1. Caddy version (caddy version
):
v2.4.0-beta.1 h1:Ed/tIaN3p6z8M3pEiXWJL/T8JmCqV62FrSJCHKquW/I=
2. How I run Caddy:
a. System environment:
-
OS: Raspbian GNU/Linux 10 (buster)
-
Caddy running inside a docker container.
c. Service/unit/compose file:
Dockerfile:
FROM caddy:2.3.0-builder AS builder
RUN xcaddy build \
--with github.com/caddy-dns/cloudflare
FROM caddy:2.3.0
COPY --from=builder /usr/bin/caddy /usr/bin/caddy
Docker Compose file:
version: "3"
services:
caddy:
# The name and tag I provided my built image.
image: caddy:cloudflare
container_name: caddy
ports:
- 80:80
- 443:443
volumes:
- ./caddy_data:/data
# Mount Caddyfile
- ./Caddyfile:/etc/caddy/Caddyfile
environment:
CLOUDFLARE_API_TOKEN: "API token here."
ACME_EMAIL: "Email here."
restart: unless-stopped
d. My complete Caddyfile or JSON config:
{
debug
admin off
email {env.ACME_EMAIL}
acme_ca https://acme-staging-v02.api.letsencrypt.org/directory
}
# Wildcard: https://github.com/caddyserver/caddy/issues/3200#issuecomment-638608401
*.net.dbren.uk, net.dbren.uk {
tls {
dns cloudflare {env.CLOUDFLARE_API_TOKEN}
}
@sub {
host app.net.dbren.uk
}
handle @sub {
reverse_proxy localhost:1080
}
}
3. The problem I’m having:
I’m trying to use Caddy in a docker container to obtain a certificate for a wildcard subdomain (ie. *.net.dbren.uk) using the DNS-01 challenge type.
The domain is managed using Cloudflare.
Running the command caddy list modules
inside the container shows that the module Cloudflare module is installed:
dns.providers.cloudflare
Non-standard modules: 1
I’m providing my email address and Cloudflare API token using environment variables. Furthermore, I’m trying to get this working using the Let’s Encrypt staging environment before using the production endpoint.
I have checked and I’m definitely using a Cloudflare API token as instructed here with the permissions:
-
Zone / Zone / Read
-
Zone / DNS / Edit
With Zone Resources set to include the specific zone for my domain.
4. Error messages and/or full log output:
{"level":"info","ts":1615117765.0986633,"msg":"using provided configuration","config_file":"/etc/caddy/Caddyfile","config_adapter":"caddyfile"}
[WARNING][caddyfile] /etc/caddy/Caddyfile:1: input is not formatted with 'caddy fmt'
{"level":"warn","ts":1615117765.1082976,"logger":"admin","msg":"admin endpoint disabled"}
{"level":"info","ts":1615117765.109268,"logger":"tls.cache.maintenance","msg":"started background certificate maintenance","cache":"0x309aa00"}
{"level":"info","ts":1615117765.1100245,"logger":"http","msg":"server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS","server_name":"srv0","https_port":443}
{"level":"info","ts":1615117765.1101475,"logger":"http","msg":"enabling automatic HTTP->HTTPS redirects","server_name":"srv0"}
{"level":"info","ts":1615117765.1119108,"logger":"tls","msg":"cleaned up storage units"}
{"level":"debug","ts":1615117765.1127994,"logger":"http","msg":"starting server loop","address":"[::]:443","http3":false,"tls":true}
{"level":"debug","ts":1615117765.113149,"logger":"http","msg":"starting server loop","address":"[::]:80","http3":false,"tls":false}
{"level":"info","ts":1615117765.1132264,"logger":"http","msg":"enabling automatic TLS certificate management","domains":["*.net.dbren.uk","net.dbren.uk"]}
{"level":"info","ts":1615117765.1167908,"logger":"tls.obtain","msg":"acquiring lock","identifier":"net.dbren.uk"}
