~# ./caddy_linux_amd64_custom --version
v2.7.5 h1:HoysvZkLcN2xJExEepaFHK92Qgs7xAiCFydN5x5Hs6Q=

4. How I installed and ran Caddy:

Its downloaded from here: Download Caddy

a. System environment:

root@paperless-ngx:~# cat /etc/os-release 
PRETTY_NAME="Debian GNU/Linux 12 (bookworm)"
NAME="Debian GNU/Linux"
VERSION_ID="12"
VERSION="12 (bookworm)"
VERSION_CODENAME=bookworm
ID=debian
HOME_URL="https://www.debian.org/"
SUPPORT_URL="https://www.debian.org/support"
BUG_REPORT_URL="https://bugs.debian.org/"

b. Command:

./caddy_linux_amd64_custom start

My config:

{
        acme_ca https://acme-v02.api.letsencrypt.org/directory
        email mail@peterge.de
}

paperless.peterge.de {
        tls {
                dns netcup {
                        customer_number number
                        api_key key
                        api_password pw
                }
        }
        reverse_proxy http://localhost:8000
}

plorenzo · December 4, 2023, 3:35pm

You don’t need a cronjob to do that, just enable caddy as a systemd service. It’s explained in the docs:

peterge98 · December 4, 2023, 3:54pm

I downloaded the binary and installed it, see 4. in my post.
Thats why its not set up with systemctl:

root@paperless-ngx:~# systemctl enable --now caddy    
Failed to enable unit: Unit file caddy.service does not exist.
root@paperless-ngx:~# systemctl status caddy
Unit caddy.service could not be found.

plorenzo · December 4, 2023, 4:06pm

How you downloaded it is not really relevant, if you want a binary to automatically be executed on host restar you need some kind of service.

If you install caddy with a package manager the service will be created automatically for you, if you install Caddy manually, as you did, you need to set up your service manually.

Systemd is a popular option and you have the instructions on how to do it step by step in the link I sent before

peterge98 · December 4, 2023, 4:27pm

I set up the unit file like described on the page.

root@paperless-ngx:~# cat /etc/systemd/system/caddy.service
[Service]
ExecStart=
ExecStart=/usr/bin/caddy run --environ --config /root/Caddyfile
ExecReload=
ExecReload=/usr/bin/caddy reload --config /root/Caddyfile

But how do I enable caddy?

root@paperless-ngx:~# systemctl enable caddy.service 
The unit files have no installation config (WantedBy=, RequiredBy=, Also=,
Alias= settings in the [Install] section, and DefaultInstance= for template
units). This means they are not meant to be enabled using systemctl.
 
Possible reasons for having this kind of units are:
* A unit may be statically enabled by being symlinked from another unit's
  .wants/ or .requires/ directory.
* A unit's purpose may be to act as a helper for some other unit which has
  a requirement dependency on it.
* A unit may be started when needed via activation (socket, path, timer,
  D-Bus, udev, scripted systemctl call, ...).
* In case of template units, the unit is meant to be enabled with some
  instance name specified.

francislavoie · December 4, 2023, 10:40pm

No, you only copied lines from the Overrides section, you didn’t use the unit file (which is linked to at the top of that page).

I strongly recommend you install Caddy using these instructions, and then follow these instructions to replace the Caddy binary from the package with your custom one.

That way, you won’t need to touch systemd config yourself, it’ll be managed by the apt package.

peterge98 · December 6, 2023, 11:06am

I set it up like described on Keep Caddy Running — Caddy Documentation.

