Can't retrieve ssl certificate with my transip provider

1. The problem I’m having:

I am trying to setup DNS ACME challenge for my domain hosted at Transip.
I built a module for it: GitHub - zjean/transip

I built my own docker image:

ARG CADDY_VERSION=2.6.4
FROM caddy:${CADDY_VERSION}-builder AS builder

RUN xcaddy build \
    --with github.com/lucaslorentz/caddy-docker-proxy/v2 \
    --with github.com/zjean/transip

FROM caddy:${CADDY_VERSION}

COPY --from=builder /usr/bin/caddy /usr/bin/caddy

CMD ["caddy", "docker-proxy"]

Caddy spits out an error message when trying to add records to the DNS provider.

Maybe something is wrong in the libdns/transip package, or the transipgo package. Or I am doing something wrong configuring the provider.

2. Error messages and/or full log output:

panic: certificate worker: runtime error: invalid memory address or nil pointer dereference goroutine 207 [running]: 
github.com/caddyserver/certmagic.(*jobManager).worker.func1() 
github.com/caddyserver/certmagic@v0.17.2/async.go:58 +0x65 panic({0x17f07e0, 0x2b2fdc0}) runtime/panic.go:884 +0x212 
github.com/transip/gotransip/v6/domain.(*Repository).AddDNSEntry(0x0, {0xc000b2ffc0, 0xc}, {{0xc000b09950, 0x14}, 0x0, {0x1a3a5bb, 0x3}, {0xc000b09860, 0x2b}}) 
github.com/transip/gotransip/v6@v6.6.1/domain/repository.go:144 +0x18e 
github.com/libdns/transip.(*Provider).addDNSEntry(0xc0009dfec0, {0xc000100000?, 0xc000b09950?}, {0xc000b2ffc0, 0xc}, {{0x0, 0x0}, {0x1a3a5bb, 0x3}, {0xc000b09950, ...}, ...}) 
github.com/libdns/transip@v0.0.0-20211011153753-1c0ec90e7a12/client.go:67 +0x20d 
github.com/libdns/transip.(*Provider).AppendRecords(0xc000b0da80?, {0x1f0ed18, 0xc000a17f50}, {0xc000b2ffc0, 0xc}, {0xc000b31180?, 0x1, 0x0?}) 
github.com/libdns/transip@v0.0.0-20211011153753-1c0ec90e7a12/provider.go:35 +0x185 
github.com/caddyserver/certmagic.(*DNS01Solver).Present(0xc0007f29c0, {0x1f0ed18, 0xc000a17f50}, {{0xc000b2ff28, 0x6}, {0xc000b38500, 0x46}, {0xc000b2ff30, 0x7}, {0x0, ...}, ...}) 
github.com/caddyserver/certmagic@v0.17.2/solvers.go:312 +0x483 
github.com/caddyserver/certmagic.solverWrapper.Present({{0x1f05330?, 0xc0007f29c0?}}, {0x1f0ed18, 0xc000a17f50}, {{0xc000b2ff28, 0x6}, {0xc000b38500, 0x46}, {0xc000b2ff30, 0x7}, ...}) 
github.com/caddyserver/certmagic@v0.17.2/solvers.go:724 +0x22e 
github.com/mholt/acmez.(*Client).presentForNextChallenge(0xc000639060, {0x1f0ed18, 0xc000a17f50}, 0xc000b1d6c0) 
github.com/mholt/acmez@v1.1.0/client.go:390 +0x7c5 
github.com/mholt/acmez.(*Client).solveChallenges(_, {_, _}, {{0xc000b8a660, 0x5}, {0xc00053cf80, 0x1, 0x4}, 0x1, {0x0, ...}, ...}, ...) 
github.com/mholt/acmez@v1.1.0/client.go:341 +0x277 
github.com/mholt/acmez.(*Client).ObtainCertificateUsingCSR(0xc000639060, {0x1f0ed18, 0xc000a17f50}, {{0xc000b8a660, 0x5}, {0xc00053cf80, 0x1, 0x4}, 0x1, {0x0, ...}, ...}, ...) 
github.com/mholt/acmez@v1.1.0/client.go:117 +0x458 
github.com/caddyserver/certmagic.(*ACMEIssuer).doIssue(0xc000a17f50?, {0x1f0ed18, 0xc000a17f50}, 0x0?, 0x0) 
github.com/caddyserver/certmagic@v0.17.2/acmeissuer.go:385 +0x1b0 
github.com/caddyserver/certmagic.(*ACMEIssuer).Issue(0xc00041de60, {0x1f0ed18, 0xc000a17f50}, 0xc000a1f708?) 
github.com/caddyserver/certmagic@v0.17.2/acmeissuer.go:314 +0xa9 
github.com/caddyserver/caddy/v2/modules/caddytls.(*ACMEIssuer).Issue(0x196d6a0?, {0x1f0ed18?, 0xc000a17f50?}, 0xc000639050?) 
github.com/caddyserver/caddy/v2@v2.6.4/modules/caddytls/acmeissuer.go:233 +0x2a 
github.com/caddyserver/certmagic.(*Config).obtainCert.func2({0x1f0ed18, 0xc000a17f50}) 
github.com/caddyserver/certmagic@v0.17.2/config.go:554 +0x1133 
github.com/caddyserver/certmagic.doWithRetry({0x1f0ec70, 0xc0005c7340}, 0x1f17378?, 0xc000bc3b78) 
github.com/caddyserver/certmagic@v0.17.2/async.go:104 +0x1eb 
github.com/caddyserver/certmagic.(*Config).obtainCert(0xc0001d56b0, {0x1f0ec70, 0xc0005c7340}, {0xc0007d3150, 0x10}, 0x0) 
github.com/caddyserver/certmagic@v0.17.2/config.go:611 +0x66b 
github.com/caddyserver/certmagic.(*Config).ObtainCertAsync(...) 
github.com/caddyserver/certmagic@v0.17.2/config.go:462 
github.com/caddyserver/certmagic.(*Config).manageOne.func1() 
github.com/caddyserver/certmagic@v0.17.2/config.go:359 +0x7f 
github.com/caddyserver/certmagic.(*jobManager).worker(0x2b3b220) 
github.com/caddyserver/certmagic@v0.17.2/async.go:73 +0x11b created by 
github.com/caddyserver/certmagic.(*jobManager).Submit 
github.com/caddyserver/certmagic@v0.17.2/async.go:50 +0x29b

