Cant get certificate with duckdns

Help
1

1. Output of caddy version:

v2.6.1 h1:EDqo59TyYWhXQnfde93Mmv4FJfYe00dO60zMiEt+pzo=

2. How I run Caddy:

Custom caddy with Duck DNS module for Caddy

a. System environment:

Ubuntu Server arm64
Raspberry Pi 4B 8GB

b. Command:

caddy start

d. My complete Caddy config:

domain1.duckdns.org:443 {
	encode gzip
	tls {
		dns duckdns <token>
	}
	reverse_proxy /notifications/hub localhost:3012
	reverse_proxy localhost:4534 {
		header_up X-Real-IP {remote_host}
	}
}
domain2.duckdns.org:443 {
	tls {
		dns duckdns <token>
	}
	reverse_proxy localhost:11000
}
domain3.duckdns.org:443 {
	tls {
		dns duckdns <token>
	}
	reverse_proxy /jellyfin/* localhost:8096
	reverse_proxy /music* localhost:4533
}

3. The problem I’m having:

Caddy isnt able to optain the certificates for my domains

4. Error messages and/or full log output:

root@raspberrypi:/etc/caddy# caddy run

2022/10/01 20:30:13.931 INFO using adjacent Caddyfile

2022/10/01 20:30:13.938 INFO admin admin endpoint started {"address": "localhost:2019", "enforce_origin": false, "origins": ["//localhost:2019", "//[::1]:2019", "//127.0.0.1:2019"]}

2022/10/01 20:30:13.938 INFO tls.cache.maintenance started background certificate maintenance {"cache": "0x40001f92d0"}

2022/10/01 20:30:13.938 INFO http server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS {"server_name": "srv0", "https_port": 443}

2022/10/01 20:30:13.938 INFO http enabling automatic HTTP->HTTPS redirects {"server_name": "srv0"}

2022/10/01 20:30:13.940 INFO tls cleaning storage unit {"description": "FileStorage:/root/.local/share/caddy"}

2022/10/01 20:30:13.940 INFO http enabling HTTP/3 listener {"addr": ":443"}

2022/10/01 20:30:13.940 INFO tls finished cleaning storage units

2022/10/01 20:30:13.940 INFO failed to sufficiently increase receive buffer size (was: 208 kiB, wanted: 2048 kiB, got: 416 kiB). See https://github.com/lucas-clemente/quic-go/wiki/UDP-Receive-Buffer-Size for details.

2022/10/01 20:30:13.941 INFO http.log server running {"name": "srv0", "protocols": ["h1", "h2", "h3"]}

2022/10/01 20:30:13.941 INFO http.log server running {"name": "remaining_auto_https_redirects", "protocols": ["h1", "h2", "h3"]}

2022/10/01 20:30:13.941 INFO http enabling automatic TLS certificate management {"domains": ["domain3.duckdns.org", "domain1.duckdns.org", "domain2.duckdns.org"]}

2022/10/01 20:30:13.944 INFO autosaved config (load with --resume flag) {"file": "/root/.config/caddy/autosave.json"}

2022/10/01 20:30:13.945 INFO serving initial configuration

2022/10/01 20:30:13.945 INFO tls.obtain acquiring lock {"identifier": "domain3.duckdns.org"}

2022/10/01 20:30:13.946 INFO tls.obtain acquiring lock {"identifier": "domain1.duckdns.org"}

2022/10/01 20:30:13.945 INFO tls.obtain acquiring lock {"identifier": "domain2.duckdns.org"}

2022/10/01 20:30:13.954 INFO tls.obtain lock acquired {"identifier": "domain1.duckdns.org"}

2022/10/01 20:30:13.954 INFO tls.obtain lock acquired {"identifier": "domain2.duckdns.org"}

2022/10/01 20:30:13.954 INFO tls.obtain lock acquired {"identifier": "domain3.duckdns.org"}

2022/10/01 20:30:13.955 INFO tls.obtain obtaining certificate {"identifier": "domain1.duckdns.org"}

2022/10/01 20:30:13.955 INFO tls.obtain obtaining certificate {"identifier": "domain2.duckdns.org"}

2022/10/01 20:30:13.955 INFO tls.obtain obtaining certificate {"identifier": "domain3.duckdns.org"}

2022/10/01 20:30:13.958 INFO http waiting on internal rate limiter {"identifiers": ["domain1.duckdns.org"], "ca": "https://acme-v02.api.letsencrypt.org/directory", "account": ""}

2022/10/01 20:30:13.958 INFO http waiting on internal rate limiter {"identifiers": ["domain3.duckdns.org"], "ca": "https://acme-v02.api.letsencrypt.org/directory", "account": ""}

