Sounds like a buggy local DNS resolver wigging out. Caddy needs to find out what the base domain is and I think from memory it makes an SOA query to do that; we see the occasional broken local DNS impeding things for this reason.
As a quick workaround, get Caddy to skip local resolution and use a known good public resolver for this.
https://caddyserver.com/docs/caddyfile/directives/tls#resolvers