3. Caddy version:

v2.6.4 h1:2hwYqiRwk1tf3VruhMpLcYTg+11fCdr8S3jhNAdnPy8=

4. How I installed and ran Caddy:

a. System environment:

Docker compose

b. Command:

ARG CADDY_VERSION=2.6.4
FROM caddy:${CADDY_VERSION}-builder AS builder

RUN xcaddy build \
    --with github.com/lucaslorentz/caddy-docker-proxy/v2 \
    --with github.com/zjean/transip

FROM caddy:${CADDY_VERSION}

COPY --from=builder /usr/bin/caddy /usr/bin/caddy

CMD ["caddy", "docker-proxy"]

c. Service/unit/compose file:

version: "3.7"

networks:
  caddy:
    external: true

services:
  caddy:
    image: zjean/caddy-docker
    container_name: caddy-docker
    restart: unless-stopped
    ports:
      - 80:80
      - 443:443
    networks:
      - caddy
    volumes:
      - ./Caddyfile:/Caddyfile
      - /var/run/docker.sock:/var/run/docker.sock
      - /etc/timezone:/etc/timezone:ro
      # this volume is needed to keep the certificates
      # otherwise, new ones will be re-issued upon restart
      - ./data:/data
      - ./config:/config
      - ./local:/local
      # transip key file
      - ./transip.key:/transip.key
    environment:
      - CADDY_DOCKER_CADDYFILE_PATH=/Caddyfile
      - TRANSIP_KEY_PATH=/transip.key
    extra_hosts:
      - host.docker.internal:host-gateway

    labels:
      # Global options
      caddy.email: klaus@klaus.nl

d. My complete Caddy config:

#Basic Caddyfile which is extended by the docker labels
{
	debug
}

# https://helgeklein.com/blog/owncloud-infinite-scale-with-openid-connect-authentication-for-home-networks/#caddy-add-cors-support-remove-prompt-parameter
# CORS handling
# This is a modified version of: https://kalnytskyi.com/posts/setup-cors-caddy-2/
#
(cors) {
	@cors_preflight method OPTIONS
	@cors header Origin {args.0}

	handle @cors_preflight {
		header {
			Access-Control-Allow-Origin "{args.0}"
			Access-Control-Allow-Methods "GET, POST, PUT, PATCH, DELETE, OPTIONS"
			Access-Control-Allow-Headers *
			Access-Control-Max-Age "3600"
			defer
		}
		respond "" 204
	}

	handle @cors {
		header {
			Access-Control-Allow-Origin "{args.0}"
			Access-Control-Expose-Headers *
			defer
		}
	}
}

(trusted_proxy_list) {
	## Uncomment & adjust the following line to configure specific ranges which should be considered as trustworthy.
	trusted_proxies 10.0.0.0/8 172.16.0.0/16 192.168.0.0/16 fc00::/7

}


test.klaus.nl {
	tls {
    	dns transip ["klaus@klaus.nl", {env.TRANSIP_KEY_PATH}]
			#username 
			#privatekey_path 
		#}
	}
	
	respond "Welcome @ test.klaus.nl"
}

5. Links to relevant resources:

Make sure to push it to caddy-dns/transip · GitHub! Or maybe @matt can set you up with permissions to do so if you don’t have it already.

That looks wrong. Caddyfile doesn’t take JSON-style arrays as config, it takes string tokens.

Yeah, there’s probably a bug somewhere in here in the libdns/transip package.

Hi, thanks so much!
I got it working by forking the libdns/transip module, and applying the open pull request to trim trailing dot from fqdn…
After that I had to add the code that is used in other modules, to make sure the TTL is set to a reasonable value.

That did the trick
Can someone merge the open PR, so I can create my pr to get libdns/transip and the transip dns module working again?

I don’t see an open PR, you just made a commit to your own fork.

I opened a PR now. Fix transip by zjean · Pull Request #7 · libdns/transip · GitHub

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.