{"level":"info","ts":1615117765.1167905,"logger":"tls.obtain","msg":"acquiring lock","identifier":"*.net.dbren.uk"}
{"level":"info","ts":1615117765.118571,"msg":"autosaved config","file":"/config/caddy/autosave.json"}
{"level":"info","ts":1615117765.1186473,"msg":"serving initial configuration"}
{"level":"info","ts":1615117765.191888,"logger":"tls.obtain","msg":"lock acquired","identifier":"net.dbren.uk"}
{"level":"info","ts":1615117765.2382996,"logger":"tls.obtain","msg":"lock acquired","identifier":"*.net.dbren.uk"}
{"level":"debug","ts":1615117766.057885,"logger":"tls.issuance.acme.acme_client","msg":"http request","method":"GET","url":"https://acme-staging-v02.api.letsencrypt.org/directory","headers":{"User-Agent":["Caddy/2.4.0-beta.1 CertMagic acmez (linux; arm)"]},"status_code":200,"response_headers":{"Cache-Control":["public, max-age=0, no-cache"],"Content-Length":["724"],"Content-Type":["application/json"],"Date":["Sun, 07 Mar 2021 11:49:25 GMT"],"Server":["nginx"],"Strict-Transport-Security":["max-age=604800"],"X-Frame-Options":["DENY"]}}
{"level":"debug","ts":1615117766.2023299,"logger":"tls.issuance.acme.acme_client","msg":"http request","method":"HEAD","url":"https://acme-staging-v02.api.letsencrypt.org/acme/new-nonce","headers":{"User-Agent":["Caddy/2.4.0-beta.1 CertMagic acmez (linux; arm)"]},"status_code":200,"response_headers":{"Cache-Control":["public, max-age=0, no-cache"],"Date":["Sun, 07 Mar 2021 11:49:26 GMT"],"Link":["<https://acme-staging-v02.api.letsencrypt.org/directory>;rel=\"index\""],"Replay-Nonce":["0004vib9oEd8eH22ooo-LcmjLgZrXFmpz55_ilrHp3vT8yQ"],"Server":["nginx"],"Strict-Transport-Security":["max-age=604800"],"X-Frame-Options":["DENY"]}}
{"level":"debug","ts":1615117766.354741,"logger":"tls.issuance.acme.acme_client","msg":"http request","method":"POST","url":"https://acme-staging-v02.api.letsencrypt.org/acme/new-acct","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.4.0-beta.1 CertMagic acmez (linux; arm)"]},"status_code":201,"response_headers":{"Boulder-Requester":["18439568"],"Cache-Control":["public, max-age=0, no-cache"],"Content-Length":["323"],"Content-Type":["application/json"],"Date":["Sun, 07 Mar 2021 11:49:26 GMT"],"Link":["<https://acme-staging-v02.api.letsencrypt.org/directory>;rel=\"index\"","<https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf>;rel=\"terms-of-service\""],"Location":["https://acme-staging-v02.api.letsencrypt.org/acme/acct/18439568"],"Replay-Nonce":["0003cHX9YWsLpgzaSSn1mdDlh39qA5xPC9CLTeuW7X1VzlY"],"Server":["nginx"],"Strict-Transport-Security":["max-age=604800"],"X-Frame-Options":["DENY"]}}
{"level":"debug","ts":1615117766.657894,"logger":"tls.issuance.acme.acme_client","msg":"http request","method":"HEAD","url":"https://acme-staging-v02.api.letsencrypt.org/acme/new-nonce","headers":{"User-Agent":["Caddy/2.4.0-beta.1 CertMagic acmez (linux; arm)"]},"status_code":200,"response_headers":{"Cache-Control":["public, max-age=0, no-cache"],"Date":["Sun, 07 Mar 2021 11:49:26 GMT"],"Link":["<https://acme-staging-v02.api.letsencrypt.org/directory>;rel=\"index\""],"Replay-Nonce":["0004gxDEPIixfxjFMm7Yasf2sHvuK9iubYaJ78JYy2Mbz-A"],"Server":["nginx"],"Strict-Transport-Security":["max-age=604800"],"X-Frame-Options":["DENY"]}}
