Caddy2 integration is not starting (HassOS)

Help
1

Hello everyone,
i m litterally stuck and hopeless, because i m failing to properly configure vaultw. environment to reach my objective.

GOAL: Run a VW local instance (not reachable from Internet) on HomeAssistant (Rasp. Pi4) and connect to the istance through PC app and Android app in order to Sync the clients’database to the central Vaultwarden Server.

Problem: After about 40hourse of troubleshooting i m still having problems managing the HTTPS Certificates: On windows pc’app the error is “Unable to Fetch”, or it goes on timeout. On Android i receive error about the ceriticate
I read and tried the Nginx Proxy, also Nginx Proxy manager and last but not least about Caddy2 to obtain the DNS Challenge configuration.

My environment (coming from the lateste attempt to make all this work):
HassOs:

  • Core 2024.1.0
  • Supervisor 2023.12.0
  • Operating System 11.2
  • Frontend 20240103.3
    Vaultwarden Add-on:
    “Vaultwarden (Bitwarden) Current version: 0.20.1”
    DuckDNS:1.15.0
    Integration with domain linked to my Public IP: $my-domain$.duckdns.org

All components are on the same machine (192.168.0.2)

VW Config:

ssl: true
certfile: fullchain.pem
keyfile: privkey.pem
log_level: debug

Caddy2 config file (named: Caddyfile):

 {
  email $myemail$@gmail.com
 }

$my-domain$.duckdns.org {
    tls {
        dns duckdns $mytoken$
    }
    reverse_proxy https://localhost:7277
 }

Following this guide (How to use DNS provider modules in Caddy 2 - Wiki - Caddy Community) I also downloaded the caddy custom binary (platform:linux arm64) thanks to git clone in the folder
/share/caddy and i found a duckdns folder (/share/caddy/duckdns). I didnt understand if should i do something with these files.

When i start CADDY i receive these error:

NFO: Prepare Caddy...
INFO: Use built-in Caddy
v2.7.6 h1:w0NymbG2m9PcvKWsrXO6EEkY9Ru4FJK8uQbYcev1p3A=
INFO: Prepare Caddyfile...
INFO: Caddyfile found at /share/caddy/Caddyfile
INFO: Run Caddy...
DEBUG: '/usr/bin/caddy' run --config '/share/caddy/Caddyfile' ''
{"level":"info","ts":1704324312.8542378,"msg":"using provided configuration","config_file":"/share/caddy/Caddyfile","config_adapter":""}
**Error: adapting config using caddyfile: parsing caddyfile tokens for 'tls': getting module named 'dns.providers.duckdns': module not registered: dns.providers.duckdns, at /share/caddy/Caddyfile:7**
**INFO: Service caddy exited with code 1 (by signal 0)**

Please i hope in the community and all the good people here to help me, is really really annoying.
I am avaiable to change configurations and use NGINX Proxy or NGINX Proxy Manager or ADGuardHome (if should have sense) in order to fix this behaviour.

2

Please fill out the help topic template as per the forum rules. We need to know how you installed Caddy.

3

Hi Francis, thanks you for joining the thread! Here there are all the information i can retrieve and provide in the template (let me know if there is something else i can collect for you!):

1. The problem I’m having:

GOAL: Run a Vaultwarden local instance (not reachable from Internet) on HomeAssistant (Rasp. Pi4) and connect to the instance through PC app and Android app in order to Sync the clients’database to the central Vaultwarden Server. The PC and the Android device will reach the network through OpenVPN or direct connection (Eth/Wifi).

On windows pc’app the error is “Unable to Fetch”, or it goes on timeout. On Android i receive error about the ceriticate
I read and tried the Nginx Proxy, also Nginx Proxy manager and last but not least about Caddy2 to obtain the DNS Challenge configuration.

Caddy looks like it is not able to start for a Service Code:

Error: adapting config using caddyfile: parsing caddyfile tokens for 'tls': getting module named 'dns.providers.duckdns': module not registered: dns.providers.duckdns, at /share/caddy/Caddyfile:7
INFO: Service caddy exited with code 1 (by signal 0)

2. Error messages and/or full log output:

s6-rc: info: service s6rc-oneshot-runner: starting
s6-rc: info: service s6rc-oneshot-runner successfully started
s6-rc: info: service base-addon-banner: starting

-----------------------------------------------------------
 Add-on: Caddy 2
 Open source web and proxy server with automatic HTTPS
-----------------------------------------------------------
 Add-on version: 1.5.4
 You are running the latest version of this add-on.
 System: Home Assistant OS 11.2  (aarch64 / raspberrypi4-64)
 Home Assistant Core: 2024.1.0
 Home Assistant Supervisor: 2023.12.0
-----------------------------------------------------------
 Please, share the above information when looking for help
 or support in, e.g., GitHub, forums or the Discord chat.
-----------------------------------------------------------
s6-rc: info: service base-addon-banner successfully started
s6-rc: info: service fix-attrs: starting
s6-rc: info: service base-addon-log-level: starting
s6-rc: info: service fix-attrs successfully started
Log level is set to DEBUG
s6-rc: info: service base-addon-log-level successfully started
s6-rc: info: service legacy-cont-init: starting
s6-rc: info: service legacy-cont-init successfully started
s6-rc: info: service caddy: starting
s6-rc: info: service caddy successfully started
s6-rc: info: service legacy-services: starting
s6-rc: info: service legacy-services successfully started
INFO: Prepare Caddy...
INFO: Use built-in Caddy
v2.7.6 h1:w0NymbG2m9PcvKWsrXO6EEkY9Ru4FJK8uQbYcev1p3A=
INFO: Prepare Caddyfile...
INFO: Caddyfile found at /share/caddy/Caddyfile
INFO: Run Caddy...
DEBUG: '/usr/bin/caddy' run --config '/share/caddy/Caddyfile' ''
{"level":"info","ts":1704324312.8542378,"msg":"using provided configuration","config_file":"/share/caddy/Caddyfile","config_adapter":""}
Error: adapting config using caddyfile: parsing caddyfile tokens for 'tls': getting module named 'dns.providers.duckdns': module not registered: dns.providers.duckdns, at /share/caddy/Caddyfile:7
INFO: Service caddy exited with code 1 (by signal 0)
s6-rc: info: service legacy-services: stopping
s6-rc: info: service legacy-services successfully stopped
s6-rc: info: service caddy: stopping
s6-rc: info: service caddy successfully stopped
s6-rc: info: service legacy-cont-init: stopping
s6-rc: info: service legacy-cont-init successfully stopped
s6-rc: info: service fix-attrs: stopping
s6-rc: info: service base-addon-log-level: stopping
s6-rc: info: service fix-attrs successfully stopped
s6-rc: info: service base-addon-log-level successfully stopped
s6-rc: info: service base-addon-banner: stopping
s6-rc: info: service base-addon-banner successfully stopped
s6-rc: info: service s6rc-oneshot-runner: stopping
s6-rc: info: service s6rc-oneshot-runner successfully stopped

3. Caddy version:

Caddy 2, Current version: 1.5.4e.

