Can't get cert. Could not determine zone for domain

1. The problem I’m having:

I am trying to do DNS01 validation for a domain that is internal only (pointed to an internal IP). I tried using both acme-dns and the cloudflare-dns plugin to do so.

I am using unbound. However, the DNS should be working fine as I got normal results when I Dig SOA and Dig TXT the

Caddy is deployed with docker. I tried docker exec dig and the results are also normal. Curiously, I tried using nginx and certbot and the DNS01 validation works.

Is there something that I am missing? Thank you!

2. Error messages and/or full log output:

ERR | ts=1685461576.5755255 logger=tls.obtain msg=could not get certificate from issuer error=[] solving challenges: presenting for challenge: could not determine zone for domain "": could not find the start of authority for NOERROR (order= (ca=

3. Caddy version:


4. How I installed and ran Caddy:


a. System environment:


b. Command:


c. Service/unit/compose file:


d. My complete Caddy config:

Just followed the tls parts in the acme-dns or cloudflare DNS plugin

5. Links to relevant resources:

Welcome –

It seems your DNS is misconfigured.

But that’s about all I can do without guessing since you redacted your domain name against our forum rules (as the help template clearly points out, which was left mostly empty) :frowning:

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.