{"level":"debug","ts":1615117766.811533,"logger":"tls.issuance.acme.acme_client","msg":"http request","method":"POST","url":"https://acme-staging-v02.api.letsencrypt.org/acme/new-acct","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.4.0-beta.1 CertMagic acmez (linux; arm)"]},"status_code":201,"response_headers":{"Boulder-Requester":["18439569"],"Cache-Control":["public, max-age=0, no-cache"],"Content-Length":["323"],"Content-Type":["application/json"],"Date":["Sun, 07 Mar 2021 11:49:26 GMT"],"Link":["<https://acme-staging-v02.api.letsencrypt.org/directory>;rel=\"index\"","<https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf>;rel=\"terms-of-service\""],"Location":["https://acme-staging-v02.api.letsencrypt.org/acme/acct/18439569"],"Replay-Nonce":["00040plzHUe-6x4C_ocoCoQ3-HYOqUNhHu-kjFvY9T5nl_Y"],"Server":["nginx"],"Strict-Transport-Security":["max-age=604800"],"X-Frame-Options":["DENY"]}}
{"level":"info","ts":1615117766.8466969,"logger":"tls.issuance.acme","msg":"waiting on internal rate limiter","identifiers":["net.dbren.uk"]}
{"level":"info","ts":1615117766.8469384,"logger":"tls.issuance.acme","msg":"done waiting on internal rate limiter","identifiers":["net.dbren.uk"]}
{"level":"debug","ts":1615117767.024617,"logger":"tls.issuance.acme.acme_client","msg":"http request","method":"POST","url":"https://acme-staging-v02.api.letsencrypt.org/acme/new-order","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.4.0-beta.1 CertMagic acmez (linux; arm)"]},"status_code":201,"response_headers":{"Boulder-Requester":["18439568"],"Cache-Control":["public, max-age=0, no-cache"],"Content-Length":["342"],"Content-Type":["application/json"],"Date":["Sun, 07 Mar 2021 11:49:26 GMT"],"Link":["<https://acme-staging-v02.api.letsencrypt.org/directory>;rel=\"index\""],"Location":["https://acme-staging-v02.api.letsencrypt.org/acme/order/18439568/3847307"],"Replay-Nonce":["0004Xu0Mcm3nA9R6HxKLj3vY5ZDJfRidXldNcMyj9YKE4s0"],"Server":["nginx"],"Strict-Transport-Security":["max-age=604800"],"X-Frame-Options":["DENY"]}}
{"level":"debug","ts":1615117767.173732,"logger":"tls.issuance.acme.acme_client","msg":"http request","method":"POST","url":"https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/3192508","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.4.0-beta.1 CertMagic acmez (linux; arm)"]},"status_code":200,"response_headers":{"Boulder-Requester":["18439568"],"Cache-Control":["public, max-age=0, no-cache"],"Content-Length":["805"],"Content-Type":["application/json"],"Date":["Sun, 07 Mar 2021 11:49:27 GMT"],"Link":["<https://acme-staging-v02.api.letsencrypt.org/directory>;rel=\"index\""],"Replay-Nonce":["00044oHEQHwYrwvZO7V1fu7zXjVjizdN5eONeM4AuwYH1MI"],"Server":["nginx"],"Strict-Transport-Security":["max-age=604800"],"X-Frame-Options":["DENY"]}}
{"level":"debug","ts":1615117767.1755733,"logger":"tls.issuance.acme.acme_client","msg":"no solver configured","challenge_type":"tls-alpn-01"}
{"level":"debug","ts":1615117767.1756752,"logger":"tls.issuance.acme.acme_client","msg":"no solver configured","challenge_type":"http-01"}
{"level":"info","ts":1615117767.1757185,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"net.dbren.uk","challenge_type":"dns-01","ca":"https://acme-staging-v02.api.letsencrypt.org/directory"}
{"level":"info","ts":1615117767.43741,"logger":"tls.issuance.acme","msg":"waiting on internal rate limiter","identifiers":["*.net.dbren.uk"]}