4. How I installed and ran Caddy:

I installed Caddy through the native functionality of Home Assistant “Addons”, currently i m running " Caddy 2, Current version: 1.5.4". I added this repo: GitHub - einschmidt/hassio-addons: Home Assistant addons and downloaded the component through HA (and also installed obviously)

a. System environment:

HassOs:

  • Core 2024.1.0
  • Supervisor 2023.12.0
  • Operating System 11.2
  • Frontend 20240103.3
    Vaultwarden Add-on:
    “Vaultwarden (Bitwarden) Current version: 0.20.1”
    DuckDNS Integration:1.15.0
    Integration with domain linked to my Public IP. Domain: smartzucchero.duckdns.org

All components are on the same machine (192.168.0.2)

VW Config:

ssl: true
certfile: fullchain.pem
keyfile: privkey.pem
log_level: debug

b. Command:

Just clicking on “Start” in the integration page of Home Assistant

d. My complete Caddy config:

 {
  email myemail@gmail.com
 }

smartzucchero.duckdns.org {
    tls {
        dns duckdns $token$
    }
    reverse_proxy https://localhost:7277
 }
env_vars: {
DOMAIN=smartzucchero.duckdns.org
DUCKDNS_TOKEN=$token$
}
 log_level: debug
4

That’s not an officially supported installation method. I can’t really help you with that, I don’t understand exactly what that means in terms of how Caddy was installed. You’ll need to ask the author of that for help.

The gist is you need to swap out the Caddy binary (program) with one that has the DuckDNS plugin included. How you do that entirely depends on the installation method, and since I don’t understand how Caddy is being installed and run using the method you chose, I can’t help with that.

5

Hi Francis, thanks :frowning_face:

Btw, i used the custom binary, made it executable through chmod but still receiving error:

s6-rc: info: service s6rc-oneshot-runner: starting
s6-rc: info: service s6rc-oneshot-runner successfully started
s6-rc: info: service base-addon-banner: starting

-----------------------------------------------------------
 Add-on: Caddy 2
 Open source web and proxy server with automatic HTTPS
-----------------------------------------------------------
 Add-on version: 1.5.4
 You are running the latest version of this add-on.
 System: Home Assistant OS 11.2  (aarch64 / raspberrypi4-64)
 Home Assistant Core: 2024.1.0
 Home Assistant Supervisor: 2023.12.0
-----------------------------------------------------------
 Please, share the above information when looking for help
 or support in, e.g., GitHub, forums or the Discord chat.
-----------------------------------------------------------
s6-rc: info: service base-addon-banner successfully started
s6-rc: info: service fix-attrs: starting
s6-rc: info: service base-addon-log-level: starting
s6-rc: info: service fix-attrs successfully started
Log level is set to DEBUG
s6-rc: info: service base-addon-log-level successfully started
s6-rc: info: service legacy-cont-init: starting
s6-rc: info: service legacy-cont-init successfully started
s6-rc: info: service caddy: starting
s6-rc: info: service caddy successfully started
s6-rc: info: service legacy-services: starting
s6-rc: info: service legacy-services successfully started
INFO: Prepare Caddy...
INFO: Found custom Caddy at /share/caddy/caddy
v2.7.6 h1:w0NymbG2m9PcvKWsrXO6EEkY9Ru4FJK8uQbYcev1p3A=
INFO: Prepare Caddyfile...
INFO: Caddyfile found at /share/caddy/Caddyfile
INFO: Run Caddy...
DEBUG: '/share/caddy/caddy' run --config '/share/caddy/Caddyfile' ''
{"level":"info","ts":1704471555.2387967,"msg":"using provided configuration","config_file":"/share/caddy/Caddyfile","config_adapter":""}
{"level":"info","ts":1704471555.2464736,"logger":"admin","msg":"admin endpoint started","address":"localhost:2019","enforce_origin":false,"origins":["//localhost:2019","//[::1]:2019","//127.0.0.1:2019"]}
{"level":"info","ts":1704471555.2471159,"logger":"tls.cache.maintenance","msg":"started background certificate maintenance","cache":"0x40002d2b00"}
{"level":"info","ts":1704471555.2474158,"logger":"http.auto_https","msg":"server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS","server_name":"srv0","https_port":443}
{"level":"info","ts":1704471555.2474706,"logger":"http.auto_https","msg":"enabling automatic HTTP->HTTPS redirects","server_name":"srv0"}
{"level":"info","ts":1704471555.248698,"logger":"tls.cache.maintenance","msg":"stopped background certificate maintenance","cache":"0x40002d2b00"}
Error: loading initial config: loading new config: http app module: start: listening on :443: listen tcp :443: bind: address already in use
INFO: Service caddy exited with code 1 (by signal 0)
s6-rc: info: service legacy-services: stopping
s6-rc: info: service legacy-services successfully stopped
s6-rc: info: service caddy: stopping
s6-rc: info: service caddy successfully stopped
s6-rc: info: service legacy-cont-init: stopping
s6-rc: info: service legacy-cont-init successfully stopped
s6-rc: info: service fix-attrs: stopping
s6-rc: info: service base-addon-log-level: stopping
s6-rc: info: service fix-attrs successfully stopped
s6-rc: info: service base-addon-log-level successfully stopped
s6-rc: info: service base-addon-banner: stopping
s6-rc: info: service base-addon-banner successfully stopped
s6-rc: info: service s6rc-oneshot-runner: stopping
s6-rc: info: service s6rc-oneshot-runner successfully stopped

This is the accutally Caddyfile config:

{
	email myemail@gmail.com
}

smartzucchero.duckdns.org {
	tls {
		dns duckdns TOKEN
	}
	reverse_proxy https://localhost:7277
}

What does it mean "Exited with code 1"? Could it be probably because looks like something else is listening on port 443? In that case, which would be the config line to add in order to tell caddy to listen to another port?

6

Reading the global options block reveals the following options:

But it also states that it won’t change the actual https port for clients, so my interpretation is that caddy always requires port 80 and 443 in order to start.

So maybe change the ports of your other services running on the same host.

