Can't issues certs via dns-01 after update 2.4.0/2.4.1

1. Caddy version (caddy version):

v2.4.1 h1:kAJ0JB5Xk5gPdTH/27S5cyoMGqD5lBAe9yZ8zTjVJa0=

2. How I run Caddy:

caddy run --config Caddyfile

a. System environment:

Ubuntu 20.04.2

b. Command:

caddy run --config Caddyfile

c. My complete Caddyfile or JSON config:

{
	on_demand_tls {
		interval 1s
		burst 10
	}
	cert_issuer zerossl <my_id>
}

https://*.buct.edu.cn {
	encode zstd gzip
	reverse_proxy * https://<my_backend> {
		lb_policy ip_hash
		lb_try_duration 5s
		transport http {
			tls_insecure_skip_verify
		}
	}
	handle_errors {
		respond "{http.error.status_code} {http.error.status_text}"
	}
	tls {
		issuer zerossl <my_id> {
			dns duckdns <my_id> {
				override_domain buct.duckdns.org
			}
		}
	}
}

3. The problem I’m having:

When I start caddy v2.4.1, it stuck at solving dns challenges, but when I downgrade to 2.3.0 or 2.4.0beta1, it works immediately.

4. Error messages and/or full log output:

5月 24 23:51:37 NewCaddy caddy[3152988]: {"level":"info","ts":1621871497.8898246,"logger":"tls","msg":"cleaning storage unit","description":"FileStorage:/var/lib/caddy/.local/share/caddy"}
5月 24 23:51:37 NewCaddy caddy[3152988]: {"level":"info","ts":1621871497.8902652,"msg":"autosaved config (load with --resume flag)","file":"/var/lib/caddy/.config/caddy/autosave.json"}
5月 24 23:51:37 NewCaddy caddy[3152988]: {"level":"info","ts":1621871497.890287,"msg":"serving initial configuration"}
5月 24 23:51:37 NewCaddy caddy[3152988]: {"level":"info","ts":1621871497.8907118,"logger":"tls.obtain","msg":"acquiring lock","identifier":"*.buct.edu.cn"}
5月 24 23:51:37 NewCaddy caddy[3152988]: {"level":"info","ts":1621871497.9012332,"logger":"tls","msg":"finished cleaning storage units"}
5月 24 23:51:37 NewCaddy caddy[3152988]: {"level":"info","ts":1621871497.9228106,"logger":"tls.obtain","msg":"lock acquired","identifier":"*.buct.edu.cn"}
5月 24 23:51:37 NewCaddy caddy[3152988]: {"level":"info","ts":1621871497.947789,"logger":"tls.issuance.acme","msg":"waiting on internal rate limiter","identifiers":["*.buct.edu.cn"]}
5月 24 23:51:37 NewCaddy caddy[3152988]: {"level":"info","ts":1621871497.9478068,"logger":"tls.issuance.acme","msg":"done waiting on internal rate limiter","identifiers":["*.buct.edu.cn"]}
5月 24 23:51:40 NewCaddy caddy[3152988]: {"level":"info","ts":1621871500.2489653,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"*.buct.edu.cn","challenge_type":"dns-01","ca":"https://acme.zerossl.com/v2/DV90"}
5月 24 23:53:44 NewCaddy caddy[3152988]: {"level":"error","ts":1621871624.2648833,"logger":"tls.obtain","msg":"will retry","error":"[*.buct.edu.cn] Obtain: [*.buct.edu.cn] solving challenges: waiting for solver certmagic.solverWrapper to be ready: timed out waiting for record to fully propagate; verify DNS provider configuration is correct - last error: <nil> (order=https://acme.zerossl.com/v2/DV90/order/CfpmQ38Cnv5lgjcRYzYfKg) (ca=https://acme.zerossl.com/v2/DV90)","attempt":1,"retrying_in":60,"elapsed":126.342046633,"max_duration":2592000}

5. What I already tried:

Then I delete the new cert and try again, only 2.3.0/2.4.0beta1 can work, and 2.4.0/2.4.1 still stuck at solving dns challenges.

6. Links to relevant resources:

How did you build Caddy? Are you sure you used the latest version of the duckdns plugin? It was updated to work with the latest version of Caddy.

Use xcaddy to build it like this:

xcaddy build v2.4.1 --with https://github.com/caddy-dns/duckdns

You can check the versions you have installed with caddy list-modules --versions

Yes, I use the same command to build the caddy, and it told me that

caddy list-modules --versions
admin.api.load v2.4.1
admin.api.metrics v2.4.1
admin.api.reverse_proxy v2.4.1
caddy.adapters.caddyfile v2.4.1
caddy.config_loaders.http v2.4.1
caddy.listeners.tls v2.4.1
caddy.logging.encoders.console v2.4.1
caddy.logging.encoders.filter v2.4.1
caddy.logging.encoders.filter.delete v2.4.1
caddy.logging.encoders.filter.ip_mask v2.4.1
caddy.logging.encoders.filter.replace v2.4.1
caddy.logging.encoders.json v2.4.1
caddy.logging.encoders.single_field v2.4.1
caddy.logging.writers.discard v2.4.1
caddy.logging.writers.file v2.4.1
caddy.logging.writers.net v2.4.1
caddy.logging.writers.stderr v2.4.1
caddy.logging.writers.stdout v2.4.1
caddy.storage.file_system v2.4.1
http v2.4.1
http.authentication.hashes.bcrypt v2.4.1
http.authentication.hashes.scrypt v2.4.1
http.authentication.providers.http_basic v2.4.1
http.encoders.gzip v2.4.1
http.encoders.zstd v2.4.1
http.handlers.acme_server v2.4.1
http.handlers.authentication v2.4.1
http.handlers.encode v2.4.1
http.handlers.error v2.4.1
http.handlers.file_server v2.4.1
http.handlers.headers v2.4.1
http.handlers.map v2.4.1
http.handlers.metrics v2.4.1
http.handlers.push v2.4.1
http.handlers.request_body v2.4.1
http.handlers.reverse_proxy v2.4.1
http.handlers.rewrite v2.4.1
http.handlers.static_response v2.4.1
http.handlers.subroute v2.4.1
http.handlers.templates v2.4.1
http.handlers.vars v2.4.1
http.matchers.expression v2.4.1
http.matchers.file v2.4.1
http.matchers.header v2.4.1
http.matchers.header_regexp v2.4.1
http.matchers.host v2.4.1
http.matchers.method v2.4.1
http.matchers.not v2.4.1
http.matchers.path v2.4.1
http.matchers.path_regexp v2.4.1
http.matchers.protocol v2.4.1
http.matchers.query v2.4.1
http.matchers.remote_ip v2.4.1
http.matchers.vars v2.4.1
http.matchers.vars_regexp v2.4.1
http.precompressed.br v2.4.1
http.precompressed.gzip v2.4.1
http.precompressed.zstd v2.4.1
http.reverse_proxy.selection_policies.cookie v2.4.1
http.reverse_proxy.selection_policies.first v2.4.1
http.reverse_proxy.selection_policies.header v2.4.1
http.reverse_proxy.selection_policies.ip_hash v2.4.1
http.reverse_proxy.selection_policies.least_conn v2.4.1
http.reverse_proxy.selection_policies.random v2.4.1
http.reverse_proxy.selection_policies.random_choose v2.4.1
http.reverse_proxy.selection_policies.round_robin v2.4.1
http.reverse_proxy.selection_policies.uri_hash v2.4.1
http.reverse_proxy.transport.fastcgi v2.4.1
http.reverse_proxy.transport.http v2.4.1
pki v2.4.1
tls v2.4.1
tls.certificates.automate v2.4.1
tls.certificates.load_files v2.4.1
tls.certificates.load_folders v2.4.1
tls.certificates.load_pem v2.4.1
tls.certificates.load_storage v2.4.1
tls.handshake_match.remote_ip v2.4.1
tls.handshake_match.sni v2.4.1
tls.issuance.acme v2.4.1
tls.issuance.internal v2.4.1
tls.issuance.zerossl v2.4.1
tls.stek.distributed v2.4.1
tls.stek.standard v2.4.1

  Standard modules: 83

dns.providers.duckdns v0.3.1

  Non-standard modules: 1

  Unknown modules: 0

Yeah, that looks correct.