{"level":"info","ts":1615117767.4375975,"logger":"tls.issuance.acme","msg":"done waiting on internal rate limiter","identifiers":["*.net.dbren.uk"]}
{"level":"debug","ts":1615117767.5982428,"logger":"tls.issuance.acme.acme_client","msg":"http request","method":"POST","url":"https://acme-staging-v02.api.letsencrypt.org/acme/new-order","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.4.0-beta.1 CertMagic acmez (linux; arm)"]},"status_code":201,"response_headers":{"Boulder-Requester":["18439569"],"Cache-Control":["public, max-age=0, no-cache"],"Content-Length":["344"],"Content-Type":["application/json"],"Date":["Sun, 07 Mar 2021 11:49:27 GMT"],"Link":["<https://acme-staging-v02.api.letsencrypt.org/directory>;rel=\"index\""],"Location":["https://acme-staging-v02.api.letsencrypt.org/acme/order/18439569/3847310"],"Replay-Nonce":["0003LxG0XCJ_Rr1hKDSdP-_6J9Y7B8Hwqwa9R9oIr-suens"],"Server":["nginx"],"Strict-Transport-Security":["max-age=604800"],"X-Frame-Options":["DENY"]}}
{"level":"debug","ts":1615117767.7458289,"logger":"tls.issuance.acme.acme_client","msg":"http request","method":"POST","url":"https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/3192511","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.4.0-beta.1 CertMagic acmez (linux; arm)"]},"status_code":200,"response_headers":{"Boulder-Requester":["18439569"],"Cache-Control":["public, max-age=0, no-cache"],"Content-Length":["389"],"Content-Type":["application/json"],"Date":["Sun, 07 Mar 2021 11:49:27 GMT"],"Link":["<https://acme-staging-v02.api.letsencrypt.org/directory>;rel=\"index\""],"Replay-Nonce":["0004NfyLDPLQ7KQ2g4pEtEtb9TAgtuWpzY3neBfu0ZN-_vk"],"Server":["nginx"],"Strict-Transport-Security":["max-age=604800"],"X-Frame-Options":["DENY"]}}
{"level":"info","ts":1615117767.7466753,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"*.net.dbren.uk","challenge_type":"dns-01","ca":"https://acme-staging-v02.api.letsencrypt.org/directory"}
{"level":"debug","ts":1615117769.6054442,"logger":"tls.issuance.acme.acme_client","msg":"http request","method":"POST","url":"https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/3192508/YpvLVw","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.4.0-beta.1 CertMagic acmez (linux; arm)"]},"status_code":200,"response_headers":{"Boulder-Requester":["18439568"],"Cache-Control":["public, max-age=0, no-cache"],"Content-Length":["189"],"Content-Type":["application/json"],"Date":["Sun, 07 Mar 2021 11:49:29 GMT"],"Link":["<https://acme-staging-v02.api.letsencrypt.org/directory>;rel=\"index\"","<https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/3192508>;rel=\"up\""],"Location":["https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/3192508/YpvLVw"],"Replay-Nonce":["0004ehpjgF3odZBatagvV59_lAvBbwrh1sbmsiidlLPcj6I"],"Server":["nginx"],"Strict-Transport-Security":["max-age=604800"],"X-Frame-Options":["DENY"]}}
{"level":"debug","ts":1615117769.6059616,"logger":"tls.issuance.acme.acme_client","msg":"challenge accepted","identifier":"net.dbren.uk","challenge_type":"dns-01"}