7

Hi Monviech, thanks for replying!
I m trying to investigate what i have running on the 443, but i m not figuring it out:

Cattura

8

I’m not sure how to help, because I don’t know much about HassOS.

If that machine is already running a webserver using port 443 for HTTPS, then Caddy wouldn’t be able to start up and also use that port. You’d need to move away whatever is using that port to allow Caddy to use it. I can’t answer what else you might have running.

9

I dont know how, but i resolved the problem!

I had ADGuard Home on the HomeAssistant, and he was listening to 443 in order to encrypt DNS Queries over https. I Changed that port to another one, then restarted caddy.

Now i can reach the Vaultwarden app through web browser BUT ALSO THROUGH ANDROID APP :smiley: !! My HTTPS certificate, looks valid :slight_smile:

A little final question:
How could it be written my Caddyfile in order to route the request to other ports?

{
	email myemail@gmail.com
}

smartzucchero.duckdns.org {
	tls {
		dns duckdns TOKEN
	}
	reverse_proxy 192.168.50.2:7277
}

In the example above, if i point to https://smartzucchero.duckdns.org:7277 i reach Vaultwarden (i cant reach him if i dont explicit “:7277”, don’t know why!).

What should i write in order to get redirect to other services, for example to “web-service1” on port 8123 typing https://myweb-service1name.smartzucchero.duckdns.org ?

Tonight i will party hard with Gin & Tonic :smiley: in order to celebrate caddy

10

Use subdomains for each app. For example, something like:

app1.smartzucchero.duckdns.org {
	reverse_proxy 192.168.50.2:7277
}

app2.smartzucchero.duckdns.org {
	reverse_proxy 192.168.50.2:8123
}
12

Hi Francis,
this is my actually (new) configuration. Caddy is running but i m not understanding why i need to write also the port in the url, for example i have to type https://smartzucchero.duckdns.org:7277 or https://smartzucchero.duckdns.org:1234.
If i type https://ha.smartzucchero.duckdns.org:1234 i receive the error: “SSL_ERROR_BAD_CERT_DOMAIN”
If i type https://ha.smartzucchero.duckdns.org i receive the error:
“SSL_ERROR_INTERNAL_ERROR_ALERT”

{
	email myemail@gmail.com
}

smartzucchero.duckdns.org {
	tls {
		dns duckdns KEY
	}
	reverse_proxy 192.168.50.2:7277
}

ha.smartzucchero.duckdns.org {
    tls {
		dns duckdns KEY
	}
	reverse_proxy 192.168.50.2:1234
}

I would like to reach my services just typing the URL, and not the port.
Actually i also wrote on my DNS Server (ADGuard Home) these rules:

smartzucchero.duckdns.org → 192.168.50.2
*.smartzucchero.duckdns.org → 192.168.50.2

Should i register on duckdns dedicated domains for each services and use the “-” or other special character?
For example:
ha-smartzucchero.duckdns.org
vault-smartzucchero.duckdns.org
etc.

13

That means you’re bypassing Caddy entirely. You’re making requests directly to those apps.

What do you see when you run this:

curl -v https://smartzucchero.duckdns.org

Is Caddy running on the same machine as your apps?

Show your Caddy logs.

14

Cattura

This is the Caddy’s Log on the startup:

-----------------------------------------------------------
 Add-on: Caddy 2
 Open source web and proxy server with automatic HTTPS
-----------------------------------------------------------
 Add-on version: 1.5.4
 You are running the latest version of this add-on.
 System: Home Assistant OS 11.3  (aarch64 / raspberrypi4-64)
 Home Assistant Core: 2024.1.2
 Home Assistant Supervisor: 2023.12.0
-----------------------------------------------------------
 Please, share the above information when looking for help
 or support in, e.g., GitHub, forums or the Discord chat.
-----------------------------------------------------------
s6-rc: info: service base-addon-banner successfully started
s6-rc: info: service fix-attrs: starting
s6-rc: info: service base-addon-log-level: starting
s6-rc: info: service fix-attrs successfully started
Log level is set to INFO
s6-rc: info: service base-addon-log-level successfully started
s6-rc: info: service legacy-cont-init: starting
s6-rc: info: service legacy-cont-init successfully started
s6-rc: info: service caddy: starting
s6-rc: info: service caddy successfully started
s6-rc: info: service legacy-services: starting
s6-rc: info: service legacy-services successfully started
INFO: Prepare Caddy...
INFO: Found custom Caddy at /share/caddy/caddy
v2.7.6 h1:w0NymbG2m9PcvKWsrXO6EEkY9Ru4FJK8uQbYcev1p3A=
INFO: Prepare Caddyfile...
INFO: Caddyfile found at /share/caddy/Caddyfile
INFO: Run Caddy...
{"level":"info","ts":1705157388.7960954,"msg":"using provided configuration","config_file":"/share/caddy/Caddyfile","config_adapter":""}
{"level":"warn","ts":1705157388.8007257,"msg":"Caddyfile input is not formatted; run 'caddy fmt --overwrite' to fix inconsistencies","adapter":"caddyfile","file":"/share/caddy/Caddyfile","line":13}
{"level":"info","ts":1705157388.8036056,"logger":"admin","msg":"admin endpoint started","address":"localhost:2019","enforce_origin":false,"origins":["//127.0.0.1:2019","//localhost:2019","//[::1]:2019"]}
{"level":"info","ts":1705157388.8046448,"logger":"tls.cache.maintenance","msg":"started background certificate maintenance","cache":"0x40001c4a80"}
{"level":"info","ts":1705157388.8049433,"logger":"http.auto_https","msg":"server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS","server_name":"srv0","https_port":443}
{"level":"info","ts":1705157388.8052094,"logger":"http.auto_https","msg":"enabling automatic HTTP->HTTPS redirects","server_name":"srv0"}
{"level":"info","ts":1705157388.806681,"logger":"http","msg":"enabling HTTP/3 listener","addr":":443"}
{"level":"info","ts":1705157388.8076527,"logger":"http.log","msg":"server running","name":"srv0","protocols":["h1","h2","h3"]}
{"level":"info","ts":1705157388.808237,"logger":"http.log","msg":"server running","name":"remaining_auto_https_redirects","protocols":["h1","h2","h3"]}
{"level":"info","ts":1705157388.8082814,"logger":"http","msg":"enabling automatic TLS certificate management","domains":["ha.smartzucchero.duckdns.org","smartzucchero.duckdns.org"]}
{"level":"info","ts":1705157388.8270628,"msg":"autosaved config (load with --resume flag)","file":"/data/caddy/autosave.json"}
{"level":"info","ts":1705157388.8271568,"msg":"serving initial configuration"}
{"level":"info","ts":1705157388.8291385,"logger":"tls.obtain","msg":"acquiring lock","identifier":"ha.smartzucchero.duckdns.org"}
{"level":"info","ts":1705157388.829284,"logger":"tls","msg":"cleaning storage unit","storage":"FileStorage:/ssl/caddy"}
{"level":"info","ts":1705157388.838842,"logger":"tls.obtain","msg":"acquiring lock","identifier":"smartzucchero.duckdns.org"}
{"level":"info","ts":1705157388.8403587,"logger":"tls","msg":"finished cleaning storage units"}
{"level":"info","ts":1705157388.8419344,"logger":"tls.obtain","msg":"lock acquired","identifier":"ha.smartzucchero.duckdns.org"}
{"level":"info","ts":1705157388.8438215,"logger":"tls.obtain","msg":"obtaining certificate","identifier":"ha.smartzucchero.duckdns.org"}
{"level":"info","ts":1705157388.847514,"logger":"tls.issuance.acme","msg":"waiting on internal rate limiter","identifiers":["ha.smartzucchero.duckdns.org"],"ca":"https://acme-v02.api.letsencrypt.org/directory","account":"psa.baldini@gmail.com"}
{"level":"info","ts":1705157388.847591,"logger":"tls.issuance.acme","msg":"done waiting on internal rate limiter","identifiers":["ha.smartzucchero.duckdns.org"],"ca":"https://acme-v02.api.letsencrypt.org/directory","account":"psa.baldini@gmail.com"}
{"level":"info","ts":1705157388.847904,"logger":"tls.obtain","msg":"lock acquired","identifier":"smartzucchero.duckdns.org"}
{"level":"info","ts":1705157388.8486874,"logger":"tls.obtain","msg":"obtaining certificate","identifier":"smartzucchero.duckdns.org"}
{"level":"info","ts":1705157388.851339,"logger":"tls.issuance.acme","msg":"waiting on internal rate limiter","identifiers":["smartzucchero.duckdns.org"],"ca":"https://acme-v02.api.letsencrypt.org/directory","account":"psa.baldini@gmail.com"}
{"level":"info","ts":1705157388.851978,"logger":"tls.issuance.acme","msg":"done waiting on internal rate limiter","identifiers":["smartzucchero.duckdns.org"],"ca":"https://acme-v02.api.letsencrypt.org/directory","account":"psa.baldini@gmail.com"}
{"level":"info","ts":1705157389.9429,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"smartzucchero.duckdns.org","challenge_type":"dns-01","ca":"https://acme-v02.api.letsencrypt.org/directory"}
{"level":"info","ts":1705157389.9456227,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"ha.smartzucchero.duckdns.org","challenge_type":"dns-01","ca":"https://acme-v02.api.letsencrypt.org/directory"}