Please check the DNS TXT records before and after Caddy runs, both with v2.3.0 and v2.4.1 to compare what it sets it to, to see if there’s a difference there.

I’m using the duckdns plugin without trouble on my own site (I wrote the duckdns plugin) with the latest version of Caddy, so I have to guess the problem is with your setup involving the delegated challenge.

You may also turn on the debug global option to get more detail in the logs:

{
	debug
}
1 Like

Here is v2.4.0-beta1 logs

2021/05/26 09:37:33.042 INFO    using provided configuration    {"config_file": "/etc/caddy/Caddyfile", "config_adapter": "caddyfile"}
2021/05/26 09:37:33.045 INFO    admin   admin endpoint started  {"address": "tcp/localhost:2019", "enforce_origin": false, "origins": ["127.0.0.1:2019", "localhost:2019", "[::1]:2019"]}
2021/05/26 09:37:33.046 INFO    http    server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS {"server_name": "srv0", "https_port": 443}
2021/05/26 09:37:33.046 INFO    http    enabling automatic HTTP->HTTPS redirects        {"server_name": "srv0"}
2021/05/26 09:37:33.046 INFO    tls.cache.maintenance   started background certificate maintenance      {"cache": "0xc0001f8a10"}
2021/05/26 09:37:33.047 DEBUG   http    starting server loop    {"address": "[::]:443", "http3": false, "tls": true}
2021/05/26 09:37:33.047 INFO    tls     cleaned up storage units
2021/05/26 09:37:33.047 DEBUG   http    starting server loop    {"address": "[::]:80", "http3": false, "tls": false}
2021/05/26 09:37:33.047 INFO    http    enabling automatic TLS certificate management   {"domains": ["*.buct.edu.cn"]}
2021/05/26 09:37:33.047 INFO    autosaved config        {"file": "/config/caddy/autosave.json"}
2021/05/26 09:37:33.047 INFO    serving initial configuration
2021/05/26 09:37:33.048 INFO    tls.obtain      acquiring lock  {"identifier": "*.buct.edu.cn"}
2021/05/26 09:37:33.068 INFO    tls.obtain      lock acquired   {"identifier": "*.buct.edu.cn"}
2021/05/26 09:37:33.093 WARN    tls.issuance.zerossl    missing email address for ZeroSSL; it is strongly recommended to set one for next time
2021/05/26 09:37:34.427 INFO    tls.issuance.zerossl    generated EAB credentials       {"key_id": "65lcsMbsx-kreQ-IW7hOAg"}
2021/05/26 09:37:35.299 DEBUG   tls.issuance.acme.acme_client   http request    {"method": "GET", "url": "https://acme.zerossl.com/v2/DV90", "headers": {"User-Agent":["Caddy/2.4.0-beta.1 CertMagic acmez (linux; amd64)"]}, "status_code": 200, "response_headers": {"Access-Control-Allow-Origin":["*"],"Cache-Control":["max-age=-1"],"Content-Length":["645"],"Content-Type":["application/json"],"Date":["Wed, 26 May 2021 09:37:35 GMT"],"Server":["nginx"],"Strict-Transport-Security":["max-age=15552000"]}}
2021/05/26 09:37:35.534 DEBUG   tls.issuance.acme.acme_client   http request    {"method": "HEAD", "url": "https://acme.zerossl.com/v2/DV90/newNonce", "headers": {"User-Agent":["Caddy/2.4.0-beta.1 CertMagic acmez (linux; amd64)"]}, "status_code": 200, "response_headers": {"Access-Control-Allow-Origin":["*"],"Cache-Control":["max-age=-1"],"Content-Type":["application/octet-stream"],"Date":["Wed, 26 May 2021 09:37:35 GMT"],"Link":["<https://acme.zerossl.com/v2/DV90>;rel=\"index\""],"Replay-Nonce":["cVCX7Ds3yw2-NoZsyv0HMYwHmUjrp4T9reJ34Kew6fw"],"Server":["nginx"],"Strict-Transport-Security":["max-age=15552000"]}}
2021/05/26 09:37:35.794 DEBUG   tls.issuance.acme.acme_client   http request    {"method": "POST", "url": "https://acme.zerossl.com/v2/DV90/newAccount", "headers": {"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.4.0-beta.1 CertMagic acmez (linux; amd64)"]}, "status_code": 201, "response_headers": {"Access-Control-Allow-Origin":["*"],"Cache-Control":["max-age=0, no-cache, no-store","max-age=-1"],"Content-Length":["579"],"Content-Type":["application/json"],"Date":["Wed, 26 May 2021 09:37:35 GMT"],"Location":["https://acme.zerossl.com/v2/DV90/account/65lcsMbsx-kreQ-IW7hOAg"],"Replay-Nonce":["ffJBIa20Plqn5XgJh1OVNmr7g35Mv0NBjg9pUWQHNGY"],"Server":["nginx"],"Status":[""],"Strict-Transport-Security":["max-age=15552000"]}}
2021/05/26 09:37:35.795 INFO    tls.issuance.acme       waiting on internal rate limiter        {"identifiers": ["*.buct.edu.cn"]}
2021/05/26 09:37:35.795 INFO    tls.issuance.acme       done waiting on internal rate limiter   {"identifiers": ["*.buct.edu.cn"]}
2021/05/26 09:37:36.077 DEBUG   tls.issuance.acme.acme_client   http request    {"method": "POST", "url": "https://acme.zerossl.com/v2/DV90/newOrder", "headers": {"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.4.0-beta.1 CertMagic acmez (linux; amd64)"]}, "status_code": 201, "response_headers": {"Access-Control-Allow-Origin":["*"],"Cache-Control":["max-age=0, no-cache, no-store","max-age=-1"],"Content-Length":["275"],"Content-Type":["application/json"],"Date":["Wed, 26 May 2021 09:37:35 GMT"],"Location":["https://acme.zerossl.com/v2/DV90/order/IptXMubG-4LoRY-nM7woLQ"],"Replay-Nonce":["HT9YqhLXQdANn0YDQjA086_4fotbgFKz3b2OtrJH_IM"],"Server":["nginx"],"Status":[""],"Strict-Transport-Security":["max-age=15552000"]}}
2021/05/26 09:37:36.322 DEBUG   tls.issuance.acme.acme_client   http request    {"method": "POST", "url": "https://acme.zerossl.com/v2/DV90/authz/BideW-srnSsuoyfxrmEybg", "headers": {"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.4.0-beta.1 CertMagic acmez (linux; amd64)"]}, "status_code": 200, "response_headers": {"Access-Control-Allow-Origin":["*"],"Cache-Control":["max-age=-1"],"Content-Length":["295"],"Content-Type":["application/json"],"Date":["Wed, 26 May 2021 09:37:36 GMT"],"Link":["<https://acme.zerossl.com/v2/DV90>;rel=\"index\""],"Replay-Nonce":["TQbe_U5fGtEkCW3AtGRAP2wRTx365sL4mZTK7O9He8c"],"Retry-After":["5"],"Server":["nginx"],"Strict-Transport-Security":["max-age=15552000"]}}
2021/05/26 09:37:36.322 INFO    tls.issuance.acme.acme_client   trying to solve challenge       {"identifier": "*.buct.edu.cn", "challenge_type": "dns-01", "ca": "https://acme.zerossl.com/v2/DV90"}
