Can't get reverse_proxy with https working (no A/AAAA records found)

drwslacy47 · September 28, 2024, 4:10am

1. The problem I’m having:

I’m trying to set up a reverse proxy for a local backend server running on port 8000. I want to get https working. I have ports 80 and 443 accessible from the external internet. I’m running Caddy as a service. When I start caddy as a service, I fail to get a certificate (see error messages below). I note that some error messages say “no valid AAAA records found.” I know that your instructions say to ensure “your domain’s A/AAAA DNS records are properly pointed to this machine’s public IP”. But I don’t see any A record entries set up in my EasyDNS config. However, I think this is because I am using EasyDNS’s dynamic DNS service for my domain (epigenia.org) – I don’t have a static IP address. My understanding is that A/AAAA records map from a host name to an IP address, but since the external IP address for my local network is dynamic, I’m not sure how I would go about defining an A record, so I wasn’t too surprised none were set up. However, given your instructions about A records, how can I make the certification for HTTPS work if I’m using Dynamic DNS (described here on EasyDNS’s website: How To Use Dynamic DNS – easyDNS Technologies Inc)? Is there something else I can do in lieu of setting up A records to make the auto-certification work? Or is there some way I can set up an A/AAAA record that makes sense if I’m using dynamic DNS?

2. Error messages and/or full log output:

Sep 27 21:55:39 Odin systemd[1]: Starting Caddy...
Sep 27 21:55:39 Odin caddy[171520]: caddy.HomeDir=/var/lib/caddy
Sep 27 21:55:39 Odin caddy[171520]: caddy.AppDataDir=/var/lib/caddy/.local/share/caddy
Sep 27 21:55:39 Odin caddy[171520]: caddy.AppConfigDir=/var/lib/caddy/.config/caddy
Sep 27 21:55:39 Odin caddy[171520]: caddy.ConfigAutosavePath=/var/lib/caddy/.config/caddy/autosave.json
Sep 27 21:55:39 Odin caddy[171520]: caddy.Version=v2.8.4 h1:q3pe0wpBj1OcHFZ3n/1nl4V4bxBrYoSoab7rL9BMYNk=
Sep 27 21:55:39 Odin caddy[171520]: runtime.GOOS=linux
Sep 27 21:55:39 Odin caddy[171520]: runtime.GOARCH=amd64
Sep 27 21:55:39 Odin caddy[171520]: runtime.Compiler=gc
Sep 27 21:55:39 Odin caddy[171520]: runtime.NumCPU=36
Sep 27 21:55:39 Odin caddy[171520]: runtime.GOMAXPROCS=36
Sep 27 21:55:39 Odin caddy[171520]: runtime.Version=go1.22.3
Sep 27 21:55:39 Odin caddy[171520]: os.Getwd=/
Sep 27 21:55:39 Odin caddy[171520]: LANG=en_US.UTF-8
Sep 27 21:55:39 Odin caddy[171520]: PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin
Sep 27 21:55:39 Odin caddy[171520]: NOTIFY_SOCKET=/run/systemd/notify
Sep 27 21:55:39 Odin caddy[171520]: HOME=/var/lib/caddy
Sep 27 21:55:39 Odin caddy[171520]: LOGNAME=caddy
Sep 27 21:55:39 Odin caddy[171520]: USER=caddy
Sep 27 21:55:39 Odin caddy[171520]: INVOCATION_ID=f3cf8886cea143dbb97f57d17afb0523
Sep 27 21:55:39 Odin caddy[171520]: JOURNAL_STREAM=8:852168
Sep 27 21:55:39 Odin caddy[171520]: SYSTEMD_EXEC_PID=171520
Sep 27 21:55:39 Odin caddy[171520]: {"level":"info","ts":1727492139.6347525,"msg":"using config from file","file":"/etc/caddy/Caddyfile"}
Sep 27 21:55:39 Odin caddy[171520]: {"level":"info","ts":1727492139.6364093,"msg":"adapted config to JSON","adapter":"caddyfile"}
Sep 27 21:55:39 Odin caddy[171520]: {"level":"warn","ts":1727492139.6364388,"msg":"Caddyfile input is not formatted; run 'caddy fmt --overwrite' to fix inconsistencies","adapter":"caddyfile","file":"/etc/caddy/Caddyfile","line":12}
Sep 27 21:55:39 Odin caddy[171520]: {"level":"info","ts":1727492139.63706,"logger":"admin","msg":"admin endpoint started","address":"localhost:2019","enforce_origin":false,"origins":["//localhost:2019","//[::1]:2019","//127.0.0.1:2019"]}
Sep 27 21:55:39 Odin caddy[171520]: {"level":"info","ts":1727492139.637159,"logger":"http.auto_https","msg":"server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS","server_name":"srv0","https_port":443}