The logs didnt change after a (successfull) attempt to reach the app Vaultwarden pointing to “https://smartzucchero.duckdns.org:7277” and a failed attempt to reach https://smartzucchero.duckdns.org

Yes, the apps are on the same caddy’s machine.

15

These are fresher log:


{"level":"error","ts":1705158834.5222645,"logger":"tls.obtain","msg":"will retry","error":"[ha.smartzucchero.duckdns.org] Obtain: [ha.smartzucchero.duckdns.org] solving challenges: waiting for solver certmagic.solverWrapper to be ready: timed out waiting for record to fully propagate; verify DNS provider configuration is correct - last error: <nil> (order=https://acme.zerossl.com/v2/DV90/order/8D0O55uS0nIpVfaT1aNmBQ) (ca=https://acme.zerossl.com/v2/DV90)","attempt":4,"retrying_in":300,"elapsed":1445.680229791,"max_duration":2592000}
{"level":"info","ts":1705159051.787417,"logger":"tls.obtain","msg":"obtaining certificate","identifier":"smartzucchero.duckdns.org"}
{"level":"info","ts":1705159052.6676776,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"smartzucchero.duckdns.org","challenge_type":"dns-01","ca":"https://acme-staging-v02.api.letsencrypt.org/directory"}
{"level":"info","ts":1705159134.5236444,"logger":"tls.obtain","msg":"obtaining certificate","identifier":"ha.smartzucchero.duckdns.org"}
{"level":"info","ts":1705159135.039989,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"ha.smartzucchero.duckdns.org","challenge_type":"dns-01","ca":"https://acme-staging-v02.api.letsencrypt.org/directory"}
{"level":"error","ts":1705159174.3709486,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"smartzucchero.duckdns.org","issuer":"acme-v02.api.letsencrypt.org-directory","error":"[smartzucchero.duckdns.org] solving challenges: waiting for solver certmagic.solverWrapper to be ready: timed out waiting for record to fully propagate; verify DNS provider configuration is correct - last error: <nil> (order=https://acme-staging-v02.api.letsencrypt.org/acme/order/131337544/13651051294) (ca=https://acme-staging-v02.api.letsencrypt.org/directory)"}
{"level":"info","ts":1705159175.3290405,"logger":"tls.issuance.zerossl.acme_client","msg":"trying to solve challenge","identifier":"smartzucchero.duckdns.org","challenge_type":"dns-01","ca":"https://acme.zerossl.com/v2/DV90"}
{"level":"error","ts":1705159255.690256,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"ha.smartzucchero.duckdns.org","issuer":"acme-v02.api.letsencrypt.org-directory","error":"[ha.smartzucchero.duckdns.org] solving challenges: waiting for solver certmagic.solverWrapper to be ready: timed out waiting for record to fully propagate; verify DNS provider configuration is correct - last error: <nil> (order=https://acme-staging-v02.api.letsencrypt.org/acme/order/131337544/13651071514) (ca=https://acme-staging-v02.api.letsencrypt.org/directory)"}
{"level":"info","ts":1705159304.3823705,"logger":"tls.issuance.zerossl.acme_client","msg":"trying to solve challenge","identifier":"ha.smartzucchero.duckdns.org","challenge_type":"dns-01","ca":"https://acme.zerossl.com/v2/DV90"}
{"level":"error","ts":1705159318.9031055,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"smartzucchero.duckdns.org","issuer":"acme.zerossl.com-v2-DV90","error":"[smartzucchero.duckdns.org] solving challenges: waiting for solver certmagic.solverWrapper to be ready: timed out waiting for record to fully propagate; verify DNS provider configuration is correct - last error: <nil> (order=https://acme.zerossl.com/v2/DV90/order/zT3042-MqGDWVomqgI6Prg) (ca=https://acme.zerossl.com/v2/DV90)"}
{"level":"error","ts":1705159318.9041882,"logger":"tls.obtain","msg":"will retry","error":"[smartzucchero.duckdns.org] Obtain: [smartzucchero.duckdns.org] solving challenges: waiting for solver certmagic.solverWrapper to be ready: timed out waiting for record to fully propagate; verify DNS provider configuration is correct - last error: <nil> (order=https://acme.zerossl.com/v2/DV90/order/zT3042-MqGDWVomqgI6Prg) (ca=https://acme.zerossl.com/v2/DV90)","attempt":5,"retrying_in":600,"elapsed":1930.056121204,"max_duration":2592000}
{"level":"error","ts":1705159426.7477927,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"ha.smartzucchero.duckdns.org","issuer":"acme.zerossl.com-v2-DV90","error":"[ha.smartzucchero.duckdns.org] solving challenges: waiting for solver certmagic.solverWrapper to be ready: timed out waiting for record to fully propagate; verify DNS provider configuration is correct - last error: <nil> (order=https://acme.zerossl.com/v2/DV90/order/6HJR59fKGc3ujl-NQvev2g) (ca=https://acme.zerossl.com/v2/DV90)"}
{"level":"error","ts":1705159426.7480102,"logger":"tls.obtain","msg":"will retry","error":"[ha.smartzucchero.duckdns.org] Obtain: [ha.smartzucchero.duckdns.org] solving challenges: waiting for solver certmagic.solverWrapper to be ready: timed out waiting for record to fully propagate; verify DNS provider configuration is correct - last error: <nil> (order=https://acme.zerossl.com/v2/DV90/order/6HJR59fKGc3ujl-NQvev2g) (ca=https://acme.zerossl.com/v2/DV90)","attempt":5,"retrying_in":600,"elapsed":2037.905975368,"max_duration":2592000}
{"level":"info","ts":1705159918.9063659,"logger":"tls.obtain","msg":"obtaining certificate","identifier":"smartzucchero.duckdns.org"}
{"level":"info","ts":1705159919.8202667,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"smartzucchero.duckdns.org","challenge_type":"dns-01","ca":"https://acme-staging-v02.api.letsencrypt.org/directory"}
{"level":"info","ts":1705160026.7490935,"logger":"tls.obtain","msg":"obtaining certificate","identifier":"ha.smartzucchero.duckdns.org"}
{"level":"info","ts":1705160027.2807024,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"ha.smartzucchero.duckdns.org","challenge_type":"dns-01","ca":"https://acme-staging-v02.api.letsencrypt.org/directory"}
{"level":"error","ts":1705160041.7785826,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"smartzucchero.duckdns.org","issuer":"acme-v02.api.letsencrypt.org-directory","error":"[smartzucchero.duckdns.org] solving challenges: waiting for solver certmagic.solverWrapper to be ready: timed out waiting for record to fully propagate; verify DNS provider configuration is correct - last error: <nil> (order=https://acme-staging-v02.api.letsencrypt.org/acme/order/131337544/13651283574) (ca=https://acme-staging-v02.api.letsencrypt.org/directory)"}
