CentOS Linux release 7.7.1908
Intalled caddy by “yum install -y caddy”
Created conf at /etc/caddy/conf.d/[domain].conf
[domain] {
root /var/www/[domain]
}
Tried to run caddy as a system service
systemctl start caddy
Nov 23 19:56:18 systemd[1]: Starting Caddy HTTP/2 web server…
Nov 23 19:56:18 systemd[1]: Started Caddy HTTP/2 web server.
Nov 23 19:56:18 caddy[19584]: Activating privacy features… 2019/11/23 19:56:18 get Agreement URL: Get https://acme-v02.api.letsencrypt.org/directory: dial tcp: lookup acme-v02.api.letsencrypt.org on [::1]:53: read udp [::1]:57972->[::1]:53: read: connection refused
Nov 23 19:56:18 systemd[1]: caddy.service: main process exited, code=exited, status=1/FAILURE
Nov 23 19:56:18 systemd[1]: Unit caddy.service entered failed state.
Nov 23 19:56:18 systemd[1]: caddy.service failed.
This part indicates that Caddy attempted to look up the IP address for acme-v02.api.letsencrypt.org by connecting to the local host ([::1] in IPv6) on port 53, which was refused. With no DNS, Caddy can’t connect to LetsEncrypt.
Why is Caddy trying to connect to the local host to resolve DNS? Not sure. Caddy uses DNS servers specified by the operating system, so make sure that’s all working as expected and you can nslookup acme-v02.api.letsencrypt.org without issues and it should be all good from there.
Golang’s standard net package should resolve DNS directly from those servers in your resolv.conf (see: net package - net - pkg.go.dev). Caddy doesn’t do DNS resolution manually for this stuff, it relies on the standard library.
But that error is saying it’s trying to connect to itself for DNS, which doesn’t make sense with that resolv.conf. Maybe it’s falling back to cgo for some reason - question is why would cgo try that?
Maybe try Environment=GODEBUG=netdns=go in your service unit file and try it again to explicitly force the default, see if you’re still getting this error.
I don’t know how getaddrinfo and getnameinfo via cgo work - I assume it’s possible, but the default for Go programs using the net library is to use the servers listed in /etc/resolv.conf directly. So I expect it to ignore DNS servers configured per interface.
I worked around the issue by reinstalling caddy via curl https://getcaddy.com | bash -s personal, and followed instructions in here https://github.com/caddyserver/caddy/tree/master/dist/init/linux-systemd to setup service. This time the service went through that step without issues.