Caddy with Jellyfin via Google Domains noob help

Just going to keep logging my progress here… not really much else I can do.

I attempted a fix suggested here.

Doing so stopped the process from starting at all, saying that I needed to include the token, which is a problem caddy didn’t seem to be recognising at all… so progress, I guess?

I included the environment variable in the caddyfile as suggested here which fixed the issue, however I am now getting the same original dns-01 error.

I have validated via cloudflare’s suggested curl command that the token is active and working.

I also followed another suggestion here to try including different resolvers for the DNS.

I followed the steps found here to set the zone permissions and make sure I am using a token, not a key.

I again tried the first suggestion, to delete all acme records found in /var/lib/caddy/.local/share/caddy/acme and then restart the service. Same error:

● caddy.service - Caddy
     Loaded: loaded (/etc/systemd/system/caddy.service; enabled; vendor preset: enabled)
     Active: active (running) since Mon 2023-07-24 14:07:50 AEST; 5min ago
       Docs: https://caddyserver.com/docs/
   Main PID: 1236859 (caddy)
      Tasks: 17 (limit: 18817)
     Memory: 11.5M
        CPU: 132ms
     CGroup: /system.slice/caddy.service
             └─1236859 /usr/bin/caddy run --environ --config /etc/caddy/Caddyfile

Jul 24 14:11:09 calcifer caddy[1236859]: {"level":"error","ts":1690171869.5663412,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"mitchflix.net","issuer":"acme.zerossl.com-v2-DV90","error":"[mitchflix.net] solving challenges: presenting for challenge: adding temporary record for zone \"mitchflix.net.\": got error status: HTTP 400: [{Code:6003 Message: Invalid request headers}] (order=https://acme.zerossl.com/v2/DV90/order/M5AtVzTQBEsq9NgaPz3i-g) (ca=https://acme.zerossl.com/v2/DV90)"}
Jul 24 14:11:09 calcifer caddy[1236859]: {"level":"error","ts":1690171869.5663843,"logger":"tls.obtain","msg":"will retry","error":"[mitchflix.net] Obtain: [mitchflix.net] solving challenges: presenting for challenge: adding temporary record for zone \"mitchflix.net.\": got error status: HTTP 400: [{Code:6003 Message:Invalid request headers}] (order=https://acme.zerossl.com/v2/DV90/order/M5AtVzTQBEsq9NgaPz3i-g) (ca=https://acme.zerossl.com/v2/DV90)","attempt":3,"retrying_in":120,"elapsed":199.141759113,"max_duration":2592000}
Jul 24 14:13:09 calcifer caddy[1236859]: {"level":"info","ts":1690171989.566676,"logger":"tls.obtain","msg":"obtaining certificate","identifier":"mitchflix.net"}
Jul 24 14:13:10 calcifer caddy[1236859]: {"level":"info","ts":1690171990.257321,"logger":"http.acme_client","msg":"trying to solve challenge","identifier":"mitchflix.net","challenge_type":"dns-01","ca":"https://acme-staging-v02.api.letsencrypt.org/directory"}
Jul 24 14:13:10 calcifer caddy[1236859]: {"level":"error","ts":1690171990.4952774,"logger":"http.acme_client","msg":"cleaning up solver","identifier":"mitchflix.net","challenge_type":"dns-01","error":"no memory of presenting a DNS record for \"_acme-challenge.mitchflix.net\" (usually OK if presenting also failed)"}
Jul 24 14:13:10 calcifer caddy[1236859]: {"level":"error","ts":1690171990.7239583,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"mitchflix.net","issuer":"acme-v02.api.letsencrypt.org-directory","error":"[mitchflix.net] solving challenges: presenting for challenge: adding temporary record for zone \"mitchflix.net.\": got error status: HTTP 400: [{Code:6003 Message:Invalid request headers}] (order=https://acme-staging-v02.api.letsencrypt.org/acme/order/112115184/9916639504) (ca=https://acme-staging-v02.api.letsencrypt.org/directory)"}
Jul 24 14:13:13 calcifer caddy[1236859]: {"level":"info","ts":1690171993.673248,"logger":"http.acme_client","msg":"trying to solve challenge","identifier":"mitchflix.net","challenge_type":"dns-01","ca":"https://acme.zerossl.com/v2/DV90"}
Jul 24 14:13:13 calcifer caddy[1236859]: {"level":"error","ts":1690171993.8832502,"logger":"http.acme_client","msg":"cleaning up solver","identifier":"mitchflix.net","challenge_type":"dns-01","error":"no memory of presenting a DNS record for \"_acme-challenge.mitchflix.net\" (usually OK if presenting also failed)"}
Jul 24 14:13:14 calcifer caddy[1236859]: {"level":"error","ts":1690171994.8841772,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"mitchflix.net","issuer":"acme.zerossl.com-v2-DV90","error":"[mitchflix.net] solving challenges: presenting for challenge: adding temporary record for zone \"mitchflix.net.\": got error status: HTTP 400: [{Code:6003 Message:Invalid request headers}] (order=https://acme.zerossl.com/v2/DV90/order/xRluGPshWKvv-rHa-lTswg) (ca=https://acme.zerossl.com/v2/DV90)"}
Jul 24 14:13:14 calcifer caddy[1236859]: {"level":"error","ts":1690171994.8842106,"logger":"tls.obtain","msg":"will retry","error":"[mitchflix.net] Obtain: [mitchflix.net] solving challenges: presenting for challenge: adding temporary record for zone \"mitchflix.net.\": got error status: HTTP 400: [{Code:6003 Message:Invalid request headers}] (order=https://acme.zerossl.com/v2/DV90/order/xRluGPshWKvv-rHa-lTswg) (ca=https://acme.zerossl.com/v2/DV90)","attempt":4,"retrying_in":300,"elapsed":324.459585305,"max_duration":2592000}
lines 1-21/21 (END)

My Caddyfile now looks like:

mitchtchflix.net {
        reverse_proxy 192.168.1.31:8096
        tls {
                dns cloudflare {env.CLOUDFLARE_AUTH_TOKEN}
                resolvers 8.8.8.8
        }
}