Sep 27 21:55:39 Odin caddy[171520]: {"level":"info","ts":1727492139.6371717,"logger":"http.auto_https","msg":"enabling automatic HTTP->HTTPS redirects","server_name":"srv0"}
Sep 27 21:55:39 Odin caddy[171520]: {"level":"info","ts":1727492139.6372316,"logger":"tls.cache.maintenance","msg":"started background certificate maintenance","cache":"0xc0005a2d80"}
Sep 27 21:55:39 Odin caddy[171520]: {"level":"info","ts":1727492139.6374018,"logger":"http","msg":"enabling HTTP/3 listener","addr":":443"}
Sep 27 21:55:39 Odin caddy[171520]: {"level":"info","ts":1727492139.637558,"logger":"http.log","msg":"server running","name":"srv0","protocols":["h1","h2","h3"]}
Sep 27 21:55:39 Odin caddy[171520]: {"level":"info","ts":1727492139.6375995,"logger":"http.log","msg":"server running","name":"remaining_auto_https_redirects","protocols":["h1","h2","h3"]}
Sep 27 21:55:39 Odin caddy[171520]: {"level":"info","ts":1727492139.637605,"logger":"http","msg":"enabling automatic TLS certificate management","domains":["epigenia.org"]}
Sep 27 21:55:39 Odin caddy[171520]: {"level":"info","ts":1727492139.6381469,"msg":"autosaved config (load with --resume flag)","file":"/var/lib/caddy/.config/caddy/autosave.json"}
Sep 27 21:55:39 Odin caddy[171520]: {"level":"info","ts":1727492139.638187,"msg":"serving initial configuration"}
Sep 27 21:55:39 Odin systemd[1]: Started Caddy.
Sep 27 21:55:39 Odin caddy[171520]: {"level":"info","ts":1727492139.6383343,"logger":"tls.obtain","msg":"acquiring lock","identifier":"epigenia.org"}
Sep 27 21:55:39 Odin caddy[171520]: {"level":"info","ts":1727492139.6764112,"logger":"tls","msg":"cleaning storage unit","storage":"FileStorage:/var/lib/caddy/.local/share/caddy"}
Sep 27 21:55:39 Odin caddy[171520]: {"level":"info","ts":1727492139.676707,"logger":"tls","msg":"finished cleaning storage units"}
Sep 27 21:55:39 Odin caddy[171520]: {"level":"info","ts":1727492139.693304,"logger":"tls.obtain","msg":"lock acquired","identifier":"epigenia.org"}
Sep 27 21:55:39 Odin caddy[171520]: {"level":"info","ts":1727492139.6933975,"logger":"tls.obtain","msg":"obtaining certificate","identifier":"epigenia.org"}
Sep 27 21:55:39 Odin caddy[171520]: {"level":"info","ts":1727492139.9220216,"logger":"http","msg":"waiting on internal rate limiter","identifiers":["epigenia.org"],"ca":"https://acme-v02.api.letsencrypt.org/directory","account":""}
Sep 27 21:55:39 Odin caddy[171520]: {"level":"info","ts":1727492139.9220552,"logger":"http","msg":"done waiting on internal rate limiter","identifiers":["epigenia.org"],"ca":"https://acme-v02.api.letsencrypt.org/directory","account":""}
Sep 27 21:55:39 Odin caddy[171520]: {"level":"info","ts":1727492139.9221094,"logger":"http","msg":"using ACME account","account_id":"https://acme-v02.api.letsencrypt.org/acme/acct/1970985727","account_contact":[]}
Sep 27 21:55:40 Odin caddy[171520]: {"level":"info","ts":1727492140.0586374,"logger":"http.acme_client","msg":"trying to solve challenge","identifier":"epigenia.org","challenge_type":"http-01","ca":"https://acme-v02.api.letsencrypt.org/directory"}
Sep 27 21:55:40 Odin caddy[171520]: {"level":"error","ts":1727492140.4248984,"logger":"http.acme_client","msg":"challenge failed","identifier":"epigenia.org","challenge_type":"http-01","problem":{"type":"urn:ietf:params:acme:error:dns","title":"","detail":"no valid A records found 
for epigenia.org; no valid AAAA records found for epigenia.org","instance":"","subproblems":[]}}
Sep 27 21:55:40 Odin caddy[171520]: {"level":"error","ts":1727492140.4249487,"logger":"http.acme_client","msg":"validating authorization","identifier":"epigenia.org","problem":{"type":"urn:ietf:params:acme:error:dns","title":"","detail":"no valid A records found for epigenia.org; n
o valid AAAA records found for epigenia.org","instance":"","subproblems":[]},"order":"https://acme-v02.api.letsencrypt.org/acme/order/1970985727/308917437387","attempt":1,"max_attempts":3}