But its not working yet, it did work before when I was executing it with the root user and the config in /root/Caddyfile. Now after creating the caddy user & group like described in the docs and moving the config to /etc/caddy/Caddyfile, I am unable to solve the challenge. I did no changes to my network/DNS stuff. Do you have any idea why it isnt wokring anymore?

root@paperless-ngx:~# systemctl status caddy.service 
* caddy.service - Caddy
     Loaded: loaded (/etc/systemd/system/caddy.service; enabled; preset: enabled)
     Active: active (running) since Wed 2023-12-06 11:57:23 CET; 4min 58s ago
       Docs: https://caddyserver.com/docs/
   Main PID: 212441 (caddy)
      Tasks: 9 (limit: 18941)
     Memory: 11.7M
        CPU: 347ms
     CGroup: /system.slice/caddy.service
             `-212441 /usr/bin/caddy run --environ --config /etc/caddy/Caddyfile

Dec 06 12:00:03 paperless-ngx caddy[212441]: {"level":"info","ts":1701860403.9204547,"logger":"tls.issuance.zerossl","msg":"done waiting on internal rate limiter","identifiers":["paperless.peterge.de"],"ca":"https://acme-v02.api.letsencrypt.org/directory","account":"mail@peterge.de"}
Dec 06 12:00:04 paperless-ngx caddy[212441]: {"level":"info","ts":1701860404.723109,"logger":"tls.issuance.zerossl.acme_client","msg":"trying to solve challenge","identifier":"paperless.peterge.de","challenge_type":"dns-01","ca":"https://acme-v02.api.letsencrypt.org/directory"}
Dec 06 12:00:25 paperless-ngx caddy[212441]: {"level":"error","ts":1701860425.0205178,"logger":"tls.issuance.zerossl.acme_client","msg":"cleaning up solver","identifier":"paperless.peterge.de","challenge_type":"dns-01","error":"no memory of presenting a DNS record for \"_acme-challenge.paperless.peterge.de\" (usually OK if presenting also failed)"}
Dec 06 12:00:25 paperless-ngx caddy[212441]: {"level":"error","ts":1701860425.1876392,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"paperless.peterge.de","issuer":"acme-v02.api.letsencrypt.org-directory","error":"[paperless.peterge.de] solving challenges: presenting for challenge: adding temporary record for zone \"peterge.de.\": Post \"https://ccp.netcup.net/run/webservice/servers/endpoint.php?JSON\": dial tcp: lookup ccp.netcup.net on 9.9.9.9:53: read udp 10.0.4.104:59848->9.9.9.9:53: i/o timeout (order=https://acme-v02.api.letsencrypt.org/acme/order/1450990096/227258608366) (ca=https://acme-v02.api.letsencrypt.org/directory)"}
Dec 06 12:00:25 paperless-ngx caddy[212441]: {"level":"error","ts":1701860425.187714,"logger":"tls.obtain","msg":"will retry","error":"[paperless.peterge.de] Obtain: [paperless.peterge.de] solving challenges: presenting for challenge: adding temporary record for zone \"peterge.de.\": Post \"https://ccp.netcup.net/run/webservice/servers/endpoint.php?JSON\": dial tcp: lookup ccp.netcup.net on 9.9.9.9:53: read udp 10.0.4.104:59848->9.9.9.9:53: i/o timeout (order=https://acme-v02.api.letsencrypt.org/acme/order/1450990096/227258608366) (ca=https://acme-v02.api.letsencrypt.org/directory)","attempt":1,"retrying_in":60,"elapsed":182.04181498,"max_duration":2592000}
Dec 06 12:01:25 paperless-ngx caddy[212441]: {"level":"info","ts":1701860485.189629,"logger":"tls.obtain","msg":"obtaining certificate","identifier":"paperless.peterge.de"}
Dec 06 12:01:31 paperless-ngx caddy[212441]: {"level":"info","ts":1701860491.1433957,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"paperless.peterge.de","challenge_type":"dns-01","ca":"https://acme-staging-v02.api.letsencrypt.org/directory"}
Dec 06 12:01:41 paperless-ngx caddy[212441]: {"level":"error","ts":1701860501.1465476,"logger":"tls.issuance.acme.acme_client","msg":"cleaning up solver","identifier":"paperless.peterge.de","challenge_type":"dns-01","error":"no memory of presenting a DNS record for \"_acme-challenge.paperless.peterge.de\" (usually OK if presenting also failed)"}
Dec 06 12:01:41 paperless-ngx caddy[212441]: {"level":"error","ts":1701860501.3033261,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"paperless.peterge.de","issuer":"acme-v02.api.letsencrypt.org-directory","error":"[paperless.peterge.de] solving challenges: presenting for challenge: adding temporary record for zone \"peterge.de.\": Post \"https://ccp.netcup.net/run/webservice/servers/endpoint.php?JSON\": dial tcp [2a03:4000::e01d]:443: connect: network is unreachable (order=https://acme-staging-v02.api.letsencrypt.org/acme/order/127975814/12785990474) (ca=https://acme-staging-v02.api.letsencrypt.org/directory)"}
Dec 06 12:01:47 paperless-ngx caddy[212441]: {"level":"info","ts":1701860507.1175063,"logger":"tls.issuance.zerossl.acme_client","msg":"trying to solve challenge","identifier":"paperless.peterge.de","challenge_type":"dns-01","ca":"https://acme-staging-v02.api.letsencrypt.org/directory"}