{"level":"info","ts":1705160042.8036942,"logger":"tls.issuance.zerossl.acme_client","msg":"trying to solve challenge","identifier":"smartzucchero.duckdns.org","challenge_type":"dns-01","ca":"https://acme.zerossl.com/v2/DV90"}
{"level":"error","ts":1705160149.221787,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"ha.smartzucchero.duckdns.org","issuer":"acme-v02.api.letsencrypt.org-directory","error":"[ha.smartzucchero.duckdns.org] solving challenges: waiting for solver certmagic.solverWrapper to be ready: timed out waiting for record to fully propagate; verify DNS provider configuration is correct - last error: <nil> (order=https://acme-staging-v02.api.letsencrypt.org/acme/order/131337544/13651312794) (ca=https://acme-staging-v02.api.letsencrypt.org/directory)"}
{"level":"error","ts":1705160163.498873,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"smartzucchero.duckdns.org","issuer":"acme.zerossl.com-v2-DV90","error":"[smartzucchero.duckdns.org] solving challenges: waiting for solver certmagic.solverWrapper to be ready: timed out waiting for record to fully propagate; verify DNS provider configuration is correct - last error: <nil> (order=https://acme.zerossl.com/v2/DV90/order/bXIBSui4NgkKq-6JspOYMw) (ca=https://acme.zerossl.com/v2/DV90)"}
{"level":"error","ts":1705160163.499085,"logger":"tls.obtain","msg":"will retry","error":"[smartzucchero.duckdns.org] Obtain: [smartzucchero.duckdns.org] solving challenges: waiting for solver certmagic.solverWrapper to be ready: timed out waiting for record to fully propagate; verify DNS provider configuration is correct - last error: <nil> (order=https://acme.zerossl.com/v2/DV90/order/bXIBSui4NgkKq-6JspOYMw) (ca=https://acme.zerossl.com/v2/DV90)","attempt":6,"retrying_in":600,"elapsed":2774.651019522,"max_duration":2592000}
{"level":"warn","ts":1705160179.5380824,"logger":"tls.issuance.zerossl.acme_client","msg":"HTTP request failed; retrying","url":"https://acme.zerossl.com/v2/DV90/newOrder","error":"performing request: Post \"https://acme.zerossl.com/v2/DV90/newOrder\": context deadline exceeded (Client.Timeout exceeded while awaiting headers)"}
{"level":"warn","ts":1705160210.1365764,"logger":"tls.issuance.zerossl.acme_client","msg":"HTTP request failed; retrying","url":"https://acme.zerossl.com/v2/DV90/authz/FaF5KVsqxHKnLh6QM46axQ","error":"performing request: Post \"https://acme.zerossl.com/v2/DV90/authz/FaF5KVsqxHKnLh6QM46axQ\": http2: timeout awaiting response headers (Client.Timeout exceeded while awaiting headers)"}
{"level":"warn","ts":1705160240.3883371,"logger":"tls.issuance.zerossl.acme_client","msg":"HTTP request failed; retrying","url":"https://acme.zerossl.com/v2/DV90/authz/FaF5KVsqxHKnLh6QM46axQ","error":"performing request: Post \"https://acme.zerossl.com/v2/DV90/authz/FaF5KVsqxHKnLh6QM46axQ\": http2: timeout awaiting response headers (Client.Timeout exceeded while awaiting headers)"}
{"level":"warn","ts":1705160270.6397755,"logger":"tls.issuance.zerossl.acme_client","msg":"HTTP request failed; retrying","url":"https://acme.zerossl.com/v2/DV90/authz/FaF5KVsqxHKnLh6QM46axQ","error":"performing request: Post \"https://acme.zerossl.com/v2/DV90/authz/FaF5KVsqxHKnLh6QM46axQ\": context deadline exceeded (Client.Timeout exceeded while awaiting headers)"}
{"level":"error","ts":1705160270.6400404,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"ha.smartzucchero.duckdns.org","issuer":"acme.zerossl.com-v2-DV90","error":"[ha.smartzucchero.duckdns.org] solving challenges: getting authorization at https://acme.zerossl.com/v2/DV90/authz/FaF5KVsqxHKnLh6QM46axQ: attempt 1: https://acme.zerossl.com/v2/DV90/authz/FaF5KVsqxHKnLh6QM46axQ: performing request: Post \"https://acme.zerossl.com/v2/DV90/authz/FaF5KVsqxHKnLh6QM46axQ\": context deadline exceeded (Client.Timeout exceeded while awaiting headers) (order=https://acme.zerossl.com/v2/DV90/order/4V9SGfQk3aWjKGpFoNxOhQ) (ca=https://acme.zerossl.com/v2/DV90)"}
{"level":"error","ts":1705160270.6402328,"logger":"tls.obtain","msg":"will retry","error":"[ha.smartzucchero.duckdns.org] Obtain: [ha.smartzucchero.duckdns.org] solving challenges: getting authorization at https://acme.zerossl.com/v2/DV90/authz/FaF5KVsqxHKnLh6QM46axQ: attempt 1: https://acme.zerossl.com/v2/DV90/authz/FaF5KVsqxHKnLh6QM46axQ: performing request: Post \"https://acme.zerossl.com/v2/DV90/authz/FaF5KVsqxHKnLh6QM46axQ\": context deadline exceeded (Client.Timeout exceeded while awaiting headers) (order=https://acme.zerossl.com/v2/DV90/order/4V9SGfQk3aWjKGpFoNxOhQ) (ca=https://acme.zerossl.com/v2/DV90)","attempt":6,"retrying_in":600,"elapsed":2881.798180566,"max_duration":2592000}
{"level":"info","ts":1705160763.5015454,"logger":"tls.obtain","msg":"obtaining certificate","identifier":"smartzucchero.duckdns.org"}
{"level":"info","ts":1705160764.3891811,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"smartzucchero.duckdns.org","challenge_type":"dns-01","ca":"https://acme-staging-v02.api.letsencrypt.org/directory"}
{"level":"info","ts":1705160870.642362,"logger":"tls.obtain","msg":"obtaining certificate","identifier":"ha.smartzucchero.duckdns.org"}
{"level":"info","ts":1705160871.1778214,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"ha.smartzucchero.duckdns.org","challenge_type":"dns-01","ca":"https://acme-staging-v02.api.letsencrypt.org/directory"}
{"level":"error","ts":1705160885.3973217,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"smartzucchero.duckdns.org","issuer":"acme-v02.api.letsencrypt.org-directory","error":"[smartzucchero.duckdns.org] solving challenges: waiting for solver certmagic.solverWrapper to be ready: timed out waiting for record to fully propagate; verify DNS provider configuration is correct - last error: <nil> (order=https://acme-staging-v02.api.letsencrypt.org/acme/order/131337544/13651502074) (ca=https://acme-staging-v02.api.letsencrypt.org/directory)"}
{"level":"warn","ts":1705160915.7538826,"logger":"tls.issuance.zerossl.acme_client","msg":"HTTP request failed; retrying","url":"https://acme.zerossl.com/v2/DV90/newOrder","error":"performing request: Post \"https://acme.zerossl.com/v2/DV90/newOrder\": http2: timeout awaiting response headers (Client.Timeout exceeded while awaiting headers)"}
{"level":"warn","ts":1705160946.0058599,"logger":"tls.issuance.zerossl.acme_client","msg":"HTTP request failed; retrying","url":"https://acme.zerossl.com/v2/DV90/newOrder","error":"performing request: Post \"https://acme.zerossl.com/v2/DV90/newOrder\": context deadline exceeded (Client.Timeout exceeded while awaiting headers)"}