Sep 27 21:55:41 Odin caddy[171520]: {"level":"info","ts":1727492141.5711124,"logger":"http.acme_client","msg":"trying to solve challenge","identifier":"epigenia.org","challenge_type":"tls-alpn-01","ca":"https://acme-v02.api.letsencrypt.org/directory"}
Sep 27 21:55:41 Odin caddy[171520]: {"level":"error","ts":1727492141.93703,"logger":"http.acme_client","msg":"challenge failed","identifier":"epigenia.org","challenge_type":"tls-alpn-01","problem":{"type":"urn:ietf:params:acme:error:dns","title":"","detail":"no valid A records foun
d for epigenia.org; no valid AAAA records found for epigenia.org","instance":"","subproblems":[]}}
Sep 27 21:55:41 Odin caddy[171520]: {"level":"error","ts":1727492141.9370873,"logger":"http.acme_client","msg":"validating authorization","identifier":"epigenia.org","problem":{"type":"urn:ietf:params:acme:error:dns","title":"","detail":"no valid A records found for epigenia.org; n
o valid AAAA records found for epigenia.org","instance":"","subproblems":[]},"order":"https://acme-v02.api.letsencrypt.org/acme/order/1970985727/308917441047","attempt":2,"max_attempts":3}
Sep 27 21:55:41 Odin caddy[171520]: {"level":"error","ts":1727492141.9371579,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"epigenia.org","issuer":"acme-v02.api.letsencrypt.org-directory","error":"HTTP 400 urn:ietf:params:acme:error:dns - no valid
 A records found for epigenia.org; no valid AAAA records found for epigenia.org"}
Sep 27 21:55:41 Odin caddy[171520]: {"level":"error","ts":1727492141.9373157,"logger":"tls.obtain","msg":"will retry","error":"[epigenia.org] Obtain: [epigenia.org] solving challenge: epigenia.org: [epigenia.org] authorization failed: HTTP 400 urn:ietf:params:acme:error:dns - no va
lid A records found for epigenia.org; no valid AAAA records found for epigenia.org (ca=https://acme-v02.api.letsencrypt.org/directory)","attempt":1,"retrying_in":60,"elapsed":2.243991972,"max_duration":2592000}
Sep 27 21:56:41 Odin caddy[171520]: {"level":"info","ts":1727492201.9384663,"logger":"tls.obtain","msg":"obtaining certificate","identifier":"epigenia.org"}
Sep 27 21:56:42 Odin caddy[171520]: {"level":"info","ts":1727492202.1920438,"logger":"http","msg":"using ACME account","account_id":"https://acme-staging-v02.api.letsencrypt.org/acme/acct/165002143","account_contact":[]}
Sep 27 21:56:42 Odin caddy[171520]: {"level":"info","ts":1727492202.3234131,"logger":"http.acme_client","msg":"trying to solve challenge","identifier":"epigenia.org","challenge_type":"tls-alpn-01","ca":"https://acme-staging-v02.api.letsencrypt.org/directory"}
Sep 27 21:56:42 Odin caddy[171520]: {"level":"error","ts":1727492202.6845195,"logger":"http.acme_client","msg":"challenge failed","identifier":"epigenia.org","challenge_type":"tls-alpn-01","problem":{"type":"urn:ietf:params:acme:error:dns","title":"","detail":"no valid A records fo
und for epigenia.org; no valid AAAA records found for epigenia.org","instance":"","subproblems":[]}}
Sep 27 21:56:42 Odin caddy[171520]: {"level":"error","ts":1727492202.6845677,"logger":"http.acme_client","msg":"validating authorization","identifier":"epigenia.org","problem":{"type":"urn:ietf:params:acme:error:dns","title":"","detail":"no valid A records found for epigenia.org; n
o valid AAAA records found for epigenia.org","instance":"","subproblems":[]},"order":"https://acme-staging-v02.api.letsencrypt.org/acme/order/165002143/19423907403","attempt":1,"max_attempts":3}
Sep 27 21:56:43 Odin caddy[171520]: {"level":"info","ts":1727492203.8110611,"logger":"http.acme_client","msg":"trying to solve challenge","identifier":"epigenia.org","challenge_type":"http-01","ca":"https://acme-staging-v02.api.letsencrypt.org/directory"}
Sep 27 21:56:44 Odin caddy[171520]: {"level":"error","ts":1727492204.1702263,"logger":"http.acme_client","msg":"challenge failed","identifier":"epigenia.org","challenge_type":"http-01","problem":{"type":"urn:ietf:params:acme:error:dns","title":"","detail":"no valid A records found 
for epigenia.org; no valid AAAA records found for epigenia.org","instance":"","subproblems":[]}}

