1. Caddy version (caddy version
):
v2.1.1 h1:X9k1+ehZPYYrSqBvf/ocUgdLSRIuiNiMo7CvyGUQKeA=
2. How I run Caddy:
a. System environment:
Raspberry Pi OS May 27th version
systemd
b. Command:
to run:
sudo systemctl start caddy
to build, I used xcaddy:
GOOS=linux GOARCH=arm GOARM=7 xcaddy build --with github.com/caddy-dns/cloudflare
As you might infer, I cross-compiled caddy on a regular x86 linux machine to run on a ARMv7 Raspberry Pi 4
c. Service/unit/compose file:
systemd
caddy.service
[Unit]
Description=Caddy
Documentation=https://caddyserver.com/docs/
After=network.target
[Service]
User=caddy
Group=caddy
ExecStart=/usr/bin/caddy run --environ --config /etc/caddy/Caddyfile
ExecReload=/usr/bin/caddy reload --config /etc/caddy/Caddyfile
TimeoutStopSec=5s
LimitNOFILE=1048576
LimitNPROC=512
PrivateTmp=true
ProtectSystem=full
AmbientCapabilities=CAP_NET_BIND_SERVICE
[Install]
WantedBy=multi-user.target
d. My complete Caddyfile or JSON config:
nizar.cf:1996 {
encode gzip
### important part starts here
tls {
dns cloudflare API_TOKEN_PLAINTEXT_REDACTED
}
###important part ends here
redir /cloud /cloud/
redir /cloud/.well-known/caldav /cloud/remote.php/dav 301
redir /cloud/.well-known/carddav /cloud/remote.php/dav 301
route /cloud/* {
root * /var/www
php_fastcgi unix//run/php/php7.3-fpm.sock
file_server
}
redir /bitw /bitwarden/
redir /bitw/ /bitwarden/
redir /bitwarden /bitwarden/
reverse_proxy /bitwarden/* localhost:3401
redir /rss /miniflux/
redir /rss/ /miniflux/
redir /miniflux /miniflux/
reverse_proxy /miniflux/* unix//run/miniflux/miniflux.sock
}
3. The problem I’m having:
The DNS challenge for TLS seems to be failing with cloudflare with a 401 error. I cannot access my server using the domain name.
4. Error messages and/or full log output:
Jul 26 03:55:20 raspberrypi caddy[30881]: 2020/07/26 03:55:20 [INFO] [nizar.cf] acme: Preparing to solve DNS-01
Jul 26 03:55:21 raspberrypi caddy[30881]: 2020/07/26 03:55:21 [INFO] [nizar.cf] acme: Cleaning DNS-01 challenge
Jul 26 03:55:21 raspberrypi caddy[30881]: 2020/07/26 03:55:21 [WARN] [nizar.cf] acme: cleaning up failed: no memory of presenting a DNS record for nizar.cf
Jul 26 03:55:21 raspberrypi caddy[30881]: 2020/07/26 03:55:21 [INFO] Deactivating auth: https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/82793320
Jul 26 03:55:21 raspberrypi caddy[30881]: 2020/07/26 03:55:21 [ERROR] error: one or more domains had a problem:
Jul 26 03:55:21 raspberrypi caddy[30881]: [nizar.cf] [nizar.cf] acme: error presenting token: got error status: HTTP 401: []
Jul 26 03:55:21 raspberrypi caddy[30881]: (challenge=dns-01 remaining=[])
Jul 26 03:55:23 raspberrypi caddy[30881]: 2020/07/26 03:55:23 [ERROR] attempt 5: [nizar.cf] Obtain: [nizar.cf] error: one or more domains had a problem:
Jul 26 03:55:23 raspberrypi caddy[30881]: [nizar.cf] [nizar.cf] acme: error presenting token: got error status: HTTP 401: []
Jul 26 03:55:23 raspberrypi caddy[30881]: - retrying in 10m0s (10m21.77428467s/720h0m0s elapsed)...
5. What I already tried:
I tried changing the API token, expanding its permissions beyond whats required. I tried using a wrong token to ensure that I do indeed get a different error, so that is not exactly the issue. I also ensured the token was correct by running the curl command cloudflare provides, and it returned successfully.
I saw that others have had similar issues to me [1][2]
In both cases, the issue seemed to be that the users were using the API key instead of token. I made sure that I am in fact using an API token (which requires permissions set) and not the global keys.
6. Links to relevant resources:
Others who had the same issue
[1] V2 Caddyfile problem with Cloudflare plugin - #7 by francislavoie
[2] Compiled Caddy 2.0.0 with this module but TLS handshake error during challenge · Issue #1 · caddy-dns/cloudflare · GitHub
Please help me fix this, I would really appreciate it!