{"level":"debug","ts":1615117770.0064352,"logger":"tls.issuance.acme.acme_client","msg":"http request","method":"POST","url":"https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/3192508","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.4.0-beta.1 CertMagic acmez (linux; arm)"]},"status_code":200,"response_headers":{"Boulder-Requester":["18439568"],"Cache-Control":["public, max-age=0, no-cache"],"Content-Length":["549"],"Content-Type":["application/json"],"Date":["Sun, 07 Mar 2021 11:49:29 GMT"],"Link":["<https://acme-staging-v02.api.letsencrypt.org/directory>;rel=\"index\""],"Replay-Nonce":["0004Muq2xlRsDSk1IGbVdnFNLvj7htHVppNBSkS3hfHLcZE"],"Server":["nginx"],"Strict-Transport-Security":["max-age=604800"],"X-Frame-Options":["DENY"]}}
{"level":"error","ts":1615117771.6162183,"logger":"tls.issuance.acme.acme_client","msg":"challenge failed","identifier":"net.dbren.uk","challenge_type":"dns-01","status_code":403,"problem_type":"urn:ietf:params:acme:error:unauthorized","error":"No TXT record found at _acme-challenge.net.dbren.uk"}
{"level":"error","ts":1615117771.6163986,"logger":"tls.issuance.acme.acme_client","msg":"validating authorization","identifier":"net.dbren.uk","error":"authorization failed: HTTP 403 urn:ietf:params:acme:error:unauthorized - No TXT record found at _acme-challenge.net.dbren.uk","order":"https://acme-staging-v02.api.letsencrypt.org/acme/order/18439568/3847307","attempt":1,"max_attempts":3}
{"level":"debug","ts":1615117772.7376325,"logger":"tls.issuance.acme.acme_client","msg":"http request","method":"POST","url":"https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/3192511/xdUB7Q","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.4.0-beta.1 CertMagic acmez (linux; arm)"]},"status_code":200,"response_headers":{"Boulder-Requester":["18439569"],"Cache-Control":["public, max-age=0, no-cache"],"Content-Length":["189"],"Content-Type":["application/json"],"Date":["Sun, 07 Mar 2021 11:49:32 GMT"],"Link":["<https://acme-staging-v02.api.letsencrypt.org/directory>;rel=\"index\"","<https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/3192511>;rel=\"up\""],"Location":["https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/3192511/xdUB7Q"],"Replay-Nonce":["0004SpWrMNcYd2_TBK-u5i5dhwZP9xtm2pzY5gDAqkRdc1M"],"Server":["nginx"],"Strict-Transport-Security":["max-age=604800"],"X-Frame-Options":["DENY"]}}
{"level":"debug","ts":1615117772.738071,"logger":"tls.issuance.acme.acme_client","msg":"challenge accepted","identifier":"*.net.dbren.uk","challenge_type":"dns-01"}
{"level":"debug","ts":1615117772.7844148,"logger":"tls.issuance.acme.acme_client","msg":"http request","method":"POST","url":"https://acme-staging-v02.api.letsencrypt.org/acme/new-order","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.4.0-beta.1 CertMagic acmez (linux; arm)"]},"status_code":201,"response_headers":{"Boulder-Requester":["18439568"],"Cache-Control":["public, max-age=0, no-cache"],"Content-Length":["342"],"Content-Type":["application/json"],"Date":["Sun, 07 Mar 2021 11:49:32 GMT"],"Link":["<https://acme-staging-v02.api.letsencrypt.org/directory>;rel=\"index\""],"Location":["https://acme-staging-v02.api.letsencrypt.org/acme/order/18439568/3847376"],"Replay-Nonce":["0004i0yY-8OFzWvhQD-D5si3uGM5QCyMrB_jmdBJH5arrYI"],"Server":["nginx"],"Strict-Transport-Security":["max-age=604800"],"X-Frame-Options":["DENY"]}}