2021/05/26 09:37:37.741 DEBUG   tls.issuance.acme.acme_client   http request    {"method": "POST", "url": "https://acme.zerossl.com/v2/DV90/chall/d0qXFmtz-iDHuq6fH2_EuQ", "headers": {"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.4.0-beta.1 CertMagic acmez (linux; amd64)"]}, "status_code": 200, "response_headers": {"Access-Control-Allow-Origin":["*"],"Cache-Control":["max-age=-1"],"Content-Length":["163"],"Content-Type":["application/json"],"Date":["Wed, 26 May 2021 09:37:37 GMT"],"Link":["<https://acme.zerossl.com/v2/DV90>;rel=\"index\"","<https://acme.zerossl.com/v2/DV90/authz/BideW-srnSsuoyfxrmEybg>;rel=\"up\""],"Replay-Nonce":["7-9pMBIu3Vb4bXaiaLtkwugvW5lMgDUynCV9t73GZdc"],"Retry-After":["10"],"Server":["nginx"],"Strict-Transport-Security":["max-age=15552000"]}}
2021/05/26 09:37:37.741 DEBUG   tls.issuance.acme.acme_client   challenge accepted      {"identifier": "*.buct.edu.cn", "challenge_type": "dns-01"}
2021/05/26 09:37:38.252 DEBUG   tls.issuance.acme.acme_client   http request    {"method": "POST", "url": "https://acme.zerossl.com/v2/DV90/authz/BideW-srnSsuoyfxrmEybg", "headers": {"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.4.0-beta.1 CertMagic acmez (linux; amd64)"]}, "status_code": 200, "response_headers": {"Access-Control-Allow-Origin":["*"],"Cache-Control":["max-age=-1"],"Content-Length":["298"],"Content-Type":["application/json"],"Date":["Wed, 26 May 2021 09:37:38 GMT"],"Link":["<https://acme.zerossl.com/v2/DV90>;rel=\"index\""],"Replay-Nonce":["WhOkcFMbAqvYNi6p1iemezc9tiV2bIMzOYMKYL585Aw"],"Retry-After":["5"],"Server":["nginx"],"Strict-Transport-Security":["max-age=15552000"]}}
2021/05/26 09:37:43.490 DEBUG   tls.issuance.acme.acme_client   http request    {"method": "POST", "url": "https://acme.zerossl.com/v2/DV90/authz/BideW-srnSsuoyfxrmEybg", "headers": {"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.4.0-beta.1 CertMagic acmez (linux; amd64)"]}, "status_code": 200, "response_headers": {"Access-Control-Allow-Origin":["*"],"Cache-Control":["max-age=-1"],"Content-Length":["298"],"Content-Type":["application/json"],"Date":["Wed, 26 May 2021 09:37:43 GMT"],"Link":["<https://acme.zerossl.com/v2/DV90>;rel=\"index\""],"Replay-Nonce":["YwKk-XlLGWm_yBasBVdr3zqYp80OWwzxb8qWATfNlUI"],"Retry-After":["5"],"Server":["nginx"],"Strict-Transport-Security":["max-age=15552000"]}}
2021/05/26 09:37:48.727 DEBUG   tls.issuance.acme.acme_client   http request    {"method": "POST", "url": "https://acme.zerossl.com/v2/DV90/authz/BideW-srnSsuoyfxrmEybg", "headers": {"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.4.0-beta.1 CertMagic acmez (linux; amd64)"]}, "status_code": 200, "response_headers": {"Access-Control-Allow-Origin":["*"],"Cache-Control":["max-age=-1"],"Content-Length":["298"],"Content-Type":["application/json"],"Date":["Wed, 26 May 2021 09:37:48 GMT"],"Link":["<https://acme.zerossl.com/v2/DV90>;rel=\"index\""],"Replay-Nonce":["r-1BxS4y9gwjdiFUv3343EPkbrZIA80Bc3YDt0H4yUI"],"Retry-After":["5"],"Server":["nginx"],"Strict-Transport-Security":["max-age=15552000"]}}
2021/05/26 09:37:53.959 DEBUG   tls.issuance.acme.acme_client   http request    {"method": "POST", "url": "https://acme.zerossl.com/v2/DV90/authz/BideW-srnSsuoyfxrmEybg", "headers": {"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.4.0-beta.1 CertMagic acmez (linux; amd64)"]}, "status_code": 200, "response_headers": {"Access-Control-Allow-Origin":["*"],"Cache-Control":["max-age=-1"],"Content-Length":["298"],"Content-Type":["application/json"],"Date":["Wed, 26 May 2021 09:37:53 GMT"],"Link":["<https://acme.zerossl.com/v2/DV90>;rel=\"index\""],"Replay-Nonce":["Iab7eUgJt_q4GXA13MT9iPw8bWsJzYyFwCIVqswNH5g"],"Retry-After":["5"],"Server":["nginx"],"Strict-Transport-Security":["max-age=15552000"]}}
2021/05/26 09:37:59.208 DEBUG   tls.issuance.acme.acme_client   http request    {"method": "POST", "url": "https://acme.zerossl.com/v2/DV90/authz/BideW-srnSsuoyfxrmEybg", "headers": {"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.4.0-beta.1 CertMagic acmez (linux; amd64)"]}, "status_code": 200, "response_headers": {"Access-Control-Allow-Origin":["*"],"Cache-Control":["max-age=-1"],"Content-Length":["298"],"Content-Type":["application/json"],"Date":["Wed, 26 May 2021 09:37:59 GMT"],"Link":["<https://acme.zerossl.com/v2/DV90>;rel=\"index\""],"Replay-Nonce":["7_p-XAiPTWTDpkvhqcAPNcquakJhjf98uNNv72EgfU4"],"Retry-After":["5"],"Server":["nginx"],"Strict-Transport-Security":["max-age=15552000"]}}
2021/05/26 09:38:04.440 DEBUG   tls.issuance.acme.acme_client   http request    {"method": "POST", "url": "https://acme.zerossl.com/v2/DV90/authz/BideW-srnSsuoyfxrmEybg", "headers": {"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.4.0-beta.1 CertMagic acmez (linux; amd64)"]}, "status_code": 200, "response_headers": {"Access-Control-Allow-Origin":["*"],"Cache-Control":["max-age=-1"],"Content-Length":["298"],"Content-Type":["application/json"],"Date":["Wed, 26 May 2021 09:38:04 GMT"],"Link":["<https://acme.zerossl.com/v2/DV90>;rel=\"index\""],"Replay-Nonce":["5G8Uj-HJcftyBmLz7vebM0U8wIbhB1xVbdtw0UfqbV0"],"Retry-After":["5"],"Server":["nginx"],"Strict-Transport-Security":["max-age=15552000"]}}
2021/05/26 09:38:09.677 DEBUG   tls.issuance.acme.acme_client   http request    {"method": "POST", "url": "https://acme.zerossl.com/v2/DV90/authz/BideW-srnSsuoyfxrmEybg", "headers": {"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.4.0-beta.1 CertMagic acmez (linux; amd64)"]}, "status_code": 200, "response_headers": {"Access-Control-Allow-Origin":["*"],"Cache-Control":["max-age=-1"],"Content-Length":["298"],"Content-Type":["application/json"],"Date":["Wed, 26 May 2021 09:38:09 GMT"],"Link":["<https://acme.zerossl.com/v2/DV90>;rel=\"index\""],"Replay-Nonce":["3LfJmZ6UvUin1PVfiKCfhIU4rU2SwYrr9eU3L7_1Kvk"],"Retry-After":["5"],"Server":["nginx"],"Strict-Transport-Security":["max-age=15552000"]}}
2021/05/26 09:38:14.928 DEBUG   tls.issuance.acme.acme_client   http request    {"method": "POST", "url": "https://acme.zerossl.com/v2/DV90/authz/BideW-srnSsuoyfxrmEybg", "headers": {"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.4.0-beta.1 CertMagic acmez (linux; amd64)"]}, "status_code": 200, "response_headers": {"Access-Control-Allow-Origin":["*"],"Cache-Control":["max-age=-1"],"Content-Length":["298"],"Content-Type":["application/json"],"Date":["Wed, 26 May 2021 09:38:14 GMT"],"Link":["<https://acme.zerossl.com/v2/DV90>;rel=\"index\""],"Replay-Nonce":["3_b1V2B-MV_zoHnx8wi4FBy33ST7sxfaNL36x0YDEV0"],"Retry-After":["5"],"Server":["nginx"],"Strict-Transport-Security":["max-age=15552000"]}}
