Sorry about the previous post, I wacked the wrong button and wasn’t paying attention when I was editing
1. The problem I’m having:
Caddy stopped renewing certs, so I blew it all away and upgraded it, that didn’t fix the issue so now I’m here for help
I’ve almost completely emptied my config out leaving just one domain.
I even went and created new cloudflare creds
2. Error messages and/or full log output:
{"level":"info","ts":1678168312.2640915,"logger":"tls.renew","msg":"acquiring lock","identifier":"fremnet.net"}
{"level":"info","ts":1678168312.2949867,"logger":"tls.renew","msg":"lock acquired","identifier":"fremnet.net"}
{"level":"info","ts":1678168312.29601,"logger":"tls.renew","msg":"renewing certificate","identifier":"fremnet.net","remaining":-79980.296007641}
{"level":"info","ts":1678168312.2970595,"logger":"http","msg":"waiting on internal rate limiter","identifiers":["fremnet.net"],"ca":"https://acme-v02.api.letsencrypt.org/directory","account":"redactedemail@example.com"}
{"level":"info","ts":1678168312.2970915,"logger":"http","msg":"done waiting on internal rate limiter","identifiers":["fremnet.net"],"ca":"https://acme-v02.api.letsencrypt.org/directory","account":"redactedemail@example.com"}
{"level":"info","ts":1678168313.9168398,"logger":"http.acme_client","msg":"trying to solve challenge","identifier":"fremnet.net","challenge_type":"dns-01","ca":"https://acme-v02.api.letsencrypt.org/directory"}
{"level":"error","ts":1678168314.3713026,"logger":"http.acme_client","msg":"cleaning up solver","identifier":"fremnet.net","challenge_type":"dns-01","error":"no memory of presenting a DNS record for \"_acme-challenge.fremnet.net\" (usually OK if presenting also failed)"}
{"level":"error","ts":1678168314.6285212,"logger":"tls.renew","msg":"could not get certificate from issuer","identifier":"fremnet.net","issuer":"acme-v02.api.letsencrypt.org-directory","error":"[fremnet.net] solving challenges: presenting for challenge: adding temporary record for zone \"net.\": expected 1 zone, got 0 for net. (order=https://acme-v02.api.letsencrypt.org/acme/order/127027232/168649057637) (ca=https://acme-v02.api.letsencrypt.org/directory)"}
{"level":"info","ts":1678168314.629043,"logger":"http","msg":"waiting on internal rate limiter","identifiers":["fremnet.net"],"ca":"https://acme.zerossl.com/v2/DV90","account":"redactedemail@example.com"}
{"level":"info","ts":1678168314.6290655,"logger":"http","msg":"done waiting on internal rate limiter","identifiers":["fremnet.net"],"ca":"https://acme.zerossl.com/v2/DV90","account":"redactedemail@example.com"}
{"level":"info","ts":1678168318.433271,"logger":"http.acme_client","msg":"trying to solve challenge","identifier":"fremnet.net","challenge_type":"dns-01","ca":"https://acme.zerossl.com/v2/DV90"}
{"level":"error","ts":1678168318.7315512,"logger":"http.acme_client","msg":"cleaning up solver","identifier":"fremnet.net","challenge_type":"dns-01","error":"no memory of presenting a DNS record for \"_acme-challenge.fremnet.net\" (usually OK if presenting also failed)"}
{"level":"error","ts":1678168319.318353,"logger":"tls.renew","msg":"could not get certificate from issuer","identifier":"fremnet.net","issuer":"acme.zerossl.com-v2-DV90","error":"[fremnet.net] solving challenges: presenting for challenge: adding temporary record for zone \"net.\": expected 1 zone, got 0 for net. (order=https://acme.zerossl.com/v2/DV90/order/ew9H2wjRU4GNNDAA0BXRmg) (ca=https://acme.zerossl.com/v2/DV90)"}
{"level":"error","ts":1678168319.3184984,"logger":"tls.renew","msg":"will retry","error":"[fremnet.net] Renew: [fremnet.net] solving challenges: presenting for challenge: adding temporary record for zone \"net.\": expected 1 zone, got 0 for net. (order=https://acme.zerossl.com/v2/DV90/order/ew9H2wjRU4GNNDAA0BXRmg) (ca=https://acme.zerossl.com/v2/DV90)","attempt":1,"retrying_in":60,"elapsed":7.023458072,"max_duration":2592000}
3. Caddy version:
v2.6.4 h1:2hwYqiRwk1tf3VruhMpLcYTg+11fCdr8S3jhNAdnPy8=
4. How I installed and ran Caddy:
/etc/init.d/caddy stop
docker run --rm -ti -v `pwd`/tmp:/outside caddy:2.6.4-builder-alpine xcaddy build v2.6.4 \
--output /outside/caddy
--with github.com/caddy-dns/cloudflare \
--with github.com/ueffel/caddy-brotli \
--with github.com/muety/caddy-remote-host \
--with github.com/abiosoft/caddy-exec \
--with github.com/kirsch33/realip \
--with github.com/lolPants/caddy-requestid \
--with github.com/mholt/caddy-webdav \
--with github.com/porech/caddy-maxmind-geolocation \
--with github.com/sjtug/caddy2-filter \
--with github.com/abiosoft/caddy-hmac \
--with github.com/abiosoft/caddy-json-parse \
--with github.com/abiosoft/caddy-named-routes \
--with github.com/RussellLuo/caddy-ext/ratelimit \
--with github.com/mholt/caddy-l4 \
--with github.com/caddy-dns/google-domains
cp tmp/caddy /usr/local/bin
/etc/init.d/caddy start
a. System environment:
Linux servah 5.14.17-gentoo #1 SMP Sun Nov 7 22:42:23 AEST 2021 x86_64 AMD FX™-8350 Eight-Core Processor AuthenticAMD GNU/Linux
b. Command:
/etc/init.d/caddy basically runs
setcap cap_net_bind_service=+ep
/usr/local/bin/caddyrun --config=/etc/caddy/Caddyfile
d. My complete Caddy config:
{
grace_period 1m
order filter after encode
email redactedemail@example.com
log {
output file /var/log/caddy.log
}
}
(cftls) {
tls {
dns cloudflare REDACTED
}
}
fremnet.net {
import cftls
reverse_proxy localhost:1280
}