It is working fine when I coppy the config back to /root/Caddyfile, change the permissions and run caddy start…

peterge98 · December 6, 2023, 11:43am

I guess I might need to look for a new domain provider. Now I am facing

2023/12/06 11:40:14.532	ERROR	tls.issuance.acme.acme_client	cleaning up solver	{"identifier": "paperless.peterge.de", "challenge_type": "dns-01", "error": "deleting temporary record for name \"_acme-challenge.paperless.peterge.de\" in zone \"peterge.de.\": [netcup] Api session id in invalid format: The session id is not in a valid format."}

github.com/stecklars/dynamic-dns-netcup-api

Error while getting DNS Record info: The session id is not in a valid format.

opened 07:31PM - 05 Oct 22 UTC

CptMyName

Hi Lars, first of all thank you for this great tool! Over the last few month…s I've been getting the following error when running the script as a cronjob: ``` Script Starting Oct 04, 2022 21:07.01 Full logs for this script are available at /blabla [2022/10/04 21:07:01 +0200][NOTICE] ============================================= [2022/10/04 21:07:01 +0200][NOTICE] Running dynamic DNS client for netcup 3.0 [2022/10/04 21:07:01 +0200][NOTICE] This script is not affiliated with netcup. [2022/10/04 21:07:01 +0200][NOTICE] ============================================= [2022/10/04 21:07:10 +0200][NOTICE] Logged in successfully! [2022/10/04 21:07:10 +0200][NOTICE] Updating DNS records for domain "cptmynamesdomain.blabla" [2022/10/04 21:07:15 +0200][NOTICE] Successfully received Domain info. [2022/10/04 21:07:20 +0200][ERROR] Error while getting DNS Record info: The session id is not in a valid format. Exiting. Script Finished Oct 04, 2022 21:07.20 Full logs for this script are available at /blabla ``` It has worked without problems before. If I run it manually via console this error only comes up about 50% of the time. Any idea why this could be happening? I'm running PHP 7.4.30 and curl 7.85.0 on Unraid 6.11.0. If you need more information feel free to ask! EDIT: I have been trying around some more and it always seems to be working without errors if I launch the command twice in a row. The first run fails like above and the second one works. I have edited my cronjob to run it every hour at minute 7 and 8 and its working now. Maybe this helps someone...

francislavoie · December 6, 2023, 7:14pm

This reads more like your system was misconfigured and couldn’t make connections to the outside world.

peterge98 · December 6, 2023, 7:26pm

Ping heise.de worked flawlessly…

peterge98 · December 7, 2023, 5:07pm

Just a small update, this fixed my problem with netcup:

propagation_timeout 900s
propagation_delay 600s
resolvers 1.1.1.1

See Please set the default --dns-netcup-propagation-seconds >= 630 · Issue #28 · coldfix/certbot-dns-netcup · GitHub

francislavoie · December 7, 2023, 6:12pm

Makes sense. The netcup plugin’s README should probably mention that. If you could open an issue or PR with the plugin’s repo, that would help future users.

peterge98 · December 7, 2023, 6:41pm

peterge98 · December 9, 2023, 8:57am

system · January 8, 2024, 8:57am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.