Caddy as reverse proxy with duckdns package

1. Caddy version (caddy version):

Windows amd64 v2.4.0-beta.1

2. How I run Caddy:

Using Caddyfile

a. System environment:

Windows 10

b. Command:

./caddy run

c. Service/unit/compose file:

n/a

d. My complete Caddyfile or JSON config:

azurmv.duckdns.org {
        tls {
                dns duckdns abc-abc-abc-abc-abc
        }
        reverse_proxy localhost: 8096
}

3. The problem I’m having:

Configuring Caddy as reverse proxy using DNS-01 challenge for DuckDns is failing

4. Error messages and/or full log output:

2021/03/31 20:11:47.084 ←[34mINFO←[0m   using adjacent Caddyfile
[WARNING][caddyfile] Caddyfile:1: input is not formatted with 'caddy fmt'
2021/03/31 20:11:47.091 ←[34mINFO←[0m   admin   admin endpoint started  {"address": "tcp/localhost:2019", "enforce_origin": false, "origins": ["localhost:2019", "[::1]:2019", "127.0.0.1:2019"]}
2021/03/31 20:11:47.092 ←[34mINFO←[0m   tls.cache.maintenance   started background certificate maintenance      {"cache": "0xc0002bbf10"}
2021/03/31 20:11:47.092 ←[34mINFO←[0m   http    server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS {"server_name": "srv0", "https_port": 443}
2021/03/31 20:11:47.092 ←[34mINFO←[0m   http    enabling automatic HTTP->HTTPS redirects        {"server_name": "srv0"}
2021/03/31 20:11:47.093 ←[34mINFO←[0m   http    enabling automatic TLS certificate management   {"domains": ["azurmv.duckdns.org"]}
2021/03/31 20:11:47.094 ←[34mINFO←[0m   tls     cleaned up storage units
2021/03/31 20:11:47.096 ←[34mINFO←[0m   autosaved config        {"file": "C:\\Users\\And\\AppData\\Roaming\\Caddy\\autosave.json"}
2021/03/31 20:11:47.097 ←[34mINFO←[0m   serving initial configuration
2021/03/31 20:11:47.108 ←[34mINFO←[0m   tls.obtain      acquiring lock  {"identifier": "azurmv.duckdns.org"}
2021/03/31 20:11:47.117 ←[34mINFO←[0m   tls.obtain      lock acquired   {"identifier": "azurmv.duckdns.org"}
2021/03/31 20:11:47.129 ←[34mINFO←[0m   tls.issuance.acme       waiting on internal rate limiter        {"identifiers": ["azurmv.duckdns.org"]}
2021/03/31 20:11:47.130 ←[34mINFO←[0m   tls.issuance.acme       done waiting on internal rate limiter   {"identifiers": ["azurmv.duckdns.org"]}
2021/03/31 20:11:48.303 ←[34mINFO←[0m   tls.issuance.acme.acme_client   trying to solve challenge       {"identifier": "azurmv.duckdns.org", "challenge_type": "dns-01", "ca": "https://acme-v02.api.letsencrypt.org/directory"}
2021/03/31 20:11:50.600 ←[31mERROR←[0m  tls.issuance.acme.acme_client   cleaning up solver      {"identifier": "azurmv.duckdns.org", "challenge_type": "dns-01", "error": "no memory of presenting a DNS record for azurmv.duckdns.org (probably OK if presenting failed)"}
2021/03/31 20:11:50.783 ←[34mINFO←[0m   tls.issuance.acme       waiting on internal rate limiter        {"identifiers": ["azurmv.duckdns.org"]}
2021/03/31 20:11:50.783 ←[34mINFO←[0m   tls.issuance.acme       done waiting on internal rate limiter   {"identifiers": ["azurmv.duckdns.org"]}
2021/03/31 20:11:52.491 ←[34mINFO←[0m   tls.issuance.acme.acme_client   trying to solve challenge       {"identifier": "azurmv.duckdns.org", "challenge_type": "dns-01", "ca": "https://acme.zerossl.com/v2/DV90"}
2021/03/31 20:11:53.608 ←[31mERROR←[0m  tls.issuance.acme.acme_client   cleaning up solver      {"identifier": "azurmv.duckdns.org", "challenge_type": "dns-01", "error": "no memory of presenting a DNS record for azurmv.duckdns.org (probably OK if presenting failed)"}
2021/03/31 20:11:54.035 ←[31mERROR←[0m  tls.obtain      will retry      {"error": "[azurmv.duckdns.org] Obtain: [azurmv.duckdns.org] solving challenges: presenting for challenge: adding temporary record for zone duckdns.org.: DuckDNS request failed, expected (OK) but got (KO), url: [https://www.duckdns.org/update?domains=org.duckdns.org&token=abc-abc-abc-abc-abc&txt=3uyr6BglN1r5L-5qECvj408-JI9bv0lD6Pzor4C8Tpg&verbose=true], body: KO (order=https://acme.zerossl.com/v2/DV90/order/er6EGeHX_3VBNechqWKMiA) (ca=https://acme.zerossl.com/v2/DV90)", "attempt": 1, "retrying_in": 60, "elapsed": 6.9176337, "max_duration": 2592000}