{"level":"warn","ts":1705160976.258321,"logger":"tls.issuance.zerossl.acme_client","msg":"HTTP request failed; retrying","url":"https://acme.zerossl.com/v2/DV90/newOrder","error":"performing request: Post \"https://acme.zerossl.com/v2/DV90/newOrder\": context deadline exceeded (Client.Timeout exceeded while awaiting headers)"}
{"level":"error","ts":1705160976.2588153,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"smartzucchero.duckdns.org","issuer":"acme.zerossl.com-v2-DV90","error":"[smartzucchero.duckdns.org] creating new order: attempt 1: https://acme.zerossl.com/v2/DV90/newOrder: performing request: Post \"https://acme.zerossl.com/v2/DV90/newOrder\": context deadline exceeded (Client.Timeout exceeded while awaiting headers) (ca=https://acme.zerossl.com/v2/DV90)"}
{"level":"error","ts":1705160976.2596147,"logger":"tls.obtain","msg":"will retry","error":"[smartzucchero.duckdns.org] Obtain: [smartzucchero.duckdns.org] creating new order: attempt 1: https://acme.zerossl.com/v2/DV90/newOrder: performing request: Post \"https://acme.zerossl.com/v2/DV90/newOrder\": context deadline exceeded (Client.Timeout exceeded while awaiting headers) (ca=https://acme.zerossl.com/v2/DV90)","attempt":7,"retrying_in":600,"elapsed":3587.411546417,"max_duration":2592000}
{"level":"error","ts":1705160993.349551,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"ha.smartzucchero.duckdns.org","issuer":"acme-v02.api.letsencrypt.org-directory","error":"[ha.smartzucchero.duckdns.org] solving challenges: waiting for solver certmagic.solverWrapper to be ready: timed out waiting for record to fully propagate; verify DNS provider configuration is correct - last error: <nil> (order=https://acme-staging-v02.api.letsencrypt.org/acme/order/131337544/13651535044) (ca=https://acme-staging-v02.api.letsencrypt.org/directory)"}
{"level":"warn","ts":1705161023.3515441,"logger":"tls.issuance.zerossl.acme_client","msg":"HTTP request failed; retrying","url":"https://acme.zerossl.com/v2/DV90/newNonce","error":"performing request: Head \"https://acme.zerossl.com/v2/DV90/newNonce\": context deadline exceeded (Client.Timeout exceeded while awaiting headers)"}
{"level":"warn","ts":1705161053.7588482,"logger":"tls.issuance.zerossl.acme_client","msg":"HTTP request failed; retrying","url":"https://acme.zerossl.com/v2/DV90/newOrder","error":"performing request: Post \"https://acme.zerossl.com/v2/DV90/newOrder\": http2: timeout awaiting response headers (Client.Timeout exceeded while awaiting headers)"}
{"level":"warn","ts":1705161084.010894,"logger":"tls.issuance.zerossl.acme_client","msg":"HTTP request failed; retrying","url":"https://acme.zerossl.com/v2/DV90/newOrder","error":"performing request: Post \"https://acme.zerossl.com/v2/DV90/newOrder\": http2: timeout awaiting response headers (Client.Timeout exceeded while awaiting headers)"}
{"level":"warn","ts":1705161114.2642915,"logger":"tls.issuance.zerossl.acme_client","msg":"HTTP request failed; retrying","url":"https://acme.zerossl.com/v2/DV90/newOrder","error":"performing request: Post \"https://acme.zerossl.com/v2/DV90/newOrder\": context deadline exceeded (Client.Timeout exceeded while awaiting headers)"}
{"level":"error","ts":1705161114.2644928,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"ha.smartzucchero.duckdns.org","issuer":"acme.zerossl.com-v2-DV90","error":"[ha.smartzucchero.duckdns.org] creating new order: attempt 1: https://acme.zerossl.com/v2/DV90/newOrder: performing request: Post \"https://acme.zerossl.com/v2/DV90/newOrder\": context deadline exceeded (Client.Timeout exceeded while awaiting headers) (ca=https://acme.zerossl.com/v2/DV90)"}
{"level":"error","ts":1705161114.2646518,"logger":"tls.obtain","msg":"will retry","error":"[ha.smartzucchero.duckdns.org] Obtain: [ha.smartzucchero.duckdns.org] creating new order: attempt 1: https://acme.zerossl.com/v2/DV90/newOrder: performing request: Post \"https://acme.zerossl.com/v2/DV90/newOrder\": context deadline exceeded (Client.Timeout exceeded while awaiting headers) (ca=https://acme.zerossl.com/v2/DV90)","attempt":7,"retrying_in":600,"elapsed":3725.422615114,"max_duration":2592000}
{"level":"info","ts":1705161576.2640185,"logger":"tls.obtain","msg":"obtaining certificate","identifier":"smartzucchero.duckdns.org"}
{"level":"info","ts":1705161577.1464825,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"smartzucchero.duckdns.org","challenge_type":"dns-01","ca":"https://acme-staging-v02.api.letsencrypt.org/directory"}
{"level":"error","ts":1705161699.4687388,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"smartzucchero.duckdns.org","issuer":"acme-v02.api.letsencrypt.org-directory","error":"[smartzucchero.duckdns.org] solving challenges: waiting for solver certmagic.solverWrapper to be ready: timed out waiting for record to fully propagate; verify DNS provider configuration is correct - last error: <nil> (order=https://acme-staging-v02.api.letsencrypt.org/acme/order/131337544/13651714124) (ca=https://acme-staging-v02.api.letsencrypt.org/directory)"}
{"level":"info","ts":1705161714.2658238,"logger":"tls.obtain","msg":"obtaining certificate","identifier":"ha.smartzucchero.duckdns.org"}
{"level":"info","ts":1705161714.7820632,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"ha.smartzucchero.duckdns.org","challenge_type":"dns-01","ca":"https://acme-staging-v02.api.letsencrypt.org/directory"}
{"level":"warn","ts":1705161729.4709623,"logger":"tls.issuance.zerossl.acme_client","msg":"HTTP request failed; retrying","url":"https://acme.zerossl.com/v2/DV90/newNonce","error":"performing request: Head \"https://acme.zerossl.com/v2/DV90/newNonce\": context deadline exceeded (Client.Timeout exceeded while awaiting headers)"}
{"level":"error","ts":1705161729.7619174,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"smartzucchero.duckdns.org","issuer":"acme.zerossl.com-v2-DV90","error":"[smartzucchero.duckdns.org] creating new order: fetching new nonce from server: HTTP 502:  (ca=https://acme.zerossl.com/v2/DV90)"}
{"level":"error","ts":1705161729.7623944,"logger":"tls.obtain","msg":"will retry","error":"[smartzucchero.duckdns.org] Obtain: [smartzucchero.duckdns.org] creating new order: fetching new nonce from server: HTTP 502:  (ca=https://acme.zerossl.com/v2/DV90)","attempt":8,"retrying_in":1200,"elapsed":4340.914329009,"max_duration":2592000}