2021/05/26 09:38:20.168 DEBUG   tls.issuance.acme.acme_client   http request    {"method": "POST", "url": "https://acme.zerossl.com/v2/DV90/authz/BideW-srnSsuoyfxrmEybg", "headers": {"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.4.0-beta.1 CertMagic acmez (linux; amd64)"]}, "status_code": 200, "response_headers": {"Access-Control-Allow-Origin":["*"],"Cache-Control":["max-age=-1"],"Content-Length":["298"],"Content-Type":["application/json"],"Date":["Wed, 26 May 2021 09:38:20 GMT"],"Link":["<https://acme.zerossl.com/v2/DV90>;rel=\"index\""],"Replay-Nonce":["cAXRBso87xQB-6kxaSFawR9fu58KsSMjUupcGJXyIKw"],"Retry-After":["5"],"Server":["nginx"],"Strict-Transport-Security":["max-age=15552000"]}}
2021/05/26 09:38:25.400 DEBUG   tls.issuance.acme.acme_client   http request    {"method": "POST", "url": "https://acme.zerossl.com/v2/DV90/authz/BideW-srnSsuoyfxrmEybg", "headers": {"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.4.0-beta.1 CertMagic acmez (linux; amd64)"]}, "status_code": 200, "response_headers": {"Access-Control-Allow-Origin":["*"],"Cache-Control":["max-age=-1"],"Content-Length":["298"],"Content-Type":["application/json"],"Date":["Wed, 26 May 2021 09:38:25 GMT"],"Link":["<https://acme.zerossl.com/v2/DV90>;rel=\"index\""],"Replay-Nonce":["HnpVaaqDUxdNPaH84y0apJucT2dMYv7mn-E3_VkX2pQ"],"Retry-After":["5"],"Server":["nginx"],"Strict-Transport-Security":["max-age=15552000"]}}
2021/05/26 09:38:30.661 DEBUG   tls.issuance.acme.acme_client   http request    {"method": "POST", "url": "https://acme.zerossl.com/v2/DV90/authz/BideW-srnSsuoyfxrmEybg", "headers": {"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.4.0-beta.1 CertMagic acmez (linux; amd64)"]}, "status_code": 200, "response_headers": {"Access-Control-Allow-Origin":["*"],"Cache-Control":["max-age=-1"],"Content-Length":["298"],"Content-Type":["application/json"],"Date":["Wed, 26 May 2021 09:38:30 GMT"],"Link":["<https://acme.zerossl.com/v2/DV90>;rel=\"index\""],"Replay-Nonce":["VpX7wnaK-orNaai7wDfBHh4g2UM2QxEYaUDKHXHiMqg"],"Retry-After":["5"],"Server":["nginx"],"Strict-Transport-Security":["max-age=15552000"]}}
2021/05/26 09:38:35.905 DEBUG   tls.issuance.acme.acme_client   http request    {"method": "POST", "url": "https://acme.zerossl.com/v2/DV90/authz/BideW-srnSsuoyfxrmEybg", "headers": {"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.4.0-beta.1 CertMagic acmez (linux; amd64)"]}, "status_code": 200, "response_headers": {"Access-Control-Allow-Origin":["*"],"Cache-Control":["max-age=-1"],"Content-Length":["298"],"Content-Type":["application/json"],"Date":["Wed, 26 May 2021 09:38:35 GMT"],"Link":["<https://acme.zerossl.com/v2/DV90>;rel=\"index\""],"Replay-Nonce":["uaYMhvvDz5_J9K6LBpq13iZESGseSIXTAtDGhLQBzxM"],"Retry-After":["5"],"Server":["nginx"],"Strict-Transport-Security":["max-age=15552000"]}}
2021/05/26 09:38:41.142 DEBUG   tls.issuance.acme.acme_client   http request    {"method": "POST", "url": "https://acme.zerossl.com/v2/DV90/authz/BideW-srnSsuoyfxrmEybg", "headers": {"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.4.0-beta.1 CertMagic acmez (linux; amd64)"]}, "status_code": 200, "response_headers": {"Access-Control-Allow-Origin":["*"],"Cache-Control":["max-age=-1"],"Content-Length":["326"],"Content-Type":["application/json"],"Date":["Wed, 26 May 2021 09:38:41 GMT"],"Link":["<https://acme.zerossl.com/v2/DV90>;rel=\"index\""],"Replay-Nonce":["d6fdNu2nxMNGghkJw5NUJ_bf1ER1wmU2Lb73Tulsv0M"],"Retry-After":["5"],"Server":["nginx"],"Strict-Transport-Security":["max-age=15552000"]}}
2021/05/26 09:38:42.147 INFO    tls.issuance.acme.acme_client   validations succeeded; finalizing order {"order": "https://acme.zerossl.com/v2/DV90/order/IptXMubG-4LoRY-nM7woLQ"}
2021/05/26 09:38:42.408 DEBUG   tls.issuance.acme.acme_client   http request    {"method": "POST", "url": "https://acme.zerossl.com/v2/DV90/order/IptXMubG-4LoRY-nM7woLQ/finalize", "headers": {"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.4.0-beta.1 CertMagic acmez (linux; amd64)"]}, "status_code": 200, "response_headers": {"Access-Control-Allow-Origin":["*"],"Cache-Control":["max-age=-1"],"Content-Length":["278"],"Content-Type":["application/json"],"Date":["Wed, 26 May 2021 09:38:42 GMT"],"Location":["https://acme.zerossl.com/v2/DV90/order/IptXMubG-4LoRY-nM7woLQ"],"Replay-Nonce":["bYE67rRY5n31JXewwc0miFEYpZCvAq8k-AzlssZ-IzU"],"Retry-After":["15"],"Server":["nginx"],"Status":[""],"Strict-Transport-Security":["max-age=15552000"]}}
2021/05/26 09:38:57.651 DEBUG   tls.issuance.acme.acme_client   http request    {"method": "POST", "url": "https://acme.zerossl.com/v2/DV90/order/IptXMubG-4LoRY-nM7woLQ", "headers": {"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.4.0-beta.1 CertMagic acmez (linux; amd64)"]}, "status_code": 200, "response_headers": {"Access-Control-Allow-Origin":["*"],"Cache-Control":["max-age=-1"],"Content-Length":["350"],"Content-Type":["application/json"],"Date":["Wed, 26 May 2021 09:38:57 GMT"],"Location":["https://acme.zerossl.com/v2/DV90/order/IptXMubG-4LoRY-nM7woLQ"],"Replay-Nonce":["5jmlixtKHkeF6DsFwZrl0-xldFm0M9532GXOcsy6vuc"],"Server":["nginx"],"Status":[""],"Strict-Transport-Security":["max-age=15552000"]}}
2021/05/26 09:38:57.891 DEBUG   tls.issuance.acme.acme_client   http request    {"method": "POST", "url": "https://acme.zerossl.com/v2/DV90/cert/JbVEaA7yHhjB1WaHbYkeaw", "headers": {"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.4.0-beta.1 CertMagic acmez (linux; amd64)"]}, "status_code": 200, "response_headers": {"Access-Control-Allow-Origin":["*"],"Cache-Control":["max-age=-1"],"Content-Length":["4112"],"Content-Type":["application/pem-certificate-chain"],"Date":["Wed, 26 May 2021 09:38:57 GMT"],"Link":["<https://acme.zerossl.com/v2/DV90>;rel=\"index\""],"Replay-Nonce":["og108tew8vxl3SnhppGqhdCzEcaWyY3FzxMTsAZZozY"],"Server":["nginx"],"Strict-Transport-Security":["max-age=15552000"]}}
2021/05/26 09:38:57.892 INFO    tls.issuance.acme.acme_client   successfully downloaded available certificate chains    {"count": 1, "first_url": "https://acme.zerossl.com/v2/DV90/cert/JbVEaA7yHhjB1WaHbYkeaw"}
2021/05/26 09:38:57.892 INFO    tls.obtain      certificate obtained successfully       {"identifier": "*.buct.edu.cn"}
2021/05/26 09:38:57.892 INFO    tls.obtain      releasing lock  {"identifier": "*.buct.edu.cn"}
2021/05/26 09:38:58.499 WARN    tls     stapling OCSP   {"error": "no OCSP stapling for [*.buct.edu.cn]: parsing OCSP response: ocsp: error from server: unauthorized"}