5. What I already tried:

For me is strange that the specified domain is org.duckdns.org

DuckDNS request failed, expected (OK) but got (KO), url: [https://www.duckdns.org/update?domains=org.duckdns.org

I’ve generated my own certificate using acme.sh client, which has been added to the Caddyfile.

Could you try again, building with v2.4.0-beta.2, which was just released last night?

same problem here. lack skills to build caddy by myself.

2021/04/12 15:34:47.606 e[31mERRORe[0m  tls.obtain      will retry      {"error": "[temptest.duckdns.org] Obtain: [temptest.duckdns.org] solving challenges: presenting for challenge: adding temporary record for zone duckdns.org.: DuckDNS request failed, expected (OK) but got (KO), url: [https://www.duckdns.org/update?domains=org.duckdns.org&token=b4cd5684-8f81-49af-a6bc-be9b53c16ec7&txt=dU61Lr4P93v-JezDMYUbuAObAjgV62PLL6S1zxz5Ows&verbose=true], body: KO (order=https://acme.zerossl.com/v2/DV90/order/Y-ThW_VjUcoSxcM9m0KbKQ) (ca=https://acme.zerossl.com/v2/DV90)", "attempt": 1, "retrying_in": 60, "elapsed": 36.5961613, "max_duration": 2592000}

@ivan just follow these instructions:

tried : xcaddy build --with github.com/caddy-dns/duckdns
in china,the authority blocked golang.org,so i set system proxy,still got this error.

2021/04/13 12:16:25 [INFO] Pinning versions
2021/04/13 12:16:25 [INFO] exec (timeout=0s): C:\Program Files\Go\bin\go.exe get -d -v github.com/caddyserver/caddy/v2
go get: module github.com/caddyserver/caddy/v2: Get "https://proxy.golang.org/github.com/caddyserver/caddy/v2/@v/list": dial tcp 172.217.160.113:443: connectex: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond.
2021/04/13 12:16:46 [FATAL] exit status 1

any ideas?

I don’t know what platform you’re on, but you could try this link (uses the Download Caddy page, build server):

https://caddyserver.com/api/download?os=linux&arch=amd64&p=github.com/caddyserver/caddy/v2@v2.4.0-beta.2&p=github.com/caddy-dns/duckdns&idempotency=52564368580212

thx man,im on windows,this command solved it.

$env:GOPROXY = "https://goproxy.io,direct"
xcaddy build v2.4.0-beta.2 --with github.com/caddy-dns/duckdns

So are you saying that the problem doesn’t exist when using v2.4.0-beta.2 compared to v2.3.0 @ivan ?

yes,but compared to v2.4.0-beta.1,
v2.4.0-beta.1, got same error as amv’s.
v2.4.0-beta.2` works fine.
thx again.

2 Likes