Caddy and Let's Encrypt

Help
1

Hello everyone,

I’m trying to get my Let’s Encrypt setup working again. Everything was working and now my cert has expired and caddy (or Let’s Encrypt) are throwing errors.

When I run systemctl status caddy.service

I see:

Nov 14 11:07:41 ubuntuserver caddy[9640]: 2018/11/14 11:07:41 [INFO][www.scarano.me] acme: Could not find solver for: tls-sni-01
Nov 14 11:07:41 ubuntuserver caddy[9640]: 2018/11/14 11:07:41 [INFO][www.scarano.me] acme: Could not find solver for: http-01
Nov 14 11:07:41 ubuntuserver caddy[9640]: 2018/11/14 11:07:41 [INFO][www.scarano.me] acme: Trying to solve DNS-01
Nov 14 11:07:41 ubuntuserver caddy[9640]: 2018/11/14 11:07:41 [INFO][www.scarano.me] Checking DNS record propagation using [10.10.10.249:53 1.1.1.1:53]
Nov 14 11:09:48 ubuntuserver caddy[9640]: 2018/11/14 11:09:48 [ERROR] Renewing [www.scarano.me]: acme: Error -> One or more domains had a problem:
Nov 14 11:09:48 ubuntuserver caddy[9640]: [www.scarano.me] Time limit exceeded. Last error: read udp 10.10.10.10:59189->173.245.58.65:53: i/o timeout

CaddyFile:

home.scarano.me {
        root /var/www/home.scarano.me
        tls {
                dns cloudflare
        }
        tls brendon@scarano.me
        gzip
}

edgemax.scarano.me {
        gzip
        proxy / 10.10.10.250:8443 {
                transparent
                insecure_skip_verify
                websocket
                }
}

unifi.scarano.me {
        gzip
        proxy / 10.10.10.251:8443 {
                transparent
                insecure_skip_verify
                websocket
                }
}

unms.scarano.me {
        gzip
        proxy / 10.10.10.10:8443 {
                transparent
                insecure_skip_verify
                websocket
                }
}

freenas.scarano.me {
        gzip
        proxy / 10.10.10.50 {
                transparent
                insecure_skip_verify
                websocket
                }
}

nextcloud.scarano.me {
        gzip
        proxy / 10.10.10.70 {
        }
}

ha.scarano.me {
        gzip
        proxy / 10.55.55.20:8123 {
                transparent
                websocket
                insecure_skip_verify
                }
}

scarano.me, www.scarano.me {
        root /var/www/home.scarano.me
        tls {
                dns cloudflare
        }
        tls brendon@scarano.me
        gzip
        proxy /ombi 10.10.10.10:5000 {
                transparent
                }
        proxy /sonarr 10.10.10.20:8989 {
                transparent
                insecure_skip_verify
                }
        proxy /radarr 10.10.10.20:7878 {
                transparent
                insecure_skip_verify
                }
        proxy /nzbget 10.10.10.20:6789 {
                transparent
                insecure_skip_verify
                }
        log stdout
        errors stderr
}

Any help on what could be wrong, or what I am missing is appreciated.

EDIT: Solved by removing the
tls { dns clouldflare }

section

2

Looks like your network timed out while trying to read DNS information from Cloudflare:

Nov 14 11:07:41 ubuntuserver caddy[9640]: 2018/11/14 11:07:41 [INFO][www.scarano.me] Checking DNS record propagation using [10.10.10.249:53 1.1.1.1:53]

Nov 14 11:09:48 ubuntuserver caddy[9640]: [www.scarano.me] Time limit exceeded. Last error: read udp 10.10.10.10:59189->173.245.58.65:53: i/o timeout

You’re at 10.10.10.10, and 173.245.58.65 is one of Cloudflare’s DNS servers (specifically, angela.ns.cloudflare.com). Caddy’s ACME provider is trying to verify that the well-known record LetsEncrypt requires was successfully added before continuing the validation process and this error has been interfering.

Can you run dig @173.245.58.65 google.com on your Caddy host and see if it returns a result?

3

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.