2022/10/01 20:30:13.958 INFO http done waiting on internal rate limiter {"identifiers": ["domain3.duckdns.org"], "ca": "https://acme-v02.api.letsencrypt.org/directory", "account": ""}

2022/10/01 20:30:13.958 INFO http waiting on internal rate limiter {"identifiers": ["domain2.duckdns.org"], "ca": "https://acme-v02.api.letsencrypt.org/directory", "account": ""}

2022/10/01 20:30:13.958 INFO http done waiting on internal rate limiter {"identifiers": ["domain1.duckdns.org"], "ca": "https://acme-v02.api.letsencrypt.org/directory", "account": ""}

2022/10/01 20:30:13.959 INFO http done waiting on internal rate limiter {"identifiers": ["domain2.duckdns.org"], "ca": "https://acme-v02.api.letsencrypt.org/directory", "account": ""}

2022/10/01 20:30:14.951 INFO http.acme_client trying to solve challenge {"identifier": "domain2.duckdns.org", "challenge_type": "dns-01", "ca": "https://acme-v02.api.letsencrypt.org/directory"}

2022/10/01 20:30:14.956 INFO http.acme_client trying to solve challenge {"identifier": "domain3.duckdns.org", "challenge_type": "dns-01", "ca": "https://acme-v02.api.letsencrypt.org/directory"}

2022/10/01 20:30:14.970 INFO http.acme_client trying to solve challenge {"identifier": "domain1.duckdns.org", "challenge_type": "dns-01", "ca": "https://acme-v02.api.letsencrypt.org/directory"}

2022/10/01 20:30:21.382 ERROR http.acme_client cleaning up solver {"identifier": "domain2.duckdns.org", "challenge_type": "dns-01", "error": "no memory of presenting a DNS record for \"_acme-challenge.domain2.duckdns.org\" (usually OK if presenting also failed)"}

2022/10/01 20:30:21.535 ERROR tls.obtain could not get certificate from issuer {"identifier": "domain2.duckdns.org", "issuer": "acme-v02.api.letsencrypt.org-directory", "error": "[domain2.duckdns.org] solving challenges: presenting for challenge: could not determine zone for domain \"_acme-challenge.domain2.duckdns.org\": unexpected response code 'SERVFAIL' for _acme-challenge.domain2.duckdns.org. (order=https://acme-v02.api.letsencrypt.org/acme/order/756621776/130643705896) (ca=https://acme-v02.api.letsencrypt.org/directory)"}

2022/10/01 20:30:21.537 INFO http waiting on internal rate limiter {"identifiers": ["domain2.duckdns.org"], "ca": "https://acme.zerossl.com/v2/DV90", "account": "caddy@zerossl.com"}

2022/10/01 20:30:21.537 INFO http done waiting on internal rate limiter {"identifiers": ["domain2.duckdns.org"], "ca": "https://acme.zerossl.com/v2/DV90", "account": "caddy@zerossl.com"}

2022/10/01 20:30:27.813 ERROR http.acme_client cleaning up solver {"identifier": "domain3.duckdns.org", "challenge_type": "dns-01", "error": "no memory of presenting a DNS record for \"_acme-challenge.domain3.duckdns.org\" (usually OK if presenting also failed)"}

2022/10/01 20:30:28.025 ERROR tls.obtain could not get certificate from issuer {"identifier": "domain3.duckdns.org", "issuer": "acme-v02.api.letsencrypt.org-directory", "error": "[domain3.duckdns.org] solving challenges: presenting for challenge: could not determine zone for domain \"_acme-challenge.domain3.duckdns.org\": unexpected response code 'SERVFAIL' for _acme-challenge.domain3.duckdns.org. (order=https://acme-v02.api.letsencrypt.org/acme/order/756621776/130643705936) (ca=https://acme-v02.api.letsencrypt.org/directory)"}

2022/10/01 20:30:28.026 INFO http waiting on internal rate limiter {"identifiers": ["domain3.duckdns.org"], "ca": "https://acme.zerossl.com/v2/DV90", "account": "caddy@zerossl.com"}

2022/10/01 20:30:28.026 INFO http done waiting on internal rate limiter {"identifiers": ["domain3.duckdns.org"], "ca": "https://acme.zerossl.com/v2/DV90", "account": "caddy@zerossl.com"}

2022/10/01 20:30:41.363 INFO http.acme_client trying to solve challenge {"identifier": "domain3.duckdns.org", "challenge_type": "dns-01", "ca": "https://acme.zerossl.com/v2/DV90"}

2022/10/01 20:30:41.370 INFO http.acme_client trying to solve challenge {"identifier": "domain2.duckdns.org", "challenge_type": "dns-01", "ca": "https://acme.zerossl.com/v2/DV90"}

