1. Output of caddy version
:
v2.6.1 h1:EDqo59TyYWhXQnfde93Mmv4FJfYe00dO60zMiEt+pzo=
2. How I run Caddy:
Custom caddy with Duck DNS module for Caddy
a. System environment:
Ubuntu Server arm64
Raspberry Pi 4B 8GB
b. Command:
caddy start
d. My complete Caddy config:
domain1.duckdns.org:443 {
encode gzip
tls {
dns duckdns <token>
}
reverse_proxy /notifications/hub localhost:3012
reverse_proxy localhost:4534 {
header_up X-Real-IP {remote_host}
}
}
domain2.duckdns.org:443 {
tls {
dns duckdns <token>
}
reverse_proxy localhost:11000
}
domain3.duckdns.org:443 {
tls {
dns duckdns <token>
}
reverse_proxy /jellyfin/* localhost:8096
reverse_proxy /music* localhost:4533
}
3. The problem I’m having:
Caddy isnt able to optain the certificates for my domains
4. Error messages and/or full log output:
root@raspberrypi:/etc/caddy# caddy run
2022/10/01 20:30:13.931 INFO using adjacent Caddyfile
2022/10/01 20:30:13.938 INFO admin admin endpoint started {"address": "localhost:2019", "enforce_origin": false, "origins": ["//localhost:2019", "//[::1]:2019", "//127.0.0.1:2019"]}
2022/10/01 20:30:13.938 INFO tls.cache.maintenance started background certificate maintenance {"cache": "0x40001f92d0"}
2022/10/01 20:30:13.938 INFO http server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS {"server_name": "srv0", "https_port": 443}
2022/10/01 20:30:13.938 INFO http enabling automatic HTTP->HTTPS redirects {"server_name": "srv0"}
2022/10/01 20:30:13.940 INFO tls cleaning storage unit {"description": "FileStorage:/root/.local/share/caddy"}
2022/10/01 20:30:13.940 INFO http enabling HTTP/3 listener {"addr": ":443"}
2022/10/01 20:30:13.940 INFO tls finished cleaning storage units
2022/10/01 20:30:13.940 INFO failed to sufficiently increase receive buffer size (was: 208 kiB, wanted: 2048 kiB, got: 416 kiB). See https://github.com/lucas-clemente/quic-go/wiki/UDP-Receive-Buffer-Size for details.
2022/10/01 20:30:13.941 INFO http.log server running {"name": "srv0", "protocols": ["h1", "h2", "h3"]}
2022/10/01 20:30:13.941 INFO http.log server running {"name": "remaining_auto_https_redirects", "protocols": ["h1", "h2", "h3"]}
2022/10/01 20:30:13.941 INFO http enabling automatic TLS certificate management {"domains": ["domain3.duckdns.org", "domain1.duckdns.org", "domain2.duckdns.org"]}
2022/10/01 20:30:13.944 INFO autosaved config (load with --resume flag) {"file": "/root/.config/caddy/autosave.json"}
2022/10/01 20:30:13.945 INFO serving initial configuration
2022/10/01 20:30:13.945 INFO tls.obtain acquiring lock {"identifier": "domain3.duckdns.org"}
2022/10/01 20:30:13.946 INFO tls.obtain acquiring lock {"identifier": "domain1.duckdns.org"}
2022/10/01 20:30:13.945 INFO tls.obtain acquiring lock {"identifier": "domain2.duckdns.org"}
2022/10/01 20:30:13.954 INFO tls.obtain lock acquired {"identifier": "domain1.duckdns.org"}
2022/10/01 20:30:13.954 INFO tls.obtain lock acquired {"identifier": "domain2.duckdns.org"}
2022/10/01 20:30:13.954 INFO tls.obtain lock acquired {"identifier": "domain3.duckdns.org"}
2022/10/01 20:30:13.955 INFO tls.obtain obtaining certificate {"identifier": "domain1.duckdns.org"}
2022/10/01 20:30:13.955 INFO tls.obtain obtaining certificate {"identifier": "domain2.duckdns.org"}
2022/10/01 20:30:13.955 INFO tls.obtain obtaining certificate {"identifier": "domain3.duckdns.org"}
2022/10/01 20:30:13.958 INFO http waiting on internal rate limiter {"identifiers": ["domain1.duckdns.org"], "ca": "https://acme-v02.api.letsencrypt.org/directory", "account": ""}
2022/10/01 20:30:13.958 INFO http waiting on internal rate limiter {"identifiers": ["domain3.duckdns.org"], "ca": "https://acme-v02.api.letsencrypt.org/directory", "account": ""}