Here is v2.4.1 logs

2021/05/26 09:27:47.211 INFO    using provided configuration    {"config_file": "/etc/caddy/Caddyfile", "config_adapter": "caddyfile"}
2021/05/26 09:27:47.215 INFO    admin   admin endpoint started  {"address": "tcp/localhost:2019", "enforce_origin": false, "origins": ["localhost:2019", "[::1]:2019", "127.0.0.1:2019"]}
2021/05/26 09:27:47.215 INFO    http    server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS {"server_name": "srv0", "https_port": 443}
2021/05/26 09:27:47.215 INFO    http    enabling automatic HTTP->HTTPS redirects        {"server_name": "srv0"}
2021/05/26 09:27:47.215 INFO    tls.cache.maintenance   started background certificate maintenance      {"cache": "0xc0002ed810"}
2021/05/26 09:27:47.216 DEBUG   http    starting server loop    {"address": "[::]:443", "http3": false, "tls": true}
2021/05/26 09:27:47.216 INFO    tls     cleaning storage unit   {"description": "FileStorage:/data/caddy"}
2021/05/26 09:27:47.216 DEBUG   http    starting server loop    {"address": "[::]:80", "http3": false, "tls": false}
2021/05/26 09:27:47.216 INFO    http    enabling automatic TLS certificate management   {"domains": ["*.buct.edu.cn"]}
2021/05/26 09:27:47.216 INFO    tls     finished cleaning storage units
2021/05/26 09:27:47.216 INFO    autosaved config (load with --resume flag)      {"file": "/config/caddy/autosave.json"}
2021/05/26 09:27:47.216 INFO    serving initial configuration
2021/05/26 09:27:47.216 INFO    tls.obtain      acquiring lock  {"identifier": "*.buct.edu.cn"}
2021/05/26 09:27:47.235 INFO    tls.obtain      lock acquired   {"identifier": "*.buct.edu.cn"}
2021/05/26 09:27:47.260 WARN    tls.issuance.zerossl    missing email address for ZeroSSL; it is strongly recommended to set one for next time
2021/05/26 09:27:48.459 INFO    tls.issuance.zerossl    generated EAB credentials       {"key_id": "xhaKwoXV7yNG_EVW78FfKg"}
2021/05/26 09:27:49.488 DEBUG   tls.issuance.acme.acme_client   http request    {"method": "GET", "url": "https://acme.zerossl.com/v2/DV90", "headers": {"User-Agent":["Caddy/2.4.1 CertMagic acmez (linux; amd64)"]}, "status_code": 200, "response_headers": {"Access-Control-Allow-Origin":["*"],"Cache-Control":["max-age=-1"],"Content-Length":["645"],"Content-Type":["application/json"],"Date":["Wed, 26 May 2021 09:27:49 GMT"],"Server":["nginx"],"Strict-Transport-Security":["max-age=15552000"]}}
2021/05/26 09:27:49.731 DEBUG   tls.issuance.acme.acme_client   http request    {"method": "HEAD", "url": "https://acme.zerossl.com/v2/DV90/newNonce", "headers": {"User-Agent":["Caddy/2.4.1 CertMagic acmez (linux; amd64)"]}, "status_code": 200, "response_headers": {"Access-Control-Allow-Origin":["*"],"Cache-Control":["max-age=-1"],"Content-Type":["application/octet-stream"],"Date":["Wed, 26 May 2021 09:27:49 GMT"],"Link":["<https://acme.zerossl.com/v2/DV90>;rel=\"index\""],"Replay-Nonce":["wiUnkrkAg3r6q-XZ2zQr-RFfb5muqa_hVO9kNbEChy8"],"Server":["nginx"],"Strict-Transport-Security":["max-age=15552000"]}}
2021/05/26 09:27:50.002 DEBUG   tls.issuance.acme.acme_client   http request    {"method": "POST", "url": "https://acme.zerossl.com/v2/DV90/newAccount", "headers": {"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.4.1 CertMagic acmez (linux; amd64)"]}, "status_code": 201, "response_headers": {"Access-Control-Allow-Origin":["*"],"Cache-Control":["max-age=0, no-cache, no-store","max-age=-1"],"Content-Length":["579"],"Content-Type":["application/json"],"Date":["Wed, 26 May 2021 09:27:49 GMT"],"Location":["https://acme.zerossl.com/v2/DV90/account/xhaKwoXV7yNG_EVW78FfKg"],"Replay-Nonce":["sMt3f6XL85ingPB8Zdq4BPP_K4QVJEqAgy1zsyg2e4Q"],"Server":["nginx"],"Status":[""],"Strict-Transport-Security":["max-age=15552000"]}}
2021/05/26 09:27:50.003 INFO    tls.issuance.acme       waiting on internal rate limiter        {"identifiers": ["*.buct.edu.cn"]}
2021/05/26 09:27:50.003 INFO    tls.issuance.acme       done waiting on internal rate limiter   {"identifiers": ["*.buct.edu.cn"]}
2021/05/26 09:27:50.308 DEBUG   tls.issuance.acme.acme_client   http request    {"method": "POST", "url": "https://acme.zerossl.com/v2/DV90/newOrder", "headers": {"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.4.1 CertMagic acmez (linux; amd64)"]}, "status_code": 201, "response_headers": {"Access-Control-Allow-Origin":["*"],"Cache-Control":["max-age=0, no-cache, no-store","max-age=-1"],"Content-Length":["275"],"Content-Type":["application/json"],"Date":["Wed, 26 May 2021 09:27:50 GMT"],"Location":["https://acme.zerossl.com/v2/DV90/order/65ErF_6NM2mqWTI9DHgdCw"],"Replay-Nonce":["pvLHCG32sihEnXJ8MWg7p10hoviqxz33DSzIjQ8I68s"],"Server":["nginx"],"Status":[""],"Strict-Transport-Security":["max-age=15552000"]}}
2021/05/26 09:27:50.548 DEBUG   tls.issuance.acme.acme_client   http request    {"method": "POST", "url": "https://acme.zerossl.com/v2/DV90/authz/eTKebDFafB0cuIiA2P5beg", "headers": {"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.4.1 CertMagic acmez (linux; amd64)"]}, "status_code": 200, "response_headers": {"Access-Control-Allow-Origin":["*"],"Cache-Control":["max-age=-1"],"Content-Length":["295"],"Content-Type":["application/json"],"Date":["Wed, 26 May 2021 09:27:50 GMT"],"Link":["<https://acme.zerossl.com/v2/DV90>;rel=\"index\""],"Replay-Nonce":["h2ET2ovCyHFsY8_FmDZgC0bHZwg79YYzXHc7cpoZOHo"],"Retry-After":["5"],"Server":["nginx"],"Strict-Transport-Security":["max-age=15552000"]}}
2021/05/26 09:27:50.548 INFO    tls.issuance.acme.acme_client   trying to solve challenge       {"identifier": "*.buct.edu.cn", "challenge_type": "dns-01", "ca": "https://acme.zerossl.com/v2/DV90"}
2021/05/26 09:29:53.119 DEBUG   tls.issuance.acme.acme_client   http request    {"method": "POST", "url": "https://acme.zerossl.com/v2/DV90/authz/eTKebDFafB0cuIiA2P5beg", "headers": {"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.4.1 CertMagic acmez (linux; amd64)"]}, "status_code": 200, "response_headers": {"Access-Control-Allow-Origin":["*"],"Cache-Control":["max-age=-1"],"Content-Length":["139"],"Content-Type":["application/json"],"Date":["Wed, 26 May 2021 09:29:53 GMT"],"Link":["<https://acme.zerossl.com/v2/DV90>;rel=\"index\""],"Replay-Nonce":["Z7-WBY4Rx90e_GZasJdXu0JKjpNRD8i_sHIK-IrcSY8"],"Retry-After":["5"],"Server":["nginx"],"Strict-Transport-Security":["max-age=15552000"]}}
2021/05/26 09:29:53.120 ERROR   tls.obtain      will retry      {"error": "[*.buct.edu.cn] Obtain: [*.buct.edu.cn] solving challenges: waiting for solver certmagic.solverWrapper to be ready: timed out waiting for record to fully propagate; verify DNS provider configuration is correct - last error: <nil> (order=https://acme.zerossl.com/v2/DV90/order/65ErF_6NM2mqWTI9DHgdCw) (ca=https://acme.zerossl.com/v2/DV90)", "attempt": 1, "retrying_in": 60, "elapsed": 125.884897089, "max_duration": 2592000}
2021/05/26 09:30:53.122 WARN    tls.issuance.zerossl    missing email address for ZeroSSL; it is strongly recommended to set one for next time
2021/05/26 09:30:54.363 INFO    tls.issuance.zerossl    generated EAB credentials       {"key_id": "Z2tSdmpMjx7WZ0iA2ehFhg"}
2021/05/26 09:30:56.130 DEBUG   tls.issuance.acme.acme_client   http request    {"method": "HEAD", "url": "https://acme.zerossl.com/v2/DV90/newNonce", "headers": {"User-Agent":["Caddy/2.4.1 CertMagic acmez (linux; amd64)"]}, "status_code": 200, "response_headers": {"Access-Control-Allow-Origin":["*"],"Cache-Control":["max-age=-1"],"Content-Type":["application/octet-stream"],"Date":["Wed, 26 May 2021 09:30:56 GMT"],"Link":["<https://acme.zerossl.com/v2/DV90>;rel=\"index\""],"Replay-Nonce":["nSxkha2e2S7b5qGqWjhCfglyTnUN5QAxfbG1YAN9rxc"],"Server":["nginx"],"Strict-Transport-Security":["max-age=15552000"]}}
2021/05/26 09:30:56.788 DEBUG   tls.issuance.acme.acme_client   http request    {"method": "POST", "url": "https://acme.zerossl.com/v2/DV90/newAccount", "headers": {"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.4.1 CertMagic acmez (linux; amd64)"]}, "status_code": 201, "response_headers": {"Access-Control-Allow-Origin":["*"],"Cache-Control":["max-age=0, no-cache, no-store","max-age=-1"],"Content-Length":["579"],"Content-Type":["application/json"],"Date":["Wed, 26 May 2021 09:30:56 GMT"],"Location":["https://acme.zerossl.com/v2/DV90/account/Z2tSdmpMjx7WZ0iA2ehFhg"],"Replay-Nonce":["B32uzgvc8habss__ygleg2Pk4yXMEbDLTphQI5HUpbY"],"Server":["nginx"],"Status":[""],"Strict-Transport-Security":["max-age=15552000"]}}
2021/05/26 09:30:57.210 DEBUG   tls.issuance.acme.acme_client   http request    {"method": "POST", "url": "https://acme.zerossl.com/v2/DV90/newOrder", "headers": {"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.4.1 CertMagic acmez (linux; amd64)"]}, "status_code": 201, "response_headers": {"Access-Control-Allow-Origin":["*"],"Cache-Control":["max-age=0, no-cache, no-store","max-age=-1"],"Content-Length":["275"],"Content-Type":["application/json"],"Date":["Wed, 26 May 2021 09:30:57 GMT"],"Location":["https://acme.zerossl.com/v2/DV90/order/s1IoNWpFkf7qwx3mp5fUSw"],"Replay-Nonce":["i61cqg6-445cfIL7ZKQNe8-mO1LibTep2eEEs8m-6Ag"],"Server":["nginx"],"Status":[""],"Strict-Transport-Security":["max-age=15552000"]}}
2021/05/26 09:30:57.523 DEBUG   tls.issuance.acme.acme_client   http request    {"method": "POST", "url": "https://acme.zerossl.com/v2/DV90/authz/-N9UrDNzS6caxAusGi0t-A", "headers": {"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.4.1 CertMagic acmez (linux; amd64)"]}, "status_code": 200, "response_headers": {"Access-Control-Allow-Origin":["*"],"Cache-Control":["max-age=-1"],"Content-Length":["295"],"Content-Type":["application/json"],"Date":["Wed, 26 May 2021 09:30:57 GMT"],"Link":["<https://acme.zerossl.com/v2/DV90>;rel=\"index\""],"Replay-Nonce":["dasRA_YxnxyALdi9rh2FfO3J1-VLEffKWurtgu8mfHY"],"Retry-After":["5"],"Server":["nginx"],"Strict-Transport-Security":["max-age=15552000"]}}
2021/05/26 09:30:57.524 INFO    tls.issuance.acme.acme_client   trying to solve challenge       {"identifier": "*.buct.edu.cn", "challenge_type": "dns-01", "ca": "https://acme.zerossl.com/v2/DV90"}

I have checked the DNS TXT recodes, both v2.4.0-beta1 and v2.4.1 set a new recode, but only v2.4.0-beta1 can issue the certificate and delete TXT recode automatically, v2.4.1 will stuck at solve challenge.

And I don’t know what is it doing while it logs “trying to solve challenge”.

