I have site HTTPS only on port 443. Caddy use DNS challenge (cloudflare). I have problems with renew certificate with DNScrypt-proxy working on my router. DNScrypt is encrypted DNS protocol.
My Caddy log:
2018/10/11 23:02:25 [INFO][my_domain] acme: Trying renewal with 450 hours remaining 2018/10/11 23:02:25 [INFO][my_domain] acme: Obtaining bundled SAN certificate 2018/10/11 23:02:26 [INFO][my_domain] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz/IiOHq9Nnro4DZpqDk-bHbZnMjeQP77 2018/10/11 23:02:26 [INFO][my_domain] acme: Could not find solver for: http-01 2018/10/11 23:02:26 [INFO][my_domain] acme: Trying to solve DNS-01 2018/10/11 23:02:28 [INFO][my_domain] Checking DNS record propagation using [192.168.2.1:53] 2018/10/11 23:04:30 [ERROR] Renewing [my_domain]: acme: Error -> One or more domains had a problem: [my_domain] Time limit exceeded. Last error: NS jo.ns.cloudflare.com. returned SERVFAIL for _acme-challenge.my_domain. ; trying again in 10s
Any hints for which names should I set an exception for dnscrypt? I tried except for queries for the domain _acme-challenge.my_domain forward directly to the server jo.ns.cloudflare.com but that did not help.