{"level":"error","ts":1705161838.3693695,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"ha.smartzucchero.duckdns.org","issuer":"acme-v02.api.letsencrypt.org-directory","error":"[ha.smartzucchero.duckdns.org] solving challenges: waiting for solver certmagic.solverWrapper to be ready: timed out waiting for record to fully propagate; verify DNS provider configuration is correct - last error: <nil> (order=https://acme-staging-v02.api.letsencrypt.org/acme/order/131337544/13651748974) (ca=https://acme-staging-v02.api.letsencrypt.org/directory)"}
{"level":"warn","ts":1705161868.3725827,"logger":"tls.issuance.zerossl.acme_client","msg":"HTTP request failed; retrying","url":"https://acme.zerossl.com/v2/DV90/newNonce","error":"performing request: Head \"https://acme.zerossl.com/v2/DV90/newNonce\": context deadline exceeded (Client.Timeout exceeded while awaiting headers)"}
{"level":"info","ts":1705161871.389331,"logger":"tls.issuance.zerossl.acme_client","msg":"trying to solve challenge","identifier":"ha.smartzucchero.duckdns.org","challenge_type":"dns-01","ca":"https://acme.zerossl.com/v2/DV90"}
{"level":"error","ts":1705161993.2459977,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"ha.smartzucchero.duckdns.org","issuer":"acme.zerossl.com-v2-DV90","error":"[ha.smartzucchero.duckdns.org] solving challenges: waiting for solver certmagic.solverWrapper to be ready: timed out waiting for record to fully propagate; verify DNS provider configuration is correct - last error: <nil> (order=https://acme.zerossl.com/v2/DV90/order/4V9SGfQk3aWjKGpFoNxOhQ) (ca=https://acme.zerossl.com/v2/DV90)"}
{"level":"error","ts":1705161993.2468615,"logger":"tls.obtain","msg":"will retry","error":"[ha.smartzucchero.duckdns.org] Obtain: [ha.smartzucchero.duckdns.org] solving challenges: waiting for solver certmagic.solverWrapper to be ready: timed out waiting for record to fully propagate; verify DNS provider configuration is correct - last error: <nil> (order=https://acme.zerossl.com/v2/DV90/order/4V9SGfQk3aWjKGpFoNxOhQ) (ca=https://acme.zerossl.com/v2/DV90)","attempt":8,"retrying_in":1200,"elapsed":4604.404825181,"max_duration":2592000}
{"level":"info","ts":1705162929.7635005,"logger":"tls.obtain","msg":"obtaining certificate","identifier":"smartzucchero.duckdns.org"}
{"level":"info","ts":1705162930.6644456,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"smartzucchero.duckdns.org","challenge_type":"dns-01","ca":"https://acme-staging-v02.api.letsencrypt.org/directory"}
{"level":"error","ts":1705163053.0719402,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"smartzucchero.duckdns.org","issuer":"acme-v02.api.letsencrypt.org-directory","error":"[smartzucchero.duckdns.org] solving challenges: waiting for solver certmagic.solverWrapper to be ready: timed out waiting for record to fully propagate; verify DNS provider configuration is correct - last error: <nil> (order=https://acme-staging-v02.api.letsencrypt.org/acme/order/131337544/13652139954) (ca=https://acme-staging-v02.api.letsencrypt.org/directory)"}
{"level":"info","ts":1705163053.8599613,"logger":"tls.issuance.zerossl.acme_client","msg":"trying to solve challenge","identifier":"smartzucchero.duckdns.org","challenge_type":"dns-01","ca":"https://acme.zerossl.com/v2/DV90"}
{"level":"error","ts":1705163177.8310387,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"smartzucchero.duckdns.org","issuer":"acme.zerossl.com-v2-DV90","error":"[smartzucchero.duckdns.org] solving challenges: waiting for solver certmagic.solverWrapper to be ready: timed out waiting for record to fully propagate; verify DNS provider configuration is correct - last error: <nil> (order=https://acme.zerossl.com/v2/DV90/order/Q2TyTHiIKv_BCBsSsL_WfQ) (ca=https://acme.zerossl.com/v2/DV90)"}
{"level":"error","ts":1705163177.8312624,"logger":"tls.obtain","msg":"will retry","error":"[smartzucchero.duckdns.org] Obtain: [smartzucchero.duckdns.org] solving challenges: waiting for solver certmagic.solverWrapper to be ready: timed out waiting for record to fully propagate; verify DNS provider configuration is correct - last error: <nil> (order=https://acme.zerossl.com/v2/DV90/order/Q2TyTHiIKv_BCBsSsL_WfQ) (ca=https://acme.zerossl.com/v2/DV90)","attempt":9,"retrying_in":1200,"elapsed":5788.983197613,"max_duration":2592000}
{"level":"info","ts":1705163193.2489707,"logger":"tls.obtain","msg":"obtaining certificate","identifier":"ha.smartzucchero.duckdns.org"}
{"level":"info","ts":1705163193.7586074,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"ha.smartzucchero.duckdns.org","challenge_type":"dns-01","ca":"https://acme-staging-v02.api.letsencrypt.org/directory"}
{"level":"error","ts":1705163315.378324,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"ha.smartzucchero.duckdns.org","issuer":"acme-v02.api.letsencrypt.org-directory","error":"[ha.smartzucchero.duckdns.org] solving challenges: waiting for solver certmagic.solverWrapper to be ready: timed out waiting for record to fully propagate; verify DNS provider configuration is correct - last error: <nil> (order=https://acme-staging-v02.api.letsencrypt.org/acme/order/131337544/13652211714) (ca=https://acme-staging-v02.api.letsencrypt.org/directory)"}
{"level":"info","ts":1705163331.4433475,"logger":"tls.issuance.zerossl.acme_client","msg":"trying to solve challenge","identifier":"ha.smartzucchero.duckdns.org","challenge_type":"dns-01","ca":"https://acme.zerossl.com/v2/DV90"}
{"level":"error","ts":1705163469.1711545,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"ha.smartzucchero.duckdns.org","issuer":"acme.zerossl.com-v2-DV90","error":"[ha.smartzucchero.duckdns.org] solving challenges: waiting for solver certmagic.solverWrapper to be ready: timed out waiting for record to fully propagate; verify DNS provider configuration is correct - last error: <nil> (order=https://acme.zerossl.com/v2/DV90/order/QgpqGx8T50AIiPtY2Zglqw) (ca=https://acme.zerossl.com/v2/DV90)"}
{"level":"error","ts":1705163469.172133,"logger":"tls.obtain","msg":"will retry","error":"[ha.smartzucchero.duckdns.org] Obtain: [ha.smartzucchero.duckdns.org] solving challenges: waiting for solver certmagic.solverWrapper to be ready: timed out waiting for record to fully propagate; verify DNS provider configuration is correct - last error: <nil> (order=https://acme.zerossl.com/v2/DV90/order/QgpqGx8T50AIiPtY2Zglqw) (ca=https://acme.zerossl.com/v2/DV90)","attempt":9,"retrying_in":1200,"elapsed":6080.330093342,"max_duration":2592000}
16