I have tried to issue a certificate for buct.duckdns.org directly without override_domain in v2.4.1, it work.
Here are logs:

2021/05/26 14:48:18.977 INFO    using provided configuration    {"config_file": "/etc/caddy/Caddyfile", "config_adapter": "caddyfile"}
2021/05/26 14:48:18.982 WARN    input is not formatted with 'caddy fmt' {"adapter": "caddyfile", "file": "/etc/caddy/Caddyfile", "line": 73}
2021/05/26 14:48:18.984 INFO    admin   admin endpoint started  {"address": "tcp/localhost:2019", "enforce_origin": false, "origins": ["[::1]:2019", "127.0.0.1:2019", "localhost:2019"]}
2021/05/26 14:48:18.984 INFO    tls.cache.maintenance   started background certificate maintenance      {"cache": "0xc000363960"}
2021/05/26 14:48:18.984 INFO    http    server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS {"server_name": "srv0", "https_port": 443}
2021/05/26 14:48:18.984 INFO    http    enabling automatic HTTP->HTTPS redirects        {"server_name": "srv0"}
2021/05/26 14:48:18.985 INFO    tls     cleaning storage unit   {"description": "FileStorage:/data/caddy"}
2021/05/26 14:48:18.985 INFO    tls     finished cleaning storage units
2021/05/26 14:48:18.985 DEBUG   http    starting server loop    {"address": "[::]:443", "http3": false, "tls": true}
2021/05/26 14:48:18.986 DEBUG   http    starting server loop    {"address": "[::]:80", "http3": false, "tls": false}
2021/05/26 14:48:18.986 INFO    http    enabling automatic TLS certificate management   {"domains": ["buct.duckdns.org"]}
2021/05/26 14:48:18.986 INFO    autosaved config (load with --resume flag)      {"file": "/config/caddy/autosave.json"}
2021/05/26 14:48:18.986 INFO    serving initial configuration
2021/05/26 14:48:18.986 INFO    tls.obtain      acquiring lock  {"identifier": "buct.duckdns.org"}
2021/05/26 14:48:19.003 INFO    tls.obtain      lock acquired   {"identifier": "buct.duckdns.org"}
2021/05/26 14:48:19.028 WARN    tls.issuance.zerossl    missing email address for ZeroSSL; it is strongly recommended to set one for next time
2021/05/26 14:48:20.395 INFO    tls.issuance.zerossl    generated EAB credentials       {"key_id": "v6sFHdl7QsNntC16kvjELw"}
2021/05/26 14:48:21.289 DEBUG   tls.issuance.acme.acme_client   http request    {"method": "GET", "url": "https://acme.zerossl.com/v2/DV90", "headers": {"User-Agent":["Caddy/2.4.1 CertMagic acmez (linux; amd64)"]}, "status_code": 200, "response_headers": {"Access-Control-Allow-Origin":["*"],"Cache-Control":["max-age=-1"],"Content-Length":["645"],"Content-Type":["application/json"],"Date":["Wed, 26 May 2021 14:48:21 GMT"],"Server":["nginx"],"Strict-Transport-Security":["max-age=15552000"]}}
2021/05/26 14:48:21.521 DEBUG   tls.issuance.acme.acme_client   http request    {"method": "HEAD", "url": "https://acme.zerossl.com/v2/DV90/newNonce", "headers": {"User-Agent":["Caddy/2.4.1 CertMagic acmez (linux; amd64)"]}, "status_code": 200, "response_headers": {"Access-Control-Allow-Origin":["*"],"Cache-Control":["max-age=-1"],"Content-Type":["application/octet-stream"],"Date":["Wed, 26 May 2021 14:48:21 GMT"],"Link":["<https://acme.zerossl.com/v2/DV90>;rel=\"index\""],"Replay-Nonce":["gohPF9-0kEHOmiFTuupISplU0v2chQNuxAtK4uxEHFk"],"Server":["nginx"],"Strict-Transport-Security":["max-age=15552000"]}}
2021/05/26 14:48:21.787 DEBUG   tls.issuance.acme.acme_client   http request    {"method": "POST", "url": "https://acme.zerossl.com/v2/DV90/newAccount", "headers": {"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.4.1 CertMagic acmez (linux; amd64)"]}, "status_code": 201, "response_headers": {"Access-Control-Allow-Origin":["*"],"Cache-Control":["max-age=0, no-cache, no-store","max-age=-1"],"Content-Length":["579"],"Content-Type":["application/json"],"Date":["Wed, 26 May 2021 14:48:21 GMT"],"Location":["https://acme.zerossl.com/v2/DV90/account/v6sFHdl7QsNntC16kvjELw"],"Replay-Nonce":["AcETjOKmMoHDoJ6FL9KpAuajIxSP7RXvXhZvgXRq4G8"],"Server":["nginx"],"Status":[""],"Strict-Transport-Security":["max-age=15552000"]}}
2021/05/26 14:48:21.788 INFO    tls.issuance.acme       waiting on internal rate limiter        {"identifiers": ["buct.duckdns.org"]}
2021/05/26 14:48:21.788 INFO    tls.issuance.acme       done waiting on internal rate limiter   {"identifiers": ["buct.duckdns.org"]}
2021/05/26 14:48:22.054 DEBUG   tls.issuance.acme.acme_client   http request    {"method": "POST", "url": "https://acme.zerossl.com/v2/DV90/newOrder", "headers": {"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.4.1 CertMagic acmez (linux; amd64)"]}, "status_code": 201, "response_headers": {"Access-Control-Allow-Origin":["*"],"Cache-Control":["max-age=0, no-cache, no-store","max-age=-1"],"Content-Length":["278"],"Content-Type":["application/json"],"Date":["Wed, 26 May 2021 14:48:21 GMT"],"Location":["https://acme.zerossl.com/v2/DV90/order/qLyMnQLlsiB75eazqOlpWg"],"Replay-Nonce":["T7rY7RofUaDyFVie01zjqSSavGHRfJM5Q58QxkPOju8"],"Server":["nginx"],"Status":[""],"Strict-Transport-Security":["max-age=15552000"]}}