2022/10/01 20:30:13.958 INFO http done waiting on internal rate limiter {"identifiers": ["domain3.duckdns.org"], "ca": "https://acme-v02.api.letsencrypt.org/directory", "account": ""}
2022/10/01 20:30:13.958 INFO http waiting on internal rate limiter {"identifiers": ["domain2.duckdns.org"], "ca": "https://acme-v02.api.letsencrypt.org/directory", "account": ""}
2022/10/01 20:30:13.958 INFO http done waiting on internal rate limiter {"identifiers": ["domain1.duckdns.org"], "ca": "https://acme-v02.api.letsencrypt.org/directory", "account": ""}
2022/10/01 20:30:13.959 INFO http done waiting on internal rate limiter {"identifiers": ["domain2.duckdns.org"], "ca": "https://acme-v02.api.letsencrypt.org/directory", "account": ""}
2022/10/01 20:30:14.951 INFO http.acme_client trying to solve challenge {"identifier": "domain2.duckdns.org", "challenge_type": "dns-01", "ca": "https://acme-v02.api.letsencrypt.org/directory"}
2022/10/01 20:30:14.956 INFO http.acme_client trying to solve challenge {"identifier": "domain3.duckdns.org", "challenge_type": "dns-01", "ca": "https://acme-v02.api.letsencrypt.org/directory"}
2022/10/01 20:30:14.970 INFO http.acme_client trying to solve challenge {"identifier": "domain1.duckdns.org", "challenge_type": "dns-01", "ca": "https://acme-v02.api.letsencrypt.org/directory"}
2022/10/01 20:30:21.382 ERROR http.acme_client cleaning up solver {"identifier": "domain2.duckdns.org", "challenge_type": "dns-01", "error": "no memory of presenting a DNS record for \"_acme-challenge.domain2.duckdns.org\" (usually OK if presenting also failed)"}
2022/10/01 20:30:21.535 ERROR tls.obtain could not get certificate from issuer {"identifier": "domain2.duckdns.org", "issuer": "acme-v02.api.letsencrypt.org-directory", "error": "[domain2.duckdns.org] solving challenges: presenting for challenge: could not determine zone for domain \"_acme-challenge.domain2.duckdns.org\": unexpected response code 'SERVFAIL' for _acme-challenge.domain2.duckdns.org. (order=https://acme-v02.api.letsencrypt.org/acme/order/756621776/130643705896) (ca=https://acme-v02.api.letsencrypt.org/directory)"}
2022/10/01 20:30:21.537 INFO http waiting on internal rate limiter {"identifiers": ["domain2.duckdns.org"], "ca": "https://acme.zerossl.com/v2/DV90", "account": "caddy@zerossl.com"}
2022/10/01 20:30:21.537 INFO http done waiting on internal rate limiter {"identifiers": ["domain2.duckdns.org"], "ca": "https://acme.zerossl.com/v2/DV90", "account": "caddy@zerossl.com"}
2022/10/01 20:30:27.813 ERROR http.acme_client cleaning up solver {"identifier": "domain3.duckdns.org", "challenge_type": "dns-01", "error": "no memory of presenting a DNS record for \"_acme-challenge.domain3.duckdns.org\" (usually OK if presenting also failed)"}
2022/10/01 20:30:28.025 ERROR tls.obtain could not get certificate from issuer {"identifier": "domain3.duckdns.org", "issuer": "acme-v02.api.letsencrypt.org-directory", "error": "[domain3.duckdns.org] solving challenges: presenting for challenge: could not determine zone for domain \"_acme-challenge.domain3.duckdns.org\": unexpected response code 'SERVFAIL' for _acme-challenge.domain3.duckdns.org. (order=https://acme-v02.api.letsencrypt.org/acme/order/756621776/130643705936) (ca=https://acme-v02.api.letsencrypt.org/directory)"}
2022/10/01 20:30:28.026 INFO http waiting on internal rate limiter {"identifiers": ["domain3.duckdns.org"], "ca": "https://acme.zerossl.com/v2/DV90", "account": "caddy@zerossl.com"}
2022/10/01 20:30:28.026 INFO http done waiting on internal rate limiter {"identifiers": ["domain3.duckdns.org"], "ca": "https://acme.zerossl.com/v2/DV90", "account": "caddy@zerossl.com"}
2022/10/01 20:30:41.363 INFO http.acme_client trying to solve challenge {"identifier": "domain3.duckdns.org", "challenge_type": "dns-01", "ca": "https://acme.zerossl.com/v2/DV90"}