This tells me that the system you ran this on has misconfigured DNS resolvers. Not a Caddy problem, it’s a problem with your system’s configuration.

I see this from my end:

$ host smartzucchero.duckdns.org                                                          
smartzucchero.duckdns.org has address 94.34.32.222

So your domain does have an IP address set.

Those logs all look fine, there’s no errors.

It does show that Caddy is attempting to issue a cert for your domain.

Are you sure that’s all there was in your logs? If there’s a problem, an error might come up later in the logs. Check again.

Edit: Ah, saw your second reply afterwards.

Okay, so Caddy failed to set the DNS records. I think this is again due to DNS resolvers on your system being misconfigured, such that Caddy can’t reach DuckDNS.

Try running this command, what do you see?

$ host www.duckdns.org
17

Here it is the Command:

Cattura
Cattura760×147 3.9 KB

18

Okay, that’s good :thinking: And this is on the machine running Caddy?

19

Yes, it is on that machine. I m investigating the issue on the DNS.
I found that i configured a custom resolution for smartzucchero.duckdns.org and also *.smartzucchero.duckdns.org .

I will try to remove these, and perform again the tests.

20

It’s fine to have this (to override DNS in your LAN to point to your server’s IP instead of your WAN IP), but it needs to actually resolve. Your command was showing that it was resolving to nothing.

21

Cattura
Cattura1050×942 56.3 KB

Removing the DNS resolution (the blue circled part) the dns resolution is not working from another windows machine (that was able to resolve it in the win prompt upper part, when there was the DNS custom resolution).

In the grey part (on the same machine where caddy is), nothing changed.

What should i look for?