2021/05/26 14:48:22.296 DEBUG   tls.issuance.acme.acme_client   http request    {"method": "POST", "url": "https://acme.zerossl.com/v2/DV90/authz/VGlIrR6_zLE5a9IVEnHjDw", "headers": {"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.4.1 CertMagic acmez (linux; amd64)"]}, "status_code": 200, "response_headers": {"Access-Control-Allow-Origin":["*"],"Cache-Control":["max-age=-1"],"Content-Length":["446"],"Content-Type":["application/json"],"Date":["Wed, 26 May 2021 14:48:22 GMT"],"Link":["<https://acme.zerossl.com/v2/DV90>;rel=\"index\""],"Replay-Nonce":["r0LL5L9McXl3VaDQRiXqacE7qbpEyOFfOglx8o6PVy4"],"Retry-After":["5"],"Server":["nginx"],"Strict-Transport-Security":["max-age=15552000"]}}
2021/05/26 14:48:22.297 DEBUG   tls.issuance.acme.acme_client   no solver configured    {"challenge_type": "http-01"}
2021/05/26 14:48:22.297 INFO    tls.issuance.acme.acme_client   trying to solve challenge       {"identifier": "buct.duckdns.org", "challenge_type": "dns-01", "ca": "https://acme.zerossl.com/v2/DV90"}
2021/05/26 14:48:28.785 DEBUG   tls.issuance.acme.acme_client   http request    {"method": "POST", "url": "https://acme.zerossl.com/v2/DV90/chall/SrMpWyj39LE9HYbLlOgiaw", "headers": {"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.4.1 CertMagic acmez (linux; amd64)"]}, "status_code": 200, "response_headers": {"Access-Control-Allow-Origin":["*"],"Cache-Control":["max-age=-1"],"Content-Length":["163"],"Content-Type":["application/json"],"Date":["Wed, 26 May 2021 14:48:28 GMT"],"Link":["<https://acme.zerossl.com/v2/DV90>;rel=\"index\"","<https://acme.zerossl.com/v2/DV90/authz/VGlIrR6_zLE5a9IVEnHjDw>;rel=\"up\""],"Replay-Nonce":["MhRW80_n_86Hui8_0m47Xn-7QpXRi_39gD0RR0qKcsk"],"Retry-After":["10"],"Server":["nginx"],"Strict-Transport-Security":["max-age=15552000"]}}
2021/05/26 14:48:28.786 DEBUG   tls.issuance.acme.acme_client   challenge accepted      {"identifier": "buct.duckdns.org", "challenge_type": "dns-01"}
2021/05/26 14:48:29.270 DEBUG   tls.issuance.acme.acme_client   http request    {"method": "POST", "url": "https://acme.zerossl.com/v2/DV90/authz/VGlIrR6_zLE5a9IVEnHjDw", "headers": {"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.4.1 CertMagic acmez (linux; amd64)"]}, "status_code": 200, "response_headers": {"Access-Control-Allow-Origin":["*"],"Cache-Control":["max-age=-1"],"Content-Length":["315"],"Content-Type":["application/json"],"Date":["Wed, 26 May 2021 14:48:29 GMT"],"Link":["<https://acme.zerossl.com/v2/DV90>;rel=\"index\""],"Replay-Nonce":["VJHUhoNkRS9C2tirLc2C3eGVX0y-B2Y2JNC_-oZGm3Q"],"Retry-After":["5"],"Server":["nginx"],"Strict-Transport-Security":["max-age=15552000"]}}
2021/05/26 14:48:29.616 INFO    tls.issuance.acme.acme_client   validations succeeded; finalizing order {"order": "https://acme.zerossl.com/v2/DV90/order/qLyMnQLlsiB75eazqOlpWg"}
2021/05/26 14:48:29.881 DEBUG   tls.issuance.acme.acme_client   http request    {"method": "POST", "url": "https://acme.zerossl.com/v2/DV90/order/qLyMnQLlsiB75eazqOlpWg/finalize", "headers": {"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.4.1 CertMagic acmez (linux; amd64)"]}, "status_code": 200, "response_headers": {"Access-Control-Allow-Origin":["*"],"Cache-Control":["max-age=-1"],"Content-Length":["281"],"Content-Type":["application/json"],"Date":["Wed, 26 May 2021 14:48:29 GMT"],"Location":["https://acme.zerossl.com/v2/DV90/order/qLyMnQLlsiB75eazqOlpWg"],"Replay-Nonce":["MJvILMUn7Kt7_79lJLkuyQo9ptoBTPVhNi1jRYyxk6s"],"Retry-After":["15"],"Server":["nginx"],"Status":[""],"Strict-Transport-Security":["max-age=15552000"]}}
2021/05/26 14:48:45.118 DEBUG   tls.issuance.acme.acme_client   http request    {"method": "POST", "url": "https://acme.zerossl.com/v2/DV90/order/qLyMnQLlsiB75eazqOlpWg", "headers": {"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.4.1 CertMagic acmez (linux; amd64)"]}, "status_code": 200, "response_headers": {"Access-Control-Allow-Origin":["*"],"Cache-Control":["max-age=-1"],"Content-Length":["353"],"Content-Type":["application/json"],"Date":["Wed, 26 May 2021 14:48:45 GMT"],"Location":["https://acme.zerossl.com/v2/DV90/order/qLyMnQLlsiB75eazqOlpWg"],"Replay-Nonce":["-8u1b-p_fjht6slpJow4nawuER5hpnogd4wA1iAK5b0"],"Server":["nginx"],"Status":[""],"Strict-Transport-Security":["max-age=15552000"]}}
2021/05/26 14:48:45.365 DEBUG   tls.issuance.acme.acme_client   http request    {"method": "POST", "url": "https://acme.zerossl.com/v2/DV90/cert/RR04aYh5gep0sFpa6yQycQ", "headers": {"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.4.1 CertMagic acmez (linux; amd64)"]}, "status_code": 200, "response_headers": {"Access-Control-Allow-Origin":["*"],"Cache-Control":["max-age=-1"],"Content-Length":["4116"],"Content-Type":["application/pem-certificate-chain"],"Date":["Wed, 26 May 2021 14:48:45 GMT"],"Link":["<https://acme.zerossl.com/v2/DV90>;rel=\"index\""],"Replay-Nonce":["9e6NFE18ZSkHQW0Av_64i3MCGpzZ0f-Zr4dspuOpHZU"],"Server":["nginx"],"Strict-Transport-Security":["max-age=15552000"]}}
2021/05/26 14:48:45.365 INFO    tls.issuance.acme.acme_client   successfully downloaded available certificate chains    {"count": 1, "first_url": "https://acme.zerossl.com/v2/DV90/cert/RR04aYh5gep0sFpa6yQycQ"}
2021/05/26 14:48:45.366 INFO    tls.obtain      certificate obtained successfully       {"identifier": "buct.duckdns.org"}
2021/05/26 14:48:45.366 INFO    tls.obtain      releasing lock  {"identifier": "buct.duckdns.org"}
2021/05/26 14:48:45.948 WARN    tls     stapling OCSP   {"error": "no OCSP stapling for [buct.duckdns.org]: parsing OCSP response: ocsp: error from server: unauthorized"}