2022/10/01 20:30:41.370 INFO http.acme_client trying to solve challenge {"identifier": "domain2.duckdns.org", "challenge_type": "dns-01", "ca": "https://acme.zerossl.com/v2/DV90"}
2022/10/01 20:30:54.253 ERROR http.acme_client cleaning up solver {"identifier": "domain1.duckdns.org", "challenge_type": "dns-01", "error": "no memory of presenting a DNS record for \"_acme-challenge.domain1.duckdns.org\" (usually OK if presenting also failed)"}
2022/10/01 20:30:54.408 ERROR tls.obtain could not get certificate from issuer {"identifier": "domain1.duckdns.org", "issuer": "acme-v02.api.letsencrypt.org-directory", "error": "[domain1.duckdns.org] solving challenges: presenting for challenge: could not determine zone for domain \"_acme-challenge.domain1.duckdns.org\": unexpected response code 'SERVFAIL' for domain1.duckdns.org. (order=https://acme-v02.api.letsencrypt.org/acme/order/756621776/130643705916) (ca=https://acme-v02.api.letsencrypt.org/directory)"}
2022/10/01 20:30:54.409 INFO http waiting on internal rate limiter {"identifiers": ["domain1.duckdns.org"], "ca": "https://acme.zerossl.com/v2/DV90", "account": "caddy@zerossl.com"}
2022/10/01 20:30:54.410 INFO http done waiting on internal rate limiter {"identifiers": ["domain1.duckdns.org"], "ca": "https://acme.zerossl.com/v2/DV90", "account": "caddy@zerossl.com"}
2022/10/01 20:30:59.092 ERROR http.acme_client cleaning up solver {"identifier": "domain3.duckdns.org", "challenge_type": "dns-01", "error": "no memory of presenting a DNS record for \"_acme-challenge.domain3.duckdns.org\" (usually OK if presenting also failed)"}
2022/10/01 20:31:03.917 ERROR http.acme_client cleaning up solver {"identifier": "domain2.duckdns.org", "challenge_type": "dns-01", "error": "no memory of presenting a DNS record for \"_acme-challenge.domain2.duckdns.org\" (usually OK if presenting also failed)"}
2022/10/01 20:31:04.126 ERROR tls.obtain could not get certificate from issuer {"identifier": "domain3.duckdns.org", "issuer": "acme.zerossl.com-v2-DV90", "error": "[domain3.duckdns.org] solving challenges: presenting for challenge: could not determine zone for domain \"_acme-challenge.domain3.duckdns.org\": unexpected response code 'SERVFAIL' for domain3.duckdns.org. (order=https://acme.zerossl.com/v2/DV90/order/exH5qXJ75crbAiyqDyyiGg) (ca=https://acme.zerossl.com/v2/DV90)"}
2022/10/01 20:31:04.127 ERROR tls.obtain will retry {"error": "[domain3.duckdns.org] Obtain: [domain3.duckdns.org] solving challenges: presenting for challenge: could not determine zone for domain \"_acme-challenge.domain3.duckdns.org\": unexpected response code 'SERVFAIL' for domain3.duckdns.org. (order=https://acme.zerossl.com/v2/DV90/order/exH5qXJ75crbAiyqDyyiGg) (ca=https://acme.zerossl.com/v2/DV90)", "attempt": 1, "retrying_in": 60, "elapsed": 50.172976262, "max_duration": 2592000}
2022/10/01 20:31:05.102 INFO http.acme_client trying to solve challenge {"identifier": "domain1.duckdns.org", "challenge_type": "dns-01", "ca": "https://acme.zerossl.com/v2/DV90"}
2022/10/01 20:31:09.201 ERROR tls.obtain could not get certificate from issuer {"identifier": "domain2.duckdns.org", "issuer": "acme.zerossl.com-v2-DV90", "error": "[domain2.duckdns.org] solving challenges: presenting for challenge: could not determine zone for domain \"_acme-challenge.domain2.duckdns.org\": unexpected response code 'SERVFAIL' for _acme-challenge.domain2.duckdns.org. (order=https://acme.zerossl.com/v2/DV90/order/v44sT5HIHqibYa2HLilcJw) (ca=https://acme.zerossl.com/v2/DV90)"}