2022/10/01 20:30:54.253 ERROR http.acme_client cleaning up solver {"identifier": "domain1.duckdns.org", "challenge_type": "dns-01", "error": "no memory of presenting a DNS record for \"_acme-challenge.domain1.duckdns.org\" (usually OK if presenting also failed)"}

2022/10/01 20:30:54.408 ERROR tls.obtain could not get certificate from issuer {"identifier": "domain1.duckdns.org", "issuer": "acme-v02.api.letsencrypt.org-directory", "error": "[domain1.duckdns.org] solving challenges: presenting for challenge: could not determine zone for domain \"_acme-challenge.domain1.duckdns.org\": unexpected response code 'SERVFAIL' for domain1.duckdns.org. (order=https://acme-v02.api.letsencrypt.org/acme/order/756621776/130643705916) (ca=https://acme-v02.api.letsencrypt.org/directory)"}

2022/10/01 20:30:54.409 INFO http waiting on internal rate limiter {"identifiers": ["domain1.duckdns.org"], "ca": "https://acme.zerossl.com/v2/DV90", "account": "caddy@zerossl.com"}

2022/10/01 20:30:54.410 INFO http done waiting on internal rate limiter {"identifiers": ["domain1.duckdns.org"], "ca": "https://acme.zerossl.com/v2/DV90", "account": "caddy@zerossl.com"}

2022/10/01 20:30:59.092 ERROR http.acme_client cleaning up solver {"identifier": "domain3.duckdns.org", "challenge_type": "dns-01", "error": "no memory of presenting a DNS record for \"_acme-challenge.domain3.duckdns.org\" (usually OK if presenting also failed)"}

2022/10/01 20:31:03.917 ERROR http.acme_client cleaning up solver {"identifier": "domain2.duckdns.org", "challenge_type": "dns-01", "error": "no memory of presenting a DNS record for \"_acme-challenge.domain2.duckdns.org\" (usually OK if presenting also failed)"}

2022/10/01 20:31:04.126 ERROR tls.obtain could not get certificate from issuer {"identifier": "domain3.duckdns.org", "issuer": "acme.zerossl.com-v2-DV90", "error": "[domain3.duckdns.org] solving challenges: presenting for challenge: could not determine zone for domain \"_acme-challenge.domain3.duckdns.org\": unexpected response code 'SERVFAIL' for domain3.duckdns.org. (order=https://acme.zerossl.com/v2/DV90/order/exH5qXJ75crbAiyqDyyiGg) (ca=https://acme.zerossl.com/v2/DV90)"}

2022/10/01 20:31:04.127 ERROR tls.obtain will retry {"error": "[domain3.duckdns.org] Obtain: [domain3.duckdns.org] solving challenges: presenting for challenge: could not determine zone for domain \"_acme-challenge.domain3.duckdns.org\": unexpected response code 'SERVFAIL' for domain3.duckdns.org. (order=https://acme.zerossl.com/v2/DV90/order/exH5qXJ75crbAiyqDyyiGg) (ca=https://acme.zerossl.com/v2/DV90)", "attempt": 1, "retrying_in": 60, "elapsed": 50.172976262, "max_duration": 2592000}

2022/10/01 20:31:05.102 INFO http.acme_client trying to solve challenge {"identifier": "domain1.duckdns.org", "challenge_type": "dns-01", "ca": "https://acme.zerossl.com/v2/DV90"}

2022/10/01 20:31:09.201 ERROR tls.obtain could not get certificate from issuer {"identifier": "domain2.duckdns.org", "issuer": "acme.zerossl.com-v2-DV90", "error": "[domain2.duckdns.org] solving challenges: presenting for challenge: could not determine zone for domain \"_acme-challenge.domain2.duckdns.org\": unexpected response code 'SERVFAIL' for _acme-challenge.domain2.duckdns.org. (order=https://acme.zerossl.com/v2/DV90/order/v44sT5HIHqibYa2HLilcJw) (ca=https://acme.zerossl.com/v2/DV90)"}

2022/10/01 20:31:09.201 ERROR tls.obtain will retry {"error": "[domain2.duckdns.org] Obtain: [domain2.duckdns.org] solving challenges: presenting for challenge: could not determine zone for domain \"_acme-challenge.domain2.duckdns.org\": unexpected response code 'SERVFAIL' for _acme-challenge.domain2.duckdns.org. (order=https://acme.zerossl.com/v2/DV90/order/v44sT5HIHqibYa2HLilcJw) (ca=https://acme.zerossl.com/v2/DV90)", "attempt": 1, "retrying_in": 60, "elapsed": 55.24699728, "max_duration": 2592000}