{"level":"debug","ts":1615117772.9355478,"logger":"tls.issuance.acme.acme_client","msg":"http request","method":"POST","url":"https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/3192572","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.4.0-beta.1 CertMagic acmez (linux; arm)"]},"status_code":200,"response_headers":{"Boulder-Requester":["18439568"],"Cache-Control":["public, max-age=0, no-cache"],"Content-Length":["805"],"Content-Type":["application/json"],"Date":["Sun, 07 Mar 2021 11:49:32 GMT"],"Link":["<https://acme-staging-v02.api.letsencrypt.org/directory>;rel=\"index\""],"Replay-Nonce":["0003EWDnt_SVORi44Dw_XF8eFd0YZ90f_6mmaOgoUn9qSZE"],"Server":["nginx"],"Strict-Transport-Security":["max-age=604800"],"X-Frame-Options":["DENY"]}}
{"level":"debug","ts":1615117772.9363232,"logger":"tls.issuance.acme.acme_client","msg":"no solver configured","challenge_type":"tls-alpn-01"}
{"level":"debug","ts":1615117772.9363937,"logger":"tls.issuance.acme.acme_client","msg":"no solver configured","challenge_type":"http-01"}
{"level":"debug","ts":1615117773.0875306,"logger":"tls.issuance.acme.acme_client","msg":"http request","method":"POST","url":"https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/3192572","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.4.0-beta.1 CertMagic acmez (linux; arm)"]},"status_code":200,"response_headers":{"Boulder-Requester":["18439568"],"Cache-Control":["public, max-age=0, no-cache"],"Content-Length":["809"],"Content-Type":["application/json"],"Date":["Sun, 07 Mar 2021 11:49:33 GMT"],"Link":["<https://acme-staging-v02.api.letsencrypt.org/directory>;rel=\"index\""],"Replay-Nonce":["0003So9ZJlgXBUL02e8MjkQ8NFpmCSGDCbqPGcjbG2EKat0"],"Server":["nginx"],"Strict-Transport-Security":["max-age=604800"],"X-Frame-Options":["DENY"]}}
{"level":"info","ts":1615117773.0954053,"logger":"tls.issuance.acme","msg":"waiting on internal rate limiter","identifiers":["net.dbren.uk"]}
{"level":"info","ts":1615117773.095549,"logger":"tls.issuance.acme","msg":"done waiting on internal rate limiter","identifiers":["net.dbren.uk"]}
{"level":"debug","ts":1615117773.1351142,"logger":"tls.issuance.acme.acme_client","msg":"http request","method":"POST","url":"https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/3192511","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.4.0-beta.1 CertMagic acmez (linux; arm)"]},"status_code":200,"response_headers":{"Boulder-Requester":["18439569"],"Cache-Control":["public, max-age=0, no-cache"],"Content-Length":["569"],"Content-Type":["application/json"],"Date":["Sun, 07 Mar 2021 11:49:33 GMT"],"Link":["<https://acme-staging-v02.api.letsencrypt.org/directory>;rel=\"index\""],"Replay-Nonce":["0003a9p8FDVJVLD5WnYX3H6EVhdpo5nkSIH9_GpzpsVhKOw"],"Server":["nginx"],"Strict-Transport-Security":["max-age=604800"],"X-Frame-Options":["DENY"]}}
{"level":"debug","ts":1615117773.6784244,"logger":"tls.issuance.acme.acme_client","msg":"http request","method":"HEAD","url":"https://acme-staging-v02.api.letsencrypt.org/acme/new-nonce","headers":{"User-Agent":["Caddy/2.4.0-beta.1 CertMagic acmez (linux; arm)"]},"status_code":200,"response_headers":{"Cache-Control":["public, max-age=0, no-cache"],"Date":["Sun, 07 Mar 2021 11:49:33 GMT"],"Link":["<https://acme-staging-v02.api.letsencrypt.org/directory>;rel=\"index\""],"Replay-Nonce":["0004UUJH3esoYg-ldc5KtraYVYGtrI4mSmNN83lXZbMQEf8"],"Server":["nginx"],"Strict-Transport-Security":["max-age=604800"],"X-Frame-Options":["DENY"]}}