2022/10/01 20:31:09.201 ERROR tls.obtain will retry {"error": "[domain2.duckdns.org] Obtain: [domain2.duckdns.org] solving challenges: presenting for challenge: could not determine zone for domain \"_acme-challenge.domain2.duckdns.org\": unexpected response code 'SERVFAIL' for _acme-challenge.domain2.duckdns.org. (order=https://acme.zerossl.com/v2/DV90/order/v44sT5HIHqibYa2HLilcJw) (ca=https://acme.zerossl.com/v2/DV90)", "attempt": 1, "retrying_in": 60, "elapsed": 55.24699728, "max_duration": 2592000}
2022/10/01 20:31:10.485 ERROR http.acme_client cleaning up solver {"identifier": "domain1.duckdns.org", "challenge_type": "dns-01", "error": "no memory of presenting a DNS record for \"_acme-challenge.domain1.duckdns.org\" (usually OK if presenting also failed)"}
^C2022/10/01 20:31:12.122 INFO shutting down {"signal": "SIGINT"}
2022/10/01 20:31:12.128 WARN exiting; byeee!! 👋 {"signal": "SIGINT"}
2022/10/01 20:31:12.128 INFO tls.obtain releasing lock {"identifier": "domain2.duckdns.org"}
2022/10/01 20:31:12.128 WARN http.acme_client HTTP request failed; retrying {"url": "https://acme.zerossl.com/v2/DV90/authz/dsadasfdsfdsfsd", "error": "performing request: Post \"https://acme.zerossl.com/v2/DV90/authz/kfdsfdsfdsfds\": context canceled"}
2022/10/01 20:31:12.128 INFO tls.obtain releasing lock {"identifier": "domain3.duckdns.org"}
2022/10/01 20:31:12.128 INFO tls.cache.maintenance stopped background certificate maintenance {"cache": "0x40001f92d0"}
2022/10/01 20:31:12.128 ERROR http.acme_client deactivating authorization {"identifier": "domain1.duckdns.org", "authz": "https://acme.zerossl.com/v2/DV90/authz/fsdfdsfsd", "error": "attempt 1: https://acme.zerossl.com/v2/DV90/authz/kfdsfsdfsd: context canceled"}
2022/10/01 20:31:12.129 ERROR unable to clean up lock in storage backend {"signal": "SIGINT", "storage": "FileStorage:/root/.local/share/caddy", "lock_key": "issue_cert_domain2.duckdns.org", "error": "remove /root/.local/share/caddy/locks/issue_cert_domain2.duckdns.org.lock: no such file or directory"}
2022/10/01 20:31:12.129 ERROR tls.obtain could not get certificate from issuer {"identifier": "domain1.duckdns.org", "issuer": "acme.zerossl.com-v2-DV90", "error": "[domain1.duckdns.org] solving challenges: presenting for challenge: could not determine zone for domain \"_acme-challenge.domain1.duckdns.org\": unexpected response code 'SERVFAIL' for domain1.duckdns.org. (order=https://acme.zerossl.com/v2/DV90/order/GGELKOkezq746yTpeLLTLQ) (ca=https://acme.zerossl.com/v2/DV90)"}
2022/10/01 20:31:12.129 ERROR unable to clean up lock in storage backend {"signal": "SIGINT", "storage": "FileStorage:/root/.local/share/caddy", "lock_key": "issue_cert_domain3.duckdns.org", "error": "remove /root/.local/share/caddy/locks/issue_cert_domain3.duckdns.org.lock: no such file or directory"}
2022/10/01 20:31:12.129 ERROR tls.obtain will retry {"error": "[domain1.duckdns.org] Obtain: [domain1.duckdns.org] solving challenges: presenting for challenge: could not determine zone for domain \"_acme-challenge.domain1.duckdns.org\": unexpected response code 'SERVFAIL' for domain1.duckdns.org. (order=https://acme.zerossl.com/v2/DV90/order/GGELKOkezq746yTpeLLTLQ) (ca=https://acme.zerossl.com/v2/DV90)", "attempt": 1, "retrying_in": 60, "elapsed": 58.17498171, "max_duration": 2592000}
2022/10/01 20:31:12.129 ERROR tls job failed {"error": "domain2.duckdns.org: obtaining certificate: context canceled"}
2022/10/01 20:31:12.129 ERROR tls job failed {"error": "domain3.duckdns.org: obtaining certificate: context canceled"}
2022/10/01 20:31:12.130 INFO tls.obtain releasing lock {"identifier": "domain1.duckdns.org"}
2022/10/01 20:31:12.129 INFO admin stopped previous server {"address": "localhost:2019"}
2022/10/01 20:31:12.130 INFO shutdown complete {"signal": "SIGINT", "exit_code": 0}
5. What I already tried:
I tried completely reinstalling caddy.