3. Caddy version:

v2.8.4 h1:q3pe0wpBj1OcHFZ3n/1nl4V4bxBrYoSoab7rL9BMYNk=

4. How I installed and ran Caddy:

sudo apt install -y debian-keyring debian-archive-keyring apt-transport-https curl
curl -1sLf ‘https://dl.cloudsmith.io/public/caddy/stable/gpg.key’ | sudo gpg --dearmor -o /usr/share/keyrings/caddy-stable-archive-keyring.gpg
curl -1sLf ‘https://dl.cloudsmith.io/public/caddy/stable/debian.deb.txt’ | sudo tee /etc/apt/sources.list.d/caddy-stable.list
sudo apt update
sudo apt install caddy

a. System environment:

Ubuntu 22.04.4 LTS (GNU/Linux 5.15.0-122-generic x86_64)

b. Command:

I did not run caddy from the command line. I was running caddy as a service as described in the documentation using systemd:

sudo systemctl start caddy
sudo systemctl status caddy
...etc ...

c. Service/unit/compose file:

Not using docker

d. My complete Caddy config:

epigenia.org {
  reverse_proxy localhost:8000
}

5. Links to relevant resources:

Monviech · September 28, 2024, 6:21am

Hey,

you build caddy with these two modules:

Then you can create a caddyfile like this. It will automatically update dynamic DNS and do the DNS-01 challenge for your domain, both using your easydns provider.

# Global Options
{
	dynamic_dns {
		provider easydns {
			api_token fill_out
			api_key fill_out
			api_url fill_out
		}
		domains {
			example.com @
		}
	}
	email info@example.com
}

# Reverse Proxy Configuration
example.com {
	tls {
		issuer acme {
			dns easydns {
				api_token fill_out
				api_key fill_out
				api_url fill_out
			}
			propagation_delay 30s
			propagation_timeout -1
		}
	}
	reverse_proxy localhost:8000
}

drwslacy47 · September 29, 2024, 6:39pm

Thanks, Monviech! I will try this out.

system · October 29, 2024, 6:40pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.