{"level":"debug","ts":1615117773.8356457,"logger":"tls.issuance.acme.acme_client","msg":"http request","method":"POST","url":"https://acme-staging-v02.api.letsencrypt.org/acme/new-order","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.4.0-beta.1 CertMagic acmez (linux; arm)"]},"status_code":201,"response_headers":{"Boulder-Requester":["18439569"],"Cache-Control":["public, max-age=0, no-cache"],"Content-Length":["342"],"Content-Type":["application/json"],"Date":["Sun, 07 Mar 2021 11:49:33 GMT"],"Link":["<https://acme-staging-v02.api.letsencrypt.org/directory>;rel=\"index\""],"Location":["https://acme-staging-v02.api.letsencrypt.org/acme/order/18439569/3847390"],"Replay-Nonce":["00041fbUE0vlmN-mmNCOeF2iSXBIw5YoegS7f3J-SlCKHc4"],"Server":["nginx"],"Strict-Transport-Security":["max-age=604800"],"X-Frame-Options":["DENY"]}}
{"level":"debug","ts":1615117773.9695787,"logger":"tls.issuance.acme.acme_client","msg":"http request","method":"POST","url":"https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/3192583","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.4.0-beta.1 CertMagic acmez (linux; arm)"]},"status_code":200,"response_headers":{"Boulder-Requester":["18439569"],"Cache-Control":["public, max-age=0, no-cache"],"Content-Length":["805"],"Content-Type":["application/json"],"Date":["Sun, 07 Mar 2021 11:49:33 GMT"],"Link":["<https://acme-staging-v02.api.letsencrypt.org/directory>;rel=\"index\""],"Replay-Nonce":["0004pGmzChySCCQDUQj_lnIRIVJUmS-CrOEbTeLm6E6gvIk"],"Server":["nginx"],"Strict-Transport-Security":["max-age=604800"],"X-Frame-Options":["DENY"]}}
{"level":"debug","ts":1615117773.9701407,"logger":"tls.issuance.acme.acme_client","msg":"no solver configured","challenge_type":"tls-alpn-01"}
{"level":"debug","ts":1615117773.9701996,"logger":"tls.issuance.acme.acme_client","msg":"no solver configured","challenge_type":"http-01"}
{"level":"info","ts":1615117773.9702225,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"net.dbren.uk","challenge_type":"dns-01","ca":"https://acme-staging-v02.api.letsencrypt.org/directory"}
{"level":"error","ts":1615117774.1021292,"logger":"tls.issuance.acme.acme_client","msg":"challenge failed","identifier":"*.net.dbren.uk","challenge_type":"dns-01","status_code":403,"problem_type":"urn:ietf:params:acme:error:unauthorized","error":"No TXT record found at _acme-challenge.net.dbren.uk"}
{"level":"error","ts":1615117774.1023877,"logger":"tls.issuance.acme.acme_client","msg":"validating authorization","identifier":"*.net.dbren.uk","error":"authorization failed: HTTP 403 urn:ietf:params:acme:error:unauthorized - No TXT record found at _acme-challenge.net.dbren.uk","order":"https://acme-staging-v02.api.letsencrypt.org/acme/order/18439569/3847310","attempt":1,"max_attempts":3}
Cloudflare does say that the API token was used when placing my cursor over the status of the API token.
5. What I already tried:
-
Providing the Cloudflare API token and email without environment variables (placing directly into the Caddyfile). This also did not work.
-
Using the Let’s Encrypt production endpoint once. Same errors occurred. Not surprising but thought it was worth a try
-
Increasing ACME timeout using:
tls {
issuer acme {
dns cloudflare token
timeout 600s
}
}
Is there something I have misconfigured here that somebody can spot?
One thing I did find interesting was even though I built the container image with 2.3.0
tags, the version is v2.4.0-beta.1
Something to do with using xcaddy?
Please let me know if any other information is needed.
Any help is greatly appreciated.