Caddy V2.2.0 DNS Resolvers Not Working As Expected

1. Caddy version (caddy version): V2.2.0

2. How I run Caddy: Docker Image

a. System environment: Docker 19.03.12

d. My complete Caddyfile or JSON config:

{
        debug
        email certauto@mydomain.com
}
whoami1.digi-swarm.com {
        reverse_proxy 10.0.28.207:8000
        tls {
                issuer acme {
                        dir https://acme-staging-v02.api.letsencrypt.org/directory
                        dns cloudflare [redacted]
                        resolvers 8.8.8.8:53
                }
        }
}

3. The problem I’m having:

The certmagic.DNS01Solver doesn’t seem to be using the configured “resolvers” to verify DNS propagation. (Needed for split horizon DNS issue)

4. Error messages and/or full log output:

{“level”:“error”,“ts”:1601361853.673818,“logger”:“tls.obtain”,“msg”:“will retry”,“error”:"[whoami1.digi-swarm.com] Obtain: [whoami1.digi-swarm.com] solving challenges: waiting for solver *certmagic.DNS01Solver to be ready: checking DNS propagation of _acme-challenge.whoami1.digi-swarm.com: dial tcp 108.162.192.149:53: i/o timeout (order=https://acme-staging-v02.api.letsencrypt.org/acme/order/15865947/158359361) (ca=https://acme-staging-v02.api.letsencrypt.org/directory)",“attempt”:1,“retrying_in”:60,“elapsed”:27.948952738,“max_duration”:2592000}

{“level”:“error”,“ts”:1601361939.8457055,“logger”:“tls.obtain”,“msg”:“will retry”,“error”:"[whoami1.digi-swarm.com] Obtain: [whoami1.digi-swarm.com] solving challenges: waiting for solver *certmagic.DNS01Solver to be ready: checking DNS propagation of _acme-challenge.whoami1.digi-swarm.com: dial tcp 173.245.59.196:53: i/o timeout (order=https://acme-staging-v02.api.letsencrypt.org/acme/order/15865947/158360135) (ca=https://acme-staging-v02.api.letsencrypt.org/directory)",“attempt”:2,“retrying_in”:120,“elapsed”:114.120840078,“max_duration”:2592000}

Is there anything about your network that would cause DNS lookups to go to 108.162.192.149? (That’s a Cloudflare IP.)

This topic was automatically closed after 30 days. New replies are no longer allowed.