1. The problem I’m having:
I am trying to do DNS01 validation for a domain that is internal only (pointed to an internal IP). I tried using both acme-dns and the cloudflare-dns plugin to do so.
I am using unbound. However, the DNS should be working fine as I got normal results when I Dig SOA and Dig TXT the _acme.challenge.domain.ltd.
Caddy is deployed with docker. I tried docker exec dig and the results are also normal. Curiously, I tried using nginx and certbot and the DNS01 validation works.
Is there something that I am missing? Thank you!
2. Error messages and/or full log output:
ERR | ts=1685461576.5755255 logger=tls.obtain msg=could not get certificate from issuer identifier=domain.ltd issuer=acme-v02.api.letsencrypt.org-directory error=[domain.ltd] solving challenges: presenting for challenge: could not determine zone for domain "_acme-challenge.domain.ltd": could not find the start of authority for _acme-challenge.domain.ltd.: NOERROR (order=https://acme-v02.api.letsencrypt.org/acme/order/1135092367/185486486597) (ca=https://acme-v02.api.letsencrypt.org/directory)
3. Caddy version:
V2.6.4
4. How I installed and ran Caddy:
Dockerfile
a. System environment:
Ubuntu
b. Command:
/.
c. Service/unit/compose file:
/
d. My complete Caddy config:
Just followed the tls parts in the acme-dns or cloudflare DNS plugin