and my DNS CNAME chain is:
_acme-challenge.buct.edu.cn -> _acme-challenge.acme.buct.edu.cn -> buct.duckdns.org

/cc @jpeddicord in case you have any ideas; I don’t use challenge delegation myself, so I’m not sure what’s wrong

Today, it raise some new errors, for example:

2021/05/29 03:33:13.562 ERROR   tls.obtain      will retry      {"error": "[acmetest.buct.edu.cn] Obtain: [acmetest.buct.edu.cn] solving challenges: waiting for solver certmagic.solverWrapper to be ready: checking DNS propagation of _acme-challenge.acmetest.buct.edu.cn: dial tcp 52.26.169.94:53: i/o timeout (order=https://acme-staging-v02.api.letsencrypt.org/acme/order/19705046/65057314) (ca=https://acme-staging-v02.api.letsencrypt.org/directory)", "attempt": 1, "retrying_in": 60, "elapsed": 53.49357852, "max_duration": 2592000}
2021/05/29 03:35:16.034 ERROR   tls.obtain      will retry      {"error": "[acme.buct.edu.cn] Obtain: [acme.buct.edu.cn] solving challenges: waiting for solver certmagic.solverWrapper to be ready: checking DNS propagation of _acme-challenge.acme.buct.edu.cn: dial tcp 44.242.92.242:53: i/o timeout (order=https://acme-staging-v02.api.letsencrypt.org/acme/order/19705058/65058227) (ca=https://acme-staging-v02.api.letsencrypt.org/directory)", "attempt": 1, "retrying_in": 60, "elapsed": 50.406698718, "max_duration": 2592000}
2021/05/29 03:36:44.347 ERROR   tls.obtain      will retry      {"error": "[acme.buct.edu.cn] Obtain: [acme.buct.edu.cn] solving challenges: waiting for solver certmagic.solverWrapper to be ready: checking DNS propagation of _acme-challenge.acme.buct.edu.cn: dial tcp 54.191.117.119:53: i/o timeout (order=https://acme-staging-v02.api.letsencrypt.org/acme/order/19705067/65058912) (ca=https://acme-staging-v02.api.letsencrypt.org/directory)", "attempt": 1, "retrying_in": 60, "elapsed": 50.322677191, "max_duration": 2592000}

I think that maybe new version caddy change something about use remote DNS
to verify DNS TXT recode.

This topic was automatically closed after 30 days. New replies are no longer allowed.