2022/10/01 20:31:10.485 ERROR http.acme_client cleaning up solver {"identifier": "domain1.duckdns.org", "challenge_type": "dns-01", "error": "no memory of presenting a DNS record for \"_acme-challenge.domain1.duckdns.org\" (usually OK if presenting also failed)"}

^C2022/10/01 20:31:12.122 INFO shutting down {"signal": "SIGINT"}

2022/10/01 20:31:12.128 WARN exiting; byeee!! 👋 {"signal": "SIGINT"}

2022/10/01 20:31:12.128 INFO tls.obtain releasing lock {"identifier": "domain2.duckdns.org"}

2022/10/01 20:31:12.128 WARN http.acme_client HTTP request failed; retrying {"url": "https://acme.zerossl.com/v2/DV90/authz/dsadasfdsfdsfsd", "error": "performing request: Post \"https://acme.zerossl.com/v2/DV90/authz/kfdsfdsfdsfds\": context canceled"}

2022/10/01 20:31:12.128 INFO tls.obtain releasing lock {"identifier": "domain3.duckdns.org"}

2022/10/01 20:31:12.128 INFO tls.cache.maintenance stopped background certificate maintenance {"cache": "0x40001f92d0"}

2022/10/01 20:31:12.128 ERROR http.acme_client deactivating authorization {"identifier": "domain1.duckdns.org", "authz": "https://acme.zerossl.com/v2/DV90/authz/fsdfdsfsd", "error": "attempt 1: https://acme.zerossl.com/v2/DV90/authz/kfdsfsdfsd: context canceled"}

2022/10/01 20:31:12.129 ERROR unable to clean up lock in storage backend {"signal": "SIGINT", "storage": "FileStorage:/root/.local/share/caddy", "lock_key": "issue_cert_domain2.duckdns.org", "error": "remove /root/.local/share/caddy/locks/issue_cert_domain2.duckdns.org.lock: no such file or directory"}

2022/10/01 20:31:12.129 ERROR tls.obtain could not get certificate from issuer {"identifier": "domain1.duckdns.org", "issuer": "acme.zerossl.com-v2-DV90", "error": "[domain1.duckdns.org] solving challenges: presenting for challenge: could not determine zone for domain \"_acme-challenge.domain1.duckdns.org\": unexpected response code 'SERVFAIL' for domain1.duckdns.org. (order=https://acme.zerossl.com/v2/DV90/order/GGELKOkezq746yTpeLLTLQ) (ca=https://acme.zerossl.com/v2/DV90)"}

2022/10/01 20:31:12.129 ERROR unable to clean up lock in storage backend {"signal": "SIGINT", "storage": "FileStorage:/root/.local/share/caddy", "lock_key": "issue_cert_domain3.duckdns.org", "error": "remove /root/.local/share/caddy/locks/issue_cert_domain3.duckdns.org.lock: no such file or directory"}

2022/10/01 20:31:12.129 ERROR tls.obtain will retry {"error": "[domain1.duckdns.org] Obtain: [domain1.duckdns.org] solving challenges: presenting for challenge: could not determine zone for domain \"_acme-challenge.domain1.duckdns.org\": unexpected response code 'SERVFAIL' for domain1.duckdns.org. (order=https://acme.zerossl.com/v2/DV90/order/GGELKOkezq746yTpeLLTLQ) (ca=https://acme.zerossl.com/v2/DV90)", "attempt": 1, "retrying_in": 60, "elapsed": 58.17498171, "max_duration": 2592000}

2022/10/01 20:31:12.129 ERROR tls job failed {"error": "domain2.duckdns.org: obtaining certificate: context canceled"}

2022/10/01 20:31:12.129 ERROR tls job failed {"error": "domain3.duckdns.org: obtaining certificate: context canceled"}

2022/10/01 20:31:12.130 INFO tls.obtain releasing lock {"identifier": "domain1.duckdns.org"}

2022/10/01 20:31:12.129 INFO admin stopped previous server {"address": "localhost:2019"}

2022/10/01 20:31:12.130 INFO shutdown complete {"signal": "SIGINT", "exit_code": 0}

5. What I already tried:

I tried completely reinstalling caddy.

2

Hi,

[...] unexpected response code 'SERVFAIL' for domain1.duckdns.org. [...]

duckdns seems to have network/availability problems right now, so it’s not just you.
But they also don’t have a status page or anything so :woman_shrugging:

You could either just wait, until duckdns is up and running properly again, or switch to another dyndns provider.
Also keep in mind, that you might not need to use the dns challenge. At least as long as your A/AAAA records are pointing to your Caddyserver’s public IP, ports :80 and :443 are open, and you aren’t trying to use wildcard certificates :innocent:

1 Like
3

This topic was automatically closed after 30 days. New replies are no longer allowed.