Certificate issues

Octo · June 26, 2024, 11:30am

1. The problem I’m having:

On any browser you get the issue of “ERR_SSL_PROTOCOL_ERROR” due to issues with certificates and letsencrypt.

2. Error messages and/or full log output:

(order=https://acme-v02.api.letsencrypt.org/acme/order/1801824347/281859241937) (ca=https://acme-v02.api.letsencrypt.org/directory)"}
{"level":"error","ts":1719399128.9740498,"logger":"tls.obtain","msg":"will retry","error":"[media.jellyoctomedia.com] Obtain: [media.jellyoctomedia.com] solving challenges: presenting for challenge: could not determine zone for domain \"_acme-challenge.media.jellyoctomedia.com\": unexpected response code 'SERVFAIL' for _acme-challenge.media.jellyoctomedia.com. (order=https://acme-v02.api.letsencrypt.org/acme/order/1801824347/281859241937) (ca=https://acme-v02.api.letsencrypt.org/directory)","attempt":1,"retrying_in":60,"elapsed":1.3247948,"max_duration":2592000}

3. Caddy version:

Caddy 2.8.4

4. How I installed and ran Caddy:

I installed it using the custom installer website. I did this so I could add on the cloudflare add on. I then run it as a service through nssm

a. System environment:

Windows 11

b. Command:

run --config ./caddyfile --adapter caddyfile

PASTE OVER THIS, BETWEEN THE ``` LINES.
Please use the preview pane to ensure it looks nice.

d. My complete Caddy config:

media.jellyoctomedia.com {
    reverse_proxy 192.168.1.43:8096
    tls {
        dns cloudflare (API_TOKEN)
    }
}

I’ve tried making my DNS resolver 1.1.1.1 but it also gives me the same error.

francislavoie · June 30, 2024, 5:10am

This essentially means that Caddy wasn’t able to determine information about your domain using DNS queries on your local machine. You system’s DNS resolver might be misconfigured for some reason.

If you name your config file Caddyfile with an uppercase C, you could skip the --adapter flag.

Octo · July 1, 2024, 10:30am

Is there any troubleshooting you may suggest for this. The only thing I can think of is changing the DNS resolver within my settings to be:
1.1.1.1
1.0.0.1

This however does not change anything

francislavoie · July 6, 2024, 4:59am

Sorry for the wait, had a busy week.

You could turn off DNS propagation checks (i.e. Caddy doing DNS queries to check “did I successfully write the TXT record?”) to possibly get around the issue, by adding propagation_timeout -1 to your tls config.

system · August 5, 2024, 5:00am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.